var-201606-0395
Vulnerability from variot
The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName. Libxml2 is prone to a remote denial-of-service vulnerability. An attacker may exploit this issue to cause a denial-of-service condition. Given the nature of this issue, attackers may also be able to execute arbitrary code, but this has not been confirmed. It supports multiple encoding formats, XPath analysis, Well-formed and valid verification, etc. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: libxml2 security update Advisory ID: RHSA-2016:1292-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2016:1292 Issue date: 2016-06-23 CVE Names: CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 CVE-2016-1835 CVE-2016-1836 CVE-2016-1837 CVE-2016-1838 CVE-2016-1839 CVE-2016-1840 CVE-2016-3627 CVE-2016-3705 CVE-2016-4447 CVE-2016-4448 CVE-2016-4449 =====================================================================
- Summary:
An update for libxml2 is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
The libxml2 library is a development toolbox providing the implementation of various XML standards.
Security Fix(es):
A heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. (CVE-2016-1834, CVE-2016-1840)
Multiple denial of service flaws were found in libxml2. (CVE-2016-1762, CVE-2016-1833, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449)
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
For the update to take effect, all applications linked to the libxml2 library must be restarted, or the system rebooted.
- Bugs fixed (https://bugzilla.redhat.com/):
1319829 - CVE-2016-3627 libxml2: stack exhaustion while parsing xml files in recovery mode 1332443 - CVE-2016-3705 libxml2: stack overflow before detecting invalid XML file 1338682 - CVE-2016-1833 libxml2: Heap-based buffer overread in htmlCurrentChar 1338686 - CVE-2016-4447 libxml2: Heap-based buffer underreads due to xmlParseName 1338691 - CVE-2016-1835 libxml2: Heap use-after-free in xmlSAX2AttributeNs 1338696 - CVE-2016-1837 libxml2: Heap use-after-free in htmlPArsePubidLiteral and htmlParseSystemiteral 1338700 - CVE-2016-4448 libxml2: Format string vulnerability 1338701 - CVE-2016-4449 libxml2: Inappropriate fetch of entities content 1338702 - CVE-2016-1836 libxml2: Heap use-after-free in xmlDictComputeFastKey 1338703 - CVE-2016-1839 libxml2: Heap-based buffer overread in xmlDictAddString 1338705 - CVE-2016-1838 libxml2: Heap-based buffer overread in xmlPArserPrintFileContextInternal 1338706 - CVE-2016-1840 libxml2: Heap-buffer-overflow in xmlFAParserPosCharGroup 1338708 - CVE-2016-1834 libxml2: Heap-buffer-overflow in xmlStrncat 1338711 - CVE-2016-1762 libxml2: Heap-based buffer-overread in xmlNextChar
- Package List:
Red Hat Enterprise Linux HPC Node (v. 6):
Source: libxml2-2.7.6-21.el6_8.1.src.rpm
x86_64: libxml2-2.7.6-21.el6_8.1.i686.rpm libxml2-2.7.6-21.el6_8.1.x86_64.rpm libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm libxml2-debuginfo-2.7.6-21.el6_8.1.x86_64.rpm libxml2-python-2.7.6-21.el6_8.1.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
x86_64: libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm libxml2-debuginfo-2.7.6-21.el6_8.1.x86_64.rpm libxml2-devel-2.7.6-21.el6_8.1.i686.rpm libxml2-devel-2.7.6-21.el6_8.1.x86_64.rpm libxml2-static-2.7.6-21.el6_8.1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: libxml2-2.7.6-21.el6_8.1.src.rpm
i386: libxml2-2.7.6-21.el6_8.1.i686.rpm libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm libxml2-devel-2.7.6-21.el6_8.1.i686.rpm libxml2-python-2.7.6-21.el6_8.1.i686.rpm
ppc64: libxml2-2.7.6-21.el6_8.1.ppc.rpm libxml2-2.7.6-21.el6_8.1.ppc64.rpm libxml2-debuginfo-2.7.6-21.el6_8.1.ppc.rpm libxml2-debuginfo-2.7.6-21.el6_8.1.ppc64.rpm libxml2-devel-2.7.6-21.el6_8.1.ppc.rpm libxml2-devel-2.7.6-21.el6_8.1.ppc64.rpm libxml2-python-2.7.6-21.el6_8.1.ppc64.rpm
s390x: libxml2-2.7.6-21.el6_8.1.s390.rpm libxml2-2.7.6-21.el6_8.1.s390x.rpm libxml2-debuginfo-2.7.6-21.el6_8.1.s390.rpm libxml2-debuginfo-2.7.6-21.el6_8.1.s390x.rpm libxml2-devel-2.7.6-21.el6_8.1.s390.rpm libxml2-devel-2.7.6-21.el6_8.1.s390x.rpm libxml2-python-2.7.6-21.el6_8.1.s390x.rpm
x86_64: libxml2-2.7.6-21.el6_8.1.i686.rpm libxml2-2.7.6-21.el6_8.1.x86_64.rpm libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm libxml2-debuginfo-2.7.6-21.el6_8.1.x86_64.rpm libxml2-devel-2.7.6-21.el6_8.1.i686.rpm libxml2-devel-2.7.6-21.el6_8.1.x86_64.rpm libxml2-python-2.7.6-21.el6_8.1.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
i386: libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm libxml2-static-2.7.6-21.el6_8.1.i686.rpm
ppc64: libxml2-debuginfo-2.7.6-21.el6_8.1.ppc64.rpm libxml2-static-2.7.6-21.el6_8.1.ppc64.rpm
s390x: libxml2-debuginfo-2.7.6-21.el6_8.1.s390x.rpm libxml2-static-2.7.6-21.el6_8.1.s390x.rpm
x86_64: libxml2-debuginfo-2.7.6-21.el6_8.1.x86_64.rpm libxml2-static-2.7.6-21.el6_8.1.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: libxml2-2.7.6-21.el6_8.1.src.rpm
i386: libxml2-2.7.6-21.el6_8.1.i686.rpm libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm libxml2-devel-2.7.6-21.el6_8.1.i686.rpm libxml2-python-2.7.6-21.el6_8.1.i686.rpm
x86_64: libxml2-2.7.6-21.el6_8.1.i686.rpm libxml2-2.7.6-21.el6_8.1.x86_64.rpm libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm libxml2-debuginfo-2.7.6-21.el6_8.1.x86_64.rpm libxml2-devel-2.7.6-21.el6_8.1.i686.rpm libxml2-devel-2.7.6-21.el6_8.1.x86_64.rpm libxml2-python-2.7.6-21.el6_8.1.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
i386: libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm libxml2-static-2.7.6-21.el6_8.1.i686.rpm
x86_64: libxml2-debuginfo-2.7.6-21.el6_8.1.x86_64.rpm libxml2-static-2.7.6-21.el6_8.1.x86_64.rpm
Red Hat Enterprise Linux Client (v. 7):
Source: libxml2-2.9.1-6.el7_2.3.src.rpm
x86_64: libxml2-2.9.1-6.el7_2.3.i686.rpm libxml2-2.9.1-6.el7_2.3.x86_64.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm libxml2-python-2.9.1-6.el7_2.3.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: libxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm libxml2-devel-2.9.1-6.el7_2.3.i686.rpm libxml2-devel-2.9.1-6.el7_2.3.x86_64.rpm libxml2-static-2.9.1-6.el7_2.3.i686.rpm libxml2-static-2.9.1-6.el7_2.3.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: libxml2-2.9.1-6.el7_2.3.src.rpm
x86_64: libxml2-2.9.1-6.el7_2.3.i686.rpm libxml2-2.9.1-6.el7_2.3.x86_64.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm libxml2-python-2.9.1-6.el7_2.3.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: libxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm libxml2-devel-2.9.1-6.el7_2.3.i686.rpm libxml2-devel-2.9.1-6.el7_2.3.x86_64.rpm libxml2-static-2.9.1-6.el7_2.3.i686.rpm libxml2-static-2.9.1-6.el7_2.3.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: libxml2-2.9.1-6.el7_2.3.src.rpm
ppc64: libxml2-2.9.1-6.el7_2.3.ppc.rpm libxml2-2.9.1-6.el7_2.3.ppc64.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.ppc.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.ppc64.rpm libxml2-devel-2.9.1-6.el7_2.3.ppc.rpm libxml2-devel-2.9.1-6.el7_2.3.ppc64.rpm libxml2-python-2.9.1-6.el7_2.3.ppc64.rpm
ppc64le: libxml2-2.9.1-6.el7_2.3.ppc64le.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.ppc64le.rpm libxml2-devel-2.9.1-6.el7_2.3.ppc64le.rpm libxml2-python-2.9.1-6.el7_2.3.ppc64le.rpm
s390x: libxml2-2.9.1-6.el7_2.3.s390.rpm libxml2-2.9.1-6.el7_2.3.s390x.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.s390.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.s390x.rpm libxml2-devel-2.9.1-6.el7_2.3.s390.rpm libxml2-devel-2.9.1-6.el7_2.3.s390x.rpm libxml2-python-2.9.1-6.el7_2.3.s390x.rpm
x86_64: libxml2-2.9.1-6.el7_2.3.i686.rpm libxml2-2.9.1-6.el7_2.3.x86_64.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm libxml2-devel-2.9.1-6.el7_2.3.i686.rpm libxml2-devel-2.9.1-6.el7_2.3.x86_64.rpm libxml2-python-2.9.1-6.el7_2.3.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: libxml2-debuginfo-2.9.1-6.el7_2.3.ppc.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.ppc64.rpm libxml2-static-2.9.1-6.el7_2.3.ppc.rpm libxml2-static-2.9.1-6.el7_2.3.ppc64.rpm
ppc64le: libxml2-debuginfo-2.9.1-6.el7_2.3.ppc64le.rpm libxml2-static-2.9.1-6.el7_2.3.ppc64le.rpm
s390x: libxml2-debuginfo-2.9.1-6.el7_2.3.s390.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.s390x.rpm libxml2-static-2.9.1-6.el7_2.3.s390.rpm libxml2-static-2.9.1-6.el7_2.3.s390x.rpm
x86_64: libxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm libxml2-static-2.9.1-6.el7_2.3.i686.rpm libxml2-static-2.9.1-6.el7_2.3.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: libxml2-2.9.1-6.el7_2.3.src.rpm
x86_64: libxml2-2.9.1-6.el7_2.3.i686.rpm libxml2-2.9.1-6.el7_2.3.x86_64.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm libxml2-devel-2.9.1-6.el7_2.3.i686.rpm libxml2-devel-2.9.1-6.el7_2.3.x86_64.rpm libxml2-python-2.9.1-6.el7_2.3.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: libxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm libxml2-static-2.9.1-6.el7_2.3.i686.rpm libxml2-static-2.9.1-6.el7_2.3.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2016-1762 https://access.redhat.com/security/cve/CVE-2016-1833 https://access.redhat.com/security/cve/CVE-2016-1834 https://access.redhat.com/security/cve/CVE-2016-1835 https://access.redhat.com/security/cve/CVE-2016-1836 https://access.redhat.com/security/cve/CVE-2016-1837 https://access.redhat.com/security/cve/CVE-2016-1838 https://access.redhat.com/security/cve/CVE-2016-1839 https://access.redhat.com/security/cve/CVE-2016-1840 https://access.redhat.com/security/cve/CVE-2016-3627 https://access.redhat.com/security/cve/CVE-2016-3705 https://access.redhat.com/security/cve/CVE-2016-4447 https://access.redhat.com/security/cve/CVE-2016-4448 https://access.redhat.com/security/cve/CVE-2016-4449 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFXa8B8XlSAg2UNWIIRAh9ZAJ99xgPhOaIopIxmynm+vlDcmw4jFACeLvTm ZsVLEgJAF0Zt6xZVzqvVW7U= =fREV -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . From: Marc Deslauriers marc.deslauriers@canonical.com Reply-To: Ubuntu Security security@ubuntu.com To: ubuntu-security-announce@lists.ubuntu.com Message-ID: 5755B7E3.5040103@canonical.com Subject: [USN-2994-1] libxml2 vulnerabilities
============================================================================ Ubuntu Security Notice USN-2994-1 June 06, 2016
libxml2 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 15.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in libxml2. (CVE-2015-8806, CVE-2016-2073, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447)
It was discovered that libxml2 incorrectly handled certain malformed documents. (CVE-2016-1762, CVE-2016-1834)
Mateusz Jurczyk discovered that libxml2 incorrectly handled certain malformed documents. (CVE-2016-1833, CVE-2016-1838, CVE-2016-1839)
Wei Lei and Liu Yang discovered that libxml2 incorrectly handled certain malformed documents. (CVE-2016-1835, CVE-2016-1837)
Wei Lei and Liu Yang discovered that libxml2 incorrectly handled certain malformed documents. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 15.10 and Ubuntu 16.04 LTS. (CVE-2016-1836)
Kostya Serebryany discovered that libxml2 incorrectly handled certain malformed documents. (CVE-2016-1840)
It was discovered that libxml2 would load certain XML external entities. (CVE-2016-4449)
Gustavo Grieco discovered that libxml2 incorrectly handled certain malformed documents. (CVE-2016-4483)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 LTS: libxml2 2.9.3+dfsg1-1ubuntu0.1
Ubuntu 15.10: libxml2 2.9.2+zdfsg1-4ubuntu0.4
Ubuntu 14.04 LTS: libxml2 2.9.1+dfsg1-3ubuntu4.8
Ubuntu 12.04 LTS: libxml2 2.7.8.dfsg-5.1ubuntu4.15
After a standard system update you need to reboot your computer to make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
APPLE-SA-2016-07-18-2 iOS 9.3.3
iOS 9.3.3 is now available and addresses the following:
Calendar Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A maliciously crafted calendar invite may cause a device to unexpectedly restart Description: A null pointer dereference was addressed through improved memory handling. CVE-2016-4605 : Henry Feldman MD at Beth Israel Deaconess Medical Center
CoreGraphics Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A remote attacker may be able to execute arbitrary code Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports)
FaceTime Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in a privileged network position may be able to cause a relayed call to continue transmitting audio while appearing as if the call terminated Description: User interface inconsistencies existed in the handling of relayed calls. These issues were addressed through improved FaceTime display logic. CVE-2016-4635 : Martin Vigo
ImageIO Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4631 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports)
ImageIO Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A remote attacker may be able to cause a denial of service Description: A memory consumption issue was addressed through improved memory handling. CVE-2016-4632 : Evgeny Sidorov of Yandex
IOAcceleratorFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to read kernel memory Description: An out-of-bounds read was addressed through improved bounds checking. CVE-2016-4628 : Ju Zhu of Trend Micro
IOAcceleratorFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-2016-4627 : Ju Zhu of Trend Micro
IOHIDFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved input validation. CVE-2016-4626 : Stefan Esser of SektionEins
Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1863 : Ian Beer of Google Project Zero CVE-2016-1864 : Ju Zhu of Trend Micro CVE-2016-4582 : Shrek_wzw and Proteas of Qihoo 360 Nirvan Team
Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to cause a system denial of service Description: A null pointer dereference was addressed through improved input validation. CVE-2016-1865 : CESG, Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent
libxml2 Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Multiple vulnerabilities in libxml2 Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-4448 : Apple CVE-2016-4483 : Gustavo Grieco CVE-2016-4614 : Nick Wellnhofe CVE-2016-4615 : Nick Wellnhofer CVE-2016-4616 : Michael Paddon CVE-2016-4619 : Hanno Boeck
libxml2 Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information Description: An access issue existed in the parsing of maliciously crafted XML files. This issue was addressed through improved input validation. CVE-2016-4449 : Kostya Serebryany
libxslt Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Multiple vulnerabilities in libxslt Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1684 : Nicolas GrA(c)goire CVE-2016-4607 : Nick Wellnhofer CVE-2016-4608 : Nicolas GrA(c)goire CVE-2016-4609 : Nick Wellnhofer CVE-2016-4610 : Nick Wellnhofer CVE-2016-4612 : Nicolas GrA(c)goire
Safari Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website may lead to user interface spoofing Description: Redirect responses to invalid ports may have allowed a malicious website to display an arbitrary domain while displaying arbitrary content. This issue was addressed through improved URL display logic. CVE-2016-4604 : xisigr of Tencent's Xuanwu Lab (www.tencent.com)
Sandbox Profiles Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local application may be able to access the process list Description: An access issue existed with privileged API calls. This issue was addressed through additional restrictions. CVE-2016-4594 : Stefan Esser of SektionEins
Siri Contacts Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to a device may be able to see private contact information Description: A privacy issue existed in the handling of Contact cards. This was addressed through improved state management. CVE-2016-4593 : Pedro Pinheiro (facebook.com/pedro.pinheiro.1996)
Web Media Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Viewing a video in Safari's Private Browsing mode displays the URL of the video outside of Private Browsing mode Description: A privacy issue existed in the handling of user data by Safari View Controller. This issue was addressed through improved state management. CVE-2016-4603 : Brian Porter (@portex33)
WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4589 : Tongbo Luo and Bo Qu of Palo Alto Networks CVE-2016-4622 : Samuel Gross working with Trend Microas Zero Day Initiative CVE-2016-4623 : Apple CVE-2016-4624 : Apple
WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted webpage may lead to a system denial of service Description: A memory consumption issue was addressed through improved memory handling. CVE-2016-4592 : Mikhail
WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website may disclose image data from another website Description: A timing issue existed in the processing of SVG. This issue was addressed through improved validation. CVE-2016-4583 : Roeland Krak
WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website may lead to user interface spoofing Description: An origin inheritance issue existed in parsing of about: URLs. This was addressed through improved validation of security origins. CVE-2016-4590 : xisigr of Tencent's Xuanwu Lab (www.tencent.com), an anonymous researcher
WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may compromise user information on the file system Description: A permissions issue existed in the handling of the location variable. This was addressed though additional ownership checks. CVE-2016-4591 : ma.la of LINE Corporation
WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may result in the disclosure of process memory Description: A memory initialization issue was addressed through improved memory handling. CVE-2016-4587 : Apple
WebKit JavaScript Bindings Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to script execution in the context of a non-HTTP service Description: A cross-protocol cross-site scripting (XPXSS) issue existed in Safari when submitting forms to non-HTTP services compatible with HTTP/0.9. This issue was addressed by disabling scripts and plugins on resources loaded over HTTP/0.9. CVE-2016-4651 : Obscure
WebKit Page Loading Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious website may exfiltrate data cross-origin Description: A cross-site scripting issue existed in Safari URL redirection. This issue was addressed through improved URL validation on redirection. CVE-2016-4585 : Takeshi Terada of Mitsui Bussan Secure Directions, Inc. (www.mbsd.jp)
WebKit Page Loading Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4584 : Chris Vienneau
Installation note:
This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
- Navigate to Settings
- Select General
- Select About. The version after applying this update will be "9.3.3". -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n a-c05194709
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c05194709 Version: 1
HPSBGN03628 rev.1 - HPE IceWall Federation Agent using libXML2 library, Remote Denial of Service (DoS), Unauthorized Modification, Unauthorized Disclosure of Information
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2016-07-07 Last Updated: 2016-07-07
Potential Security Impact: Remote Denial of Service (DoS), Unauthorized Disclosure of Information, Unauthorized Modification
Source: Hewlett Packard Enterprise, Product Security Response Team
VULNERABILITY SUMMARY Security vulnerabilities in the libXML2 library could potentially impact HPE IceWall Federation Agent resulting in Remote Denial of Service (DoS), or unauthorized modification, or unauthorized disclosure of information.
References:
- CVE-2016-4447: Remote Denial of Service (DoS)
- CVE-2016-4448: Remote unauthorized disclosure of information, unauthorized modification, Denial of Service (DoS)
- CVE-2016-4449: Remote unauthorized disclosure of information, Denial of Service (DoS)
- PSRT110164
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
- IceWall Federation Agent Version 3.0 (RHEL 6/7) using libXML2
BACKGROUND
CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector
CVE-2016-4447
7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVE-2016-4448
9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVE-2016-4449
7.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
5.8 (AV:N/AC:M/Au:N/C:P/I:N/A:P)
Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docI
d=emr_na-c01345499
RESOLUTION
HPE recommends applying the latest OS vendor security patches for libXML2 to resolve the vulnerabilities in the libXML2 library.
HISTORY Version:1 (rev.1) - 7 July 2016 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.
Report: To report a potential security vulnerability with any HPE supported product, send Email to: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX
Copyright 2016 Hewlett Packard Enterprise
Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/libxml2-2.9.4-i486-1_slack14.1.txz: Upgraded. Format string vulnerability (CVE-2016-4448). Inappropriate fetch of entities content (CVE-2016-4449). For more information, see: http://xmlsoft.org/news.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4447 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4448 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4449 ( Security fix ) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/libxml2-2.9.4-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/libxml2-2.9.4-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/libxml2-2.9.4-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/libxml2-2.9.4-x86_64-1_slack14.1.txz
Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libxml2-2.9.4-i586-1.txz
Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libxml2-2.9.4-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 14.0 package: c498433ae7d6077a9d5245877aa2c06e libxml2-2.9.4-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: c92258a87bb30a6cdce2b5428d640bd5 libxml2-2.9.4-x86_64-1_slack14.0.txz
Slackware 14.1 package: 2b74b913a164a23ad2da10eebf923e46 libxml2-2.9.4-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: e2dee612c7de77822824e43a61414c2c libxml2-2.9.4-x86_64-1_slack14.1.txz
Slackware -current package: 98d1ede4a347a49f2ad972ac5339b9e6 l/libxml2-2.9.4-i586-1.txz
Slackware x86_64 -current package: c2d5721aac77b74d7e47a2a8a372d47a l/libxml2-2.9.4-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the package as root:
upgradepkg libxml2-2.9.4-i486-1_slack14.1.txz
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. Description:
This release of Red Hat JBoss Core Services httpd 2.4.23 serves as a replacement for JBoss Core Services Apache HTTP Server 2.4.6.
Security Fix(es):
-
This update fixes several flaws in OpenSSL. (CVE-2016-1762, CVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449, CVE-2016-4483)
-
This update fixes three flaws in curl. (CVE-2016-5419, CVE-2016-5420, CVE-2016-7141)
-
This update fixes two flaws in httpd. (CVE-2016-4459, CVE-2016-8612)
-
A buffer overflow flaw when concatenating virtual host names and URIs was fixed in mod_jk. (CVE-2016-6808)
-
A memory leak flaw was fixed in expat. Upstream acknowledges Stephen Henson (OpenSSL development team) as the original reporter of CVE-2015-0286; Huzaifa Sidhpurwala (Red Hat), Hanno BAPck, and David Benjamin (Google) as the original reporters of CVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2105, CVE-2016-2106, CVE-2016-0797, CVE-2016-0799, and CVE-2016-2842; Juraj Somorovsky as the original reporter of CVE-2016-2107; Yuval Yarom (University of Adelaide and NICTA), Daniel Genkin (Technion and Tel Aviv University), and Nadia Heninger (University of Pennsylvania) as the original reporters of CVE-2016-0702; and Adam Langley (Google/BoringSSL) as the original reporter of CVE-2016-0705.
See the corresponding CVE pages linked to in the References section for more information about each of the flaws listed in this advisory. Solution:
The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).
After installing the updated packages, the httpd daemon will be restarted automatically. JIRA issues fixed (https://issues.jboss.org/):
JBCS-50 - CVE-2012-1148 CVE-2012-0876 expat: various flaws [jbews-3.0.0] JBCS-95 - CVE-2014-3523 httpd: WinNT MPM denial of service
- CVE-2016-4594 : Stefan Esser of SektionEins
Installation note:
Instructions on how to update your Apple Watch software are available at https://support.apple.com/en-us/HT204641
To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About"
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201606-0395", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "icewall federation agent", "scope": "eq", "trust": 1.3, "vendor": "hp", "version": "3.0" }, { "model": "iphone os", "scope": "lte", "trust": 1.0, "vendor": "apple", "version": "9.3.2" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "7.0" }, { "model": "vm server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "3.4" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "15.10" }, { "model": "web gateway", "scope": "lte", "trust": 1.0, "vendor": "mcafee", "version": "7.6.2.3" }, { "model": "web gateway", "scope": "lte", "trust": 1.0, "vendor": "mcafee", "version": "7.5.2.10" }, { "model": "libxml2", "scope": "lte", "trust": 1.0, "vendor": "xmlsoft", "version": "2.9.3" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "14.04" }, { "model": "watchos", "scope": "lte", "trust": 1.0, "vendor": "apple", "version": "2.2.1" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "8.0" }, { "model": "tvos", "scope": "lte", "trust": 1.0, "vendor": "apple", "version": "9.2.1" }, { "model": "web gateway", "scope": "gte", "trust": 1.0, "vendor": "mcafee", "version": "7.6.0.0" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "16.04" }, { "model": "web gateway", "scope": "gte", "trust": 1.0, "vendor": "mcafee", "version": "7.5.0.0" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "12.04" }, { "model": "mac os x", "scope": "lte", "trust": 1.0, "vendor": "apple", "version": "10.11.5" }, { "model": "itunes", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "12.4.1" }, { "model": "vm server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "3.3" }, { "model": "libxml2", "scope": "eq", "trust": 0.9, "vendor": "xmlsoft", "version": "2.9.3" }, { "model": "ubuntu", "scope": "eq", "trust": 0.8, "vendor": "canonical", "version": "12.04 lts" }, { "model": "ubuntu", "scope": "eq", "trust": 0.8, "vendor": "canonical", "version": "14.04 lts" }, { "model": "ubuntu", "scope": "eq", "trust": 0.8, "vendor": "canonical", "version": "15.10" }, { "model": "ubuntu", "scope": "eq", "trust": 0.8, "vendor": "canonical", "version": "16.04 lts" }, { "model": "gnu/linux", "scope": "eq", "trust": 0.8, "vendor": "debian", "version": "7.0" }, { "model": "gnu/linux", "scope": "eq", "trust": 0.8, "vendor": "debian", "version": "8.0" }, { "model": "libxml2", "scope": "lt", "trust": 0.8, "vendor": "xmlsoft", "version": "2.9.4" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "10.10.5" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "10.11 and later" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "10.9.5" }, { "model": "icloud", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "5.2.1 (windows 7 or later )" }, { "model": "ios", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "9.3.3 (ipad 2 or later )" }, { "model": "ios", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "9.3.3 (iphone 4s or later )" }, { "model": "ios", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "9.3.3 (ipod touch first 5 after generation )" }, { "model": "itunes", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "12.4.2 (windows 7 or later )" }, { "model": "tvos", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "9.2.2 (apple tv first 4 generation )" }, { "model": "watchos", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "2.2.2 (apple watch edition)" }, { "model": "watchos", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "2.2.2 (apple watch hermes)" }, { "model": "watchos", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "2.2.2 (apple watch sport)" }, { "model": "watchos", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "2.2.2 (apple watch)" }, { "model": "vm server", "scope": null, "trust": 0.8, "vendor": "oracle", "version": null }, { "model": "icewall federation agent", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "3.0 (rhel 6/7)" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.3.10" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "1.7.2" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.4.6" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.211" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.0.1" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "7" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.6.6" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.11" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.2.1" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.0.1" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.6.13" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.2.0" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "security network protection", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.4" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "11.1.3" }, { "model": "advanced secure gateway", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "6.6" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.2.6" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.1.1.4" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.1" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.6.32" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8.2" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.0.1" }, { "model": "powerkvm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.410" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.4.1" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "1.7.3" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8.4" }, { "model": "smartcloud entry appliance fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.24" }, { "model": "web gateway", "scope": "ne", "trust": 0.3, "vendor": "mcafee", "version": "7.7" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8.2" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.7" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.6.14" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8.1.3" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.4.9" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.0.3" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.219" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.1.0" }, { "model": "watchos", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "2.0.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.2.10" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.1" }, { "model": "smartcloud entry appliance fi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.4" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.6.0" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.1" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.2" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.3.1" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "1.7.1" }, { "model": "junos space 15.1f2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.4.25" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.2" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.22" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.4.0" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.6.30" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.3.12" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "1.8.6" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.1.1" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.3.8" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.11.2" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.2.2" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.1" }, { "model": "smartcloud entry appliance fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.36" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.6.3" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.5" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.4" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.5.2.10" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.5.0" }, { "model": "watchos", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "1.0.1" }, { "model": "junos space 15.1r2.11", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.2.2.12" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.6.18" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.2" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.5" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.2.1" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "infosphere streams", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.1.2" }, { "model": "authconnector", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "2.5" }, { "model": "smartcloud entry appliance fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.44" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.11.1" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.2.1" }, { "model": "email gateway 7.6.2h968406", "scope": null, "trust": 0.3, "vendor": "mcafee", "version": null }, { "model": "infosphere streams", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0.0" }, { "model": "smartcloud entry appliance fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.46" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "1.7" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.2.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.11.3" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.6.28" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.9" }, { "model": "smartcloud entry appliance fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.26" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.2" }, { "model": "infosphere streams", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.0.5" }, { "model": "infosphere streams", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.3" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.4.14" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.405" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.4.24" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "11.1.4" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.2.7" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.2.4" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.3.2" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "11.0.3" }, { "model": "security guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "11.0.0.163" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.3.2" }, { "model": "vm server for", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "x863.3" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.03" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.2.72" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5.1.1" }, { "model": "junos space", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.3" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.42" }, { "model": "rational systems tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.3.0.3" }, { "model": "infosphere streams", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.0.4" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.0.2" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.3.1" }, { "model": "infosphere streams", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.1.0" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.2" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.2.6" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.3.6" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.0.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8" }, { "model": "junos space 15.2r1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8.0.2.20" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.4.1.10" }, { "model": "watch", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "0" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.5.8" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.6.16" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.4.29" }, { "model": "powerkvm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.3" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.5.2.8" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.7.2" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "11.2.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.0.2" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.2" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.6.7" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.08" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "1.8.16" }, { "model": "integrated management module ii for flex systems 1aoo", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "rational systems tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.3.0.4" }, { "model": "lotus protector for mail security", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.8.1" }, { "model": "infosphere streams", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.1.4" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.6.3" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.4" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.0.4" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.2.10" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.3.14" }, { "model": "infosphere streams", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.1" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.4.21" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.2.7" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.11" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.1" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.6.25" }, { "model": "infosphere streams", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.0.4" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.08" }, { "model": "infosphere streams", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.1.3" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "1.8.1" }, { "model": "security analytics platform", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "7.0" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.5.4" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.0.3" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "1.8.4" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.1" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.213" }, { "model": "infosphere streams", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.7" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.11.4" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.0" }, { "model": "infosphere streams", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.1.0" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.2.3" }, { "model": "smartcloud entry appliance fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.22" }, { "model": "infosphere streams", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.1.5" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.0" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.5.2" }, { "model": "industrial control system protection", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "5.3" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.404" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.1" }, { "model": "rackswitch g8124/g8124-e", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.11.7.0" }, { "model": "smartcloud entry fixpack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.413" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.1" }, { "model": "smartcloud entry appliance fixpac", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.1" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.2" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.0.4" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.3.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.3.5" }, { "model": "rackswitch g8332", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.7.23.0" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.4.28" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "mac os", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.11.6" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "11.0.5" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.3" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.401" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.8" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.4.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.0.2" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.1.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.1" }, { "model": "email gateway 7.6.405h1165239", "scope": null, "trust": 0.3, "vendor": "mcafee", "version": null }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.0.2" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.0.6" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "50" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.3.5" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.1" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.4.8" }, { "model": "infosphere streams", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.6" }, { "model": "infosphere streams", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.0.2" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.5.1.42" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.8" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "12.0.1" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.3" }, { "model": "security privileged identity manager fixpack", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "2.0.28" }, { "model": "infosphere streams", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.1.1" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.32" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.3" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.2" }, { "model": "web gateway", "scope": "ne", "trust": 0.3, "vendor": "mcafee", "version": "7.5.2.11" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.1" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.4.26" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.3" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.9.2" }, { "model": "norman network protection", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "5.3" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.0" }, { "model": "rackswitch g8124/g8124-e", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.9.17.0" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.5.1" }, { "model": "smartcloud entry appliance fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.34" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.4.10" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.3.4" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.2.1" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.6.26" }, { "model": "rackswitch g8052", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.11.7.0" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.4.18" }, { "model": "junos space", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "13.3" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.0" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.3.2" }, { "model": "smartcloud entry fixpack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.412" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.1" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "11.0.2" }, { "model": "watchos", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "2.2.1" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.5.1" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.7.6" }, { "model": "rackswitch g8264t", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.9.17.0" }, { "model": "infosphere streams", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.8" }, { "model": "watchos", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "2.2.2" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.0.1" }, { "model": "junos space 15.2r2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.2.3" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.4.17" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.0.0" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.21" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.6" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.1" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.0.1" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.1" }, { "model": "smartcloud entry jre update", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.0.35" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.6.22" }, { "model": "smartcloud entry fixpack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.0.33" }, { "model": "watchos", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "2.1" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2" }, { "model": "rational systems tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.3.0.6" }, { "model": "rational systems tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.3" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.31" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.3.0" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.218" }, { "model": "infosphere streams", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.0.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5.0.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.2.1" }, { "model": "infosphere streams", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.20" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.5.10" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.0" }, { "model": "ios", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "9.3.3" }, { "model": "security network protection", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.10" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.411" }, { "model": "infosphere streams", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.1" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.4.13" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "1.8.7" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.2.5" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.2.8" }, { "model": "rackswitch g8052", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.9.17.0" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.0.2" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.7.4" }, { "model": "infosphere streams", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.0.3" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.0" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.3" }, { "model": "security access manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.1" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.0.2" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.6" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.7" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.6.9" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4" }, { "model": "security guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.0.1.8" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.3" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.0" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.4.20" }, { "model": "security access manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.1.0" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "12.3.2" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.2" }, { "model": "rackswitch g8264", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.11.7.0" }, { "model": "junos space 14.1r1.9", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.6.21" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.2" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.214" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "1.8.14" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.1" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.2.5" }, { "model": "smartcloud entry fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.19" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "1.8.9" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.6.2" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.4" }, { "model": "security privileged identity manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.3.1" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "12.2" }, { "model": "integrated management module ii for bladecenter systems 1aoo", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5.0" }, { "model": "rational systems tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.3.0.1" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.2.2" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.4.3" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.0" }, { "model": "smartcloud entry appliance fixpac", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2" }, { "model": "rational systems tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.3.0.7" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.5" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.403" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.0.4" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.113" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "2.1" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.5.7" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.0.4" }, { "model": "esignal", "scope": "eq", "trust": 0.3, "vendor": "esignal", "version": "6.0.2" }, { "model": "smartcloud entry appliance fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.11" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "11.1.5" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.3" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "1.8.5" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.3" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.2" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.1.3" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.110" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.5" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "1.8.10" }, { "model": "rackswitch g8264", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.9.17.0" }, { "model": "junos space 16.1r1", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "infosphere streams", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.0.6" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "11.2" }, { "model": "infosphere streams", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.0.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.11.5" }, { "model": "smartcloud entry fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.110" }, { "model": "proxysg", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "6.5" }, { "model": "mq appliance m2001", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.4.30" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.5.3" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8.1" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.4.23" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "11.1.2" }, { "model": "smartcloud entry appliance fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.21" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.2.1" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "1.8.3" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8.1" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.1.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.3.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5" }, { "model": "security analytics platform", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "6.6" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.1.2" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.1.0" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.6.29" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.4.22" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.6" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.4" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.4.11" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.7.8" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.0" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.4" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.0.3" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.6.31" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.0" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5.1" }, { "model": "mq appliance m2000", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.4" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "11.0.1" }, { "model": "rackswitch g8264cs", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8.14.0" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.4" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.6.27" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.7" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "12.4" }, { "model": "junos space", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.3.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.0.5" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.7.1" }, { "model": "smartcloud entry fixpack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.415" }, { "model": "lotus protector for mail security", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.80" }, { "model": "libxml2", "scope": "ne", "trust": 0.3, "vendor": "xmlsoft", "version": "2.9.4" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8.1.1" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.6.11" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "11.1" }, { "model": "smartcloud entry appliance fi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.0.4" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "11.1.1" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.4.27" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.09" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.0" }, { "model": "lotus protector for mail security", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.8.1.0" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.4" }, { "model": "watchos", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "2.2" }, { "model": "infosphere streams", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.1.2" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.2" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.7.3" }, { "model": "ipad", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.4" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "11.0.4" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.2" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.3.3" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.4.19" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.7.5" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.3.4" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.1.6" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.2" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.3.2" }, { "model": "security identity governance and intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.1" }, { "model": "infosphere streams", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8.3" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.3" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.0.1" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.6.24" }, { "model": "smartcloud entry appliance fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.12" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.0.5" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.01" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "1.8.13" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.4" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.2.9" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.4.0.80" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.3" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.6" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.2.8" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.09" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.6.15" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.02" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "11.0" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.9.1" }, { "model": "vm server for", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "x863.4" }, { "model": "rackswitch g8316", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.9.17.0" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.2.0" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.1.1" }, { "model": "watchos", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "2.0" }, { "model": "infosphere streams", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.4" }, { "model": "infosphere streams", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0.1" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.6.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8.1.2" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.1.2" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.6.23" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "rational systems tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.3.0.5" }, { "model": "smartcloud entry jre update", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.0.34" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.6.8" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.4.5" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.3.11" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.4.16" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.6.20" }, { "model": "junos space 14.1r1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.3" }, { "model": "ipod touch", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "0" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "40" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.3.3" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.3.1" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.010" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.2" }, { "model": "itunes", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "12.4.2" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.6.12" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.4.2" }, { "model": "integrated management module ii for system 1aoo", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "security access manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "smartcloud entry jre update", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.0.55" }, { "model": "director", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "6.1" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "12.3" }, { "model": "web gateway", "scope": "ne", "trust": 0.3, "vendor": "mcafee", "version": "7.6.2.4" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.0.3" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.4.4" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8.4.1" }, { "model": "rational systems tester interim fix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.3.0.7" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2" }, { "model": "mac os security update", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x2016" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.2.9" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "2.0" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.5.2.9" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.4.15" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.1.4" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.1" }, { "model": "industrial control systems network scanner", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "5.3" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.2" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.3.13" }, { "model": "infosphere streams", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.5" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.4.12" }, { "model": "smartcloud entry fixpack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.0.55" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.400" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.6.5" }, { "model": "junos space", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "1.3" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.0.5" }, { "model": "iphone", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "0" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.3.2" }, { "model": "smartcloud entry fixpack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.415" }, { "model": "proxysg", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "6.6" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "1.7.4" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.0.3" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.6.17" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.8" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.5.11" }, { "model": "watchos", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "1.0" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.0" }, { "model": "infosphere streams", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.1.1" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.3.0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.9" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.3" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "email gateway", "scope": "ne", "trust": 0.3, "vendor": "mcafee", "version": "7.6.406-3402.103" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "12.3.1" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.2" }, { "model": "streams", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.1.1" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.4.7" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.3.7" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.7" }, { "model": "junos space", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "11.2" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.7.7" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.4" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.6.1.7" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.1" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.2.11" }, { "model": "email gateway 7.6.405h1157986", "scope": null, "trust": 0.3, "vendor": "mcafee", "version": null }, { "model": "rational systems tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.3.0.2" }, { "model": "smartcloud entry appliance fi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.0.4" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.4" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.2.2" }, { "model": "security analytics platform", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "7.1" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.1" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.1.1" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.402" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.6.4" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.6.1" } ], "sources": [ { "db": "BID", "id": "90864" }, { "db": "JVNDB", "id": "JVNDB-2016-003101" }, { "db": "CNNVD", "id": "CNNVD-201605-637" }, { "db": "NVD", "id": "CVE-2016-4447" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:hp:icewall_federation_agent:3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:oracle:vm_server:3.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:oracle:vm_server:3.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apple:itunes:12.4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "9.3.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "9.2.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "2.2.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "10.11.5", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "2.9.3", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "7.5.2.10", "versionStartIncluding": "7.5.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "7.6.2.3", "versionStartIncluding": "7.6.0.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2016-4447" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "David Kilzer", "sources": [ { "db": "BID", "id": "90864" } ], "trust": 0.3 }, "cve": "CVE-2016-4447", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2016-4447", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-93266", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2016-4447", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2016-4447", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201605-637", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-93266", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2016-4447", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-93266" }, { "db": "VULMON", "id": "CVE-2016-4447" }, { "db": "JVNDB", "id": "JVNDB-2016-003101" }, { "db": "CNNVD", "id": "CNNVD-201605-637" }, { "db": "NVD", "id": "CVE-2016-4447" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName. Libxml2 is prone to a remote denial-of-service vulnerability. \nAn attacker may exploit this issue to cause a denial-of-service condition. Given the nature of this issue, attackers may also be able to execute arbitrary code, but this has not been confirmed. It supports multiple encoding formats, XPath analysis, Well-formed and valid verification, etc. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: libxml2 security update\nAdvisory ID: RHSA-2016:1292-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2016:1292\nIssue date: 2016-06-23\nCVE Names: CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 \n CVE-2016-1835 CVE-2016-1836 CVE-2016-1837 \n CVE-2016-1838 CVE-2016-1839 CVE-2016-1840 \n CVE-2016-3627 CVE-2016-3705 CVE-2016-4447 \n CVE-2016-4448 CVE-2016-4449 \n=====================================================================\n\n1. Summary:\n\nAn update for libxml2 is now available for Red Hat Enterprise Linux 6 and\nRed Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nThe libxml2 library is a development toolbox providing the implementation\nof various XML standards. \n\nSecurity Fix(es):\n\nA heap-based buffer overflow flaw was found in the way libxml2 parsed\ncertain crafted XML input. (CVE-2016-1834,\nCVE-2016-1840)\n\nMultiple denial of service flaws were found in libxml2. \n(CVE-2016-1762, CVE-2016-1833, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837,\nCVE-2016-1838, CVE-2016-1839, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447,\nCVE-2016-4448, CVE-2016-4449)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all applications linked to the libxml2\nlibrary must be restarted, or the system rebooted. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1319829 - CVE-2016-3627 libxml2: stack exhaustion while parsing xml files in recovery mode\n1332443 - CVE-2016-3705 libxml2: stack overflow before detecting invalid XML file\n1338682 - CVE-2016-1833 libxml2: Heap-based buffer overread in htmlCurrentChar\n1338686 - CVE-2016-4447 libxml2: Heap-based buffer underreads due to xmlParseName\n1338691 - CVE-2016-1835 libxml2: Heap use-after-free in xmlSAX2AttributeNs\n1338696 - CVE-2016-1837 libxml2: Heap use-after-free in htmlPArsePubidLiteral and htmlParseSystemiteral\n1338700 - CVE-2016-4448 libxml2: Format string vulnerability\n1338701 - CVE-2016-4449 libxml2: Inappropriate fetch of entities content\n1338702 - CVE-2016-1836 libxml2: Heap use-after-free in xmlDictComputeFastKey\n1338703 - CVE-2016-1839 libxml2: Heap-based buffer overread in xmlDictAddString\n1338705 - CVE-2016-1838 libxml2: Heap-based buffer overread in xmlPArserPrintFileContextInternal\n1338706 - CVE-2016-1840 libxml2: Heap-buffer-overflow in xmlFAParserPosCharGroup\n1338708 - CVE-2016-1834 libxml2: Heap-buffer-overflow in xmlStrncat\n1338711 - CVE-2016-1762 libxml2: Heap-based buffer-overread in xmlNextChar\n\n6. Package List:\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nlibxml2-2.7.6-21.el6_8.1.src.rpm\n\nx86_64:\nlibxml2-2.7.6-21.el6_8.1.i686.rpm\nlibxml2-2.7.6-21.el6_8.1.x86_64.rpm\nlibxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm\nlibxml2-debuginfo-2.7.6-21.el6_8.1.x86_64.rpm\nlibxml2-python-2.7.6-21.el6_8.1.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nlibxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm\nlibxml2-debuginfo-2.7.6-21.el6_8.1.x86_64.rpm\nlibxml2-devel-2.7.6-21.el6_8.1.i686.rpm\nlibxml2-devel-2.7.6-21.el6_8.1.x86_64.rpm\nlibxml2-static-2.7.6-21.el6_8.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nlibxml2-2.7.6-21.el6_8.1.src.rpm\n\ni386:\nlibxml2-2.7.6-21.el6_8.1.i686.rpm\nlibxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm\nlibxml2-devel-2.7.6-21.el6_8.1.i686.rpm\nlibxml2-python-2.7.6-21.el6_8.1.i686.rpm\n\nppc64:\nlibxml2-2.7.6-21.el6_8.1.ppc.rpm\nlibxml2-2.7.6-21.el6_8.1.ppc64.rpm\nlibxml2-debuginfo-2.7.6-21.el6_8.1.ppc.rpm\nlibxml2-debuginfo-2.7.6-21.el6_8.1.ppc64.rpm\nlibxml2-devel-2.7.6-21.el6_8.1.ppc.rpm\nlibxml2-devel-2.7.6-21.el6_8.1.ppc64.rpm\nlibxml2-python-2.7.6-21.el6_8.1.ppc64.rpm\n\ns390x:\nlibxml2-2.7.6-21.el6_8.1.s390.rpm\nlibxml2-2.7.6-21.el6_8.1.s390x.rpm\nlibxml2-debuginfo-2.7.6-21.el6_8.1.s390.rpm\nlibxml2-debuginfo-2.7.6-21.el6_8.1.s390x.rpm\nlibxml2-devel-2.7.6-21.el6_8.1.s390.rpm\nlibxml2-devel-2.7.6-21.el6_8.1.s390x.rpm\nlibxml2-python-2.7.6-21.el6_8.1.s390x.rpm\n\nx86_64:\nlibxml2-2.7.6-21.el6_8.1.i686.rpm\nlibxml2-2.7.6-21.el6_8.1.x86_64.rpm\nlibxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm\nlibxml2-debuginfo-2.7.6-21.el6_8.1.x86_64.rpm\nlibxml2-devel-2.7.6-21.el6_8.1.i686.rpm\nlibxml2-devel-2.7.6-21.el6_8.1.x86_64.rpm\nlibxml2-python-2.7.6-21.el6_8.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nlibxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm\nlibxml2-static-2.7.6-21.el6_8.1.i686.rpm\n\nppc64:\nlibxml2-debuginfo-2.7.6-21.el6_8.1.ppc64.rpm\nlibxml2-static-2.7.6-21.el6_8.1.ppc64.rpm\n\ns390x:\nlibxml2-debuginfo-2.7.6-21.el6_8.1.s390x.rpm\nlibxml2-static-2.7.6-21.el6_8.1.s390x.rpm\n\nx86_64:\nlibxml2-debuginfo-2.7.6-21.el6_8.1.x86_64.rpm\nlibxml2-static-2.7.6-21.el6_8.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nlibxml2-2.7.6-21.el6_8.1.src.rpm\n\ni386:\nlibxml2-2.7.6-21.el6_8.1.i686.rpm\nlibxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm\nlibxml2-devel-2.7.6-21.el6_8.1.i686.rpm\nlibxml2-python-2.7.6-21.el6_8.1.i686.rpm\n\nx86_64:\nlibxml2-2.7.6-21.el6_8.1.i686.rpm\nlibxml2-2.7.6-21.el6_8.1.x86_64.rpm\nlibxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm\nlibxml2-debuginfo-2.7.6-21.el6_8.1.x86_64.rpm\nlibxml2-devel-2.7.6-21.el6_8.1.i686.rpm\nlibxml2-devel-2.7.6-21.el6_8.1.x86_64.rpm\nlibxml2-python-2.7.6-21.el6_8.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nlibxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm\nlibxml2-static-2.7.6-21.el6_8.1.i686.rpm\n\nx86_64:\nlibxml2-debuginfo-2.7.6-21.el6_8.1.x86_64.rpm\nlibxml2-static-2.7.6-21.el6_8.1.x86_64.rpm\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nlibxml2-2.9.1-6.el7_2.3.src.rpm\n\nx86_64:\nlibxml2-2.9.1-6.el7_2.3.i686.rpm\nlibxml2-2.9.1-6.el7_2.3.x86_64.rpm\nlibxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm\nlibxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm\nlibxml2-python-2.9.1-6.el7_2.3.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nlibxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm\nlibxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm\nlibxml2-devel-2.9.1-6.el7_2.3.i686.rpm\nlibxml2-devel-2.9.1-6.el7_2.3.x86_64.rpm\nlibxml2-static-2.9.1-6.el7_2.3.i686.rpm\nlibxml2-static-2.9.1-6.el7_2.3.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nlibxml2-2.9.1-6.el7_2.3.src.rpm\n\nx86_64:\nlibxml2-2.9.1-6.el7_2.3.i686.rpm\nlibxml2-2.9.1-6.el7_2.3.x86_64.rpm\nlibxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm\nlibxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm\nlibxml2-python-2.9.1-6.el7_2.3.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nlibxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm\nlibxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm\nlibxml2-devel-2.9.1-6.el7_2.3.i686.rpm\nlibxml2-devel-2.9.1-6.el7_2.3.x86_64.rpm\nlibxml2-static-2.9.1-6.el7_2.3.i686.rpm\nlibxml2-static-2.9.1-6.el7_2.3.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nlibxml2-2.9.1-6.el7_2.3.src.rpm\n\nppc64:\nlibxml2-2.9.1-6.el7_2.3.ppc.rpm\nlibxml2-2.9.1-6.el7_2.3.ppc64.rpm\nlibxml2-debuginfo-2.9.1-6.el7_2.3.ppc.rpm\nlibxml2-debuginfo-2.9.1-6.el7_2.3.ppc64.rpm\nlibxml2-devel-2.9.1-6.el7_2.3.ppc.rpm\nlibxml2-devel-2.9.1-6.el7_2.3.ppc64.rpm\nlibxml2-python-2.9.1-6.el7_2.3.ppc64.rpm\n\nppc64le:\nlibxml2-2.9.1-6.el7_2.3.ppc64le.rpm\nlibxml2-debuginfo-2.9.1-6.el7_2.3.ppc64le.rpm\nlibxml2-devel-2.9.1-6.el7_2.3.ppc64le.rpm\nlibxml2-python-2.9.1-6.el7_2.3.ppc64le.rpm\n\ns390x:\nlibxml2-2.9.1-6.el7_2.3.s390.rpm\nlibxml2-2.9.1-6.el7_2.3.s390x.rpm\nlibxml2-debuginfo-2.9.1-6.el7_2.3.s390.rpm\nlibxml2-debuginfo-2.9.1-6.el7_2.3.s390x.rpm\nlibxml2-devel-2.9.1-6.el7_2.3.s390.rpm\nlibxml2-devel-2.9.1-6.el7_2.3.s390x.rpm\nlibxml2-python-2.9.1-6.el7_2.3.s390x.rpm\n\nx86_64:\nlibxml2-2.9.1-6.el7_2.3.i686.rpm\nlibxml2-2.9.1-6.el7_2.3.x86_64.rpm\nlibxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm\nlibxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm\nlibxml2-devel-2.9.1-6.el7_2.3.i686.rpm\nlibxml2-devel-2.9.1-6.el7_2.3.x86_64.rpm\nlibxml2-python-2.9.1-6.el7_2.3.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nlibxml2-debuginfo-2.9.1-6.el7_2.3.ppc.rpm\nlibxml2-debuginfo-2.9.1-6.el7_2.3.ppc64.rpm\nlibxml2-static-2.9.1-6.el7_2.3.ppc.rpm\nlibxml2-static-2.9.1-6.el7_2.3.ppc64.rpm\n\nppc64le:\nlibxml2-debuginfo-2.9.1-6.el7_2.3.ppc64le.rpm\nlibxml2-static-2.9.1-6.el7_2.3.ppc64le.rpm\n\ns390x:\nlibxml2-debuginfo-2.9.1-6.el7_2.3.s390.rpm\nlibxml2-debuginfo-2.9.1-6.el7_2.3.s390x.rpm\nlibxml2-static-2.9.1-6.el7_2.3.s390.rpm\nlibxml2-static-2.9.1-6.el7_2.3.s390x.rpm\n\nx86_64:\nlibxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm\nlibxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm\nlibxml2-static-2.9.1-6.el7_2.3.i686.rpm\nlibxml2-static-2.9.1-6.el7_2.3.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nlibxml2-2.9.1-6.el7_2.3.src.rpm\n\nx86_64:\nlibxml2-2.9.1-6.el7_2.3.i686.rpm\nlibxml2-2.9.1-6.el7_2.3.x86_64.rpm\nlibxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm\nlibxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm\nlibxml2-devel-2.9.1-6.el7_2.3.i686.rpm\nlibxml2-devel-2.9.1-6.el7_2.3.x86_64.rpm\nlibxml2-python-2.9.1-6.el7_2.3.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nlibxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm\nlibxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm\nlibxml2-static-2.9.1-6.el7_2.3.i686.rpm\nlibxml2-static-2.9.1-6.el7_2.3.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-1762\nhttps://access.redhat.com/security/cve/CVE-2016-1833\nhttps://access.redhat.com/security/cve/CVE-2016-1834\nhttps://access.redhat.com/security/cve/CVE-2016-1835\nhttps://access.redhat.com/security/cve/CVE-2016-1836\nhttps://access.redhat.com/security/cve/CVE-2016-1837\nhttps://access.redhat.com/security/cve/CVE-2016-1838\nhttps://access.redhat.com/security/cve/CVE-2016-1839\nhttps://access.redhat.com/security/cve/CVE-2016-1840\nhttps://access.redhat.com/security/cve/CVE-2016-3627\nhttps://access.redhat.com/security/cve/CVE-2016-3705\nhttps://access.redhat.com/security/cve/CVE-2016-4447\nhttps://access.redhat.com/security/cve/CVE-2016-4448\nhttps://access.redhat.com/security/cve/CVE-2016-4449\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFXa8B8XlSAg2UNWIIRAh9ZAJ99xgPhOaIopIxmynm+vlDcmw4jFACeLvTm\nZsVLEgJAF0Zt6xZVzqvVW7U=\n=fREV\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. From: Marc Deslauriers \u003cmarc.deslauriers@canonical.com\u003e\nReply-To: Ubuntu Security \u003csecurity@ubuntu.com\u003e\nTo: ubuntu-security-announce@lists.ubuntu.com\nMessage-ID: \u003c5755B7E3.5040103@canonical.com\u003e\nSubject: [USN-2994-1] libxml2 vulnerabilities\n\n\n\n\n============================================================================\nUbuntu Security Notice USN-2994-1\nJune 06, 2016\n\nlibxml2 vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 LTS\n- Ubuntu 15.10\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in libxml2. (CVE-2015-8806, CVE-2016-2073,\nCVE-2016-3627, CVE-2016-3705, CVE-2016-4447)\n\nIt was discovered that libxml2 incorrectly handled certain malformed\ndocuments. \n(CVE-2016-1762, CVE-2016-1834)\n\nMateusz Jurczyk discovered that libxml2 incorrectly handled certain\nmalformed documents. (CVE-2016-1833, CVE-2016-1838, CVE-2016-1839)\n\nWei Lei and Liu Yang discovered that libxml2 incorrectly handled certain\nmalformed documents. (CVE-2016-1835, CVE-2016-1837)\n\nWei Lei and Liu Yang discovered that libxml2 incorrectly handled certain\nmalformed documents. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 15.10 and\nUbuntu 16.04 LTS. (CVE-2016-1836)\n\nKostya Serebryany discovered that libxml2 incorrectly handled certain\nmalformed documents. (CVE-2016-1840)\n\nIt was discovered that libxml2 would load certain XML external entities. (CVE-2016-4449)\n\nGustavo Grieco discovered that libxml2 incorrectly handled certain\nmalformed documents. (CVE-2016-4483)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 LTS:\n libxml2 2.9.3+dfsg1-1ubuntu0.1\n\nUbuntu 15.10:\n libxml2 2.9.2+zdfsg1-4ubuntu0.4\n\nUbuntu 14.04 LTS:\n libxml2 2.9.1+dfsg1-3ubuntu4.8\n\nUbuntu 12.04 LTS:\n libxml2 2.7.8.dfsg-5.1ubuntu4.15\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2016-07-18-2 iOS 9.3.3\n\niOS 9.3.3 is now available and addresses the following:\n\nCalendar\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A maliciously crafted calendar invite may cause a device to\nunexpectedly restart\nDescription: A null pointer dereference was addressed through\nimproved memory handling. \nCVE-2016-4605 : Henry Feldman MD at Beth Israel Deaconess Medical\nCenter\n\nCoreGraphics\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A remote attacker may be able to execute arbitrary code\nDescription: A memory corruption issue was addressed through\nimproved memory handling. \nCVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com\n/vulnerability-reports)\n\nFaceTime\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: An attacker in a privileged network position may be able to\ncause a relayed call to continue transmitting audio while appearing\nas if the call terminated\nDescription: User interface inconsistencies existed in the handling\nof relayed calls. These issues were addressed through improved\nFaceTime display logic. \nCVE-2016-4635 : Martin Vigo\n\nImageIO\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A remote attacker may be able to execute arbitrary code\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4631 : Tyler Bohan of Cisco Talos (talosintel.com\n/vulnerability-reports)\n\nImageIO\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A remote attacker may be able to cause a denial of service\nDescription: A memory consumption issue was addressed through\nimproved memory handling. \nCVE-2016-4632 : Evgeny Sidorov of Yandex\n\nIOAcceleratorFamily\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A local user may be able to read kernel memory\nDescription: An out-of-bounds read was addressed through improved\nbounds checking. \nCVE-2016-4628 : Ju Zhu of Trend Micro\n\nIOAcceleratorFamily\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A local user may be able to execute arbitrary code with\nkernel privileges\nDescription: A null pointer dereference was addressed through\nimproved validation. \nCVE-2016-4627 : Ju Zhu of Trend Micro\n\nIOHIDFamily\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A local user may be able to execute arbitrary code with\nkernel privileges\nDescription: A null pointer dereference was addressed through\nimproved input validation. \nCVE-2016-4626 : Stefan Esser of SektionEins\n\nKernel\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A local user may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-1863 : Ian Beer of Google Project Zero\nCVE-2016-1864 : Ju Zhu of Trend Micro\nCVE-2016-4582 : Shrek_wzw and Proteas of Qihoo 360 Nirvan Team\n\nKernel\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A local user may be able to cause a system denial of service\nDescription: A null pointer dereference was addressed through\nimproved input validation. \nCVE-2016-1865 : CESG, Marco Grassi (@marcograss) of KeenLab\n(@keen_lab), Tencent\n\nlibxml2\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Multiple vulnerabilities in libxml2\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological\nUniversity\nCVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological\nUniversity\nCVE-2016-4448 : Apple\nCVE-2016-4483 : Gustavo Grieco\nCVE-2016-4614 : Nick Wellnhofe\nCVE-2016-4615 : Nick Wellnhofer\nCVE-2016-4616 : Michael Paddon\nCVE-2016-4619 : Hanno Boeck\n\nlibxml2\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Parsing a maliciously crafted XML document may lead to\ndisclosure of user information\nDescription: An access issue existed in the parsing of maliciously\ncrafted XML files. This issue was addressed through improved input\nvalidation. \nCVE-2016-4449 : Kostya Serebryany\n\nlibxslt\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Multiple vulnerabilities in libxslt\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-1684 : Nicolas GrA(c)goire\nCVE-2016-4607 : Nick Wellnhofer\nCVE-2016-4608 : Nicolas GrA(c)goire\nCVE-2016-4609 : Nick Wellnhofer\nCVE-2016-4610 : Nick Wellnhofer\nCVE-2016-4612 : Nicolas GrA(c)goire\n\nSafari\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a malicious website may lead to user interface\nspoofing\nDescription: Redirect responses to invalid ports may have allowed a\nmalicious website to display an arbitrary domain while displaying\narbitrary content. This issue was addressed through improved URL\ndisplay logic. \nCVE-2016-4604 : xisigr of Tencent\u0027s Xuanwu Lab (www.tencent.com)\n\nSandbox Profiles\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A local application may be able to access the process list\nDescription: An access issue existed with privileged API calls. This\nissue was addressed through additional restrictions. \nCVE-2016-4594 : Stefan Esser of SektionEins\n\nSiri Contacts\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A person with physical access to a device may be able to see\nprivate contact information\nDescription: A privacy issue existed in the handling of Contact\ncards. This was addressed through improved state management. \nCVE-2016-4593 : Pedro Pinheiro (facebook.com/pedro.pinheiro.1996)\n\nWeb Media\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Viewing a video in Safari\u0027s Private Browsing mode displays\nthe URL of the video outside of Private Browsing mode\nDescription: A privacy issue existed in the handling of user data by\nSafari View Controller. This issue was addressed through improved\nstate management. \nCVE-2016-4603 : Brian Porter (@portex33)\n\nWebKit\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4589 : Tongbo Luo and Bo Qu of Palo Alto Networks\nCVE-2016-4622 : Samuel Gross working with Trend Microas Zero Day\nInitiative\nCVE-2016-4623 : Apple\nCVE-2016-4624 : Apple\n\nWebKit\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a maliciously crafted webpage may lead to a system\ndenial of service\nDescription: A memory consumption issue was addressed through\nimproved memory handling. \nCVE-2016-4592 : Mikhail\n\nWebKit\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a malicious website may disclose image data from\nanother website\nDescription: A timing issue existed in the processing of SVG. This\nissue was addressed through improved validation. \nCVE-2016-4583 : Roeland Krak\n\nWebKit\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a malicious website may lead to user interface\nspoofing\nDescription: An origin inheritance issue existed in parsing of\nabout: URLs. This was addressed through improved validation of\nsecurity origins. \nCVE-2016-4590 : xisigr of Tencent\u0027s Xuanwu Lab (www.tencent.com), an\nanonymous researcher\n\nWebKit\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a maliciously crafted website may compromise user\ninformation on the file system\nDescription: A permissions issue existed in the handling of the\nlocation variable. This was addressed though additional ownership\nchecks. \nCVE-2016-4591 : ma.la of LINE Corporation\n\nWebKit\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a maliciously crafted website may result in the\ndisclosure of process memory\nDescription: A memory initialization issue was addressed through\nimproved memory handling. \nCVE-2016-4587 : Apple\n\nWebKit JavaScript Bindings\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a maliciously crafted website may lead to script\nexecution in the context of a non-HTTP service\nDescription: A cross-protocol cross-site scripting (XPXSS) issue\nexisted in Safari when submitting forms to non-HTTP services\ncompatible with HTTP/0.9. This issue was addressed by disabling\nscripts and plugins on resources loaded over HTTP/0.9. \nCVE-2016-4651 : Obscure\n\nWebKit Page Loading\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A malicious website may exfiltrate data cross-origin\nDescription: A cross-site scripting issue existed in Safari URL\nredirection. This issue was addressed through improved URL validation\non redirection. \nCVE-2016-4585 : Takeshi Terada of Mitsui Bussan Secure Directions,\nInc. (www.mbsd.jp)\n\nWebKit Page Loading\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4584 : Chris Vienneau\n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. The version after applying this update\nwill be \"9.3.3\". -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n\na-c05194709\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c05194709\nVersion: 1\n\nHPSBGN03628 rev.1 - HPE IceWall Federation Agent using libXML2 library,\nRemote Denial of Service (DoS), Unauthorized Modification, Unauthorized\nDisclosure of Information\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2016-07-07\nLast Updated: 2016-07-07\n\nPotential Security Impact: Remote Denial of Service (DoS), Unauthorized\nDisclosure of Information, Unauthorized Modification\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nSecurity vulnerabilities in the libXML2 library could potentially impact HPE\nIceWall Federation Agent resulting in Remote Denial of Service (DoS), or\nunauthorized modification, or unauthorized disclosure of information. \n\nReferences:\n\n - CVE-2016-4447: Remote Denial of Service (DoS)\n - CVE-2016-4448: Remote unauthorized disclosure of information,\nunauthorized modification, Denial of Service (DoS)\n - CVE-2016-4449: Remote unauthorized disclosure of information, Denial of\nService (DoS)\n - PSRT110164\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\n - IceWall Federation Agent Version 3.0 (RHEL 6/7) using libXML2\n\nBACKGROUND\n\n CVSS Base Metrics\n =================\n Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n CVE-2016-4447\n 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n CVE-2016-4448\n 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\n CVE-2016-4449\n 7.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H\n 5.8 (AV:N/AC:M/Au:N/C:P/I:N/A:P)\n\n Information on CVSS is documented in\n HPE Customer Notice HPSN-2008-002 here:\n\n https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docI\nd=emr_na-c01345499\n\nRESOLUTION\n\nHPE recommends applying the latest OS vendor security patches for libXML2 to\nresolve the vulnerabilities in the libXML2 library. \n\nHISTORY\nVersion:1 (rev.1) - 7 July 2016 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability with any HPE supported\nproduct, send Email to: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/libxml2-2.9.4-i486-1_slack14.1.txz: Upgraded. \n Format string vulnerability (CVE-2016-4448). \n Inappropriate fetch of entities content (CVE-2016-4449). \n For more information, see:\n http://xmlsoft.org/news.html\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4447\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4448\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4449\n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/libxml2-2.9.4-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/libxml2-2.9.4-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/libxml2-2.9.4-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/libxml2-2.9.4-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libxml2-2.9.4-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libxml2-2.9.4-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.0 package:\nc498433ae7d6077a9d5245877aa2c06e libxml2-2.9.4-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\nc92258a87bb30a6cdce2b5428d640bd5 libxml2-2.9.4-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n2b74b913a164a23ad2da10eebf923e46 libxml2-2.9.4-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\ne2dee612c7de77822824e43a61414c2c libxml2-2.9.4-x86_64-1_slack14.1.txz\n\nSlackware -current package:\n98d1ede4a347a49f2ad972ac5339b9e6 l/libxml2-2.9.4-i586-1.txz\n\nSlackware x86_64 -current package:\nc2d5721aac77b74d7e47a2a8a372d47a l/libxml2-2.9.4-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg libxml2-2.9.4-i486-1_slack14.1.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. Description:\n\nThis release of Red Hat JBoss Core Services httpd 2.4.23 serves as a\nreplacement for JBoss Core Services Apache HTTP Server 2.4.6. \n\nSecurity Fix(es):\n\n* This update fixes several flaws in OpenSSL. (CVE-2016-1762,\nCVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837,\nCVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-3627, CVE-2016-3705,\nCVE-2016-4447, CVE-2016-4448, CVE-2016-4449, CVE-2016-4483)\n\n* This update fixes three flaws in curl. (CVE-2016-5419, CVE-2016-5420,\nCVE-2016-7141)\n\n* This update fixes two flaws in httpd. (CVE-2016-4459,\nCVE-2016-8612)\n\n* A buffer overflow flaw when concatenating virtual host names and URIs was\nfixed in mod_jk. (CVE-2016-6808)\n\n* A memory leak flaw was fixed in expat. Upstream acknowledges Stephen Henson (OpenSSL development team)\nas the original reporter of CVE-2015-0286; Huzaifa Sidhpurwala (Red Hat),\nHanno BAPck, and David Benjamin (Google) as the original reporters of\nCVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2105,\nCVE-2016-2106, CVE-2016-0797, CVE-2016-0799, and CVE-2016-2842; Juraj\nSomorovsky as the original reporter of CVE-2016-2107; Yuval Yarom\n(University of Adelaide and NICTA), Daniel Genkin (Technion and Tel Aviv\nUniversity), and Nadia Heninger (University of Pennsylvania) as the\noriginal reporters of CVE-2016-0702; and Adam Langley (Google/BoringSSL) as\nthe original reporter of CVE-2016-0705. \n\nSee the corresponding CVE pages linked to in the References section for\nmore information about each of the flaws listed in this advisory. Solution:\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss Web Server installation (including all applications\nand configuration files). \n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. JIRA issues fixed (https://issues.jboss.org/):\n\nJBCS-50 - CVE-2012-1148 CVE-2012-0876 expat: various flaws [jbews-3.0.0]\nJBCS-95 - CVE-2014-3523 httpd: WinNT MPM denial of service\n\n6. \nCVE-2016-4594 : Stefan Esser of SektionEins\n\nInstallation note:\n\nInstructions on how to update your Apple Watch software are\navailable at https://support.apple.com/en-us/HT204641\n\nTo check the version on your Apple Watch, open the Apple Watch app\non your iPhone and select \"My Watch \u003e General \u003e About\". \n\nAlternatively, on your watch, select \"My Watch \u003e General \u003e About\"", "sources": [ { "db": "NVD", "id": "CVE-2016-4447" }, { "db": "JVNDB", "id": "JVNDB-2016-003101" }, { "db": "BID", "id": "90864" }, { "db": "VULHUB", "id": "VHN-93266" }, { "db": "VULMON", "id": "CVE-2016-4447" }, { "db": "PACKETSTORM", "id": "137613" }, { "db": "PACKETSTORM", "id": "137335" }, { "db": "PACKETSTORM", "id": "137963" }, { "db": "PACKETSTORM", "id": "137959" }, { "db": "PACKETSTORM", "id": "137808" }, { "db": "PACKETSTORM", "id": "137222" }, { "db": "PACKETSTORM", "id": "140182" }, { "db": "PACKETSTORM", "id": "137960" } ], "trust": 2.79 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2016-4447", "trust": 3.7 }, { "db": "MCAFEE", "id": "SB10170", "trust": 2.1 }, { "db": "BID", "id": "90864", "trust": 2.1 }, { "db": "SECTRACK", "id": "1036348", "trust": 1.8 }, { "db": "TENABLE", "id": "TNS-2016-18", "trust": 1.8 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2016/05/25/2", "trust": 1.8 }, { "db": "JVN", "id": "JVNVU94844193", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2016-003101", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201605-637", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2023.3732", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.2340", "trust": 0.6 }, { "db": "JUNIPER", "id": "JSA10770", "trust": 0.3 }, { "db": "PACKETSTORM", "id": "137808", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "137222", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-93266", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2016-4447", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "137613", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "137335", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "137963", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "137959", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "140182", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "137960", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-93266" }, { "db": "VULMON", "id": "CVE-2016-4447" }, { "db": "BID", "id": "90864" }, { "db": "JVNDB", "id": "JVNDB-2016-003101" }, { "db": "PACKETSTORM", "id": "137613" }, { "db": "PACKETSTORM", "id": "137335" }, { "db": "PACKETSTORM", "id": "137963" }, { "db": "PACKETSTORM", "id": "137959" }, { "db": "PACKETSTORM", "id": "137808" }, { "db": "PACKETSTORM", "id": "137222" }, { "db": "PACKETSTORM", "id": "140182" }, { "db": "PACKETSTORM", "id": "137960" }, { "db": "CNNVD", "id": "CNNVD-201605-637" }, { "db": "NVD", "id": "CVE-2016-4447" } ] }, "id": "VAR-201606-0395", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-93266" } ], "trust": 0.01 }, "last_update_date": "2024-07-23T19:53:25.161000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "APPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update 2016-004", "trust": 0.8, "url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00000.html" }, { "title": "APPLE-SA-2016-07-18-2 iOS 9.3.3", "trust": 0.8, "url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00001.html" }, { "title": "APPLE-SA-2016-07-18-3 watchOS 2.2.2", "trust": 0.8, "url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00002.html" }, { "title": "APPLE-SA-2016-07-18-4 tvOS 9.2.2", "trust": 0.8, "url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00003.html" }, { "title": "APPLE-SA-2016-07-18-6 iTunes 12.4.2", "trust": 0.8, "url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00005.html" }, { "title": "HT206901", "trust": 0.8, "url": "https://support.apple.com/en-us/ht206901" }, { "title": "HT206902", "trust": 0.8, "url": "https://support.apple.com/en-us/ht206902" }, { "title": "HT206903", "trust": 0.8, "url": "https://support.apple.com/en-us/ht206903" }, { "title": "HT206904", "trust": 0.8, "url": "https://support.apple.com/en-us/ht206904" }, { "title": "HT206905", "trust": 0.8, "url": "https://support.apple.com/en-us/ht206905" }, { "title": "HT206899", "trust": 0.8, "url": "https://support.apple.com/en-us/ht206899" }, { "title": "HT206903", "trust": 0.8, "url": "https://support.apple.com/ja-jp/ht206903" }, { "title": "HT206904", "trust": 0.8, "url": "https://support.apple.com/ja-jp/ht206904" }, { "title": "HT206905", "trust": 0.8, "url": "https://support.apple.com/ja-jp/ht206905" }, { "title": "HT206899", "trust": 0.8, "url": "https://support.apple.com/ja-jp/ht206899" }, { "title": "HT206901", "trust": 0.8, "url": "https://support.apple.com/ja-jp/ht206901" }, { "title": "HT206902", "trust": 0.8, "url": "https://support.apple.com/ja-jp/ht206902" }, { "title": "DSA-3593", "trust": 0.8, "url": "https://www.debian.org/security/2016/dsa-3593" }, { "title": "Heap-based buffer-underreads due to xmlParseName", "trust": 0.8, "url": "https://git.gnome.org/browse/libxml2/commit/?id=00906759053986b8079985644172085f74331f83" }, { "title": "HPSBGN03628", "trust": 0.8, "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05194709" }, { "title": "Oracle Solaris Third Party Bulletin - July 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html" }, { "title": "Oracle VM Server for x86 Bulletin - July 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" }, { "title": "Oracle Linux Bulletin - July 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" }, { "title": "RHSA-2016:1292", "trust": 0.8, "url": "https://access.redhat.com/errata/rhsa-2016:1292" }, { "title": "CVE-2016-4447", "trust": 0.8, "url": "https://security-tracker.debian.org/tracker/cve-2016-4447" }, { "title": "TLSA-2016-22", "trust": 0.8, "url": "http://www.turbolinux.co.jp/security/2016/tlsa-2016-22j.html" }, { "title": "USN-2994-1", "trust": 0.8, "url": "http://www.ubuntu.com/usn/usn-2994-1/" }, { "title": "2.9.4: May 23 2016", "trust": 0.8, "url": "http://xmlsoft.org/news.html" }, { "title": "Libxml2 Fixes for heap-based buffer overflow vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=61947" }, { "title": "Apple: iTunes 12.4.2 for Windows", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=339c5983ed5d4c0416124ae9d69fd04c" }, { "title": "Apple: iCloud for Windows 5.2.1", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=51a96564f5e244335eb2e803eca179c4" }, { "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP 2.4.23 Release", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20162957 - security advisory" }, { "title": "Ubuntu Security Notice: libxml2 vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2994-1" }, { "title": "Apple: tvOS 9.2.2", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=9cb2b3a54d5cecfa5af6c947e8d6031c" }, { "title": "Apple: watchOS 2.2.2", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=fc1eeaa401404fa32e6565c94a51a370" }, { "title": "Debian CVElist Bug Report Logs: libxml2: CVE-2016-3705: stack overflow before detecting invalid XML file", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=ed475d816a8279c18b15a9aac8146ada" }, { "title": "Debian CVElist Bug Report Logs: libxml2: Heap-buffer overread in libxml2/dict.c", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=1b5e8a6bfa7b3b48920376b728b6bbe2" }, { "title": "Debian CVElist Bug Report Logs: libxml2: CVE-2016-2073: out-of-bounds read in htmlParseNameComplex()", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=e21c0505f8306f0416606e1a2ec5e18e" }, { "title": "Debian CVElist Bug Report Logs: libxml2: CVE-2016-3627: stack exhaustion in libxml2 parsing xml files in recover mode", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=7ad6e7048d3904deff82dbbe81adf528" }, { "title": "Debian CVElist Bug Report Logs: libxml2: CVE-2016-4483", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=17d0780fd9f0deb51d01d88ca9e90fe3" }, { "title": "Amazon Linux AMI: ALAS-2016-719", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-719" }, { "title": "Apple: iOS 9.3.3", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=d61ee6bed9ca45acb3a9ebce2f29da36" }, { "title": "Apple: OS X El Capitan v10.11.6 and Security Update 2016-004", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=0d15a2e676b3d7c13f2468e8bb26534c" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=ac5af5dd99788925425f5747ec672707" }, { "title": "Symantec Security Advisories: SA129 : Multiple libxml2 Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=4306b2beef409e7d3306d20a4621babf" }, { "title": "Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - July 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins\u0026qid=6c15273f6bf4a785175f27073b98a1ce" }, { "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - July 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=0bd8c924b56aac98dda0f5b45f425f38" }, { "title": "Tenable Security Advisories: [R7] LCE 4.8.1 Fixes Multiple Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-18" } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-4447" }, { "db": "JVNDB", "id": "JVNDB-2016-003101" }, { "db": "CNNVD", "id": "CNNVD-201605-637" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-93266" }, { "db": "JVNDB", "id": "JVNDB-2016-003101" }, { "db": "NVD", "id": "CVE-2016-4447" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "http://www.securityfocus.com/bid/90864" }, { "trust": 2.1, "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" }, { "trust": 2.1, "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" }, { "trust": 2.1, "url": "https://git.gnome.org/browse/libxml2/commit/?id=00906759053986b8079985644172085f74331f83" }, { "trust": 2.0, "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.404722" }, { "trust": 2.0, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10170" }, { "trust": 1.9, "url": "https://access.redhat.com/errata/rhsa-2016:1292" }, { "trust": 1.9, "url": "http://rhn.redhat.com/errata/rhsa-2016-2957.html" }, { "trust": 1.9, "url": "http://www.ubuntu.com/usn/usn-2994-1" }, { "trust": 1.9, "url": "http://xmlsoft.org/news.html" }, { "trust": 1.8, "url": "http://www.securitytracker.com/id/1036348" }, { "trust": 1.8, "url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00000.html" }, { "trust": 1.8, "url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00001.html" }, { "trust": 1.8, "url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00002.html" }, { "trust": 1.8, "url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00003.html" }, { "trust": 1.8, "url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00005.html" }, { "trust": 1.8, "url": "https://www.debian.org/security/2016/dsa-3593" }, { "trust": 1.8, "url": "http://www.openwall.com/lists/oss-security/2016/05/25/2" }, { "trust": 1.8, "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html" }, { "trust": 1.8, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05194709" }, { "trust": 1.8, "url": "https://support.apple.com/ht206899" }, { "trust": 1.8, "url": "https://support.apple.com/ht206901" }, { "trust": 1.8, "url": "https://support.apple.com/ht206902" }, { "trust": 1.8, "url": "https://support.apple.com/ht206903" }, { "trust": 1.8, "url": "https://support.apple.com/ht206904" }, { "trust": 1.8, "url": "https://support.apple.com/ht206905" }, { "trust": 1.8, "url": "https://www.tenable.com/security/tns-2016-18" }, { "trust": 0.9, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4447" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu94844193/index.html" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4447" }, { "trust": 0.8, "url": "https://access.redhat.com/security/cve/cve-2016-4447" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4449" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4447" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1836" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4448" }, { "trust": 0.6, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1338686" }, { "trust": 0.6, "url": "https://access.redhat.com/errata/rhsa-2016:2957" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2340/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2023.3732" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4483" }, { "trust": 0.3, "url": "http://seclists.org/oss-sec/2016/q2/403" }, { "trust": 0.3, "url": "http://xmlsoft.org/index.html" }, { "trust": 0.3, "url": "https://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10770\u0026actp=rss" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05194709" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024088" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024194" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024318" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099466" }, { "trust": 0.3, "url": "https://kc.mcafee.com/resources/sites/mcafee/content/live/product_documentation/27000/pd27128/en_us/meg_7_6_406_3402_103_release_notes_en_us.pdf" }, { "trust": 0.3, "url": "https://bto.bluecoat.com/security-advisory/sa129" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099491" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986391" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986456" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986710" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986974" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988706" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21989043" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21990046" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21990750" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg21990837" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg21990838" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991061" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995691" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1837" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1839" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1838" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1833" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1762" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1834" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1835" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1840" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1684" }, { "trust": 0.3, "url": "https://gpgtools.org" }, { "trust": 0.3, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4610" }, { "trust": 0.3, "url": "http://support.apple.com/kb/ht201222" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4609" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4612" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4608" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-1838" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-1837" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3705" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-1834" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-4448" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-1839" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-1833" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.2, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3627" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-1840" }, { "trust": 0.2, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-1836" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-1762" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-1835" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-4449" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-3705" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-3627" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4615" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4619" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4614" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4616" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1865" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1863" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4582" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1864" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4607" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4594" }, { "trust": 0.1, "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026amp;y=2016\u0026amp;m=slackware-security.404722" }, { "trust": 0.1, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10170" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/119.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://support.apple.com/kb/ht206901" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/2994-1/" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/libxml2/2.9.2+zdfsg1-4ubuntu0.4" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/libxml2/2.9.3+dfsg1-1ubuntu0.1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/libxml2/2.9.1+dfsg1-3ubuntu4.8" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8806" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2073" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/libxml2/2.7.8.dfsg-5.1ubuntu4.15" }, { "trust": 0.1, "url": "https://www.apple.com/itunes/download/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4605" }, { "trust": 0.1, "url": "https://www.apple.com/itunes/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4591" }, { "trust": 0.1, "url": "https://www.tencent.com)" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4589" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4585" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4587" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4603" }, { "trust": 0.1, "url": "https://www.mbsd.jp)" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4604" }, { "trust": 0.1, "url": "https://www.tencent.com)," }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4593" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4583" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4590" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4592" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4584" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n" }, { "trust": 0.1, "url": "http://www.hpe.com/support/security_bulletin_archive" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay/?doci" }, { "trust": 0.1, "url": "http://www.hpe.com/support/subscriber_choice" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4449" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4448" }, { "trust": 0.1, "url": "http://slackware.com" }, { "trust": 0.1, "url": "http://osuosl.org)" }, { "trust": 0.1, "url": "http://slackware.com/gpg-key" }, { "trust": 0.1, "url": "https://issues.jboss.org/):" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2107" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2106" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0705" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-3196" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3216" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2106" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0702" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0797" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-8176" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-6808" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en/red-hat-jboss-core-services-apache-http-server/version-2.4.23/apache-http-server-2423-release-notes/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2107" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0799" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3196" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3523" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2177" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-4483" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-3523" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2842" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-8612" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1148" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0797" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3185" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2109" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-3185" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-3194" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.apachehttp\u0026downloadtype=distributions\u0026version=2.4.23" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2105" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8176" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-0286" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-5420" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2178" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3194" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2108" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2012-1148" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2109" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3195" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0209" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-5419" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-4459" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2108" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-0209" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-3195" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0702" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-3216" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2105" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-7141" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0799" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4637" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4626" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4627" }, { "trust": 0.1, "url": "https://support.apple.com/en-us/ht204641" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4628" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4632" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4631" } ], "sources": [ { "db": "VULHUB", "id": "VHN-93266" }, { "db": "VULMON", "id": "CVE-2016-4447" }, { "db": "BID", "id": "90864" }, { "db": "JVNDB", "id": "JVNDB-2016-003101" }, { "db": "PACKETSTORM", "id": "137613" }, { "db": "PACKETSTORM", "id": "137335" }, { "db": "PACKETSTORM", "id": "137963" }, { "db": "PACKETSTORM", "id": "137959" }, { "db": "PACKETSTORM", "id": "137808" }, { "db": "PACKETSTORM", "id": "137222" }, { "db": "PACKETSTORM", "id": "140182" }, { "db": "PACKETSTORM", "id": "137960" }, { "db": "CNNVD", "id": "CNNVD-201605-637" }, { "db": "NVD", "id": "CVE-2016-4447" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-93266" }, { "db": "VULMON", "id": "CVE-2016-4447" }, { "db": "BID", "id": "90864" }, { "db": "JVNDB", "id": "JVNDB-2016-003101" }, { "db": "PACKETSTORM", "id": "137613" }, { "db": "PACKETSTORM", "id": "137335" }, { "db": "PACKETSTORM", "id": "137963" }, { "db": "PACKETSTORM", "id": "137959" }, { "db": "PACKETSTORM", "id": "137808" }, { "db": "PACKETSTORM", "id": "137222" }, { "db": "PACKETSTORM", "id": "140182" }, { "db": "PACKETSTORM", "id": "137960" }, { "db": "CNNVD", "id": "CNNVD-201605-637" }, { "db": "NVD", "id": "CVE-2016-4447" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-06-09T00:00:00", "db": "VULHUB", "id": "VHN-93266" }, { "date": "2016-06-09T00:00:00", "db": "VULMON", "id": "CVE-2016-4447" }, { "date": "2016-05-23T00:00:00", "db": "BID", "id": "90864" }, { "date": "2016-06-14T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-003101" }, { "date": "2016-06-23T13:00:52", "db": "PACKETSTORM", "id": "137613" }, { "date": "2016-06-07T07:41:54", "db": "PACKETSTORM", "id": "137335" }, { "date": "2016-07-19T20:07:49", "db": "PACKETSTORM", "id": "137963" }, { "date": "2016-07-19T19:47:55", "db": "PACKETSTORM", "id": "137959" }, { "date": "2016-07-07T20:25:00", "db": "PACKETSTORM", "id": "137808" }, { "date": "2016-05-27T18:18:00", "db": "PACKETSTORM", "id": "137222" }, { "date": "2016-12-16T16:34:49", "db": "PACKETSTORM", "id": "140182" }, { "date": "2016-07-19T20:00:50", "db": "PACKETSTORM", "id": "137960" }, { "date": "2016-05-26T00:00:00", "db": "CNNVD", "id": "CNNVD-201605-637" }, { "date": "2016-06-09T16:59:05.707000", "db": "NVD", "id": "CVE-2016-4447" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-02-12T00:00:00", "db": "VULHUB", "id": "VHN-93266" }, { "date": "2019-03-26T00:00:00", "db": "VULMON", "id": "CVE-2016-4447" }, { "date": "2017-12-19T22:37:00", "db": "BID", "id": "90864" }, { "date": "2016-11-17T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-003101" }, { "date": "2023-06-30T00:00:00", "db": "CNNVD", "id": "CNNVD-201605-637" }, { "date": "2023-02-12T23:21:18.003000", "db": "NVD", "id": "CVE-2016-4447" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "137613" }, { "db": "PACKETSTORM", "id": "137808" }, { "db": "CNNVD", "id": "CNNVD-201605-637" } ], "trust": 0.8 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "libxml2 of parser.c of xmlParseElementDecl Service disruption in functions (DoS) Vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-003101" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201605-637" } ], "trust": 0.6 } }
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.