The version of iOS running on the mobile device is prior to 9.3.3. It is, therefore, affected by multiple vulnerabilities, the most serious of which can result in remote code execution, in the following components :
- Calendar
- CoreGraphics
- FaceTime
- ImageIO
- IOAcceleratorFamily
- IOHIDFamily
- Kernel
- libxml2
- libxslt
- Safari
- Sandbox Profiles
- Siri Contacts
- Web Media
- WebKit
- WebKit JavaScript Bindings
- WebKit Page Loading
{"apple": [{"lastseen": "2020-12-24T20:41:13", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://www.apple.com/support/security/>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## iOS 9.3.3\n\nReleased July 18, 2016\n\n**Calendar**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: A maliciously crafted calendar invite may cause a device to unexpectedly restart\n\nDescription: A null pointer dereference was addressed through improved memory handling.\n\nCVE-2016-4605 : Henry Feldman MD at Beth Israel Deaconess Medical Center\n\n**CFNetwork Credentials**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: An attacker in a privileged network position may be able to leak sensitive user information\n\nDescription: A downgrade issue existed with HTTP authentication credentials saved in Keychain. This issue was addressed by storing the authentication types with the credentials.\n\nCVE-2016-4644 : Jerry Decime coordinated via CERT\n\n**CFNetwork Proxies**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: An attacker in a privileged network position may be able to leak sensitive user information\n\nDescription: A validation issue existed in the parsing of 407 responses. This issue was addressed through improved response validation.\n\nCVE-2016-4643 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua University; Jerry Decime coordinated via CERT\n\n**CFNetwork Proxies**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: An application may unknowingly send a password unencrypted over the network\n\nDescription: Proxy authentication incorrectly reported HTTP proxies received credentials securely. This issue was addressed through improved warnings.\n\nCVE-2016-4642 : Jerry Decime coordinated via CERT\n\n**CoreGraphics**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: A remote attacker may be able to execute arbitrary code\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com/vulnerability-reports)\n\n**FaceTime**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: An attacker in a privileged network position may be able to cause a relayed call to continue transmitting audio while appearing as if the call terminated\n\nDescription: User interface inconsistencies existed in the handling of relayed calls. These issues were addressed through improved FaceTime display logic.\n\nCVE-2016-4635 : Martin Vigo\n\n**GasGauge**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling.\n\nCVE-2016-7576 : qwertyoruiop\n\nEntry added September 27, 2016\n\n**ImageIO**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: A memory consumption issue was addressed through improved memory handling.\n\nCVE-2016-4632 : Evgeny Sidorov of Yandex\n\n**ImageIO**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: A remote attacker may be able to execute arbitrary code\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-4631 : Tyler Bohan of Cisco Talos (talosintel.com/vulnerability-reports)\n\n**ImageIO**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2016-7705: Craig Young of Tripwire VERT\n\nEntry added November 30, 2017\n\n**IOAcceleratorFamily**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: A local user may be able to read kernel memory\n\nDescription: An out-of-bounds read was addressed through improved bounds checking.\n\nCVE-2016-4628 : Ju Zhu of Trend Micro\n\n**IOAcceleratorFamily**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: A local user may be able to execute arbitrary code with kernel privileges\n\nDescription: A null pointer dereference was addressed through improved validation.\n\nCVE-2016-4627 : Ju Zhu of Trend Micro\n\n**IOHIDFamily**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: A local user may be able to execute arbitrary code with kernel privileges\n\nDescription: A null pointer dereference was addressed through improved input validation.\n\nCVE-2016-4626 : Stefan Esser of SektionEins\n\n**Kernel**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: A local user may be able to execute arbitrary code with kernel privileges\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-1863 : Ian Beer of Google Project Zero\n\nCVE-2016-4653 : Ju Zhu of Trend Micro\n\nCVE-2016-4582 : Shrek_wzw and Proteas of Qihoo 360 Nirvan Team\n\n**Kernel**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: A local user may be able to cause a system denial of service\n\nDescription: A null pointer dereference was addressed through improved input validation.\n\nCVE-2016-1865 : CESG, Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent\n\n**Libc**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow existed within the \"link_ntoa()\" function in linkaddr.c. This issue was addressed through additional bounds checking.\n\nCVE-2016-6559 : Apple\n\nEntry added January 10, 2017\n\n**libxml2**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: Multiple vulnerabilities in libxml2\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2015-8317 : Hanno Boeck\n\nCVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University\n\nCVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological University\n\nCVE-2016-4448 : Apple\n\nCVE-2016-4483 : Gustavo Grieco\n\nCVE-2016-4614 : Nick Wellnhofer\n\nCVE-2016-4615 : Nick Wellnhofer\n\nCVE-2016-4616 : Michael Paddon\n\nEntry updated June 4, 2017\n\n**libxml2**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: Parsing a maliciously crafted XML document may lead to disclosure of user information\n\nDescription: An access issue existed in the parsing of maliciously crafted XML files. This issue was addressed through improved input validation.\n\nCVE-2016-4449 : Kostya Serebryany\n\n**libxslt**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: Multiple vulnerabilities in libxslt\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-1683 : Nicolas Gr\u00e9goire\n\nCVE-2016-1684 : Nicolas Gr\u00e9goire\n\nCVE-2016-4607 : Nick Wellnhofer\n\nCVE-2016-4608 : Nicolas Gr\u00e9goire\n\nCVE-2016-4609 : Nick Wellnhofer\n\nCVE-2016-4610 : Nick Wellnhofer\n\nEntry updated April 11, 2017\n\n**Safari**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: Visiting a malicious website may lead to user interface spoofing\n\nDescription: Redirect responses to invalid ports may have allowed a malicious website to display an arbitrary domain while displaying arbitrary content. This issue was addressed through improved URL display logic.\n\nCVE-2016-4604 : xisigr of Tencent's Xuanwu Lab (www.tencent.com)\n\n**Sandbox Profiles**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: A local application may be able to access the process list\n\nDescription: An access issue existed with privileged API calls. This issue was addressed through additional restrictions.\n\nCVE-2016-4594 : Stefan Esser of SektionEins\n\n**Siri Contacts**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: A person with physical access to a device may be able to see private contact information\n\nDescription: A privacy issue existed in the handling of Contact cards. This was addressed through improved state management.\n\nCVE-2016-4593 : Pedro Pinheiro (facebook.com/pedro.pinheiro.1996)\n\n**Web Media**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: Viewing a video in Safari's Private Browsing mode displays the URL of the video outside of Private Browsing mode\n\nDescription: A privacy issue existed in the handling of user data by Safari View Controller. This issue was addressed through improved state management.\n\nCVE-2016-4603 : Brian Porter (@portex33)\n\n**WebKit**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: Visiting a maliciously crafted website may result in the disclosure of process memory\n\nDescription: A memory initialization issue was addressed through improved memory handling.\n\nCVE-2016-4587 : Apple\n\n**WebKit**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: Visiting a malicious website may disclose image data from another website\n\nDescription: A timing issue existed in the processing of SVG. This issue was addressed through improved validation.\n\nCVE-2016-4583 : Roeland Krak\n\n**WebKit**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: Visiting a maliciously crafted website may leak sensitive data\n\nDescription: A permissions issue existed in the handling of the location variable. This was addressed though additional ownership checks.\n\nCVE-2016-4591 : ma.la of LINE Corporation\n\n**WebKit**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: Visiting a maliciously crafted website may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-4589 : Tongbo Luo and Bo Qu of Palo Alto Networks\n\nCVE-2016-4622 : Samuel Gross working with Trend Micro's Zero Day Initiative\n\nCVE-2016-4623 : Apple\n\nCVE-2016-4624 : Apple\n\n**WebKit**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: Visiting a malicious website may lead to user interface spoofing\n\nDescription: An origin inheritance issue existed in parsing of about: URLs. This was addressed through improved validation of security origins.\n\nCVE-2016-4590 : xisigr of Tencent's Xuanwu Lab (www.tencent.com)\n\n**WebKit**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: Visiting a maliciously crafted webpage may lead to a system denial of service\n\nDescription: A memory consumption issue was addressed through improved memory handling.\n\nCVE-2016-4592 : Mikhail\n\n**WebKit JavaScript Bindings**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: Visiting a maliciously crafted website may lead to script execution in the context of a non-HTTP service\n\nDescription: A cross-protocol cross-site scripting (XPXSS) issue existed in Safari when submitting forms to non-HTTP services compatible with HTTP/0.9. This issue was addressed by disabling scripts and plugins on resources loaded over HTTP/0.9.\n\nCVE-2016-4651 : Obscure\n\n**WebKit Page Loading**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: A malicious website may exfiltrate data cross-origin\n\nDescription: A cross-site scripting issue existed in Safari URL redirection. This issue was addressed through improved URL validation on redirection.\n\nCVE-2016-4585 : Takeshi Terada of Mitsui Bussan Secure Directions, Inc. (www.mbsd.jp)\n\n**WebKit Page Loading**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: Visiting a maliciously crafted website may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-4584 : Chris Vienneau\n", "edition": 3, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2017-11-30T10:18:34", "title": "About the security content of iOS 9.3.3 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4653", "CVE-2016-4626", "CVE-2016-4614", "CVE-2016-4587", "CVE-2016-4604", "CVE-2016-4584", "CVE-2016-4643", "CVE-2015-8317", "CVE-2016-1836", "CVE-2016-4616", "CVE-2016-4644", "CVE-2016-4623", "CVE-2016-4582", "CVE-2016-4610", "CVE-2016-4609", "CVE-2016-4583", "CVE-2016-7705", "CVE-2016-1863", "CVE-2016-4632", "CVE-2016-4624", "CVE-2016-4483", "CVE-2016-4605", "CVE-2016-4642", "CVE-2016-6559", "CVE-2016-4607", "CVE-2016-4637", "CVE-2016-4449", "CVE-2016-4628", "CVE-2016-4448", "CVE-2016-4591", "CVE-2016-4651", "CVE-2016-4635", "CVE-2016-4589", "CVE-2016-4615", "CVE-2016-4622", "CVE-2016-4585", "CVE-2016-1683", "CVE-2016-1684", "CVE-2016-4608", "CVE-2016-4447", "CVE-2016-4603", "CVE-2016-4631", "CVE-2016-7576", "CVE-2016-1865", "CVE-2016-4592", "CVE-2016-4593", "CVE-2016-4590", "CVE-2016-4594", "CVE-2016-4627"], "modified": "2017-11-30T10:18:34", "id": "APPLE:HT206902", "href": "https://support.apple.com/kb/HT206902", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-11-10T17:01:08", "description": "# About the security content of iOS 9.3.3\n\nThis document describes the security content of iOS 9.3.3.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://www.apple.com/support/security/>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## iOS 9.3.3\n\nReleased July 18, 2016\n\n**Calendar**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: A maliciously crafted calendar invite may cause a device to unexpectedly restart\n\nDescription: A null pointer dereference was addressed through improved memory handling.\n\nCVE-2016-4605 : Henry Feldman MD at Beth Israel Deaconess Medical Center\n\n**CFNetwork Credentials**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: An attacker in a privileged network position may be able to leak sensitive user information\n\nDescription: A downgrade issue existed with HTTP authentication credentials saved in Keychain. This issue was addressed by storing the authentication types with the credentials.\n\nCVE-2016-4644 : Jerry Decime coordinated via CERT\n\n**CFNetwork Proxies**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: An attacker in a privileged network position may be able to leak sensitive user information\n\nDescription: A validation issue existed in the parsing of 407 responses. This issue was addressed through improved response validation.\n\nCVE-2016-4643 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua University; Jerry Decime coordinated via CERT\n\n**CFNetwork Proxies**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: An application may unknowingly send a password unencrypted over the network\n\nDescription: Proxy authentication incorrectly reported HTTP proxies received credentials securely. This issue was addressed through improved warnings.\n\nCVE-2016-4642 : Jerry Decime coordinated via CERT\n\n**CoreGraphics**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: A remote attacker may be able to execute arbitrary code\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com/vulnerability-reports)\n\n**FaceTime**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: An attacker in a privileged network position may be able to cause a relayed call to continue transmitting audio while appearing as if the call terminated\n\nDescription: User interface inconsistencies existed in the handling of relayed calls. These issues were addressed through improved FaceTime display logic.\n\nCVE-2016-4635 : Martin Vigo\n\n**GasGauge**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling.\n\nCVE-2016-7576 : qwertyoruiop\n\nEntry added September 27, 2016\n\n**ImageIO**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: A memory consumption issue was addressed through improved memory handling.\n\nCVE-2016-4632 : Evgeny Sidorov of Yandex\n\n**ImageIO**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: A remote attacker may be able to execute arbitrary code\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-4631 : Tyler Bohan of Cisco Talos (talosintel.com/vulnerability-reports)\n\n**ImageIO**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2016-7705: Craig Young of Tripwire VERT\n\nEntry added November 30, 2017\n\n**IOAcceleratorFamily**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: A local user may be able to read kernel memory\n\nDescription: An out-of-bounds read was addressed through improved bounds checking.\n\nCVE-2016-4628 : Ju Zhu of Trend Micro\n\n**IOAcceleratorFamily**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: A local user may be able to execute arbitrary code with kernel privileges\n\nDescription: A null pointer dereference was addressed through improved validation.\n\nCVE-2016-4627 : Ju Zhu of Trend Micro\n\n**IOHIDFamily**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: A local user may be able to execute arbitrary code with kernel privileges\n\nDescription: A null pointer dereference was addressed through improved input validation.\n\nCVE-2016-4626 : Stefan Esser of SektionEins\n\n**Kernel**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: A local user may be able to execute arbitrary code with kernel privileges\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-1863 : Ian Beer of Google Project Zero\n\nCVE-2016-4653 : Ju Zhu of Trend Micro\n\nCVE-2016-4582 : Shrek_wzw and Proteas of Qihoo 360 Nirvan Team\n\n**Kernel**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: A local user may be able to cause a system denial of service\n\nDescription: A null pointer dereference was addressed through improved input validation.\n\nCVE-2016-1865 : CESG, Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent\n\n**Libc**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow existed within the \"link_ntoa()\" function in linkaddr.c. This issue was addressed through additional bounds checking.\n\nCVE-2016-6559 : Apple\n\nEntry added January 10, 2017\n\n**libxml2**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: Multiple vulnerabilities in libxml2\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2015-8317 : Hanno Boeck\n\nCVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University\n\nCVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological University\n\nCVE-2016-4448 : Apple\n\nCVE-2016-4483 : Gustavo Grieco\n\nCVE-2016-4614 : Nick Wellnhofer\n\nCVE-2016-4615 : Nick Wellnhofer\n\nCVE-2016-4616 : Michael Paddon\n\nEntry updated June 4, 2017\n\n**libxml2**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: Parsing a maliciously crafted XML document may lead to disclosure of user information\n\nDescription: An access issue existed in the parsing of maliciously crafted XML files. This issue was addressed through improved input validation.\n\nCVE-2016-4449 : Kostya Serebryany\n\n**libxslt**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: Multiple vulnerabilities in libxslt\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-1683 : Nicolas Gr\u00e9goire\n\nCVE-2016-1684 : Nicolas Gr\u00e9goire\n\nCVE-2016-4607 : Nick Wellnhofer\n\nCVE-2016-4608 : Nicolas Gr\u00e9goire\n\nCVE-2016-4609 : Nick Wellnhofer\n\nCVE-2016-4610 : Nick Wellnhofer\n\nEntry updated April 11, 2017\n\n**Safari**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: Visiting a malicious website may lead to user interface spoofing\n\nDescription: Redirect responses to invalid ports may have allowed a malicious website to display an arbitrary domain while displaying arbitrary content. This issue was addressed through improved URL display logic.\n\nCVE-2016-4604 : xisigr of Tencent's Xuanwu Lab (www.tencent.com)\n\n**Sandbox Profiles**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: A local application may be able to access the process list\n\nDescription: An access issue existed with privileged API calls. This issue was addressed through additional restrictions.\n\nCVE-2016-4594 : Stefan Esser of SektionEins\n\n**Siri Contacts**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: A person with physical access to a device may be able to see private contact information\n\nDescription: A privacy issue existed in the handling of Contact cards. This was addressed through improved state management.\n\nCVE-2016-4593 : Pedro Pinheiro (facebook.com/pedro.pinheiro.1996)\n\n**Web Media**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: Viewing a video in Safari's Private Browsing mode displays the URL of the video outside of Private Browsing mode\n\nDescription: A privacy issue existed in the handling of user data by Safari View Controller. This issue was addressed through improved state management.\n\nCVE-2016-4603 : Brian Porter (@portex33)\n\n**WebKit**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: Visiting a maliciously crafted website may result in the disclosure of process memory\n\nDescription: A memory initialization issue was addressed through improved memory handling.\n\nCVE-2016-4587 : Apple\n\n**WebKit**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: Visiting a malicious website may disclose image data from another website\n\nDescription: A timing issue existed in the processing of SVG. This issue was addressed through improved validation.\n\nCVE-2016-4583 : Roeland Krak\n\n**WebKit**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: Visiting a maliciously crafted website may leak sensitive data\n\nDescription: A permissions issue existed in the handling of the location variable. This was addressed though additional ownership checks.\n\nCVE-2016-4591 : ma.la of LINE Corporation\n\n**WebKit**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: Visiting a maliciously crafted website may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-4589 : Tongbo Luo and Bo Qu of Palo Alto Networks\n\nCVE-2016-4622 : Samuel Gross working with Trend Micro's Zero Day Initiative\n\nCVE-2016-4623 : Apple\n\nCVE-2016-4624 : Apple\n\n**WebKit**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: Visiting a malicious website may lead to user interface spoofing\n\nDescription: An origin inheritance issue existed in parsing of about: URLs. This was addressed through improved validation of security origins.\n\nCVE-2016-4590 : xisigr of Tencent's Xuanwu Lab (www.tencent.com)\n\n**WebKit**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: Visiting a maliciously crafted webpage may lead to a system denial of service\n\nDescription: A memory consumption issue was addressed through improved memory handling.\n\nCVE-2016-4592 : Mikhail\n\n**WebKit JavaScript Bindings**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: Visiting a maliciously crafted website may lead to script execution in the context of a non-HTTP service\n\nDescription: A cross-protocol cross-site scripting (XPXSS) issue existed in Safari when submitting forms to non-HTTP services compatible with HTTP/0.9. This issue was addressed by disabling scripts and plugins on resources loaded over HTTP/0.9.\n\nCVE-2016-4651 : Obscure\n\n**WebKit Page Loading**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: A malicious website may exfiltrate data cross-origin\n\nDescription: A cross-site scripting issue existed in Safari URL redirection. This issue was addressed through improved URL validation on redirection.\n\nCVE-2016-4585 : Takeshi Terada of Mitsui Bussan Secure Directions, Inc. (www.mbsd.jp)\n\n**WebKit Page Loading**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: Visiting a maliciously crafted website may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-4584 : Chris Vienneau\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: November 30, 2017\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2016-07-18T00:00:00", "type": "apple", "title": "About the security content of iOS 9.3.3", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8317", "CVE-2016-1683", "CVE-2016-1684", "CVE-2016-1836", "CVE-2016-1863", "CVE-2016-1865", "CVE-2016-4447", "CVE-2016-4448", "CVE-2016-4449", "CVE-2016-4483", "CVE-2016-4582", "CVE-2016-4583", "CVE-2016-4584", "CVE-2016-4585", "CVE-2016-4587", "CVE-2016-4589", "CVE-2016-4590", "CVE-2016-4591", "CVE-2016-4592", "CVE-2016-4593", "CVE-2016-4594", "CVE-2016-4603", "CVE-2016-4604", "CVE-2016-4605", "CVE-2016-4607", "CVE-2016-4608", "CVE-2016-4609", "CVE-2016-4610", "CVE-2016-4614", "CVE-2016-4615", "CVE-2016-4616", "CVE-2016-4622", "CVE-2016-4623", "CVE-2016-4624", "CVE-2016-4626", "CVE-2016-4627", "CVE-2016-4628", "CVE-2016-4631", "CVE-2016-4632", "CVE-2016-4635", "CVE-2016-4637", "CVE-2016-4642", "CVE-2016-4643", "CVE-2016-4644", "CVE-2016-4651", "CVE-2016-4653", "CVE-2016-6559", "CVE-2016-7576", "CVE-2016-7705"], "modified": "2016-07-18T00:00:00", "id": "APPLE:138B6A194013E2308AFAD7088D94B143", "href": "https://support.apple.com/kb/HT206902", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:42:26", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://www.apple.com/support/security/>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## tvOS 9.2.2\n\nReleased July 18, 2016\n\n**CFNetwork Credentials**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An attacker in a privileged network position may be able to leak sensitive user information\n\nDescription: A downgrade issue existed with HTTP authentication credentials saved in Keychain. This issue was addressed by storing the authentication types with the credentials.\n\nCVE-2016-4644 : Jerry Decime coordinated via CERT\n\n**CFNetwork Proxies**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An attacker in a privileged network position may be able to leak sensitive user information\n\nDescription: A validation issue existed in the parsing of 407 responses. This issue was addressed through improved response validation.\n\nCVE-2016-4643 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua University; Jerry Decime coordinated via CERT\n\n**CFNetwork Proxies**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may unknowingly send a password unencrypted over the network\n\nDescription: Proxy authentication incorrectly reported HTTP proxies received credentials securely. This issue was addressed through improved warnings.\n\nCVE-2016-4642 : Jerry Decime coordinated via CERT\n\n**CoreGraphics**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A remote attacker may be able to execute arbitrary code\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com/vulnerability-reports)\n\n**ImageIO**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: A memory consumption issue was addressed through improved memory handling.\n\nCVE-2016-4632 : Evgeny Sidorov of Yandex\n\n**ImageIO**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A remote attacker may be able to execute arbitrary code\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-4631 : Tyler Bohan of Cisco Talos (talosintel.com/vulnerability-reports)\n\n**ImageIO**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2016-7705: Craig Young of Tripwire VERT\n\nEntry added November 30, 2017\n\n**IOAcceleratorFamily**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A local user may be able to execute arbitrary code with kernel privileges\n\nDescription: A null pointer dereference was addressed through improved validation.\n\nCVE-2016-4627 : Ju Zhu of Trend Micro\n\n**IOHIDFamily**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A local user may be able to execute arbitrary code with kernel privileges\n\nDescription: A null pointer dereference was addressed through improved input validation.\n\nCVE-2016-4626 : Stefan Esser of SektionEins\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A local user may be able to execute arbitrary code with kernel privileges\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-1863 : Ian Beer of Google Project Zero\n\nCVE-2016-4653 : Ju Zhu of Trend Micro\n\nCVE-2016-4582 : Shrek_wzw and Proteas of Qihoo 360 Nirvan Team\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A local user may be able to cause a system denial of service\n\nDescription: A null pointer dereference was addressed through improved input validation.\n\nCVE-2016-1865 : CESG, Marco Grassi (@marcograss) of KeenLab(@keen_lab), Tencent\n\n**libxml2**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Parsing a maliciously crafted XML document may lead to disclosure of user information\n\nDescription: An access issue existed in the parsing of maliciously crafted XML files. This issue was addressed through improved input validation.\n\nCVE-2016-4449 : Kostya Serebryany\n\n**libxml2**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Multiple vulnerabilities in libxml2\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2015-8317 : Hanno Boeck\n\nCVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University\n\nCVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological University\n\nCVE-2016-4448 : Apple\n\nCVE-2016-4483 : Gustavo Grieco\n\nCVE-2016-4614 : Nick Wellnhofer\n\nCVE-2016-4615 : Nick Wellnhofer\n\nCVE-2016-4616 : Michael Paddon\n\nEntry updated June 5, 2017\n\n**libxslt**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Multiple vulnerabilities in libxslt\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-1683 : Nicolas Gr\u00e9goire\n\nCVE-2016-1684 : Nicolas Gr\u00e9goire\n\nCVE-2016-4607 : Nick Wellnhofer\n\nCVE-2016-4608 : Nicolas Gr\u00e9goire\n\nCVE-2016-4609 : Nick Wellnhofer\n\nCVE-2016-4610 : Nick Wellnhofer\n\nEntry updated April 11, 2017\n\n**Sandbox Profiles**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A local application may be able to access the process list\n\nDescription: An access issue existed with privileged API calls. This issue was addressed through additional restrictions.\n\nCVE-2016-4594 : Stefan Esser of SektionEins\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-4586 : Apple\n\nCVE-2016-4588 : Apple\n\nCVE-2016-4589 : Tongbo Luo and Bo Qu of Palo Alto Networks\n\nCVE-2016-4622 : Samuel Gross working with Trend Micro\u2019s Zero Day Initiative\n\nCVE-2016-4623 : Apple\n\nCVE-2016-4624 : Apple\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may disclose image data from another website\n\nDescription: A timing issue existed in the processing of SVG. This issue was addressed through improved validation.\n\nCVE-2016-4583 : Roeland Krak\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may result in the disclosure of process memory\n\nDescription: A memory initialization issue was addressed through improved memory handling.\n\nCVE-2016-4587 : Apple\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Visiting a maliciously crafted website may leak sensitive data\n\nDescription: A permissions issue existed in the handling of the location variable. This was addressed though additional ownership checks.\n\nCVE-2016-4591 : ma.la of LINE Corporation\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to a system denial of service\n\nDescription: A memory consumption issue was addressed through improved memory handling.\n\nCVE-2016-4592 : Mikhail\n\n**WebKit Page Loading**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary\n\ncode execution\n\nDescription: Multiple memory corruption issues were addressed\n\nthrough improved memory handling.\n\nCVE-2016-4584 : Chris Vienneau\n\n**WebKit Page Loading**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A malicious website may exfiltrate data cross-origin\n\nDescription: A cross-site scripting issue existed in Safari URL redirection. This issue was addressed through improved URL validation on redirection.\n\nCVE-2016-4585 : Takeshi Terada of Mitsui Bussan Secure Directions, Inc. (www.mbsd.jp)\n", "edition": 3, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2017-11-30T10:32:51", "title": "About the security content of tvOS 9.2.2 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4653", "CVE-2016-4626", "CVE-2016-4614", "CVE-2016-4587", "CVE-2016-4584", "CVE-2016-4643", "CVE-2015-8317", "CVE-2016-1836", "CVE-2016-4616", "CVE-2016-4644", "CVE-2016-4623", "CVE-2016-4582", "CVE-2016-4610", "CVE-2016-4609", "CVE-2016-4583", "CVE-2016-7705", "CVE-2016-1863", "CVE-2016-4632", "CVE-2016-4624", "CVE-2016-4483", "CVE-2016-4586", "CVE-2016-4642", "CVE-2016-4607", "CVE-2016-4637", "CVE-2016-4449", "CVE-2016-4588", "CVE-2016-4448", "CVE-2016-4591", "CVE-2016-4589", "CVE-2016-4615", "CVE-2016-4622", "CVE-2016-4585", "CVE-2016-1683", "CVE-2016-1684", "CVE-2016-4608", "CVE-2016-4447", "CVE-2016-4631", "CVE-2016-1865", "CVE-2016-4592", "CVE-2016-4594", "CVE-2016-4627"], "modified": "2017-11-30T10:32:51", "id": "APPLE:HT206905", "href": "https://support.apple.com/kb/HT206905", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-11-10T17:01:07", "description": "# About the security content of tvOS 9.2.2\n\nThis document describes the security content of tvOS 9.2.2.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://www.apple.com/support/security/>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## tvOS 9.2.2\n\nReleased July 18, 2016\n\n**CFNetwork Credentials**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An attacker in a privileged network position may be able to leak sensitive user information\n\nDescription: A downgrade issue existed with HTTP authentication credentials saved in Keychain. This issue was addressed by storing the authentication types with the credentials.\n\nCVE-2016-4644 : Jerry Decime coordinated via CERT\n\n**CFNetwork Proxies**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An attacker in a privileged network position may be able to leak sensitive user information\n\nDescription: A validation issue existed in the parsing of 407 responses. This issue was addressed through improved response validation.\n\nCVE-2016-4643 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua University; Jerry Decime coordinated via CERT\n\n**CFNetwork Proxies**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may unknowingly send a password unencrypted over the network\n\nDescription: Proxy authentication incorrectly reported HTTP proxies received credentials securely. This issue was addressed through improved warnings.\n\nCVE-2016-4642 : Jerry Decime coordinated via CERT\n\n**CoreGraphics**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A remote attacker may be able to execute arbitrary code\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com/vulnerability-reports)\n\n**ImageIO**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: A memory consumption issue was addressed through improved memory handling.\n\nCVE-2016-4632 : Evgeny Sidorov of Yandex\n\n**ImageIO**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A remote attacker may be able to execute arbitrary code\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-4631 : Tyler Bohan of Cisco Talos (talosintel.com/vulnerability-reports)\n\n**ImageIO**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2016-7705: Craig Young of Tripwire VERT\n\nEntry added November 30, 2017\n\n**IOAcceleratorFamily**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A local user may be able to execute arbitrary code with kernel privileges\n\nDescription: A null pointer dereference was addressed through improved validation.\n\nCVE-2016-4627 : Ju Zhu of Trend Micro\n\n**IOHIDFamily**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A local user may be able to execute arbitrary code with kernel privileges\n\nDescription: A null pointer dereference was addressed through improved input validation.\n\nCVE-2016-4626 : Stefan Esser of SektionEins\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A local user may be able to execute arbitrary code with kernel privileges\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-1863 : Ian Beer of Google Project Zero\n\nCVE-2016-4653 : Ju Zhu of Trend Micro\n\nCVE-2016-4582 : Shrek_wzw and Proteas of Qihoo 360 Nirvan Team\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A local user may be able to cause a system denial of service\n\nDescription: A null pointer dereference was addressed through improved input validation.\n\nCVE-2016-1865 : CESG, Marco Grassi (@marcograss) of KeenLab(@keen_lab), Tencent\n\n**libxml2**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Parsing a maliciously crafted XML document may lead to disclosure of user information\n\nDescription: An access issue existed in the parsing of maliciously crafted XML files. This issue was addressed through improved input validation.\n\nCVE-2016-4449 : Kostya Serebryany\n\n**libxml2**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Multiple vulnerabilities in libxml2\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2015-8317 : Hanno Boeck\n\nCVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University\n\nCVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological University\n\nCVE-2016-4448 : Apple\n\nCVE-2016-4483 : Gustavo Grieco\n\nCVE-2016-4614 : Nick Wellnhofer\n\nCVE-2016-4615 : Nick Wellnhofer\n\nCVE-2016-4616 : Michael Paddon\n\nEntry updated June 5, 2017\n\n**libxslt**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Multiple vulnerabilities in libxslt\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-1683 : Nicolas Gr\u00e9goire\n\nCVE-2016-1684 : Nicolas Gr\u00e9goire\n\nCVE-2016-4607 : Nick Wellnhofer\n\nCVE-2016-4608 : Nicolas Gr\u00e9goire\n\nCVE-2016-4609 : Nick Wellnhofer\n\nCVE-2016-4610 : Nick Wellnhofer\n\nEntry updated April 11, 2017\n\n**Sandbox Profiles**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A local application may be able to access the process list\n\nDescription: An access issue existed with privileged API calls. This issue was addressed through additional restrictions.\n\nCVE-2016-4594 : Stefan Esser of SektionEins\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-4586 : Apple\n\nCVE-2016-4588 : Apple\n\nCVE-2016-4589 : Tongbo Luo and Bo Qu of Palo Alto Networks\n\nCVE-2016-4622 : Samuel Gross working with Trend Micro\u2019s Zero Day Initiative\n\nCVE-2016-4623 : Apple\n\nCVE-2016-4624 : Apple\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may disclose image data from another website\n\nDescription: A timing issue existed in the processing of SVG. This issue was addressed through improved validation.\n\nCVE-2016-4583 : Roeland Krak\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may result in the disclosure of process memory\n\nDescription: A memory initialization issue was addressed through improved memory handling.\n\nCVE-2016-4587 : Apple\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Visiting a maliciously crafted website may leak sensitive data\n\nDescription: A permissions issue existed in the handling of the location variable. This was addressed though additional ownership checks.\n\nCVE-2016-4591 : ma.la of LINE Corporation\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to a system denial of service\n\nDescription: A memory consumption issue was addressed through improved memory handling.\n\nCVE-2016-4592 : Mikhail\n\n**WebKit Page Loading**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary\n\ncode execution\n\nDescription: Multiple memory corruption issues were addressed\n\nthrough improved memory handling.\n\nCVE-2016-4584 : Chris Vienneau\n\n**WebKit Page Loading**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A malicious website may exfiltrate data cross-origin\n\nDescription: A cross-site scripting issue existed in Safari URL redirection. This issue was addressed through improved URL validation on redirection.\n\nCVE-2016-4585 : Takeshi Terada of Mitsui Bussan Secure Directions, Inc. (www.mbsd.jp)\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: November 30, 2017\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2016-07-18T00:00:00", "type": "apple", "title": "About the security content of tvOS 9.2.2", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8317", "CVE-2016-1683", "CVE-2016-1684", "CVE-2016-1836", "CVE-2016-1863", "CVE-2016-1865", "CVE-2016-4447", "CVE-2016-4448", "CVE-2016-4449", "CVE-2016-4483", "CVE-2016-4582", "CVE-2016-4583", "CVE-2016-4584", "CVE-2016-4585", "CVE-2016-4586", "CVE-2016-4587", "CVE-2016-4588", "CVE-2016-4589", "CVE-2016-4591", "CVE-2016-4592", "CVE-2016-4594", "CVE-2016-4607", "CVE-2016-4608", "CVE-2016-4609", "CVE-2016-4610", "CVE-2016-4614", "CVE-2016-4615", "CVE-2016-4616", "CVE-2016-4622", "CVE-2016-4623", "CVE-2016-4624", "CVE-2016-4626", "CVE-2016-4627", "CVE-2016-4631", "CVE-2016-4632", "CVE-2016-4637", "CVE-2016-4642", "CVE-2016-4643", "CVE-2016-4644", "CVE-2016-4653", "CVE-2016-7705"], "modified": "2016-07-18T00:00:00", "id": "APPLE:8DE1B81CB3F1FAE2DFA54423887EED84", "href": "https://support.apple.com/kb/HT206905", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:43:53", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## watchOS 2.2.2\n\nReleased July 18, 2016\n\n**CoreGraphics**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: A remote attacker may be able to execute arbitrary code\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com/vulnerability-reports)\n\n**ImageIO**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: A memory consumption issue was addressed through improved memory handling.\n\nCVE-2016-4632 : Evgeny Sidorov of Yandex\n\n**ImageIO**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: A remote attacker may be able to execute arbitrary code\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-4631 : Tyler Bohan of Cisco Talos (talosintel.com/vulnerability-reports)\n\n**ImageIO**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2016-7705: Craig Young of Tripwire VERT\n\nEntry added November 30, 2017\n\n**IOAcceleratorFamily**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: A local user may be able to execute arbitrary code with kernel privileges\n\nDescription: A null pointer dereference was addressed through improved validation.\n\nCVE-2016-4627 : Ju Zhu of Trend Micro\n\n**IOAcceleratorFamily**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: A local user may be able to read kernel memory\n\nDescription: An out-of-bounds read was addressed through improved bounds checking.\n\nCVE-2016-4628 : Ju Zhu of Trend Micro\n\n**IOHIDFamily**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: A local user may be able to execute arbitrary code with kernel privileges\n\nDescription: A null pointer dereference was addressed through improved input validation.\n\nCVE-2016-4626 : Stefan Esser of SektionEins\n\n**IOHIDFamily**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2016-4650 : Peter Pi of Trend Micro working with HP's Zero Day Initiative\n\nEntry added July 29, 2016\n\n**Kernel**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: A local user may be able to execute arbitrary code with kernel privileges\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-1863 : Ian Beer of Google Project Zero\n\nCVE-2016-4653 : Ju Zhu of Trend Micro\n\nCVE-2016-4582 : Shrek_wzw and Proteas of Qihoo 360 Nirvan Team\n\n**Kernel**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: A local user may be able to cause a system denial of service\n\nDescription: A null pointer dereference was addressed through improved input validation.\n\nCVE-2016-1865 : CESG, Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent\n\n**Libc**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow existed within the \"link_ntoa()\" function in linkaddr.c. This issue was addressed through additional bounds checking.\n\nCVE-2016-6559 : Apple\n\nEntry added January 10, 2017\n\n**libxml2**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: Multiple vulnerabilities in libxml2\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2015-8317 : Hanno Boeck\n\nCVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University\n\nCVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological University\n\nCVE-2016-4448 : Apple\n\nCVE-2016-4483 : Gustavo Grieco\n\nCVE-2016-4614 : Nick Wellnhofer\n\nCVE-2016-4615 : Nick Wellnhofer\n\nCVE-2016-4616 : Michael Paddon\n\nEntry updated June 5, 2017\n\n**libxml2**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: Parsing a maliciously crafted XML document may lead to disclosure of user information\n\nDescription: An access issue existed in the parsing of maliciously crafted XML files. This issue was addressed through improved input validation.\n\nCVE-2016-4449 : Kostya Serebryany\n\n**libxslt**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: Multiple vulnerabilities in libxslt\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-1683 : Nicolas Gr\u00e9goire\n\nCVE-2016-1684 : Nicolas Gr\u00e9goire\n\nCVE-2016-4607 : Nick Wellnhofer\n\nCVE-2016-4608 : Nicolas Gr\u00e9goire\n\nCVE-2016-4609 : Nick Wellnhofer\n\nCVE-2016-4610 : Nick Wellnhofer\n\nEntry updated April 11, 2017\n\n**Sandbox Profiles**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: A local application may be able to access the process list\n\nDescription: An access issue existed with privileged API calls. This issue was addressed through additional restrictions.\n\nCVE-2016-4594 : Stefan Esser of SektionEins\n", "edition": 3, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2017-11-30T10:36:40", "title": "About the security content of watchOS 2.2.2 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4653", "CVE-2016-4626", "CVE-2016-4614", "CVE-2015-8317", "CVE-2016-1836", "CVE-2016-4616", "CVE-2016-4582", "CVE-2016-4610", "CVE-2016-4609", "CVE-2016-7705", "CVE-2016-1863", "CVE-2016-4632", "CVE-2016-4483", "CVE-2016-6559", "CVE-2016-4607", "CVE-2016-4637", "CVE-2016-4449", "CVE-2016-4628", "CVE-2016-4448", "CVE-2016-4615", "CVE-2016-4650", "CVE-2016-1683", "CVE-2016-1684", "CVE-2016-4608", "CVE-2016-4447", "CVE-2016-4631", "CVE-2016-1865", "CVE-2016-4594", "CVE-2016-4627"], "modified": "2017-11-30T10:36:40", "id": "APPLE:HT206904", "href": "https://support.apple.com/kb/HT206904", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-11-10T17:01:11", "description": "# About the security content of watchOS 2.2.2\n\nThis document describes the security content of watchOS 2.2.2.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## watchOS 2.2.2\n\nReleased July 18, 2016\n\n**CoreGraphics**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: A remote attacker may be able to execute arbitrary code\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com/vulnerability-reports)\n\n**ImageIO**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: A memory consumption issue was addressed through improved memory handling.\n\nCVE-2016-4632 : Evgeny Sidorov of Yandex\n\n**ImageIO**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: A remote attacker may be able to execute arbitrary code\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-4631 : Tyler Bohan of Cisco Talos (talosintel.com/vulnerability-reports)\n\n**ImageIO**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2016-7705: Craig Young of Tripwire VERT\n\nEntry added November 30, 2017\n\n**IOAcceleratorFamily**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: A local user may be able to execute arbitrary code with kernel privileges\n\nDescription: A null pointer dereference was addressed through improved validation.\n\nCVE-2016-4627 : Ju Zhu of Trend Micro\n\n**IOAcceleratorFamily**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: A local user may be able to read kernel memory\n\nDescription: An out-of-bounds read was addressed through improved bounds checking.\n\nCVE-2016-4628 : Ju Zhu of Trend Micro\n\n**IOHIDFamily**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: A local user may be able to execute arbitrary code with kernel privileges\n\nDescription: A null pointer dereference was addressed through improved input validation.\n\nCVE-2016-4626 : Stefan Esser of SektionEins\n\n**IOHIDFamily**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2016-4650 : Peter Pi of Trend Micro working with HP's Zero Day Initiative\n\nEntry added July 29, 2016\n\n**Kernel**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: A local user may be able to execute arbitrary code with kernel privileges\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-1863 : Ian Beer of Google Project Zero\n\nCVE-2016-4653 : Ju Zhu of Trend Micro\n\nCVE-2016-4582 : Shrek_wzw and Proteas of Qihoo 360 Nirvan Team\n\n**Kernel**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: A local user may be able to cause a system denial of service\n\nDescription: A null pointer dereference was addressed through improved input validation.\n\nCVE-2016-1865 : CESG, Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent\n\n**Libc**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow existed within the \"link_ntoa()\" function in linkaddr.c. This issue was addressed through additional bounds checking.\n\nCVE-2016-6559 : Apple\n\nEntry added January 10, 2017\n\n**libxml2**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: Multiple vulnerabilities in libxml2\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2015-8317 : Hanno Boeck\n\nCVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University\n\nCVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological University\n\nCVE-2016-4448 : Apple\n\nCVE-2016-4483 : Gustavo Grieco\n\nCVE-2016-4614 : Nick Wellnhofer\n\nCVE-2016-4615 : Nick Wellnhofer\n\nCVE-2016-4616 : Michael Paddon\n\nEntry updated June 5, 2017\n\n**libxml2**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: Parsing a maliciously crafted XML document may lead to disclosure of user information\n\nDescription: An access issue existed in the parsing of maliciously crafted XML files. This issue was addressed through improved input validation.\n\nCVE-2016-4449 : Kostya Serebryany\n\n**libxslt**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: Multiple vulnerabilities in libxslt\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-1683 : Nicolas Gr\u00e9goire\n\nCVE-2016-1684 : Nicolas Gr\u00e9goire\n\nCVE-2016-4607 : Nick Wellnhofer\n\nCVE-2016-4608 : Nicolas Gr\u00e9goire\n\nCVE-2016-4609 : Nick Wellnhofer\n\nCVE-2016-4610 : Nick Wellnhofer\n\nEntry updated April 11, 2017\n\n**Sandbox Profiles**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: A local application may be able to access the process list\n\nDescription: An access issue existed with privileged API calls. This issue was addressed through additional restrictions.\n\nCVE-2016-4594 : Stefan Esser of SektionEins\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: November 30, 2017\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2016-07-18T00:00:00", "type": "apple", "title": "About the security content of watchOS 2.2.2", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8317", "CVE-2016-1683", "CVE-2016-1684", "CVE-2016-1836", "CVE-2016-1863", "CVE-2016-1865", "CVE-2016-4447", "CVE-2016-4448", "CVE-2016-4449", "CVE-2016-4483", "CVE-2016-4582", "CVE-2016-4594", "CVE-2016-4607", "CVE-2016-4608", "CVE-2016-4609", "CVE-2016-4610", "CVE-2016-4614", "CVE-2016-4615", "CVE-2016-4616", "CVE-2016-4626", "CVE-2016-4627", "CVE-2016-4628", "CVE-2016-4631", "CVE-2016-4632", "CVE-2016-4637", "CVE-2016-4650", "CVE-2016-4653", "CVE-2016-6559", "CVE-2016-7705"], "modified": "2016-07-18T00:00:00", "id": "APPLE:6675EF5C2567C41D8B07EDE19642D215", "href": "https://support.apple.com/kb/HT206904", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:43:58", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://www.apple.com/support/security/>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## iTunes 12.4.2 for Windows\n\nReleased July 18, 2016\n\n**libxml2**\n\nAvailable for: Windows 7 and later\n\nImpact: Multiple vulnerabilities in libxml2\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2015-8317 : Hanno Boeck\n\nCVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University\n\nCVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological University\n\nCVE-2016-4448 : Apple\n\nCVE-2016-4483 : Gustavo Grieco\n\nCVE-2016-4614 : Nick Wellnhofer\n\nCVE-2016-4615 : Nick Wellnhofer\n\nCVE-2016-4616 : Michael Paddon\n\nEntry updated June 4, 2017\n\n**libxml2**\n\nAvailable for: Windows 7 and later\n\nImpact: Parsing a maliciously crafted XML document may lead to disclosure of user information\n\nDescription: An access issue existed in the parsing of maliciously crafted XML files. This issue was addressed through improved input validation.\n\nCVE-2016-4449 : Kostya Serebryany\n\n**libxslt**\n\nAvailable for: Windows 7 and later\n\nImpact: Multiple vulnerabilities in libxslt\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-1683 : Nicolas Gr\u00e9goire\n\nCVE-2016-1684 : Nicolas Gr\u00e9goire\n\nCVE-2016-4607 : Nick Wellnhofer\n\nCVE-2016-4608 : Nicolas Gr\u00e9goire\n\nCVE-2016-4609 : Nick Wellnhofer\n\nCVE-2016-4610 : Nick Wellnhofer\n\nEntry updated April 11, 2017\n", "edition": 3, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2017-06-10T11:47:52", "title": "About the security content of iTunes 12.4.2 for Windows - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4614", "CVE-2015-8317", "CVE-2016-1836", "CVE-2016-4616", "CVE-2016-4610", "CVE-2016-4609", "CVE-2016-4483", "CVE-2016-4607", "CVE-2016-4449", "CVE-2016-4448", "CVE-2016-4615", "CVE-2016-1683", "CVE-2016-1684", "CVE-2016-4608", "CVE-2016-4447"], "modified": "2017-06-10T11:47:52", "id": "APPLE:HT206901", "href": "https://support.apple.com/kb/HT206901", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:43:46", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://www.apple.com/support/security/>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## iCloud for Windows 5.2.1\n\nReleased July 18, 2016\n\n**libxml2**\n\nAvailable for: Windows 7 and later\n\nImpact: Multiple vulnerabilities in libxml2\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2015-8317 : Hanno Boeck\n\nCVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University\n\nCVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological University\n\nCVE-2016-4448 : Apple\n\nCVE-2016-4483 : Gustavo Grieco\n\nCVE-2016-4614 : Nick Wellnhofer\n\nCVE-2016-4615 : Nick Wellnhofer\n\nCVE-2016-4616 : Michael Paddon\n\nEntry updated June 4, 2017\n\n**libxml2**\n\nAvailable for: Windows 7 and later\n\nImpact: Parsing a maliciously crafted XML document may lead to disclosure of user information\n\nDescription: An access issue existed in the parsing of maliciously crafted XML files. This issue was addressed through improved input validation.\n\nCVE-2016-4449 : Kostya Serebryany\n\n**libxslt**\n\nAvailable for: Windows 7 and later\n\nImpact: Multiple vulnerabilities in libxslt\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-1683 : Nicolas Gr\u00e9goire\n\nCVE-2016-1684 : Nicolas Gr\u00e9goire\n\nCVE-2016-4607 : Nick Wellnhofer\n\nCVE-2016-4608 : Nicolas Gr\u00e9goire\n\nCVE-2016-4609 : Nick Wellnhofer\n\nCVE-2016-4610 : Nick Wellnhofer\n\nEntry updated April 11, 2017\n", "edition": 3, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2017-06-10T11:43:45", "title": "About the security content of iCloud for Windows 5.2.1 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4614", "CVE-2015-8317", "CVE-2016-1836", "CVE-2016-4616", "CVE-2016-4610", "CVE-2016-4609", "CVE-2016-4483", "CVE-2016-4607", "CVE-2016-4449", "CVE-2016-4448", "CVE-2016-4615", "CVE-2016-1683", "CVE-2016-1684", "CVE-2016-4608", "CVE-2016-4447"], "modified": "2017-06-10T11:43:45", "id": "APPLE:HT206899", "href": "https://support.apple.com/kb/HT206899", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-11-10T17:01:06", "description": "# About the security content of iCloud for Windows 5.2.1\n\nThis document describes the security content of iCloud for Windows 5.2.1.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://www.apple.com/support/security/>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## iCloud for Windows 5.2.1\n\nReleased July 18, 2016\n\n**libxml2**\n\nAvailable for: Windows 7 and later\n\nImpact: Multiple vulnerabilities in libxml2\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2015-8317 : Hanno Boeck\n\nCVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University\n\nCVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological University\n\nCVE-2016-4448 : Apple\n\nCVE-2016-4483 : Gustavo Grieco\n\nCVE-2016-4614 : Nick Wellnhofer\n\nCVE-2016-4615 : Nick Wellnhofer\n\nCVE-2016-4616 : Michael Paddon\n\nEntry updated June 4, 2017\n\n**libxml2**\n\nAvailable for: Windows 7 and later\n\nImpact: Parsing a maliciously crafted XML document may lead to disclosure of user information\n\nDescription: An access issue existed in the parsing of maliciously crafted XML files. This issue was addressed through improved input validation.\n\nCVE-2016-4449 : Kostya Serebryany\n\n**libxslt**\n\nAvailable for: Windows 7 and later\n\nImpact: Multiple vulnerabilities in libxslt\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-1683 : Nicolas Gr\u00e9goire\n\nCVE-2016-1684 : Nicolas Gr\u00e9goire\n\nCVE-2016-4607 : Nick Wellnhofer\n\nCVE-2016-4608 : Nicolas Gr\u00e9goire\n\nCVE-2016-4609 : Nick Wellnhofer\n\nCVE-2016-4610 : Nick Wellnhofer\n\nEntry updated April 11, 2017\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: June 10, 2017\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2016-07-18T00:00:00", "type": "apple", "title": "About the security content of iCloud for Windows 5.2.1", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8317", "CVE-2016-1683", "CVE-2016-1684", "CVE-2016-1836", "CVE-2016-4447", "CVE-2016-4448", "CVE-2016-4449", "CVE-2016-4483", "CVE-2016-4607", "CVE-2016-4608", "CVE-2016-4609", "CVE-2016-4610", "CVE-2016-4614", "CVE-2016-4615", "CVE-2016-4616"], "modified": "2016-07-18T00:00:00", "id": "APPLE:A698320079BD7F6AF117CDE3A822068D", "href": "https://support.apple.com/kb/HT206899", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-11-10T17:01:06", "description": "# About the security content of iTunes 12.4.2 for Windows\n\nThis document describes the security content of iTunes 12.4.2 for Windows.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://www.apple.com/support/security/>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## iTunes 12.4.2 for Windows\n\nReleased July 18, 2016\n\n**libxml2**\n\nAvailable for: Windows 7 and later\n\nImpact: Multiple vulnerabilities in libxml2\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2015-8317 : Hanno Boeck\n\nCVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University\n\nCVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological University\n\nCVE-2016-4448 : Apple\n\nCVE-2016-4483 : Gustavo Grieco\n\nCVE-2016-4614 : Nick Wellnhofer\n\nCVE-2016-4615 : Nick Wellnhofer\n\nCVE-2016-4616 : Michael Paddon\n\nEntry updated June 4, 2017\n\n**libxml2**\n\nAvailable for: Windows 7 and later\n\nImpact: Parsing a maliciously crafted XML document may lead to disclosure of user information\n\nDescription: An access issue existed in the parsing of maliciously crafted XML files. This issue was addressed through improved input validation.\n\nCVE-2016-4449 : Kostya Serebryany\n\n**libxslt**\n\nAvailable for: Windows 7 and later\n\nImpact: Multiple vulnerabilities in libxslt\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-1683 : Nicolas Gr\u00e9goire\n\nCVE-2016-1684 : Nicolas Gr\u00e9goire\n\nCVE-2016-4607 : Nick Wellnhofer\n\nCVE-2016-4608 : Nicolas Gr\u00e9goire\n\nCVE-2016-4609 : Nick Wellnhofer\n\nCVE-2016-4610 : Nick Wellnhofer\n\nEntry updated April 11, 2017\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: June 10, 2017\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2016-07-18T00:00:00", "type": "apple", "title": "About the security content of iTunes 12.4.2 for Windows", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8317", "CVE-2016-1683", "CVE-2016-1684", "CVE-2016-1836", "CVE-2016-4447", "CVE-2016-4448", "CVE-2016-4449", "CVE-2016-4483", "CVE-2016-4607", "CVE-2016-4608", "CVE-2016-4609", "CVE-2016-4610", "CVE-2016-4614", "CVE-2016-4615", "CVE-2016-4616"], "modified": "2016-07-18T00:00:00", "id": "APPLE:AD3C9159192D0BE1FCE85D24889D3B53", "href": "https://support.apple.com/kb/HT206901", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:42:42", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://www.apple.com/support/security/>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## Safari 9.1.2\n\nReleased July 18, 2016\n\n**WebKit**\n\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.6\n\nImpact: Visiting a maliciously crafted website may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-4589 : Tongbo Luo and Bo Qu of Palo Alto Networks\n\nCVE-2016-4622 : Samuel Gross working with Trend Micro's Zero Day\n\nCVE-2016-4623 : Apple\n\nCVE-2016-4624 : Apple\n\nCVE-2016-4586 : Apple\n\n**WebKit**\n\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.6\n\nImpact: Visiting a malicious website may disclose image data from another website\n\nDescription: A timing issue existed in the processing of SVG. This issue was addressed through improved validation.\n\nCVE-2016-4583 : Roeland Krak\n\n**WebKit**\n\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.6\n\nImpact: Visiting a maliciously crafted webpage may lead to a system denial of service\n\nDescription: A memory consumption issue was addressed through improved memory handling.\n\nCVE-2016-4592 : Mikhail\n\n**WebKit**\n\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.6\n\nImpact: Visiting a maliciously crafted website may leak sensitive data\n\nDescription: A permissions issue existed in the handling of the location variable. This was addressed though additional ownership checks.\n\nCVE-2016-4591 : ma.la of LINE Corporation\n\n**WebKit**\n\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.6\n\nImpact: Visiting a malicious website may lead to user interface spoofing\n\nDescription: An origin inheritance issue existed in parsing of about: URLs. This was addressed through improved validation of security origins.\n\nCVE-2016-4590 : xisigr of Tencent's Xuanwu Lab (www.tencent.com)\n\n**WebKit JavaScript Bindings**\n\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.6\n\nImpact: Visiting a maliciously crafted website may lead to script execution in the context of a non-HTTP service\n\nDescription: A cross-protocol cross-site scripting (XPXSS) issue existed in Safari when submitting forms to non-HTTP services compatible with HTTP/0.9. This issue was addressed by disabling scripts and plugins on resources loaded over HTTP/0.9.\n\nCVE-2016-4651 : Obscure\n\n**WebKit Page Loading**\n\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.6\n\nImpact: A malicious website may exfiltrate data cross-origin\n\nDescription: A cross-site scripting issue existed in Safari URL redirection. This issue was addressed through improved URL validation on redirection.\n\nCVE-2016-4585 : Takeshi Terada of Mitsui Bussan Secure Directions, Inc. (www.mbsd.jp)\n\n**WebKit Page Loading**\n\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.6\n\nImpact: Visiting a maliciously crafted website may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-4584 : Chris Vienneau\n", "edition": 3, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-01-23T03:54:41", "title": "About the security content of Safari 9.1.2 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4584", "CVE-2016-4623", "CVE-2016-4583", "CVE-2016-4624", "CVE-2016-4586", "CVE-2016-4591", "CVE-2016-4651", "CVE-2016-4589", "CVE-2016-4622", "CVE-2016-4585", "CVE-2016-4592", "CVE-2016-4590"], "modified": "2017-01-23T03:54:41", "id": "APPLE:HT206900", "href": "https://support.apple.com/kb/HT206900", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-11-10T17:01:07", "description": "# About the security content of Safari 9.1.2\n\nThis document describes the security content of Safari 9.1.2.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://www.apple.com/support/security/>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## Safari 9.1.2\n\nReleased July 18, 2016\n\n**WebKit**\n\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.6\n\nImpact: Visiting a maliciously crafted website may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-4589 : Tongbo Luo and Bo Qu of Palo Alto Networks\n\nCVE-2016-4622 : Samuel Gross working with Trend Micro's Zero Day\n\nCVE-2016-4623 : Apple\n\nCVE-2016-4624 : Apple\n\nCVE-2016-4586 : Apple\n\n**WebKit**\n\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.6\n\nImpact: Visiting a malicious website may disclose image data from another website\n\nDescription: A timing issue existed in the processing of SVG. This issue was addressed through improved validation.\n\nCVE-2016-4583 : Roeland Krak\n\n**WebKit**\n\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.6\n\nImpact: Visiting a maliciously crafted webpage may lead to a system denial of service\n\nDescription: A memory consumption issue was addressed through improved memory handling.\n\nCVE-2016-4592 : Mikhail\n\n**WebKit**\n\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.6\n\nImpact: Visiting a maliciously crafted website may leak sensitive data\n\nDescription: A permissions issue existed in the handling of the location variable. This was addressed though additional ownership checks.\n\nCVE-2016-4591 : ma.la of LINE Corporation\n\n**WebKit**\n\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.6\n\nImpact: Visiting a malicious website may lead to user interface spoofing\n\nDescription: An origin inheritance issue existed in parsing of about: URLs. This was addressed through improved validation of security origins.\n\nCVE-2016-4590 : xisigr of Tencent's Xuanwu Lab (www.tencent.com)\n\n**WebKit JavaScript Bindings**\n\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.6\n\nImpact: Visiting a maliciously crafted website may lead to script execution in the context of a non-HTTP service\n\nDescription: A cross-protocol cross-site scripting (XPXSS) issue existed in Safari when submitting forms to non-HTTP services compatible with HTTP/0.9. This issue was addressed by disabling scripts and plugins on resources loaded over HTTP/0.9.\n\nCVE-2016-4651 : Obscure\n\n**WebKit Page Loading**\n\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.6\n\nImpact: A malicious website may exfiltrate data cross-origin\n\nDescription: A cross-site scripting issue existed in Safari URL redirection. This issue was addressed through improved URL validation on redirection.\n\nCVE-2016-4585 : Takeshi Terada of Mitsui Bussan Secure Directions, Inc. (www.mbsd.jp)\n\n**WebKit Page Loading**\n\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.6\n\nImpact: Visiting a maliciously crafted website may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-4584 : Chris Vienneau\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: January 23, 2017\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-07-18T00:00:00", "type": "apple", "title": "About the security content of Safari 9.1.2", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4583", "CVE-2016-4584", "CVE-2016-4585", "CVE-2016-4586", "CVE-2016-4589", "CVE-2016-4590", "CVE-2016-4591", "CVE-2016-4592", "CVE-2016-4622", "CVE-2016-4623", "CVE-2016-4624", "CVE-2016-4651"], "modified": "2016-07-18T00:00:00", "id": "APPLE:E38D2652C483FD1A3831B5136C358147", "href": "https://support.apple.com/kb/HT206900", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-11-10T17:01:08", "description": "# About the security content of OS X El Capitan v10.11.6 and Security Update 2016-004\n\nThis document describes the security content of OS X El Capitan v10.11.6 and Security Update 2016-004.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://www.apple.com/support/security/>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## OS X El Capitan v10.11.6 and Security Update 2016-004\n\nReleased July 18, 2016\n\n**apache_mod_php**\n\nAvailable for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later\n\nImpact: A remote attacker may be able to execute arbitrary code\n\nDescription: Multiple issues existed in PHP versions prior to 5.5.36. These were addressed by updating PHP to version 5.5.36.\n\nCVE-2016-5093\n\nCVE-2016-5094\n\nCVE-2016-5096\n\nCVE-2013-7456\n\n**Audio**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A local user may be able to cause a system denial of service\n\nDescription: A null pointer dereference was addressed through improved input validation.\n\nCVE-2016-4649 : Juwei Lin(@fuzzerDOTcn) of Trend Micro\n\n**Audio**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A local user may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2016-4647 : Juwei Lin(@fuzzerDOTcn) of Trend Micro\n\n**Audio**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A local user may be able to determine kernel memory layout\n\nDescription: An out-of-bounds read was addressed through improved input validation.\n\nCVE-2016-4648 : Juwei Lin(@fuzzerDOTcn) of Trend Micro; Jack Tang and Moony Li of Trend Micro working with Trend Micro's Zero Day Initiative\n\n**Audio**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: Parsing a maliciously crafted audio file may lead to the disclosure of user information\n\nDescription: An out-of-bounds read was addressed through improved bounds checking.\n\nCVE-2016-4646 : Steven Seeley of Source Incite working with Trend Micro's Zero Day Initiative\n\n**bsdiff**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A local attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: An integer overflow existed in bspatch. This issue was addressed through improved bounds checking.\n\nCVE-2014-9862 : an anonymous researcher\n\n**CFNetwork**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A local user may be able to view sensitive user information\n\nDescription: A permissions issue existed in the handling of web browser cookies. This issue was addressed through improved restrictions.\n\nCVE-2016-4645 : Abhinav Bansal of Zscaler Inc.\n\n**CFNetwork Credentials**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: An attacker in a privileged network position may be able to leak sensitive user information\n\nDescription: A downgrade issue existed with HTTP authentication credentials saved in Keychain. This issue was addressed by storing the authentication types with the credentials.\n\nCVE-2016-4644 : Jerry Decime coordinated via CERT\n\n**CFNetwork Proxies**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: An attacker in a privileged network position may be able to leak sensitive user information\n\nDescription: A validation issue existed in the parsing of 407 responses. This issue was addressed through improved response validation.\n\nCVE-2016-4643 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua University; Jerry Decime coordinated via CERT\n\n**CFNetwork Proxies**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: An application may unknowingly send a password unencrypted over the network\n\nDescription: Proxy authentication incorrectly reported HTTP proxies received credentials securely. This issue was addressed through improved warnings.\n\nCVE-2016-4642 : Jerry Decime coordinated via CERT\n\n**CoreGraphics**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A local user may be able to elevate privileges\n\nDescription: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation.\n\nCVE-2016-4652 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative\n\n**CoreGraphics**\n\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later\n\nImpact: A remote attacker may be able to execute arbitrary code\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com/vulnerability-reports)\n\n**FaceTime**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: An attacker in a privileged network position may be able to cause a relayed call to continue transmitting audio while appearing as if the call terminated\n\nDescription: User interface inconsistencies existed in the handling of relayed calls. These issues were addressed through improved FaceTime display logic.\n\nCVE-2016-4635 : Martin Vigo\n\n**Graphics Drivers**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A local user may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2016-4634 : Stefan Esser of SektionEins\n\n**ImageIO**\n\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later\n\nImpact: A remote attacker may be able to execute arbitrary code\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-4629 : Tyler Bohan of Cisco Talos (talosintel.com/vulnerability-reports)\n\nCVE-2016-4630 : Tyler Bohan of Cisco Talos (talosintel.com/vulnerability-reports)\n\n**ImageIO**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: A memory consumption issue was addressed through improved memory handling.\n\nCVE-2016-4632 : Evgeny Sidorov of Yandex\n\n**ImageIO**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A remote attacker may be able to execute arbitrary code\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-4631 : Tyler Bohan of Cisco Talos (talosintel.com/vulnerability-reports)\n\n**ImageIO**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2016-7705 : Craig Young of Tripwire VERT\n\nEntry added November 30, 2017\n\n**Intel Graphics Driver**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-4633 : Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent\n\n**IOHIDFamily**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A local user may be able to execute arbitrary code with kernel privileges\n\nDescription: A null pointer dereference was addressed through improved input validation.\n\nCVE-2016-4626 : Stefan Esser of SektionEins\n\n**IOSurface**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A local user may be able to execute arbitrary code with kernel privileges\n\nDescription: A use-after-free was addressed through improved memory management.\n\nCVE-2016-4625 : Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A local user may be able to execute arbitrary code with kernel privileges\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-1863 : Ian Beer of Google Project Zero\n\nCVE-2016-4653 : Ju Zhu of Trend Micro\n\nCVE-2016-4582 : Shrek_wzw and Proteas of Qihoo 360 Nirvan Team\n\n**Kernel**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A local user may be able to cause a system denial of service\n\nDescription: A null pointer dereference was addressed through improved input validation.\n\nCVE-2016-1865 : Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent, CESG\n\n**Libc**\n\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow existed within the \"link_ntoa()\" function in linkaddr.c. This issue was addressed through additional bounds checking.\n\nCVE-2016-6559 : Apple\n\nEntry added January 10, 2017\n\n**libc++abi**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: An application may be able to execute arbitrary code with root privileges\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-4621 : an anonymous researcher\n\n**libexpat**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-0718 : Gustavo Grieco\n\n**LibreSSL**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A remote attacker may be able to execute arbitrary code\n\nDescription: Multiple issues existed in LibreSSL before 2.2.7. These were addressed by updating LibreSSL to version 2.2.7.\n\nCVE-2016-2108 : Huzaifa Sidhpurwala (Red Hat), Hanno B\u00f6ck, David Benjamin (Google), Mark Brand and Ian Beer of Google Project Zero\n\nCVE-2016-2109 : Brian Carpenter\n\n**libxml2**\n\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later\n\nImpact: Multiple vulnerabilities in libxml2\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2015-8317 : Hanno Boeck\n\nCVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University\n\nCVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological University\n\nCVE-2016-4448 : Apple\n\nCVE-2016-4483 : Gustavo Grieco\n\nCVE-2016-4614 : Nick Wellnhofer\n\nCVE-2016-4615 : Nick Wellnhofer\n\nCVE-2016-4616 : Michael Paddon\n\nEntry updated June 5, 2017\n\n**libxml2**\n\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later\n\nImpact: Parsing a maliciously crafted XML document may lead to disclosure of user information\n\nDescription: An access issue existed in the parsing of maliciously crafted XML files. This issue was addressed through improved input validation.\n\nCVE-2016-4449 : Kostya Serebryany\n\n**libxslt**\n\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later\n\nImpact: Multiple vulnerabilities in libxslt\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-1683 : Nicolas Gr\u00e9goire\n\nCVE-2016-1684 : Nicolas Gr\u00e9goire\n\nCVE-2016-4607 : Nick Wellnhofer\n\nCVE-2016-4608 : Nicolas Gr\u00e9goire\n\nCVE-2016-4609 : Nick Wellnhofer\n\nCVE-2016-4610 : Nick Wellnhofer\n\nEntry updated April 11, 2017\n\n**Login Window**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A malicious application may be able to gain root privileges\n\nDescription: A type confusion issue was addressed through improved memory handling.\n\nCVE-2016-4638 : Yubin Fu of Tencent KeenLab working with TrendMicro's Zero Day Initiative\n\n**Login Window**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A malicious application may be able to execute arbitrary code leading to compromise of user information\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2016-4640 : an anonymous researcher working with Trend Micro\u2019s Zero Day Initiative\n\nEntry updated November 16, 2016\n\n**Login Window**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A malicious application may be able to execute arbitrary code leading to the compromise of user information\n\nDescription: A type confusion issue was addressed through improved memory handling.\n\nCVE-2016-4641 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative\n\n**Login Window**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A local user may be able to cause a denial of service\n\nDescription: A memory initialization issue was addressed through improved memory handling.\n\nCVE-2016-4639 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative\n\n**OpenSSL**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A remote attacker may be able to execute arbitrary code\n\nDescription: Multiple issues existed in OpenSSL. These issues were resolved by backporting the fixes from OpenSSL 1.0.2h/1.0.1 to OpenSSL 0.9.8.\n\nCVE-2016-2105 : Guido Vranken\n\nCVE-2016-2106 : Guido Vranken\n\nCVE-2016-2107 : Juraj Somorovsky\n\nCVE-2016-2108 : Huzaifa Sidhpurwala (Red Hat), Hanno B\u00f6ck, David Benjamin (Google), Mark Brand and Ian Beer of Google Project Zero\n\nCVE-2016-2109 : Brian Carpenter\n\nCVE-2016-2176 : Guido Vranken\n\n**QuickTime**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: Processing a maliciously crafted SGI file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2016-4601 : Ke Liu of Tencent's Xuanwu Lab\n\n**QuickTime**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: Processing a maliciously crafted Photoshop document may lead to unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2016-4599 : Ke Liu of Tencent's Xuanwu Lab\n\n**QuickTime**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: Processing a maliciously crafted FlashPix Bitmap Image may lead to unexpected application termination or arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-4596 : Ke Liu of Tencent's Xuanwu Lab\n\nCVE-2016-4597 : Ke Liu of Tencent's Xuanwu Lab\n\nCVE-2016-4600 : Ke Liu of Tencent's Xuanwu Lab\n\nCVE-2016-4602 : Ke Liu of Tencent's Xuanwu Lab\n\n**QuickTime**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2016-4598 : Ke Liu of Tencent's Xuanwu Lab\n\n**Safari Login AutoFill**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A user's password may be visible on screen\n\nDescription: An issue existed in Safari's password auto-fill. This issue was addressed through improved matching of form fields.\n\nCVE-2016-4595 : Jonathan Lewis from DeARX Services (PTY) LTD\n\n**Sandbox Profiles**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A local application may be able to access the process list\n\nDescription: An access issue existed with privileged API calls. This issue was addressed through additional restrictions.\n\nCVE-2016-4594 : Stefan Esser of SektionEins\n\nOS X El Capitan v10.11.6 includes the security content of [Safari 9.1.2](<https://support.apple.com/kb/HT206900>).\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: November 30, 2017\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-07-18T00:00:00", "type": "apple", "title": "About the security content of OS X El Capitan v10.11.6 and Security Update 2016-004", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-7456", "CVE-2014-9862", "CVE-2015-8317", "CVE-2016-0718", "CVE-2016-1683", "CVE-2016-1684", "CVE-2016-1836", "CVE-2016-1863", "CVE-2016-1865", "CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2108", "CVE-2016-2109", "CVE-2016-2176", "CVE-2016-4447", "CVE-2016-4448", "CVE-2016-4449", "CVE-2016-4483", "CVE-2016-4582", "CVE-2016-4594", "CVE-2016-4595", "CVE-2016-4596", "CVE-2016-4597", "CVE-2016-4598", "CVE-2016-4599", "CVE-2016-4600", "CVE-2016-4601", "CVE-2016-4602", "CVE-2016-4607", "CVE-2016-4608", "CVE-2016-4609", "CVE-2016-4610", "CVE-2016-4614", "CVE-2016-4615", "CVE-2016-4616", "CVE-2016-4621", "CVE-2016-4625", "CVE-2016-4626", "CVE-2016-4629", "CVE-2016-4630", "CVE-2016-4631", "CVE-2016-4632", "CVE-2016-4633", "CVE-2016-4634", "CVE-2016-4635", "CVE-2016-4637", "CVE-2016-4638", "CVE-2016-4639", "CVE-2016-4640", "CVE-2016-4641", "CVE-2016-4642", "CVE-2016-4643", "CVE-2016-4644", "CVE-2016-4645", "CVE-2016-4646", "CVE-2016-4647", "CVE-2016-4648", "CVE-2016-4649", "CVE-2016-4652", "CVE-2016-4653", "CVE-2016-5093", "CVE-2016-5094", "CVE-2016-5096", "CVE-2016-6559", "CVE-2016-7705"], "modified": "2016-07-18T00:00:00", "id": "APPLE:08DDC9EE4E7DEBCD387FA33304B8E244", "href": "https://support.apple.com/kb/HT206903", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:43:48", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://www.apple.com/support/security/>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## OS X El Capitan v10.11.6 and Security Update 2016-004\n\nReleased July 18, 2016\n\n**apache_mod_php**\n\nAvailable for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later\n\nImpact: A remote attacker may be able to execute arbitrary code\n\nDescription: Multiple issues existed in PHP versions prior to 5.5.36. These were addressed by updating PHP to version 5.5.36.\n\nCVE-2016-5093\n\nCVE-2016-5094\n\nCVE-2016-5096\n\nCVE-2013-7456\n\n**Audio**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A local user may be able to cause a system denial of service\n\nDescription: A null pointer dereference was addressed through improved input validation.\n\nCVE-2016-4649 : Juwei Lin(@fuzzerDOTcn) of Trend Micro\n\n**Audio**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A local user may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2016-4647 : Juwei Lin(@fuzzerDOTcn) of Trend Micro\n\n**Audio**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A local user may be able to determine kernel memory layout\n\nDescription: An out-of-bounds read was addressed through improved input validation.\n\nCVE-2016-4648 : Juwei Lin(@fuzzerDOTcn) of Trend Micro; Jack Tang and Moony Li of Trend Micro working with Trend Micro's Zero Day Initiative\n\n**Audio**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: Parsing a maliciously crafted audio file may lead to the disclosure of user information\n\nDescription: An out-of-bounds read was addressed through improved bounds checking.\n\nCVE-2016-4646 : Steven Seeley of Source Incite working with Trend Micro's Zero Day Initiative\n\n**bsdiff**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A local attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: An integer overflow existed in bspatch. This issue was addressed through improved bounds checking.\n\nCVE-2014-9862 : an anonymous researcher\n\n**CFNetwork**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A local user may be able to view sensitive user information\n\nDescription: A permissions issue existed in the handling of web browser cookies. This issue was addressed through improved restrictions.\n\nCVE-2016-4645 : Abhinav Bansal of Zscaler Inc.\n\n**CFNetwork Credentials**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: An attacker in a privileged network position may be able to leak sensitive user information\n\nDescription: A downgrade issue existed with HTTP authentication credentials saved in Keychain. This issue was addressed by storing the authentication types with the credentials.\n\nCVE-2016-4644 : Jerry Decime coordinated via CERT\n\n**CFNetwork Proxies**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: An attacker in a privileged network position may be able to leak sensitive user information\n\nDescription: A validation issue existed in the parsing of 407 responses. This issue was addressed through improved response validation.\n\nCVE-2016-4643 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua University; Jerry Decime coordinated via CERT\n\n**CFNetwork Proxies**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: An application may unknowingly send a password unencrypted over the network\n\nDescription: Proxy authentication incorrectly reported HTTP proxies received credentials securely. This issue was addressed through improved warnings.\n\nCVE-2016-4642 : Jerry Decime coordinated via CERT\n\n**CoreGraphics**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A local user may be able to elevate privileges\n\nDescription: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation.\n\nCVE-2016-4652 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative\n\n**CoreGraphics**\n\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later\n\nImpact: A remote attacker may be able to execute arbitrary code\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com/vulnerability-reports)\n\n**FaceTime**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: An attacker in a privileged network position may be able to cause a relayed call to continue transmitting audio while appearing as if the call terminated\n\nDescription: User interface inconsistencies existed in the handling of relayed calls. These issues were addressed through improved FaceTime display logic.\n\nCVE-2016-4635 : Martin Vigo\n\n**Graphics Drivers**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A local user may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2016-4634 : Stefan Esser of SektionEins\n\n**ImageIO**\n\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later\n\nImpact: A remote attacker may be able to execute arbitrary code\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-4629 : Tyler Bohan of Cisco Talos (talosintel.com/vulnerability-reports)\n\nCVE-2016-4630 : Tyler Bohan of Cisco Talos (talosintel.com/vulnerability-reports)\n\n**ImageIO**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: A memory consumption issue was addressed through improved memory handling.\n\nCVE-2016-4632 : Evgeny Sidorov of Yandex\n\n**ImageIO**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A remote attacker may be able to execute arbitrary code\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-4631 : Tyler Bohan of Cisco Talos (talosintel.com/vulnerability-reports)\n\n**ImageIO**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2016-7705 : Craig Young of Tripwire VERT\n\nEntry added November 30, 2017\n\n**Intel Graphics Driver**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-4633 : Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent\n\n**IOHIDFamily**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A local user may be able to execute arbitrary code with kernel privileges\n\nDescription: A null pointer dereference was addressed through improved input validation.\n\nCVE-2016-4626 : Stefan Esser of SektionEins\n\n**IOSurface**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A local user may be able to execute arbitrary code with kernel privileges\n\nDescription: A use-after-free was addressed through improved memory management.\n\nCVE-2016-4625 : Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A local user may be able to execute arbitrary code with kernel privileges\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-1863 : Ian Beer of Google Project Zero\n\nCVE-2016-4653 : Ju Zhu of Trend Micro\n\nCVE-2016-4582 : Shrek_wzw and Proteas of Qihoo 360 Nirvan Team\n\n**Kernel**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A local user may be able to cause a system denial of service\n\nDescription: A null pointer dereference was addressed through improved input validation.\n\nCVE-2016-1865 : Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent, CESG\n\n**Libc**\n\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow existed within the \"link_ntoa()\" function in linkaddr.c. This issue was addressed through additional bounds checking.\n\nCVE-2016-6559 : Apple\n\nEntry added January 10, 2017\n\n**libc++abi**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: An application may be able to execute arbitrary code with root privileges\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-4621 : an anonymous researcher\n\n**libexpat**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-0718 : Gustavo Grieco\n\n**LibreSSL**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A remote attacker may be able to execute arbitrary code\n\nDescription: Multiple issues existed in LibreSSL before 2.2.7. These were addressed by updating LibreSSL to version 2.2.7.\n\nCVE-2016-2108 : Huzaifa Sidhpurwala (Red Hat), Hanno B\u00f6ck, David Benjamin (Google), Mark Brand and Ian Beer of Google Project Zero\n\nCVE-2016-2109 : Brian Carpenter\n\n**libxml2**\n\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later\n\nImpact: Multiple vulnerabilities in libxml2\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2015-8317 : Hanno Boeck\n\nCVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University\n\nCVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological University\n\nCVE-2016-4448 : Apple\n\nCVE-2016-4483 : Gustavo Grieco\n\nCVE-2016-4614 : Nick Wellnhofer\n\nCVE-2016-4615 : Nick Wellnhofer\n\nCVE-2016-4616 : Michael Paddon\n\nEntry updated June 5, 2017\n\n**libxml2**\n\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later\n\nImpact: Parsing a maliciously crafted XML document may lead to disclosure of user information\n\nDescription: An access issue existed in the parsing of maliciously crafted XML files. This issue was addressed through improved input validation.\n\nCVE-2016-4449 : Kostya Serebryany\n\n**libxslt**\n\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later\n\nImpact: Multiple vulnerabilities in libxslt\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-1683 : Nicolas Gr\u00e9goire\n\nCVE-2016-1684 : Nicolas Gr\u00e9goire\n\nCVE-2016-4607 : Nick Wellnhofer\n\nCVE-2016-4608 : Nicolas Gr\u00e9goire\n\nCVE-2016-4609 : Nick Wellnhofer\n\nCVE-2016-4610 : Nick Wellnhofer\n\nEntry updated April 11, 2017\n\n**Login Window**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A malicious application may be able to gain root privileges\n\nDescription: A type confusion issue was addressed through improved memory handling.\n\nCVE-2016-4638 : Yubin Fu of Tencent KeenLab working with TrendMicro's Zero Day Initiative\n\n**Login Window**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A malicious application may be able to execute arbitrary code leading to compromise of user information\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2016-4640 : an anonymous researcher working with Trend Micro\u2019s Zero Day Initiative\n\nEntry updated November 16, 2016\n\n**Login Window**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A malicious application may be able to execute arbitrary code leading to the compromise of user information\n\nDescription: A type confusion issue was addressed through improved memory handling.\n\nCVE-2016-4641 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative\n\n**Login Window**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A local user may be able to cause a denial of service\n\nDescription: A memory initialization issue was addressed through improved memory handling.\n\nCVE-2016-4639 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative\n\n**OpenSSL**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A remote attacker may be able to execute arbitrary code\n\nDescription: Multiple issues existed in OpenSSL. These issues were resolved by backporting the fixes from OpenSSL 1.0.2h/1.0.1 to OpenSSL 0.9.8.\n\nCVE-2016-2105 : Guido Vranken\n\nCVE-2016-2106 : Guido Vranken\n\nCVE-2016-2107 : Juraj Somorovsky\n\nCVE-2016-2108 : Huzaifa Sidhpurwala (Red Hat), Hanno B\u00f6ck, David Benjamin (Google), Mark Brand and Ian Beer of Google Project Zero\n\nCVE-2016-2109 : Brian Carpenter\n\nCVE-2016-2176 : Guido Vranken\n\n**QuickTime**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: Processing a maliciously crafted SGI file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2016-4601 : Ke Liu of Tencent's Xuanwu Lab\n\n**QuickTime**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: Processing a maliciously crafted Photoshop document may lead to unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2016-4599 : Ke Liu of Tencent's Xuanwu Lab\n\n**QuickTime**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: Processing a maliciously crafted FlashPix Bitmap Image may lead to unexpected application termination or arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-4596 : Ke Liu of Tencent's Xuanwu Lab\n\nCVE-2016-4597 : Ke Liu of Tencent's Xuanwu Lab\n\nCVE-2016-4600 : Ke Liu of Tencent's Xuanwu Lab\n\nCVE-2016-4602 : Ke Liu of Tencent's Xuanwu Lab\n\n**QuickTime**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2016-4598 : Ke Liu of Tencent's Xuanwu Lab\n\n**Safari Login AutoFill**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A user's password may be visible on screen\n\nDescription: An issue existed in Safari's password auto-fill. This issue was addressed through improved matching of form fields.\n\nCVE-2016-4595 : Jonathan Lewis from DeARX Services (PTY) LTD\n\n**Sandbox Profiles**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A local application may be able to access the process list\n\nDescription: An access issue existed with privileged API calls. This issue was addressed through additional restrictions.\n\nCVE-2016-4594 : Stefan Esser of SektionEins\n\nOS X El Capitan v10.11.6 includes the security content of [Safari 9.1.2](<https://support.apple.com/kb/HT206900>).\n", "edition": 3, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-30T10:28:37", "title": "About the security content of OS X El Capitan v10.11.6 and Security Update 2016-004 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4634", "CVE-2014-9862", "CVE-2016-4653", "CVE-2016-4626", "CVE-2016-4614", "CVE-2016-4646", "CVE-2016-4645", "CVE-2016-4649", "CVE-2016-4643", "CVE-2015-8317", "CVE-2016-1836", "CVE-2016-4598", "CVE-2016-4652", "CVE-2016-4616", "CVE-2016-4644", "CVE-2016-4602", "CVE-2016-4638", "CVE-2016-4582", "CVE-2016-4610", "CVE-2016-4609", "CVE-2016-2108", "CVE-2013-7456", "CVE-2016-7705", "CVE-2016-1863", "CVE-2016-4629", "CVE-2016-4632", "CVE-2016-4630", "CVE-2016-2105", "CVE-2016-4600", "CVE-2016-4483", "CVE-2016-2107", "CVE-2016-4642", "CVE-2016-0718", "CVE-2016-4647", "CVE-2016-6559", "CVE-2016-2109", "CVE-2016-4607", "CVE-2016-4637", "CVE-2016-4621", "CVE-2016-4449", "CVE-2016-4648", "CVE-2016-4595", "CVE-2016-4625", "CVE-2016-4448", "CVE-2016-4599", "CVE-2016-4635", "CVE-2016-4615", "CVE-2016-4633", "CVE-2016-5093", "CVE-2016-5094", "CVE-2016-2176", "CVE-2016-4597", "CVE-2016-1683", "CVE-2016-1684", "CVE-2016-4608", "CVE-2016-5096", "CVE-2016-4641", "CVE-2016-4447", "CVE-2016-4631", "CVE-2016-1865", "CVE-2016-4596", "CVE-2016-4601", "CVE-2016-2106", "CVE-2016-4594", "CVE-2016-4639", "CVE-2016-4640"], "modified": "2017-11-30T10:28:37", "id": "APPLE:HT206903", "href": "https://support.apple.com/kb/HT206903", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-02-18T15:15:33", "description": "Versions of Apple TV 9.2.x prior to 9.2.2 are affected by multiple vulnerabilities in the following components :\n\n - CFNetwork\n - CoreGraphics\n - IOAcceleratorFamily\n - IOHIDFamily\n - ImageIO\n - Kernel\n - libxml2\n - libxslt\n - Sandbox", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-07-25T00:00:00", "type": "nessus", "title": "Apple TV 9.2.x < 9.2.2 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1863", "CVE-2016-1865", "CVE-2016-4447", "CVE-2016-4448", "CVE-2016-4582", "CVE-2016-4583", "CVE-2016-4584", "CVE-2016-4585", "CVE-2016-4586", "CVE-2016-4587", "CVE-2016-4588", "CVE-2016-4589", "CVE-2016-4592", "CVE-2016-4594", "CVE-2016-4607", "CVE-2016-4608", "CVE-2016-4609", "CVE-2016-4610", "CVE-2016-4614", "CVE-2016-4615", "CVE-2016-4616", "CVE-2016-4619", "CVE-2016-4622", "CVE-2016-4623", "CVE-2016-4626", "CVE-2016-4627", "CVE-2016-4631", "CVE-2016-4632", "CVE-2016-4637", "CVE-2016-4642", "CVE-2016-4643", "CVE-2016-4644", "CVE-2016-4653"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:/a:apple:apple_tv"], "id": "9430.PRM", "href": "https://www.tenable.com/plugins/nnm/9430", "sourceData": "Binary data 9430.prm", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-13T14:54:34", "description": "According to its banner, the version of the remote Apple TV device is prior to 9.2.2. It is, therefore, affected by multiple vulnerabilities in the following components :\n\n - CoreGraphics\n - ImageIO\n - IOAcceleratorFamily\n - IOHIDFamily\n - Kernel\n - libxml2\n - libxslt\n - Sandbox Profiles\n - WebKit\n - WebKit Page Loading\n\nNote that only 4th generation models are affected by the vulnerabilities.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-07-21T00:00:00", "type": "nessus", "title": "Apple TV < 9.2.2 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1684", "CVE-2016-1836", "CVE-2016-1863", "CVE-2016-1865", "CVE-2016-4447", "CVE-2016-4448", "CVE-2016-4449", "CVE-2016-4483", "CVE-2016-4582", "CVE-2016-4583", "CVE-2016-4584", "CVE-2016-4585", "CVE-2016-4586", "CVE-2016-4587", "CVE-2016-4588", "CVE-2016-4589", "CVE-2016-4591", "CVE-2016-4592", "CVE-2016-4594", "CVE-2016-4607", "CVE-2016-4608", "CVE-2016-4609", "CVE-2016-4610", "CVE-2016-4612", "CVE-2016-4614", "CVE-2016-4615", "CVE-2016-4616", "CVE-2016-4619", "CVE-2016-4622", "CVE-2016-4623", "CVE-2016-4624", "CVE-2016-4626", "CVE-2016-4627", "CVE-2016-4631", "CVE-2016-4632", "CVE-2016-4637", "CVE-2016-4642", "CVE-2016-4643", "CVE-2016-4644", "CVE-2016-4653"], "modified": "2019-11-14T00:00:00", "cpe": ["cpe:/a:apple:apple_tv"], "id": "APPLETV_9_2_2.NASL", "href": "https://www.tenable.com/plugins/nessus/92494", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92494);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/11/14\");\n\n script_cve_id(\n \"CVE-2016-1684\",\n \"CVE-2016-1836\",\n \"CVE-2016-1863\",\n \"CVE-2016-1865\",\n \"CVE-2016-4447\",\n \"CVE-2016-4448\",\n \"CVE-2016-4449\",\n \"CVE-2016-4483\",\n \"CVE-2016-4582\",\n \"CVE-2016-4583\",\n \"CVE-2016-4584\",\n \"CVE-2016-4585\",\n \"CVE-2016-4586\",\n \"CVE-2016-4587\",\n \"CVE-2016-4588\",\n \"CVE-2016-4589\",\n \"CVE-2016-4591\",\n \"CVE-2016-4592\",\n \"CVE-2016-4594\",\n \"CVE-2016-4607\",\n \"CVE-2016-4608\",\n \"CVE-2016-4609\",\n \"CVE-2016-4610\",\n \"CVE-2016-4612\",\n \"CVE-2016-4614\",\n \"CVE-2016-4615\",\n \"CVE-2016-4616\",\n \"CVE-2016-4619\",\n \"CVE-2016-4622\",\n \"CVE-2016-4623\",\n \"CVE-2016-4624\",\n \"CVE-2016-4626\",\n \"CVE-2016-4627\",\n \"CVE-2016-4631\",\n \"CVE-2016-4632\",\n \"CVE-2016-4637\",\n \"CVE-2016-4642\",\n \"CVE-2016-4643\",\n \"CVE-2016-4644\",\n \"CVE-2016-4653\"\n );\n script_bugtraq_id(\n 90013,\n 90856,\n 90864,\n 90865,\n 90876,\n 91358,\n 91826,\n 91827,\n 91828,\n 91830,\n 91831,\n 91834\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2016-07-18-4\");\n\n script_name(english:\"Apple TV < 9.2.2 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the build number.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of the remote Apple TV device is\nprior to 9.2.2. It is, therefore, affected by multiple vulnerabilities\nin the following components :\n\n - CoreGraphics\n - ImageIO\n - IOAcceleratorFamily\n - IOHIDFamily\n - Kernel\n - libxml2\n - libxslt\n - Sandbox Profiles\n - WebKit\n - WebKit Page Loading\n\nNote that only 4th generation models are affected by the\nvulnerabilities.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT206905\");\n # https://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8c0647e9\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple TV version 9.2.2 or later. Note that this update is\nonly available for 4th generation models.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-4448\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:apple_tv\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"appletv_version.nasl\");\n script_require_keys(\"AppleTV/Version\", \"AppleTV/Model\", \"AppleTV/URL\", \"AppleTV/Port\");\n script_require_ports(\"Services/www\", 7000);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"appletv_func.inc\");\n\nurl = get_kb_item('AppleTV/URL');\nif (empty_or_null(url)) exit(0, 'Cannot determine Apple TV URL.');\nport = get_kb_item('AppleTV/Port');\nif (empty_or_null(port)) exit(0, 'Cannot determine Apple TV port.');\n\nbuild = get_kb_item('AppleTV/Version');\nif (empty_or_null(build)) audit(AUDIT_UNKNOWN_DEVICE_VER, 'Apple TV');\n\nmodel = get_kb_item('AppleTV/Model');\nif (empty_or_null(model)) exit(0, 'Cannot determine Apple TV model.');\n\n# fix\nfixed_build = \"13Y825\";\ntvos_ver = '9.2.2'; # for reporting purposes only\n\n# determine gen from the model\ngen = APPLETV_MODEL_GEN[model];\n\nappletv_check_version(\n build : build,\n fix : fixed_build,\n affected_gen : 4,\n fix_tvos_ver : tvos_ver,\n model : model,\n gen : gen,\n port : port,\n url : url,\n severity : SECURITY_HOLE,\n xss : TRUE\n);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-13T14:54:23", "description": "The version of Apple iTunes running on the remote Windows host is prior to 12.4.2. It is, therefore, affected by multiple vulnerabilities :\n\n - Multiple memory corruption issues exist in the libxslt component due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-1684, CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, CVE-2016-4610, CVE-2016-4612)\n\n - Multiple memory corruption issues exist in the libxml2 component that allow a remote attacker to cause a denial of service condition or the execution of arbitrary code.\n (CVE-2016-1836, CVE-2016-4447, CVE-2016-4448, CVE-2016-4483, CVE-2016-4614, CVE-2016-4615, CVE-2016-4616, CVE-2016-4619)\n\n - An XXE (Xml eXternal Entity) injection vulnerability exists in the libxml2 component due to an incorrectly configured XML parser accepting XML external entities from an untrusted source. A remote attacker can exploit this, via a specially crafted XML file, to disclose arbitrary files and user information. (CVE-2016-4449)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-07-19T00:00:00", "type": "nessus", "title": "Apple iTunes < 12.4.2 Multiple Vulnerabilities (uncredentialed check)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1684", "CVE-2016-1836", "CVE-2016-4447", "CVE-2016-4448", "CVE-2016-4449", "CVE-2016-4483", "CVE-2016-4607", "CVE-2016-4608", "CVE-2016-4609", "CVE-2016-4610", "CVE-2016-4612", "CVE-2016-4614", "CVE-2016-4615", "CVE-2016-4616", "CVE-2016-4619"], "modified": "2019-11-19T00:00:00", "cpe": ["cpe:/a:apple:itunes"], "id": "ITUNES_12_4_2_BANNER.NASL", "href": "https://www.tenable.com/plugins/nessus/92411", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92411);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/11/19\");\n\n script_cve_id(\n \"CVE-2016-1684\",\n \"CVE-2016-1836\",\n \"CVE-2016-4447\",\n \"CVE-2016-4448\",\n \"CVE-2016-4449\",\n \"CVE-2016-4483\",\n \"CVE-2016-4607\",\n \"CVE-2016-4608\",\n \"CVE-2016-4609\",\n \"CVE-2016-4610\",\n \"CVE-2016-4612\",\n \"CVE-2016-4614\",\n \"CVE-2016-4615\",\n \"CVE-2016-4616\",\n \"CVE-2016-4619\"\n );\n script_bugtraq_id(\n 90013,\n 90856,\n 90864,\n 90865,\n 90876\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2016-07-18-6\");\n\n script_name(english:\"Apple iTunes < 12.4.2 Multiple Vulnerabilities (uncredentialed check)\");\n script_summary(english:\"Checks the version of iTunes.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is running an application that is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple iTunes running on the remote Windows host is\nprior to 12.4.2. It is, therefore, affected by multiple\nvulnerabilities :\n\n - Multiple memory corruption issues exist in the libxslt\n component due to improper validation of user-supplied\n input. An unauthenticated, remote attacker can exploit\n this to cause a denial of service condition or the\n execution of arbitrary code. (CVE-2016-1684,\n CVE-2016-4607, CVE-2016-4608, CVE-2016-4609,\n CVE-2016-4610, CVE-2016-4612)\n\n - Multiple memory corruption issues exist in the libxml2\n component that allow a remote attacker to cause a denial\n of service condition or the execution of arbitrary code.\n (CVE-2016-1836, CVE-2016-4447, CVE-2016-4448,\n CVE-2016-4483, CVE-2016-4614, CVE-2016-4615,\n CVE-2016-4616, CVE-2016-4619)\n\n - An XXE (Xml eXternal Entity) injection vulnerability\n exists in the libxml2 component due to an incorrectly\n configured XML parser accepting XML external entities\n from an untrusted source. A remote attacker can exploit\n this, via a specially crafted XML file, to disclose\n arbitrary files and user information. (CVE-2016-4449)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT206901\");\n # https://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1925ec51\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple iTunes version 12.4.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-4448\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:itunes\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Peer-To-Peer File Sharing\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"itunes_sharing.nasl\");\n script_require_keys(\"iTunes/sharing\");\n script_require_ports(\"Services/www\", 3689);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default:3689, embedded:TRUE, ignore_broken:TRUE);\n\nget_kb_item_or_exit(\"iTunes/\" + port + \"/enabled\");\n\ntype = get_kb_item_or_exit(\"iTunes/\" + port + \"/type\");\nsource = get_kb_item_or_exit(\"iTunes/\" + port + \"/source\");\nversion = get_kb_item_or_exit(\"iTunes/\" + port + \"/version\");\n\nif (type != 'Windows') audit(AUDIT_OS_NOT, \"Windows\");\n\nfixed_version = \"12.4.2\";\n\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) < 0)\n{\n order = make_list('Version source', 'Installed version', 'Fixed version');\n report = make_array(\n order[0], source,\n order[1], version,\n order[2], fixed_version\n );\n report = report_items_str(report_items:report, ordered_fields:order);\n\n security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"iTunes\", port, version);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-13T14:54:08", "description": "The version of Apple iTunes installed on the remote Windows host is prior to 12.4.2. It is, therefore, affected by multiple vulnerabilities :\n\n - Multiple memory corruption issues exist in the libxslt component due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-1684, CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, CVE-2016-4610, CVE-2016-4612)\n\n - Multiple memory corruption issues exist in the libxml2 component that allow a remote attacker to cause a denial of service condition or the execution of arbitrary code.\n (CVE-2016-1836, CVE-2016-4447, CVE-2016-4448, CVE-2016-4483, CVE-2016-4614, CVE-2016-4615, CVE-2016-4616, CVE-2016-4619)\n\n - An XXE (Xml eXternal Entity) injection vulnerability exists in the libxml2 component due to an incorrectly configured XML parser accepting XML external entities from an untrusted source. A remote attacker can exploit this, via a specially crafted XML file, to disclose arbitrary files and user information. (CVE-2016-4449)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-07-19T00:00:00", "type": "nessus", "title": "Apple iTunes < 12.4.2 Multiple Vulnerabilities (credentialed check)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1684", "CVE-2016-1836", "CVE-2016-4447", "CVE-2016-4448", "CVE-2016-4449", "CVE-2016-4483", "CVE-2016-4607", "CVE-2016-4608", "CVE-2016-4609", "CVE-2016-4610", "CVE-2016-4612", "CVE-2016-4614", "CVE-2016-4615", "CVE-2016-4616", "CVE-2016-4619"], "modified": "2019-11-19T00:00:00", "cpe": ["cpe:/a:apple:itunes"], "id": "ITUNES_12_4_2.NASL", "href": "https://www.tenable.com/plugins/nessus/92410", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92410);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/11/19\");\n\n script_cve_id(\n \"CVE-2016-1684\",\n \"CVE-2016-1836\",\n \"CVE-2016-4447\",\n \"CVE-2016-4448\",\n \"CVE-2016-4449\",\n \"CVE-2016-4483\",\n \"CVE-2016-4607\",\n \"CVE-2016-4608\",\n \"CVE-2016-4609\",\n \"CVE-2016-4610\",\n \"CVE-2016-4612\",\n \"CVE-2016-4614\",\n \"CVE-2016-4615\",\n \"CVE-2016-4616\",\n \"CVE-2016-4619\"\n );\n script_bugtraq_id(\n 90013,\n 90856,\n 90864,\n 90865,\n 90876\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2016-07-18-6\");\n\n script_name(english:\"Apple iTunes < 12.4.2 Multiple Vulnerabilities (credentialed check)\");\n script_summary(english:\"Checks the version of iTunes on Windows.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains an application that is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple iTunes installed on the remote Windows host is\nprior to 12.4.2. It is, therefore, affected by multiple\nvulnerabilities :\n\n - Multiple memory corruption issues exist in the libxslt\n component due to improper validation of user-supplied\n input. An unauthenticated, remote attacker can exploit\n this to cause a denial of service condition or the\n execution of arbitrary code. (CVE-2016-1684,\n CVE-2016-4607, CVE-2016-4608, CVE-2016-4609,\n CVE-2016-4610, CVE-2016-4612)\n\n - Multiple memory corruption issues exist in the libxml2\n component that allow a remote attacker to cause a denial\n of service condition or the execution of arbitrary code.\n (CVE-2016-1836, CVE-2016-4447, CVE-2016-4448,\n CVE-2016-4483, CVE-2016-4614, CVE-2016-4615,\n CVE-2016-4616, CVE-2016-4619)\n\n - An XXE (Xml eXternal Entity) injection vulnerability\n exists in the libxml2 component due to an incorrectly\n configured XML parser accepting XML external entities\n from an untrusted source. A remote attacker can exploit\n this, via a specially crafted XML file, to disclose\n arbitrary files and user information. (CVE-2016-4449)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT206901\");\n # https://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1925ec51\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple iTunes version 12.4.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-4448\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:itunes\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"itunes_detect.nasl\");\n script_require_keys(\"installed_sw/iTunes Version\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\n# Ensure this is Windows\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\n\napp_id = 'iTunes Version';\ninstall = get_single_install(app_name:app_id, exit_if_unknown_ver:TRUE);\n\nversion = install[\"version\"];\npath = install[\"path\"];\n\nfixed_version = \"12.4.2\";\n\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) < 0)\n{\n port = get_kb_item(\"SMB/transport\");\n if (isnull(port)) port = 445;\n\n order = make_list('Version source', 'Installed version', 'Fixed version');\n report = make_array(\n order[0], path,\n order[1], version,\n order[2], fixed_version\n );\n report = report_items_str(report_items:report, ordered_fields:order);\n\n security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"iTunes\", version, path);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:40:14", "description": "The version of Safari installed on the remote host is prior or equal to 9.1.1, and is affected by multiple vulnerabilities. These vulnerabilities are contained within the Webkit subcomponent.", "cvss3": {}, "published": "2016-09-09T00:00:00", "type": "nessus", "title": "Safari < 9.1.2 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4583", "CVE-2016-4585", "CVE-2016-4586", "CVE-2016-4589", "CVE-2016-4590", "CVE-2016-4591", "CVE-2016-4622", "CVE-2016-4623", "CVE-2016-4624", "CVE-2016-4651", "CVE-2016-4592", "CVE-2016-4584"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*"], "id": "9550.PRM", "href": "https://www.tenable.com/plugins/nnm/9550", "sourceData": "Binary data 9550.prm", "cvss": {"score": 6.8, "vector": "CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-15T14:12:00", "description": "The version of Apple Safari installed on the remote Mac OS X host is prior to 9.1.2. It is, therefore, affected by multiple vulnerabilities, the most serious of which can result in remote code execution, in the following components :\n\n - WebKit\n - WebKit JavaScript Bindings\n - WebKit Page Loading", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-07-19T00:00:00", "type": "nessus", "title": "Mac OS X : Apple Safari < 9.1.2 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4583", "CVE-2016-4584", "CVE-2016-4585", "CVE-2016-4586", "CVE-2016-4589", "CVE-2016-4590", "CVE-2016-4591", "CVE-2016-4592", "CVE-2016-4622", "CVE-2016-4623", "CVE-2016-4624", "CVE-2016-4651"], "modified": "2019-11-19T00:00:00", "cpe": ["cpe:/a:apple:safari"], "id": "MACOSX_SAFARI9_1_2.NASL", "href": "https://www.tenable.com/plugins/nessus/92358", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92358);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/11/19\");\n\n script_cve_id(\n \"CVE-2016-4583\",\n \"CVE-2016-4584\",\n \"CVE-2016-4585\",\n \"CVE-2016-4586\",\n \"CVE-2016-4589\",\n \"CVE-2016-4590\",\n \"CVE-2016-4591\",\n \"CVE-2016-4592\",\n \"CVE-2016-4622\",\n \"CVE-2016-4623\",\n \"CVE-2016-4624\",\n \"CVE-2016-4651\"\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2016-07-18-5\");\n\n script_name(english:\"Mac OS X : Apple Safari < 9.1.2 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the Safari version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has a web browser installed that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple Safari installed on the remote Mac OS X host is\nprior to 9.1.2. It is, therefore, affected by multiple\nvulnerabilities, the most serious of which can result in remote code\nexecution, in the following components :\n\n - WebKit\n - WebKit JavaScript Bindings\n - WebKit Page Loading\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT206900\");\n # https://lists.apple.com/archives/security-announce/2016/Jul/msg00004.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?350c3f83\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple Safari version 9.1.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-4591\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:safari\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_Safari31.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"MacOSX/Safari/Installed\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\nif (!ereg(pattern:\"Mac OS X 10\\.(9|10|11)([^0-9]|$)\", string:os)) audit(AUDIT_OS_NOT, \"Mac OS X 10.9 / 10.10 / 10.11\");\n\ninstalled = get_kb_item_or_exit(\"MacOSX/Safari/Installed\", exit_code:0);\npath = get_kb_item_or_exit(\"MacOSX/Safari/Path\", exit_code:1);\nversion = get_kb_item_or_exit(\"MacOSX/Safari/Version\", exit_code:1);\n\nfixed_version = \"9.1.2\";\n\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n report = report_items_str(\n report_items:make_array(\n \"Path\", path,\n \"Installed version\", version,\n \"Fixed version\", fixed_version\n ),\n ordered_fields:make_list(\"Path\", \"Installed version\", \"Fixed version\")\n );\n security_report_v4(port:0, severity:SECURITY_HOLE, extra:report, xss:TRUE);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"Safari\", version, path);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2023-02-17T15:25:39", "description": "The remote host is running a version of iOS 9.3.x prior to version 9.3.3, and the following components contain vulnerabilities :\n\n - CFNetwork\n - libxml2\n - WebKit\n - CoreGraphics\n - FaceTime\n - ImageIO\n - IOHIDFamily\n - Sandbox\n - Kernel\n - libxslt\n - Calender\n - IOAcceleratorFamily\n - Safari\n - Siri Contacts\n - Web Media", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-07-29T00:00:00", "type": "nessus", "title": "Apple iOS 9.3.x < 9.3.3 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7059", "CVE-2015-7060", "CVE-2015-7061", "CVE-2015-7109", "CVE-2016-1762", "CVE-2016-1863", "CVE-2016-4582", "CVE-2016-4586", "CVE-2016-4588", "CVE-2016-4589", "CVE-2016-4607", "CVE-2016-4608", "CVE-2016-4609", "CVE-2016-4610", "CVE-2016-4612", "CVE-2016-4614", "CVE-2016-4615", "CVE-2016-4616", "CVE-2016-4619", "CVE-2016-4622", "CVE-2016-4623", "CVE-2016-4624", "CVE-2016-4642", "CVE-2016-4643", "CVE-2016-4644"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:/o:apple:iphone_os"], "id": "9445.PRM", "href": "https://www.tenable.com/plugins/nnm/9445", "sourceData": "Binary data 9445.prm", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-14T14:29:25", "description": "The remote host is running a version of Mac OS X that is 10.9.5 or 10.10.5 and is missing Security Update 2016-004. It is, therefore, affected by multiple vulnerabilities in the following components :\n\n - apache_mod_php (affects 10.10.5 only)\n - CoreGraphics\n - ImageIO\n - libxml2\n - libxslt\n\nNote that successful exploitation of the most serious issues can result in arbitrary code execution.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-07-21T00:00:00", "type": "nessus", "title": "Mac OS X 10.9.5 and 10.10.5 Multiple Vulnerabilities (Security Update 2016-004)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-7456", "CVE-2016-1684", "CVE-2016-1836", "CVE-2016-4447", "CVE-2016-4448", "CVE-2016-4449", "CVE-2016-4483", "CVE-2016-4607", "CVE-2016-4608", "CVE-2016-4609", "CVE-2016-4610", "CVE-2016-4612", "CVE-2016-4614", "CVE-2016-4615", "CVE-2016-4616", "CVE-2016-4619", "CVE-2016-4629", "CVE-2016-4630", "CVE-2016-4637", "CVE-2016-4650", "CVE-2016-5093", "CVE-2016-5094", "CVE-2016-5096"], "modified": "2018-07-14T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_SECUPD2016-004.NASL", "href": "https://www.tenable.com/plugins/nessus/92497", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92497);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/07/14 1:59:36\");\n\n script_cve_id(\n \"CVE-2013-7456\",\n \"CVE-2016-1684\",\n \"CVE-2016-1836\",\n \"CVE-2016-4447\",\n \"CVE-2016-4448\",\n \"CVE-2016-4449\",\n \"CVE-2016-4483\",\n \"CVE-2016-4607\",\n \"CVE-2016-4608\",\n \"CVE-2016-4609\",\n \"CVE-2016-4610\",\n \"CVE-2016-4612\",\n \"CVE-2016-4614\",\n \"CVE-2016-4615\",\n \"CVE-2016-4616\",\n \"CVE-2016-4619\",\n \"CVE-2016-4629\",\n \"CVE-2016-4630\",\n \"CVE-2016-4637\",\n \"CVE-2016-4650\",\n \"CVE-2016-5093\",\n \"CVE-2016-5094\",\n \"CVE-2016-5096\"\n );\n script_bugtraq_id(\n 90856,\n 90857,\n 90859,\n 90861,\n 90864,\n 90865,\n 90876,\n 90946,\n 91824,\n 91826,\n 91834,\n 92034\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2016-05-16-4\");\n\n script_name(english:\"Mac OS X 10.9.5 and 10.10.5 Multiple Vulnerabilities (Security Update 2016-004)\");\n script_summary(english:\"Checks for the presence of Security Update 2016-004.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X update that fixes multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X that is 10.9.5 or\n10.10.5 and is missing Security Update 2016-004. It is, therefore,\naffected by multiple vulnerabilities in the following components :\n\n - apache_mod_php (affects 10.10.5 only)\n - CoreGraphics\n - ImageIO\n - libxml2\n - libxslt\n\nNote that successful exploitation of the most serious issues can\nresult in arbitrary code execution.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT206903\");\n # http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5da74f53\");\n script_set_attribute(attribute:\"solution\", value:\n\"Install Security Update 2016-004 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"Host/MacOSX/packages/boms\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\npatch = \"2016-004\";\n\n# Compare 2 patch numbers to determine if patch requirements are satisfied.\n# Return true if this patch or a later patch is applied\n# Return false otherwise\nfunction check_patch(year, number)\n{\n local_var p_split = split(patch, sep:\"-\");\n local_var p_year = int( p_split[0]);\n local_var p_num = int( p_split[1]);\n\n if (year > p_year) return TRUE;\n else if (year < p_year) return FALSE;\n else if (number >= p_num) return TRUE;\n else return FALSE;\n}\n\nif (!get_kb_item(\"Host/local_checks_enabled\"))\n audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os)\n audit(AUDIT_OS_NOT, \"Mac OS X\");\n\nif (!ereg(pattern:\"Mac OS X 10\\.(10|9)\\.5([^0-9]|$)\", string:os))\n audit(AUDIT_OS_NOT, \"Mac OS X 10.9.5 or 10.10.5\");\n\npackages = get_kb_item_or_exit(\"Host/MacOSX/packages/boms\", exit_code:1);\nsec_boms_report = egrep(pattern:\"^com\\.apple\\.pkg\\.update\\.security\\..*bom$\", string:packages);\nsec_boms = split(sec_boms_report, sep:'\\n');\n\nforeach package (sec_boms)\n{\n # Grab patch year and number\n match = eregmatch(pattern:\"[^0-9](20[0-9][0-9])[-.]([0-9]{3})[^0-9]\", string:package);\n if (empty_or_null(match[1]) || empty_or_null(match[2]))\n continue;\n\n patch_found = check_patch(year:int(match[1]), number:int(match[2]));\n if (patch_found) exit(0, \"The host has Security Update \" + patch + \" or later installed and is therefore not affected.\");\n}\n\nreport = '\\n Missing security update : ' + patch;\nreport += '\\n Installed security BOMs : ';\nif (sec_boms_report) report += str_replace(find:'\\n', replace:'\\n ', string:sec_boms_report);\nelse report += 'n/a';\nreport += '\\n';\n\nsecurity_report_v4(port:0, severity:SECURITY_HOLE, extra:report);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-25T14:46:12", "description": "According to the versions of the libxslt packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a 'type confusion' issue.(CVE-2015-7995)\n\n - numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory access) or possibly have unspecified other impact via a crafted document.(CVE-2016-1683)\n\n - numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles the i format token for xsl:number data, which allows remote attackers to cause a denial of service (integer overflow or resource consumption) or possibly have unspecified other impact via a crafted document.(CVE-2016-1684)\n\n - libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4608, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612.(CVE-2016-4607)\n\n - libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612.(CVE-2016-4608)\n\n - libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4610, and CVE-2016-4612.(CVE-2016-4609)\n\n - libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, and CVE-2016-4612.(CVE-2016-4610)\n\n - In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed.(CVE-2019-18197)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-12-18T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : libxslt (EulerOS-SA-2019-2627)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7995", "CVE-2016-1683", "CVE-2016-1684", "CVE-2016-4607", "CVE-2016-4608", "CVE-2016-4609", "CVE-2016-4610", "CVE-2016-4612", "CVE-2019-18197"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libxslt", "p-cpe:/a:huawei:euleros:libxslt-devel", "p-cpe:/a:huawei:euleros:libxslt-python", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2627.NASL", "href": "https://www.tenable.com/plugins/nessus/132162", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132162);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2015-7995\",\n \"CVE-2016-1683\",\n \"CVE-2016-1684\",\n \"CVE-2016-4607\",\n \"CVE-2016-4608\",\n \"CVE-2016-4609\",\n \"CVE-2016-4610\",\n \"CVE-2019-18197\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : libxslt (EulerOS-SA-2019-2627)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the libxslt packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The xsltStylePreCompute function in preproc.c in\n libxslt 1.1.28 does not check if the parent node is an\n element, which allows attackers to cause a denial of\n service via a crafted XML file, related to a 'type\n confusion' issue.(CVE-2015-7995)\n\n - numbers.c in libxslt before 1.1.29, as used in Google\n Chrome before 51.0.2704.63, mishandles namespace nodes,\n which allows remote attackers to cause a denial of\n service (out-of-bounds heap memory access) or possibly\n have unspecified other impact via a crafted\n document.(CVE-2016-1683)\n\n - numbers.c in libxslt before 1.1.29, as used in Google\n Chrome before 51.0.2704.63, mishandles the i format\n token for xsl:number data, which allows remote\n attackers to cause a denial of service (integer\n overflow or resource consumption) or possibly have\n unspecified other impact via a crafted\n document.(CVE-2016-1684)\n\n - libxslt in Apple iOS before 9.3.3, OS X before 10.11.6,\n iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on\n Windows, tvOS before 9.2.2, and watchOS before 2.2.2\n allows remote attackers to cause a denial of service\n (memory corruption) or possibly have unspecified other\n impact via unknown vectors, a different vulnerability\n than CVE-2016-4608, CVE-2016-4609, CVE-2016-4610, and\n CVE-2016-4612.(CVE-2016-4607)\n\n - libxslt in Apple iOS before 9.3.3, OS X before 10.11.6,\n iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on\n Windows, tvOS before 9.2.2, and watchOS before 2.2.2\n allows remote attackers to cause a denial of service\n (memory corruption) or possibly have unspecified other\n impact via unknown vectors, a different vulnerability\n than CVE-2016-4607, CVE-2016-4609, CVE-2016-4610, and\n CVE-2016-4612.(CVE-2016-4608)\n\n - libxslt in Apple iOS before 9.3.3, OS X before 10.11.6,\n iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on\n Windows, tvOS before 9.2.2, and watchOS before 2.2.2\n allows remote attackers to cause a denial of service\n (memory corruption) or possibly have unspecified other\n impact via unknown vectors, a different vulnerability\n than CVE-2016-4607, CVE-2016-4608, CVE-2016-4610, and\n CVE-2016-4612.(CVE-2016-4609)\n\n - libxslt in Apple iOS before 9.3.3, OS X before 10.11.6,\n iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on\n Windows, tvOS before 9.2.2, and watchOS before 2.2.2\n allows remote attackers to cause a denial of service\n (memory corruption) or possibly have unspecified other\n impact via unknown vectors, a different vulnerability\n than CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, and\n CVE-2016-4612.(CVE-2016-4610)\n\n - In xsltCopyText in transform.c in libxslt 1.1.33, a\n pointer variable isn't reset under certain\n circumstances. If the relevant memory area happened to\n be freed and reused in a certain way, a bounds check\n could fail and memory outside a buffer could be written\n to, or uninitialized data could be\n disclosed.(CVE-2019-18197)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2627\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0feeac8d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libxslt packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libxslt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libxslt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libxslt-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libxslt-1.1.28-5.h6\",\n \"libxslt-devel-1.1.28-5.h6\",\n \"libxslt-python-1.1.28-5.h6\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxslt\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-26T14:21:00", "description": "This update addresses the following vulnerabilities :\n\n - [CVE-2016-4622](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2016-4622), [CVE-2016-4624](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2016-4624), [CVE-2016-4591](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2016-4591), [CVE-2016-4590](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2016-4590)\n\nAdditional fixes :\n\n - Fix performance in accelerated compositing mode with the modesetting intel driver and DRI3 enabled.\n\n - Reduce the amount of file descriptors that the Web Process keeps open.\n\n - Fix Web Process deadlocks when loading HLS videos.\n\n - Make CSS and SVG animations run at 60fps.\n\n - Make meter elements accessible.\n\n - Improve accessibility name and description of elements to make it more compatible with W3C specs and fix several bugs in which the accessible name of objects was missing or broken.\n\n - Fix a crash when running windowed plugins under Wayland.\n\n - Fix a crash at process exit under Wayland.\n\n - Fix several crashes and rendering issues.\n\nTranslation updates :\n\n - German.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-08-29T00:00:00", "type": "nessus", "title": "Fedora 24 : webkitgtk4 (2016-4728dfe3ec)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4590", "CVE-2016-4591", "CVE-2016-4622", "CVE-2016-4624"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:webkitgtk4", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2016-4728DFE3EC.NASL", "href": "https://www.tenable.com/plugins/nessus/93139", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-4728dfe3ec.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93139);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-4590\", \"CVE-2016-4591\", \"CVE-2016-4622\", \"CVE-2016-4624\");\n script_xref(name:\"FEDORA\", value:\"2016-4728dfe3ec\");\n\n script_name(english:\"Fedora 24 : webkitgtk4 (2016-4728dfe3ec)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update addresses the following vulnerabilities :\n\n -\n [CVE-2016-4622](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2016-4622),\n [CVE-2016-4624](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2016-4624),\n [CVE-2016-4591](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2016-4591),\n [CVE-2016-4590](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2016-4590)\n\nAdditional fixes :\n\n - Fix performance in accelerated compositing mode with the\n modesetting intel driver and DRI3 enabled.\n\n - Reduce the amount of file descriptors that the Web\n Process keeps open.\n\n - Fix Web Process deadlocks when loading HLS videos.\n\n - Make CSS and SVG animations run at 60fps.\n\n - Make meter elements accessible.\n\n - Improve accessibility name and description of elements\n to make it more compatible with W3C specs and fix\n several bugs in which the accessible name of objects was\n missing or broken.\n\n - Fix a crash when running windowed plugins under Wayland.\n\n - Fix a crash at process exit under Wayland.\n\n - Fix several crashes and rendering issues.\n\nTranslation updates :\n\n - German.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-4728dfe3ec\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected webkitgtk4 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:webkitgtk4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"webkitgtk4-2.12.4-1.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkitgtk4\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-07-02T16:52:22", "description": "This update addresses the following vulnerabilities :\n\n - [CVE-2016-4622](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2016-4622), [CVE-2016-4624](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2016-4624), [CVE-2016-4591](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2016-4591), [CVE-2016-4590](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2016-4590)\n\nAdditional fixes :\n\n - Fix performance in accelerated compositing mode with the modesetting intel driver and DRI3 enabled.\n\n - Reduce the amount of file descriptors that the Web Process keeps open.\n\n - Fix Web Process deadlocks when loading HLS videos.\n\n - Make CSS and SVG animations run at 60fps.\n\n - Make meter elements accessible.\n\n - Improve accessibility name and description of elements to make it more compatible with W3C specs and fix several bugs in which the accessible name of objects was missing or broken.\n\n - Fix a crash when running windowed plugins under Wayland.\n\n - Fix a crash at process exit under Wayland.\n\n - Fix several crashes and rendering issues.\n\nTranslation updates :\n\n - German.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-09-02T00:00:00", "type": "nessus", "title": "Fedora 23 : webkitgtk4 (2016-d957ffbac1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4590", "CVE-2016-4591", "CVE-2016-4622", "CVE-2016-4624"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:webkitgtk4", "cpe:/o:fedoraproject:fedora:23"], "id": "FEDORA_2016-D957FFBAC1.NASL", "href": "https://www.tenable.com/plugins/nessus/93264", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-d957ffbac1.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93264);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-4590\", \"CVE-2016-4591\", \"CVE-2016-4622\", \"CVE-2016-4624\");\n script_xref(name:\"FEDORA\", value:\"2016-d957ffbac1\");\n\n script_name(english:\"Fedora 23 : webkitgtk4 (2016-d957ffbac1)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update addresses the following vulnerabilities :\n\n -\n [CVE-2016-4622](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2016-4622),\n [CVE-2016-4624](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2016-4624),\n [CVE-2016-4591](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2016-4591),\n [CVE-2016-4590](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2016-4590)\n\nAdditional fixes :\n\n - Fix performance in accelerated compositing mode with the\n modesetting intel driver and DRI3 enabled.\n\n - Reduce the amount of file descriptors that the Web\n Process keeps open.\n\n - Fix Web Process deadlocks when loading HLS videos.\n\n - Make CSS and SVG animations run at 60fps.\n\n - Make meter elements accessible.\n\n - Improve accessibility name and description of elements\n to make it more compatible with W3C specs and fix\n several bugs in which the accessible name of objects was\n missing or broken.\n\n - Fix a crash when running windowed plugins under Wayland.\n\n - Fix a crash at process exit under Wayland.\n\n - Fix several crashes and rendering issues.\n\nTranslation updates :\n\n - German.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-d957ffbac1\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected webkitgtk4 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:webkitgtk4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"webkitgtk4-2.12.4-1.fc23\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkitgtk4\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2023-02-19T14:45:03", "description": "The remote host is running a version of Mac OS X version 10.11.x prior to 10.11.6, and the following components contain vulnerabilities :\n\n - ACMP4AACBaseDecoder\n - Audio\n - CFNetwork\n - CoreGraphics\n - DspFuncLib\n - FaceTime\n - Graphics\n - IOHIDFamily\n - IOSurface\n - ImageIO\n - Kernel\n - QuickTime\n - Safari\n - Sandbox\n - libxml2", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-07-29T00:00:00", "type": "nessus", "title": "Mac OS X 10.11.x < 10.11.6 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9862", "CVE-2016-1863", "CVE-2016-1865", "CVE-2016-4447", "CVE-2016-4448", "CVE-2016-4449", "CVE-2016-4582", "CVE-2016-4594", "CVE-2016-4595", "CVE-2016-4596", "CVE-2016-4597", "CVE-2016-4598", "CVE-2016-4599", "CVE-2016-4600", "CVE-2016-4601", "CVE-2016-4602", "CVE-2016-4605", "CVE-2016-4607", "CVE-2016-4608", "CVE-2016-4609", "CVE-2016-4610", "CVE-2016-4612", "CVE-2016-4614", "CVE-2016-4615", "CVE-2016-4616", "CVE-2016-4619", "CVE-2016-4625", "CVE-2016-4626", "CVE-2016-4629", "CVE-2016-4630", "CVE-2016-4631", "CVE-2016-4632", "CVE-2016-4633", "CVE-2016-4634", "CVE-2016-4635", "CVE-2016-4637", "CVE-2016-4638", "CVE-2016-4639", "CVE-2016-4640", "CVE-2016-4641", "CVE-2016-4642", "CVE-2016-4643", "CVE-2016-4644", "CVE-2016-4645", "CVE-2016-4646", "CVE-2016-4647", "CVE-2016-4648", "CVE-2016-4649", "CVE-2016-4652", "CVE-2016-4653", "CVE-2016-4655", "CVE-2016-4656"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "9441.PRM", "href": "https://www.tenable.com/plugins/nnm/9441", "sourceData": "Binary data 9441.prm", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-25T14:45:44", "description": "According to the versions of the libxslt packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - This C library allows to transform XML files into other XML files (or HTML, text, ...) using the standard XSLT stylesheet transformation mechanism. To use it you need to have a version of libxml2 i1/4z= 2.6.27 installed. The xsltproc command is a command line interface to the XSLT engine.Security Fix(es):In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed.(CVE-2019-18197)The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a 'type confusion' issue.(CVE-2015-7995)numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory access) or possibly have unspecified other impact via a crafted document.(CVE-2016-1683)numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles the i format token for xsl:number data, which allows remote attackers to cause a denial of service (integer overflow or resource consumption) or possibly have unspecified other impact via a crafted document.(CVE-2016-1684)libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4608, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612.(CVE-2016-4607)libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612.(CVE-2016-4608)libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4610, and CVE-2016-4612.(CVE-2016-4609)libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, and CVE-2016-4612.(CVE-2016-4610)** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-1683.\n Reason: This candidate is a reservation duplicate of CVE-2016-1683. Notes: All CVE users should reference CVE-2016-1683 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.(CVE-2016-4612)In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.(CVE-2019-13117)In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.(CVE-2019-13118)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-12-04T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : libxslt (EulerOS-SA-2019-2519)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7995", "CVE-2016-1683", "CVE-2016-1684", "CVE-2016-4607", "CVE-2016-4608", "CVE-2016-4609", "CVE-2016-4610", "CVE-2016-4612", "CVE-2019-13117", "CVE-2019-13118", "CVE-2019-18197"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libxslt", "p-cpe:/a:huawei:euleros:libxslt-devel", "p-cpe:/a:huawei:euleros:libxslt-python", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2519.NASL", "href": "https://www.tenable.com/plugins/nessus/131672", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131672);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2015-7995\",\n \"CVE-2016-1683\",\n \"CVE-2016-1684\",\n \"CVE-2016-4607\",\n \"CVE-2016-4608\",\n \"CVE-2016-4609\",\n \"CVE-2016-4610\",\n \"CVE-2016-4612\",\n \"CVE-2019-13117\",\n \"CVE-2019-13118\",\n \"CVE-2019-18197\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : libxslt (EulerOS-SA-2019-2519)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the libxslt packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - This C library allows to transform XML files into other\n XML files (or HTML, text, ...) using the standard XSLT\n stylesheet transformation mechanism. To use it you need\n to have a version of libxml2 i1/4z= 2.6.27 installed. The\n xsltproc command is a command line interface to the\n XSLT engine.Security Fix(es):In xsltCopyText in\n transform.c in libxslt 1.1.33, a pointer variable isn't\n reset under certain circumstances. If the relevant\n memory area happened to be freed and reused in a\n certain way, a bounds check could fail and memory\n outside a buffer could be written to, or uninitialized\n data could be disclosed.(CVE-2019-18197)The\n xsltStylePreCompute function in preproc.c in libxslt\n 1.1.28 does not check if the parent node is an element,\n which allows attackers to cause a denial of service via\n a crafted XML file, related to a 'type confusion'\n issue.(CVE-2015-7995)numbers.c in libxslt before\n 1.1.29, as used in Google Chrome before 51.0.2704.63,\n mishandles namespace nodes, which allows remote\n attackers to cause a denial of service (out-of-bounds\n heap memory access) or possibly have unspecified other\n impact via a crafted document.(CVE-2016-1683)numbers.c\n in libxslt before 1.1.29, as used in Google Chrome\n before 51.0.2704.63, mishandles the i format token for\n xsl:number data, which allows remote attackers to cause\n a denial of service (integer overflow or resource\n consumption) or possibly have unspecified other impact\n via a crafted document.(CVE-2016-1684)libxslt in Apple\n iOS before 9.3.3, OS X before 10.11.6, iTunes before\n 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS\n before 9.2.2, and watchOS before 2.2.2 allows remote\n attackers to cause a denial of service (memory\n corruption) or possibly have unspecified other impact\n via unknown vectors, a different vulnerability than\n CVE-2016-4608, CVE-2016-4609, CVE-2016-4610, and\n CVE-2016-4612.(CVE-2016-4607)libxslt in Apple iOS\n before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2\n on Windows, iCloud before 5.2.1 on Windows, tvOS before\n 9.2.2, and watchOS before 2.2.2 allows remote attackers\n to cause a denial of service (memory corruption) or\n possibly have unspecified other impact via unknown\n vectors, a different vulnerability than CVE-2016-4607,\n CVE-2016-4609, CVE-2016-4610, and\n CVE-2016-4612.(CVE-2016-4608)libxslt in Apple iOS\n before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2\n on Windows, iCloud before 5.2.1 on Windows, tvOS before\n 9.2.2, and watchOS before 2.2.2 allows remote attackers\n to cause a denial of service (memory corruption) or\n possibly have unspecified other impact via unknown\n vectors, a different vulnerability than CVE-2016-4607,\n CVE-2016-4608, CVE-2016-4610, and\n CVE-2016-4612.(CVE-2016-4609)libxslt in Apple iOS\n before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2\n on Windows, iCloud before 5.2.1 on Windows, tvOS before\n 9.2.2, and watchOS before 2.2.2 allows remote attackers\n to cause a denial of service (memory corruption) or\n possibly have unspecified other impact via unknown\n vectors, a different vulnerability than CVE-2016-4607,\n CVE-2016-4608, CVE-2016-4609, and\n CVE-2016-4612.(CVE-2016-4610)** REJECT ** DO NOT USE\n THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-1683.\n Reason: This candidate is a reservation duplicate of\n CVE-2016-1683. Notes: All CVE users should reference\n CVE-2016-1683 instead of this candidate. All references\n and descriptions in this candidate have been removed to\n prevent accidental usage.(CVE-2016-4612)In numbers.c in\n libxslt 1.1.33, an xsl:number with certain format\n strings could lead to a uninitialized read in\n xsltNumberFormatInsertNumbers. This could allow an\n attacker to discern whether a byte on the stack\n contains the characters A, a, I, i, or 0, or any other\n character.(CVE-2019-13117)In numbers.c in libxslt\n 1.1.33, a type holding grouping characters of an\n xsl:number instruction was too narrow and an invalid\n character/length combination could be passed to\n xsltNumberFormatDecimal, leading to a read of\n uninitialized stack data.(CVE-2019-13118)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2519\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7f8d3fde\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libxslt packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libxslt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libxslt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libxslt-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libxslt-1.1.28-5.h6\",\n \"libxslt-devel-1.1.28-5.h6\",\n \"libxslt-python-1.1.28-5.h6\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxslt\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-02T16:54:28", "description": "A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-09-15T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : webkit2gtk vulnerabilities (USN-3079-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1854", "CVE-2016-1856", "CVE-2016-1857", "CVE-2016-1858", "CVE-2016-1859", "CVE-2016-4583", "CVE-2016-4585", "CVE-2016-4586", "CVE-2016-4588", "CVE-2016-4589", "CVE-2016-4590", "CVE-2016-4591", "CVE-2016-4622", "CVE-2016-4623", "CVE-2016-4624", "CVE-2016-4651"], "modified": "2019-09-18T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-3079-1.NASL", "href": "https://www.tenable.com/plugins/nessus/93511", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3079-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93511);\n script_version(\"2.7\");\n script_cvs_date(\"Date: 2019/09/18 12:31:46\");\n\n script_cve_id(\"CVE-2016-1854\", \"CVE-2016-1856\", \"CVE-2016-1857\", \"CVE-2016-1858\", \"CVE-2016-1859\", \"CVE-2016-4583\", \"CVE-2016-4585\", \"CVE-2016-4586\", \"CVE-2016-4588\", \"CVE-2016-4589\", \"CVE-2016-4590\", \"CVE-2016-4591\", \"CVE-2016-4622\", \"CVE-2016-4623\", \"CVE-2016-4624\", \"CVE-2016-4651\");\n script_xref(name:\"USN\", value:\"3079-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS : webkit2gtk vulnerabilities (USN-3079-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A large number of security issues were discovered in the WebKitGTK+\nWeb and JavaScript engines. If a user were tricked into viewing a\nmalicious website, a remote attacker could exploit a variety of issues\nrelated to web browser security, including cross-site scripting\nattacks, denial of service attacks, and arbitrary code execution.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3079-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected libjavascriptcoregtk-4.0-18 and / or\nlibwebkit2gtk-4.0-37 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libjavascriptcoregtk-4.0-18\", pkgver:\"2.12.5-0ubuntu0.16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libwebkit2gtk-4.0-37\", pkgver:\"2.12.5-0ubuntu0.16.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libjavascriptcoregtk-4.0-18 / libwebkit2gtk-4.0-37\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2023-01-25T14:39:38", "description": "Update to 1.1.33\n\nFix CVE-2016-1841, CVE-2016-4607, CVE-2016-4608, CVE-2016-4610, CVE-2016-4609, CVE-2019-11068, CVE-2016-1684, CVE-2016-1683, CVE-2016-4738.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-06-19T00:00:00", "type": "nessus", "title": "Fedora 30 : mingw-libxslt (2019-320d5295fc)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1683", "CVE-2016-1684", "CVE-2016-1841", "CVE-2016-4607", "CVE-2016-4608", "CVE-2016-4609", "CVE-2016-4610", "CVE-2016-4738", "CVE-2019-11068"], "modified": "2022-05-23T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mingw-libxslt", "cpe:/o:fedoraproject:fedora:30"], "id": "FEDORA_2019-320D5295FC.NASL", "href": "https://www.tenable.com/plugins/nessus/126015", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-320d5295fc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126015);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/23\");\n\n script_cve_id(\"CVE-2016-1683\", \"CVE-2016-1684\", \"CVE-2016-1841\", \"CVE-2016-4607\", \"CVE-2016-4608\", \"CVE-2016-4609\", \"CVE-2016-4610\", \"CVE-2016-4738\", \"CVE-2019-11068\");\n script_xref(name:\"FEDORA\", value:\"2019-320d5295fc\");\n\n script_name(english:\"Fedora 30 : mingw-libxslt (2019-320d5295fc)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Update to 1.1.33\n\nFix CVE-2016-1841, CVE-2016-4607, CVE-2016-4608, CVE-2016-4610,\nCVE-2016-4609, CVE-2019-11068, CVE-2016-1684, CVE-2016-1683,\nCVE-2016-4738.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-320d5295fc\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected mingw-libxslt package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-4738\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-libxslt\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:30\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^30([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 30\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC30\", reference:\"mingw-libxslt-1.1.33-1.fc30\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mingw-libxslt\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:40:13", "description": "The specific version of Mac OS X that the system is running is reportedly affected by the following vulnerabilities:\n\n- Apple Mac OS X contains an unspecified NULL pointer dereference flaw in Audio, which may allow a local attacker to cause a denial of service for the system. (CVE-2016-4649)\n\n- Apple Mac OS X contains a use-after-free flaw in DspFuncLib that is triggered as user-supplied input is not properly validated when handling function IDs. This may allow a local attacker to dereference already freed memory and potentially execute arbitrary code in the context of the kernel. (CVE-2016-4647)\n\n- Apple Mac OS X contains a use-after-free error in the DspFuncLib extension. The issue is triggered when handling error conditions. With a specially crafted file, a local attacker can dereference already freed memory and potentially execute arbitrary code with root privileges. (CVE-2016-4648)\n\n- Apple Mac OS X contains an out-of-bounds read flaw in ACMP4AACBaseDecoder that is triggered during the handling of a specially crafted MOV file. This may allow a context-dependent attacker to disclose user information. (CVE-2016-4646)\n\n- Apple Mac OS X contains an integer overflow in bspatch related to bsdiff that is triggered as bounds are not properly checked. This may allow a local attacker to potentially gain elevated privileges. (CVE-2014-9862)\n\n- Apple Mac OS X contains a permission flaw in CFNetwork that is triggered during the handling of web browser cookies. This may allow a local attacker to view sensitive user information. (CVE-2016-4645)\n\n- Apple Mac OS X contains an out-of-bounds read flaw in CoreGraphics that is triggered as input is not properly validated. This may allow a local attacker to disclose kernel memory. (CVE-2016-4652)\n\n- Multiple Apple products contain a flaw in CoreGraphics. The issue is triggered as user-supplied input is not properly validated. This may allow a remote attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-4637)\n\n- Multiple Apple products contain a flaw in FaceTime that is triggered as user interface inconsistencies occur when handling relayed calls. This may allow a man-in-the-middle attacker to cause a relayed call to continue to transmit audio while the call appears to be terminated. (CVE-2016-4635)\n\n- Apple Mac OS X contains a flaw in Graphics drivers. The issue is triggered as user-supplied input is not properly validated. This may allow a local attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-4634)\n\n- Apple Mac OS X contains a flaw in ImageIO. The issue is triggered as user-supplied input is not properly validated. This may allow a remote attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-4629)\n\n- Apple Mac OS X contains a flaw in ImageIO. The issue is triggered as user-supplied input is not properly validated. This may allow a remote attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-4630)\n\n- Multiple Apple products contain an unspecified flaw in ImageIO that is triggered as memory is not properly handled. This may allow a remote attacker to cause a consumption of available memory resources. (CVE-2016-4632)\n\n- Multiple Apple products contain multiple flaws in ImageIO. The issues are triggered as user-supplied input is not properly validated. This may allow a remote attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-4631)\n\n- Apple Mac OS X contains multiple flaws in the Intel Graphics driver. The issues are triggered as user-supplied input is not properly validated when handling memory. This may allow a local attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-4633)\n\n- Multiple Apple products contain an unspecified NULL pointer dereference flaw in IOHIDFamily that is triggered as input is not properly validated. This may allow a local attacker to gain elevated, kernel privileges. (CVE-2016-4626)\n\n- Apple Mac OS X contains a use-after-free error in IOSurface that is triggered as memory is not properly managed, which may allow a local attacker to dereference already freed memory and gain elevated, kernel privileges. (CVE-2016-4625)\n\n- Multiple Apple products contain a flaw in Sandbox Profiles that is triggered as restrictions are not properly enforced on privileged API calls. This may allow a local attacker to access the process list. (CVE-2016-4594)\n\n- Multiple Apple products contain a flaw in the Kernel that is triggered as user-supplied input is not properly validated. This may allow a local attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code with kernel privileges. (CVE-2016-1863)\n\n- Multiple Apple products contain a flaw in the Kernel that is triggered as user-supplied input is not properly validated. This may allow a local attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code with kernel privileges. (CVE-2016-4582)\n\n- Multiple Apple products contain an unspecified NULL pointer dereference flaw in Kernel that is triggered as input is not properly validated. This may allow a local attacker to cause a denial of service for the system. (CVE-2016-1865)\n\n- Apple Mac OS X contains multiple flaws in libc++abi. The issues are triggered as user-supplied input is not properly validated when handling memory. This may allow a local attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code with root privileges. (CVE-2016-4621)\n\n- Multiple Apple products contain a flaw in libxml2 that is triggered as user-supplied input is not properly validated. This may allow an attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-4614)\n\n- Multiple Apple products contain a flaw in libxml2 that is triggered as user-supplied input is not properly validated. This may allow an attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-4615)\n\n- Multiple Apple products contain a flaw in libxml2 that is triggered as user-supplied input is not properly validated. This may allow an attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-4616)\n\n- Multiple Apple products contain a flaw in libxml2 that is triggered as user-supplied input is not properly validated. This may allow an attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-4619)\n\n- Multiple Apple products contain a flaw in libxslt that is triggered as user-supplied input is not properly validated. This may allow an attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-4607)\n\n- Multiple Apple products contain a flaw in libxslt that is triggered as user-supplied input is not properly validated. This may allow an attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-4608)\n\n- Multiple Apple products contain a flaw in libxslt that is triggered as user-supplied input is not properly validated. This may allow an attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-4609)\n\n- Multiple Apple products contain a flaw in libxslt that is triggered as user-supplied input is not properly validated. This may allow an attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-4610)\n\n- Multiple Apple products contain a flaw in libxslt that is triggered as user-supplied input is not properly validated. This may allow an attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-4612)\n\n- Apple Mac OS X contains an unspecified type confusion flaw in the Login Window, which may allow a local attacker to gain elevated, root privileges. (CVE-2016-4638)\n\n- Apple Mac OS X contains an overflow condition that is triggered as user-supplied input is not properly validated when interacting with _XRegisterCursorWithData. This may allow a local attacker to cause a heap-based buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code. (CVE-2016-4640)\n\n- Apple Mac OS X contains a type confusion flaw that is triggered by certain _XSetDictionaryForCurrentSession interactions, which may allow a local attacker to gain elevated privileges. (CVE-2016-4641)\n\n- Apple Mac OS X contains an unspecified memory initialization flaw in the Login Window, which may allow a local attacker to cause a denial of service. (CVE-2016-4639)\n\n- Apple Mac OS X contains a flaw in QuickTime. The issue is triggered as user-supplied input is not properly validated when handling a specially crafted SGI file. This may allow a context-dependent attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-4601)\n\n- Apple Mac OS X contains a flaw in QuickTime. The issue is triggered as user-supplied input is not properly validated when handling a specially crafted Photoshop Document (PSD). This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-4599)\n\n- Apple Mac OS X contains a flaw in QuickTime. The issue is triggered as user-supplied input is not properly validated when handling a specially crafted FlashPix Bitmap (FPX) file. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-4596)\n\n- Apple Mac OS X contains a flaw in QuickTime. The issue is triggered as user-supplied input is not properly validated when handling a specially crafted FlashPix Bitmap (FPX) file. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-4597)\n\n- Apple Mac OS X contains a flaw in QuickTime. The issue is triggered as user-supplied input is not properly validated when handling a specially crafted FlashPix Bitmap (FPX) file. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-4600)\n\n- Apple Mac OS X contains a flaw in QuickTime. The issue is triggered as user-supplied input is not properly validated when handling a specially crafted FlashPix Bitmap (FPX) file. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-4602)\n\n- Apple Mac OS X contains a flaw in QuickTime. The issue is triggered as user-supplied input is not properly validated when handling a specially crafted image file. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-4598)\n\n- Apple Mac OS X contains a flaw in the Safari Login AutoFill feature that can cause the user's password to be displayed unobfuscated on the screen. This may allow a physically present attacker to potentially gain knowledge of a user's password. (CVE-2016-4595)\n\n- Multiple Apple products contain a flaw in IOPMrootDomain in the kernel that is triggered as certain input is not properly validated. This may allow a local attacker to corrupt memory and potentially execute code with elevated privileges. (CVE-2016-4653)\n\n- Multiple Apple Products contain a flaw in CFNetwork Proxies that is due to the transfer of password information in cleartext. This may allow a man-in-the-middle attacker to gain access to password information. (CVE-2016-4642)\n\n- Multiple Apple Products contain a flaw in CFNetowrk Proxies that is triggered when parsing 407 responses. This may allow a man-in-the-middle attacker to disclose sensitive user information. (CVE-2016-4643)\n\n- Multiple Apple products contain a downgrade flaw in CFNetwork Proxies that is triggered when saving HTTP authentication credentials in the Keychain. This may allow a man-in-the-middle attacker to disclose sensitive user information. (CVE-2016-4644)\n", "cvss3": {}, "published": "2016-09-08T00:00:00", "type": "nessus", "title": "Mac OS X < 10.11.6 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4607", "CVE-2016-4608", "CVE-2016-4609", "CVE-2016-4610", "CVE-2016-4631", "CVE-2016-4643", "CVE-2016-4644", "CVE-2016-4642", "CVE-2016-4614", "CVE-2016-4615", "CVE-2016-4616", "CVE-2016-4637", "CVE-2016-4632", "CVE-2016-4626", "CVE-2016-1863", "CVE-2016-4582", "CVE-2016-4653", "CVE-2016-1865", "CVE-2016-4594", "CVE-2016-4649", "CVE-2016-4647", "CVE-2016-4648", "CVE-2016-4646", "CVE-2014-9862", "CVE-2016-4645", "CVE-2016-4652", "CVE-2016-4635", "CVE-2016-4634", "CVE-2016-4629", "CVE-2016-4630", "CVE-2016-4633", "CVE-2016-4625", "CVE-2016-4621", "CVE-2016-4638", "CVE-2016-4640", "CVE-2016-4641", "CVE-2016-4639", "CVE-2016-4601", "CVE-2016-4599", "CVE-2016-4596", "CVE-2016-4597", "CVE-2016-4600", "CVE-2016-4602", "CVE-2016-4598", "CVE-2016-4595", "CVE-2016-4619", "CVE-2016-4612"], "modified": "2016-09-08T00:00:00", "cpe": [], "id": "802026.PRM", "href": "https://www.tenable.com/plugins/lce/802026", "sourceData": "Binary data 802026.prm", "cvss": {"score": 10, "vector": "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-13T14:51:59", "description": "New libxml2 packages are available for Slackware 14.0, 14.1, and\n-current to fix security issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-05-31T00:00:00", "type": "nessus", "title": "Slackware 14.0 / 14.1 / current : libxml2 (SSA:2016-148-01)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4447", "CVE-2016-4448", "CVE-2016-4449"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:libxml2", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:14.0", "cpe:/o:slackware:slackware_linux:14.1"], "id": "SLACKWARE_SSA_2016-148-01.NASL", "href": "https://www.tenable.com/plugins/nessus/91353", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2016-148-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91353);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-4447\", \"CVE-2016-4448\", \"CVE-2016-4449\");\n script_xref(name:\"SSA\", value:\"2016-148-01\");\n\n script_name(english:\"Slackware 14.0 / 14.1 / current : libxml2 (SSA:2016-148-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New libxml2 packages are available for Slackware 14.0, 14.1, and\n-current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.404722\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9e3974a0\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libxml2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.0\", pkgname:\"libxml2\", pkgver:\"2.9.4\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"libxml2\", pkgver:\"2.9.4\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"libxml2\", pkgver:\"2.9.4\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"libxml2\", pkgver:\"2.9.4\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"libxml2\", pkgver:\"2.9.4\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"libxml2\", pkgver:\"2.9.4\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-17T14:22:31", "description": "The remote host is running a version of Mac OS X that is 10.11.x prior to 10.11.6. It is, therefore, affected by multiple vulnerabilities in the following components :\n\n - apache_mod_php\n - Audio\n - bsdiff\n - CFNetwork\n - CoreGraphics\n - FaceTime\n - Graphics Drivers\n - ImageIO\n - Intel Graphics Driver\n - IOHIDFamily\n - IOKit\n - IOSurface\n - Kernel\n - libc++abi\n - libexpat\n - LibreSSL\n - libxml2\n - libxslt\n - Login Window\n - OpenSSL\n - QuickTime\n - Safari Login AutoFill\n - Sandbox Profiles\n\nNote that successful exploitation of the most serious issues can result in arbitrary code execution.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-07-21T00:00:00", "type": "nessus", "title": "Mac OS X 10.11.x < 10.11.6 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-7456", "CVE-2014-9862", "CVE-2016-0718", "CVE-2016-1684", "CVE-2016-1836", "CVE-2016-1863", "CVE-2016-1864", "CVE-2016-1865", "CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2108", "CVE-2016-2109", "CVE-2016-2176", "CVE-2016-4447", "CVE-2016-4448", "CVE-2016-4449", "CVE-2016-4483", "CVE-2016-4582", "CVE-2016-4594", "CVE-2016-4595", "CVE-2016-4596", "CVE-2016-4597", "CVE-2016-4598", "CVE-2016-4599", "CVE-2016-4600", "CVE-2016-4601", "CVE-2016-4602", "CVE-2016-4607", "CVE-2016-4608", "CVE-2016-4609", "CVE-2016-4610", "CVE-2016-4612", "CVE-2016-4614", "CVE-2016-4615", "CVE-2016-4616", "CVE-2016-4619", "CVE-2016-4621", "CVE-2016-4625", "CVE-2016-4626", "CVE-2016-4629", "CVE-2016-4630", "CVE-2016-4631", "CVE-2016-4632", "CVE-2016-4633", "CVE-2016-4634", "CVE-2016-4635", "CVE-2016-4637", "CVE-2016-4638", "CVE-2016-4639", "CVE-2016-4640", "CVE-2016-4641", "CVE-2016-4645", "CVE-2016-4646", "CVE-2016-4647", "CVE-2016-4648", "CVE-2016-4649", "CVE-2016-4650", "CVE-2016-4652", "CVE-2016-5093", "CVE-2016-5094", "CVE-2016-5096"], "modified": "2019-11-19T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_10_11_6.NASL", "href": "https://www.tenable.com/plugins/nessus/92496", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92496);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/11/19\");\n\n script_cve_id(\n \"CVE-2013-7456\",\n \"CVE-2014-9862\",\n \"CVE-2016-0718\",\n \"CVE-2016-1684\",\n \"CVE-2016-1836\",\n \"CVE-2016-1863\",\n \"CVE-2016-1864\",\n \"CVE-2016-1865\",\n \"CVE-2016-2105\",\n \"CVE-2016-2106\",\n \"CVE-2016-2107\",\n \"CVE-2016-2108\",\n \"CVE-2016-2109\",\n \"CVE-2016-2176\",\n \"CVE-2016-4447\",\n \"CVE-2016-4448\",\n \"CVE-2016-4449\",\n \"CVE-2016-4483\",\n \"CVE-2016-4582\",\n \"CVE-2016-4594\",\n \"CVE-2016-4595\",\n \"CVE-2016-4596\",\n \"CVE-2016-4597\",\n \"CVE-2016-4598\",\n \"CVE-2016-4599\",\n \"CVE-2016-4600\",\n \"CVE-2016-4601\",\n \"CVE-2016-4602\",\n \"CVE-2016-4607\",\n \"CVE-2016-4608\",\n \"CVE-2016-4609\",\n \"CVE-2016-4610\",\n \"CVE-2016-4612\",\n \"CVE-2016-4614\",\n \"CVE-2016-4615\",\n \"CVE-2016-4616\",\n \"CVE-2016-4619\",\n \"CVE-2016-4621\",\n \"CVE-2016-4625\",\n \"CVE-2016-4626\",\n \"CVE-2016-4629\",\n \"CVE-2016-4630\",\n \"CVE-2016-4631\",\n \"CVE-2016-4632\",\n \"CVE-2016-4633\",\n \"CVE-2016-4634\",\n \"CVE-2016-4635\",\n \"CVE-2016-4637\",\n \"CVE-2016-4638\",\n \"CVE-2016-4639\",\n \"CVE-2016-4640\",\n \"CVE-2016-4641\",\n \"CVE-2016-4645\",\n \"CVE-2016-4646\",\n \"CVE-2016-4647\",\n \"CVE-2016-4648\",\n \"CVE-2016-4649\",\n \"CVE-2016-4650\",\n \"CVE-2016-4652\",\n \"CVE-2016-5093\",\n \"CVE-2016-5094\",\n \"CVE-2016-5096\"\n );\n script_bugtraq_id(\n 90856,\n 90857,\n 90859,\n 90861,\n 90864,\n 90865,\n 90876,\n 90946,\n 91824,\n 91826,\n 91828,\n 91829,\n 91834,\n 92034\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2016-07-18-1\");\n\n script_name(english:\"Mac OS X 10.11.x < 10.11.6 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of Mac OS X.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X security update that fixes\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X that is 10.11.x prior\nto 10.11.6. It is, therefore, affected by multiple vulnerabilities in\nthe following components :\n\n - apache_mod_php\n - Audio\n - bsdiff\n - CFNetwork\n - CoreGraphics\n - FaceTime\n - Graphics Drivers\n - ImageIO\n - Intel Graphics Driver\n - IOHIDFamily\n - IOKit\n - IOSurface\n - Kernel\n - libc++abi\n - libexpat\n - LibreSSL\n - libxml2\n - libxslt\n - Login Window\n - OpenSSL\n - QuickTime\n - Safari Login AutoFill\n - Sandbox Profiles\n\nNote that successful exploitation of the most serious issues can\nresult in arbitrary code execution.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/en-us/HT206903\");\n # http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5da74f53\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mac OS X 10.11.6 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-4629\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"os_fingerprint.nasl\");\n script_require_ports(\"Host/MacOSX/Version\", \"Host/OS\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os)\n{\n os = get_kb_item_or_exit(\"Host/OS\");\n if (\"Mac OS X\" >!< os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\n c = get_kb_item(\"Host/OS/Confidence\");\n if (c <= 70) exit(1, \"Can't determine the host's OS with sufficient confidence.\");\n}\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\n\nmatch = eregmatch(pattern:\"Mac OS X ([0-9]+(\\.[0-9]{1,2})+)\", string:os);\nif (isnull(match)) exit(1, \"Failed to parse the Mac OS X version ('\" + os + \"').\");\n\nversion = match[1];\nif (!ereg(pattern:\"^10\\.11([^0-9]|$)\", string:version)) audit(AUDIT_OS_NOT, \"Mac OS X 10.11\", \"Mac OS X \"+version);\n\nfixed_version = \"10.11.6\";\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n report = '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version +\n '\\n';\n security_report_v4(port:0, extra:report, severity:SECURITY_HOLE);\n}\nelse exit(0, \"The host is not affected as it is running Mac OS X \"+version+\".\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T16:39:31", "description": "Google reports :\n\n- [583156] Medium CVE-2016-1683: Out-of-bounds access in libxslt.\nCredit to Nicolas Gregoire.\n\n- [583171] Medium CVE-2016-1684: Integer overflow in libxslt. Credit to Nicolas Gregoire.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-06-21T00:00:00", "type": "nessus", "title": "FreeBSD : libxslt -- Denial of Service (1a2aa04f-3718-11e6-b3c8-14dae9d210b8)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1683", "CVE-2016-1684"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:libxslt", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_1A2AA04F371811E6B3C814DAE9D210B8.NASL", "href": "https://www.tenable.com/plugins/nessus/91720", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91720);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-1683\", \"CVE-2016-1684\");\n\n script_name(english:\"FreeBSD : libxslt -- Denial of Service (1a2aa04f-3718-11e6-b3c8-14dae9d210b8)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Google reports :\n\n- [583156] Medium CVE-2016-1683: Out-of-bounds access in libxslt.\nCredit to Nicolas Gregoire.\n\n- [583171] Medium CVE-2016-1684: Integer overflow in libxslt. Credit\nto Nicolas Gregoire.\"\n );\n # http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e4d6f0fa\"\n );\n # https://vuxml.freebsd.org/freebsd/1a2aa04f-3718-11e6-b3c8-14dae9d210b8.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5547314a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:libxslt\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"libxslt<1.1.29\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-16T01:14:49", "description": "CVE-2016-4447 The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.\n\nCVE-2016-4449 XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.", "cvss3": {}, "published": "2016-12-20T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : libxml2 vulnerabilities (K24322529)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4447", "CVE-2016-4449"], "modified": "2020-03-09T00:00:00", "cpe": ["cpe:/a:f5:big-ip_access_policy_manager", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_webaccelerator", "cpe:/h:f5:big-ip", "cpe:/h:f5:big-ip_protocol_security_manager"], "id": "F5_BIGIP_SOL24322529.NASL", "href": "https://www.tenable.com/plugins/nessus/95940", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K24322529.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95940);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/09\");\n\n script_cve_id(\"CVE-2016-4447\", \"CVE-2016-4449\");\n\n script_name(english:\"F5 Networks BIG-IP : libxml2 vulnerabilities (K24322529)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2016-4447 The xmlParseElementDecl function in parser.c in libxml2\nbefore 2.9.4 allows context-dependent attackers to cause a denial of\nservice (heap-based buffer underread and application crash) via a\ncrafted file, involving xmlParseName.\n\nCVE-2016-4449 XML external entity (XXE) vulnerability in the\nxmlStringLenDecodeEntities function in parser.c in libxml2 before\n2.9.4, when not in validating mode, allows context-dependent attackers\nto read arbitrary files or cause a denial of service (resource\nconsumption) via unspecified vectors.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K24322529\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K24322529.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K24322529\";\nvmatrix = make_array();\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"12.0.0-12.1.1\",\"11.4.0-11.6.1\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"12.1.2\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"12.0.0-12.1.1\",\"11.4.0-11.6.1\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"12.1.2\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"12.0.0-12.1.1\",\"11.4.0-11.6.1\",\"11.2.1\",\"10.2.1-10.2.4\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"12.1.2\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"12.0.0-12.1.1\",\"11.4.0-11.6.1\",\"11.2.1\",\"10.2.1-10.2.4\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"12.1.2\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"12.0.0-12.1.1\",\"11.4.0-11.6.1\",\"11.2.1\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"12.1.2\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"12.0.0-12.1.1\",\"11.4.0-11.6.1\",\"11.2.1\",\"10.2.1-10.2.4\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"12.1.2\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"12.0.0-12.1.1\",\"11.4.0-11.6.1\",\"11.2.1\",\"10.2.1-10.2.4\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"12.1.2\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"12.0.0-12.1.1\",\"11.4.0-11.6.1\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"12.1.2\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-01-11T16:39:13", "description": "Several vulnerabilities were found in libxslt.\n\nCVE-2015-7995\n\nA missing type check could cause an application crash via a especially crafted file.\n\nCVE-2016-1683\n\nAn out of bounds heap access bug was found in libxslt.\n\nCVE-2016-1684\n\nThere was an integer overflow bug in libxslt that could lead to an application crash.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 1.1.26-14.1+deb7u1.\n\nWe recommend that you upgrade your libxslt packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-06-14T00:00:00", "type": "nessus", "title": "Debian DLA-514-1 : libxslt security update", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7995", "CVE-2016-1683", "CVE-2016-1684"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libxslt1-dbg", "p-cpe:/a:debian:debian_linux:libxslt1-dev", "p-cpe:/a:debian:debian_linux:libxslt1.1", "p-cpe:/a:debian:debian_linux:python-libxslt1", "p-cpe:/a:debian:debian_linux:python-libxslt1-dbg", "p-cpe:/a:debian:debian_linux:xsltproc", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-514.NASL", "href": "https://www.tenable.com/plugins/nessus/91578", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-514-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91578);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-7995\", \"CVE-2016-1683\", \"CVE-2016-1684\");\n\n script_name(english:\"Debian DLA-514-1 : libxslt security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were found in libxslt.\n\nCVE-2015-7995\n\nA missing type check could cause an application crash via a especially\ncrafted file.\n\nCVE-2016-1683\n\nAn out of bounds heap access bug was found in libxslt.\n\nCVE-2016-1684\n\nThere was an integer overflow bug in libxslt that could lead to an\napplication crash.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n1.1.26-14.1+deb7u1.\n\nWe recommend that you upgrade your libxslt packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2016/06/msg00015.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/libxslt\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxslt1-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxslt1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxslt1.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python-libxslt1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python-libxslt1-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xsltproc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libxslt1-dbg\", reference:\"1.1.26-14.1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libxslt1-dev\", reference:\"1.1.26-14.1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libxslt1.1\", reference:\"1.1.26-14.1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"python-libxslt1\", reference:\"1.1.26-14.1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"python-libxslt1-dbg\", reference:\"1.1.26-14.1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"xsltproc\", reference:\"1.1.26-14.1+deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T16:39:46", "description": "Several vulnerabilities were discovered in libxslt, an XSLT processing runtime library, which could lead to information disclosure or denial-of-service (application crash) against an application using the libxslt library.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-06-20T00:00:00", "type": "nessus", "title": "Debian DSA-3605-1 : libxslt - security update", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7995", "CVE-2016-1683", "CVE-2016-1684"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libxslt", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3605.NASL", "href": "https://www.tenable.com/plugins/nessus/91693", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3605. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91693);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-7995\", \"CVE-2016-1683\", \"CVE-2016-1684\");\n script_xref(name:\"DSA\", value:\"3605\");\n\n script_name(english:\"Debian DSA-3605-1 : libxslt - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were discovered in libxslt, an XSLT processing\nruntime library, which could lead to information disclosure or\ndenial-of-service (application crash) against an application using the\nlibxslt library.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802971\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/libxslt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2016/dsa-3605\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the libxslt packages.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 1.1.28-2+deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxslt\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libxslt1-dbg\", reference:\"1.1.28-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libxslt1-dev\", reference:\"1.1.28-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libxslt1.1\", reference:\"1.1.28-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"python-libxslt1\", reference:\"1.1.28-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"python-libxslt1-dbg\", reference:\"1.1.28-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"xsltproc\", reference:\"1.1.28-2+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T15:31:44", "description": "According to the versions of the libxslt packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a 'type confusion' issue.(CVE-2015-7995)\n\n - numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory access) or possibly have unspecified other impact via a crafted document.(CVE-2016-1683)\n\n - numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles the i format token for xsl:number data, which allows remote attackers to cause a denial of service (integer overflow or resource consumption) or possibly have unspecified other impact via a crafted document.(CVE-2016-1684)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-11-08T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : libxslt (EulerOS-SA-2019-2212)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7995", "CVE-2016-1683", "CVE-2016-1684"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libxslt", "p-cpe:/a:huawei:euleros:libxslt-devel", "p-cpe:/a:huawei:euleros:libxslt-python", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2212.NASL", "href": "https://www.tenable.com/plugins/nessus/130674", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(130674);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2015-7995\",\n \"CVE-2016-1683\",\n \"CVE-2016-1684\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : libxslt (EulerOS-SA-2019-2212)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the libxslt packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The xsltStylePreCompute function in preproc.c in\n libxslt 1.1.28 does not check if the parent node is an\n element, which allows attackers to cause a denial of\n service via a crafted XML file, related to a 'type\n confusion' issue.(CVE-2015-7995)\n\n - numbers.c in libxslt before 1.1.29, as used in Google\n Chrome before 51.0.2704.63, mishandles namespace nodes,\n which allows remote attackers to cause a denial of\n service (out-of-bounds heap memory access) or possibly\n have unspecified other impact via a crafted\n document.(CVE-2016-1683)\n\n - numbers.c in libxslt before 1.1.29, as used in Google\n Chrome before 51.0.2704.63, mishandles the i format\n token for xsl:number data, which allows remote\n attackers to cause a denial of service (integer\n overflow or resource consumption) or possibly have\n unspecified other impact via a crafted\n document.(CVE-2016-1684)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2212\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e84c8608\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libxslt packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libxslt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libxslt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libxslt-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libxslt-1.1.28-5.h5.eulerosv2r7\",\n \"libxslt-devel-1.1.28-5.h5.eulerosv2r7\",\n \"libxslt-python-1.1.28-5.h5.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxslt\");\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T15:20:51", "description": "Several vulnerabilities were found in libxslt the XSLT 1.0 processing library.\n\nCVE-2016-4610\n\nInvalid memory access leading to DoS at exsltDynMapFunction. libxslt allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.\n\nCVE-2016-4609\n\nOut-of-bounds read at xmlGetLineNoInternal() libxslt allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.\n\nCVE-2019-13117\n\nAn xsl:number with certain format strings could lead to an uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.\n\nCVE-2019-13118\n\nA type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.\n\nFor Debian 8 'Jessie', these problems have been fixed in version 1.1.28-2+deb8u5.\n\nWe recommend that you upgrade your libxslt packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-07-23T00:00:00", "type": "nessus", "title": "Debian DLA-1860-1 : libxslt security update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4609", "CVE-2016-4610", "CVE-2019-13117", "CVE-2019-13118"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libxslt1-dbg", "p-cpe:/a:debian:debian_linux:libxslt1-dev", "p-cpe:/a:debian:debian_linux:libxslt1.1", "p-cpe:/a:debian:debian_linux:python-libxslt1", "p-cpe:/a:debian:debian_linux:python-libxslt1-dbg", "p-cpe:/a:debian:debian_linux:xsltproc", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-1860.NASL", "href": "https://www.tenable.com/plugins/nessus/126926", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1860-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(126926);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-4609\", \"CVE-2016-4610\", \"CVE-2019-13117\", \"CVE-2019-13118\");\n\n script_name(english:\"Debian DLA-1860-1 : libxslt security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were found in libxslt the XSLT 1.0 processing\nlibrary.\n\nCVE-2016-4610\n\nInvalid memory access leading to DoS at exsltDynMapFunction. libxslt\nallows remote attackers to cause a denial of service (memory\ncorruption) or possibly have unspecified other impact via unknown\nvectors.\n\nCVE-2016-4609\n\nOut-of-bounds read at xmlGetLineNoInternal() libxslt allows remote\nattackers to cause a denial of service (memory corruption) or possibly\nhave unspecified other impact via unknown vectors.\n\nCVE-2019-13117\n\nAn xsl:number with certain format strings could lead to an\nuninitialized read in xsltNumberFormatInsertNumbers. This could allow\nan attacker to discern whether a byte on the stack contains the\ncharacters A, a, I, i, or 0, or any other character.\n\nCVE-2019-13118\n\nA type holding grouping characters of an xsl:number instruction was\ntoo narrow and an invalid character/length combination could be passed\nto xsltNumberFormatDecimal, leading to a read of uninitialized stack\ndata.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n1.1.28-2+deb8u5.\n\nWe recommend that you upgrade your libxslt packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/libxslt\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxslt1-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxslt1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxslt1.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python-libxslt1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python-libxslt1-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xsltproc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libxslt1-dbg\", reference:\"1.1.28-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libxslt1-dev\", reference:\"1.1.28-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libxslt1.1\", reference:\"1.1.28-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"python-libxslt1\", reference:\"1.1.28-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"python-libxslt1-dbg\", reference:\"1.1.28-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"xsltproc\", reference:\"1.1.28-2+deb8u5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-24T14:17:29", "description": "According to the versions of the libxslt packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles the i format token for xsl:number data, which allows remote attackers to cause a denial of service (integer overflow or resource consumption) or possibly have unspecified other impact via a crafted document.(CVE-2016-1684)\n\n - numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory access) or possibly have unspecified other impact via a crafted document.(CVE-2016-1683)\n\n - A type confusion vulnerability was discovered in the xsltStylePreCompute() function of libxslt. A remote attacker could possibly exploit this flaw to cause an application using libxslt to crash by tricking the application into processing a specially crafted XSLT document.(CVE-2015-7995)\n\n - In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed.(CVE-2019-18197)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-03-13T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.2.0 : libxslt (EulerOS-SA-2020-1215)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7995", "CVE-2016-1683", "CVE-2016-1684", "CVE-2019-18197"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libxslt", "p-cpe:/a:huawei:euleros:libxslt-python", "cpe:/o:huawei:euleros:uvp:3.0.2.0"], "id": "EULEROS_SA-2020-1215.NASL", "href": "https://www.tenable.com/plugins/nessus/134504", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(134504);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2015-7995\",\n \"CVE-2016-1683\",\n \"CVE-2016-1684\",\n \"CVE-2019-18197\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.2.0 : libxslt (EulerOS-SA-2020-1215)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the libxslt packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - numbers.c in libxslt before 1.1.29, as used in Google\n Chrome before 51.0.2704.63, mishandles the i format\n token for xsl:number data, which allows remote\n attackers to cause a denial of service (integer\n overflow or resource consumption) or possibly have\n unspecified other impact via a crafted\n document.(CVE-2016-1684)\n\n - numbers.c in libxslt before 1.1.29, as used in Google\n Chrome before 51.0.2704.63, mishandles namespace nodes,\n which allows remote attackers to cause a denial of\n service (out-of-bounds heap memory access) or possibly\n have unspecified other impact via a crafted\n document.(CVE-2016-1683)\n\n - A type confusion vulnerability was discovered in the\n xsltStylePreCompute() function of libxslt. A remote\n attacker could possibly exploit this flaw to cause an\n application using libxslt to crash by tricking the\n application into processing a specially crafted XSLT\n document.(CVE-2015-7995)\n\n - In xsltCopyText in transform.c in libxslt 1.1.33, a\n pointer variable isn't reset under certain\n circumstances. If the relevant memory area happened to\n be freed and reused in a certain way, a bounds check\n could fail and memory outside a buffer could be written\n to, or uninitialized data could be\n disclosed.(CVE-2019-18197)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1215\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?67c0c3ea\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libxslt packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libxslt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libxslt-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"libxslt-1.1.28-5.h6\",\n \"libxslt-python-1.1.28-5.h6\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxslt\");\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-13T14:40:23", "description": "According to its self-reported version number, the remote Juniper Junos device is affected by a Multiple vulnerabilities in libxml2:\n\n- Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.(CVE-2016-4448) \n- The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document. (CVE-2016-3627)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-01-11T00:00:00", "type": "nessus", "title": "Junos OS: Multiple vulnerabilities in libxml2 (JSA10916)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3627", "CVE-2016-3705", "CVE-2016-4447", "CVE-2016-4448", "CVE-2016-4449", "CVE-2017-18258", "CVE-2017-7375", "CVE-2018-9251"], "modified": "2021-02-09T00:00:00", "cpe": ["cpe:/o:juniper:junos"], "id": "JUNIPER_JSA10916.NASL", "href": "https://www.tenable.com/plugins/nessus/121070", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121070);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/09\");\n\n script_cve_id(\n \"CVE-2016-3627\",\n \"CVE-2016-3705\",\n \"CVE-2016-4447\",\n \"CVE-2016-4448\",\n \"CVE-2016-4449\",\n \"CVE-2017-7375\",\n \"CVE-2017-18258\",\n \"CVE-2018-9251\"\n );\n script_xref(name:\"JSA\", value:\"JSA10916\");\n\n script_name(english:\"Junos OS: Multiple vulnerabilities in libxml2 (JSA10916)\");\n script_summary(english:\"Checks the Junos version and build date.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is missing a vendor-supplied security patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the remote Juniper\nJunos device is affected by a Multiple vulnerabilities in libxml2:\n\n- Format string vulnerability in libxml2 before 2.9.4 allows \n attackers to have unspecified impact via format string \n specifiers in unknown vectors.(CVE-2016-4448)\n \n- The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and \n earlier, when used in recovery mode, allows context-dependent \n attackers to cause a denial of service (infinite recursion, stack \n consumption, and application crash) via a crafted XML document. \n (CVE-2016-3627)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10916\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the relevant Junos software release referenced in Juniper\nadvisory JSA10916.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-4448\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:juniper:junos\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Junos Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"junos_version.nasl\");\n script_require_keys(\"Host/Juniper/JUNOS/Version\", \"Host/Juniper/model\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"junos.inc\");\ninclude(\"misc_func.inc\");\n\nver = get_kb_item_or_exit('Host/Juniper/JUNOS/Version');\nmodel = get_kb_item_or_exit('Host/Juniper/model');\n\nfixes = make_array();\n\nfixes['12.3R'] = '12.3R12-S10';\n\nif (model =~ '^SRX')\n{\n fixes['12.1X46'] = '12.1X46-D81';\n fixes['12.3X48'] = '12.3X48-D75';\n fixes['15.1X49'] = '15.1X49-D150';\n}\nif (model =~ '^NFX')\n{\n fixes['15.1X53'] = '15.1X53-D495';\n}\nif (model =~ '^QFX5')\n{\n fixes['15.1X53'] = '15.1X53-D234';\n}\nif (model =~ '^QFX10000')\n{\n fixes['15.1X53'] = '15.1X53-D68';\n}\nif (model =~ '^EX')\n{\n fixes['15.1X53'] = '15.1X53-D590';\n}\nif (model =~ '^EX' || model =~ '^QFX')\n{\n fixes['14.1X53'] = '15.1X53-D590';\n}\nfixes['15.1'] = '15.1R4-S9';\nfixes['15.1F'] = '15.1F6-S11';\nfixes['16.1'] = '16.1R4-S11';\nfixes['16.2'] = '16.2R2-S7';\nfixes['17.1'] = '17.1R2-S9';\nfixes['17.2'] = '17.2R1-S7';\nfixes['17.3'] = '17.3R2-S4';\nfixes['17.4'] = '17.4R2';\nfixes['18.1'] = '18.1R2-S2';\nfixes['18.2'] = '18.2R1-S1';\nfixes['18.2X75'] = '18.2X75-D20';\n\nfix = check_junos(ver:ver, fixes:fixes, exit_on_fail:TRUE);\n\nif (report_verbosity > 0)\n{\n report = get_report(ver:ver, fix:fix);\n security_hole(port:0, extra:report);\n}\nelse security_hole(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:39:00", "description": "A specially crafted argument can trigger a static buffer overflow in the library, with possibility to rewrite following static buffers that belong to other library functions. Impact : Due to very limited use of the function in the existing applications, and limited length of the overflow, exploitation of the vulnerability does not seem feasible.\nNone of the utilities and daemons in the base system are known to be vulnerable. However, careful review of third party software that may use the function was not performed.", "cvss3": {}, "published": "2016-12-07T00:00:00", "type": "nessus", "title": "FreeBSD : FreeBSD -- link_ntoa(3) buffer overflow (0282269d-bbee-11e6-b1cf-14dae9d210b8)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6559"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:FreeBSD", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_0282269DBBEE11E6B1CF14DAE9D210B8.NASL", "href": "https://www.tenable.com/plugins/nessus/95585", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95585);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-6559\");\n script_xref(name:\"FreeBSD\", value:\"SA-16:37.libc\");\n\n script_name(english:\"FreeBSD : FreeBSD -- link_ntoa(3) buffer overflow (0282269d-bbee-11e6-b1cf-14dae9d210b8)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A specially crafted argument can trigger a static buffer overflow in\nthe library, with possibility to rewrite following static buffers that\nbelong to other library functions. Impact : Due to very limited use of\nthe function in the existing applications, and limited length of the\noverflow, exploitation of the vulnerability does not seem feasible.\nNone of the utilities and daemons in the base system are known to be\nvulnerable. However, careful review of third party software that may\nuse the function was not performed.\"\n );\n # https://vuxml.freebsd.org/freebsd/0282269d-bbee-11e6-b1cf-14dae9d210b8.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?98fb1d8f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:FreeBSD\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"FreeBSD>=11.0<11.0_5\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"FreeBSD>=10.3<10.3_14\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"FreeBSD>=10.2<10.2_27\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"FreeBSD>=10.1<10.1_44\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"FreeBSD>=9.3<9.3_52\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-13T14:53:00", "description": "From Red Hat Security Advisory 2016:1292 :\n\nAn update for libxml2 is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\n[Updated 18 July 2016] This advisory has been updated to push packages into the Red Hat Enterprise Linux 6 Desktop channels. The packages included in this revised update have not been changed in any way from the packages included in the original advisory.\n\nThe libxml2 library is a development toolbox providing the implementation of various XML standards.\n\nSecurity Fix(es) :\n\nA heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or execute arbitrary code with the permissions of the user running the application.\n(CVE-2016-1834, CVE-2016-1840)\n\nMultiple denial of service flaws were found in libxml2. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, could cause that application to crash. (CVE-2016-1762, CVE-2016-1833, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-06-24T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : libxml2 (ELSA-2016-1292)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1762", "CVE-2016-1833", "CVE-2016-1834", "CVE-2016-1835", "CVE-2016-1836", "CVE-2016-1837", "CVE-2016-1838", "CVE-2016-1839", "CVE-2016-1840", "CVE-2016-3627", "CVE-2016-3705", "CVE-2016-4447", "CVE-2016-4448", "CVE-2016-4449"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:libxml2", "p-cpe:/a:oracle:linux:libxml2-devel", "p-cpe:/a:oracle:linux:libxml2-python", "p-cpe:/a:oracle:linux:libxml2-static", "cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2016-1292.NASL", "href": "https://www.tenable.com/plugins/nessus/91797", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2016:1292 and \n# Oracle Linux Security Advisory ELSA-2016-1292 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91797);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-1762\", \"CVE-2016-1833\", \"CVE-2016-1834\", \"CVE-2016-1835\", \"CVE-2016-1836\", \"CVE-2016-1837\", \"CVE-2016-1838\", \"CVE-2016-1839\", \"CVE-2016-1840\", \"CVE-2016-3627\", \"CVE-2016-3705\", \"CVE-2016-4447\", \"CVE-2016-4448\", \"CVE-2016-4449\");\n script_xref(name:\"RHSA\", value:\"2016:1292\");\n\n script_name(english:\"Oracle Linux 6 / 7 : libxml2 (ELSA-2016-1292)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2016:1292 :\n\nAn update for libxml2 is now available for Red Hat Enterprise Linux 6\nand Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\n[Updated 18 July 2016] This advisory has been updated to push packages\ninto the Red Hat Enterprise Linux 6 Desktop channels. The packages\nincluded in this revised update have not been changed in any way from\nthe packages included in the original advisory.\n\nThe libxml2 library is a development toolbox providing the\nimplementation of various XML standards.\n\nSecurity Fix(es) :\n\nA heap-based buffer overflow flaw was found in the way libxml2 parsed\ncertain crafted XML input. A remote attacker could provide a specially\ncrafted XML file that, when opened in an application linked against\nlibxml2, would cause the application to crash or execute arbitrary\ncode with the permissions of the user running the application.\n(CVE-2016-1834, CVE-2016-1840)\n\nMultiple denial of service flaws were found in libxml2. A remote\nattacker could provide a specially crafted XML file that, when\nprocessed by an application using libxml2, could cause that\napplication to crash. (CVE-2016-1762, CVE-2016-1833, CVE-2016-1835,\nCVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839,\nCVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-4448,\nCVE-2016-4449)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-June/006135.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-June/006139.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libxml2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-4448\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libxml2-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"libxml2-2.7.6-21.0.1.el6_8.1\", el_string:\"el6_8\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"libxml2-devel-2.7.6-21.0.1.el6_8.1\", el_string:\"el6_8\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"libxml2-python-2.7.6-21.0.1.el6_8.1\", el_string:\"el6_8\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"libxml2-static-2.7.6-21.0.1.el6_8.1\", el_string:\"el6_8\")) flag++;\n\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libxml2-2.9.1-6.0.1.el7_2.3\", el_string:\"el7_2\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libxml2-devel-2.9.1-6.0.1.el7_2.3\", el_string:\"el7_2\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libxml2-python-2.9.1-6.0.1.el7_2.3\", el_string:\"el7_2\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libxml2-static-2.9.1-6.0.1.el7_2.3\", el_string:\"el7_2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2 / libxml2-devel / libxml2-python / libxml2-static\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-13T14:53:01", "description": "Security Fix(es) :\n\nA heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or execute arbitrary code with the permissions of the user running the application.\n(CVE-2016-1834, CVE-2016-1840)\n\nMultiple denial of service flaws were found in libxml2. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, could cause that application to crash. (CVE-2016-1762, CVE-2016-1833, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-06-24T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : libxml2 on SL6.x, SL7.x i386/x86_64 (20160623)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1762", "CVE-2016-1833", "CVE-2016-1834", "CVE-2016-1835", "CVE-2016-1836", "CVE-2016-1837", "CVE-2016-1838", "CVE-2016-1839", "CVE-2016-1840", "CVE-2016-3627", "CVE-2016-3705", "CVE-2016-4447", "CVE-2016-4448", "CVE-2016-4449"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:libxml2", "p-cpe:/a:fermilab:scientific_linux:libxml2-debuginfo", "p-cpe:/a:fermilab:scientific_linux:libxml2-devel", "p-cpe:/a:fermilab:scientific_linux:libxml2-python", "p-cpe:/a:fermilab:scientific_linux:libxml2-static", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20160623_LIBXML2_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/91808", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91808);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-1762\", \"CVE-2016-1833\", \"CVE-2016-1834\", \"CVE-2016-1835\", \"CVE-2016-1836\", \"CVE-2016-1837\", \"CVE-2016-1838\", \"CVE-2016-1839\", \"CVE-2016-1840\", \"CVE-2016-3627\", \"CVE-2016-3705\", \"CVE-2016-4447\", \"CVE-2016-4448\", \"CVE-2016-4449\");\n\n script_name(english:\"Scientific Linux Security Update : libxml2 on SL6.x, SL7.x i386/x86_64 (20160623)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\nA heap-based buffer overflow flaw was found in the way libxml2 parsed\ncertain crafted XML input. A remote attacker could provide a specially\ncrafted XML file that, when opened in an application linked against\nlibxml2, would cause the application to crash or execute arbitrary\ncode with the permissions of the user running the application.\n(CVE-2016-1834, CVE-2016-1840)\n\nMultiple denial of service flaws were found in libxml2. A remote\nattacker could provide a specially crafted XML file that, when\nprocessed by an application using libxml2, could cause that\napplication to crash. (CVE-2016-1762, CVE-2016-1833, CVE-2016-1835,\nCVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839,\nCVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-4448,\nCVE-2016-4449)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1606&L=scientific-linux-errata&F=&S=&P=6600\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f06629c4\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-4448\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libxml2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libxml2-static\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"libxml2-2.7.6-21.el6_8.1\", el_string:\"el6_8\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libxml2-debuginfo-2.7.6-21.el6_8.1\", el_string:\"el6_8\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libxml2-devel-2.7.6-21.el6_8.1\", el_string:\"el6_8\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libxml2-python-2.7.6-21.el6_8.1\", el_string:\"el6_8\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libxml2-static-2.7.6-21.el6_8.1\", el_string:\"el6_8\")) flag++;\n\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libxml2-2.9.1-6.el7_2.3\", el_string:\"el7_2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libxml2-debuginfo-2.9.1-6.el7_2.3\", el_string:\"el7_2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libxml2-devel-2.9.1-6.el7_2.3\", el_string:\"el7_2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libxml2-python-2.9.1-6.el7_2.3\", el_string:\"el7_2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libxml2-static-2.9.1-6.el7_2.3\", el_string:\"el7_2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2 / libxml2-debuginfo / libxml2-devel / libxml2-python / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-13T14:53:34", "description": "An update for libxml2 is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\n[Updated 18 July 2016] This advisory has been updated to push packages into the Red Hat Enterprise Linux 6 Desktop channels. The packages included in this revised update have not been changed in any way from the packages included in the original advisory.\n\nThe libxml2 library is a development toolbox providing the implementation of various XML standards.\n\nSecurity Fix(es) :\n\nA heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or execute arbitrary code with the permissions of the user running the application.\n(CVE-2016-1834, CVE-2016-1840)\n\nMultiple denial of service flaws were found in libxml2. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, could cause that application to crash. (CVE-2016-1762, CVE-2016-1833, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-06-24T00:00:00", "type": "nessus", "title": "CentOS 6 / 7 : libxml2 (CESA-2016:1292)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1762", "CVE-2016-1833", "CVE-2016-1834", "CVE-2016-1835", "CVE-2016-1836", "CVE-2016-1837", "CVE-2016-1838", "CVE-2016-1839", "CVE-2016-1840", "CVE-2016-3627", "CVE-2016-3705", "CVE-2016-4447", "CVE-2016-4448", "CVE-2016-4449"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:libxml2", "p-cpe:/a:centos:centos:libxml2-devel", "p-cpe:/a:centos:centos:libxml2-python", "p-cpe:/a:centos:centos:libxml2-static", "cpe:/o:centos:centos:6", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2016-1292.NASL", "href": "https://www.tenable.com/plugins/nessus/91786", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:1292 and \n# CentOS Errata and Security Advisory 2016:1292 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91786);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-1762\", \"CVE-2016-1833\", \"CVE-2016-1834\", \"CVE-2016-1835\", \"CVE-2016-1836\", \"CVE-2016-1837\", \"CVE-2016-1838\", \"CVE-2016-1839\", \"CVE-2016-1840\", \"CVE-2016-3627\", \"CVE-2016-3705\", \"CVE-2016-4447\", \"CVE-2016-4448\", \"CVE-2016-4449\");\n script_xref(name:\"RHSA\", value:\"2016:1292\");\n\n script_name(english:\"CentOS 6 / 7 : libxml2 (CESA-2016:1292)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for libxml2 is now available for Red Hat Enterprise Linux 6\nand Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\n[Updated 18 July 2016] This advisory has been updated to push packages\ninto the Red Hat Enterprise Linux 6 Desktop channels. The packages\nincluded in this revised update have not been changed in any way from\nthe packages included in the original advisory.\n\nThe libxml2 library is a development toolbox providing the\nimplementation of various XML standards.\n\nSecurity Fix(es) :\n\nA heap-based buffer overflow flaw was found in the way libxml2 parsed\ncertain crafted XML input. A remote attacker could provide a specially\ncrafted XML file that, when opened in an application linked against\nlibxml2, would cause the application to crash or execute arbitrary\ncode with the permissions of the user running the application.\n(CVE-2016-1834, CVE-2016-1840)\n\nMultiple denial of service flaws were found in libxml2. A remote\nattacker could provide a specially crafted XML file that, when\nprocessed by an application using libxml2, could cause that\napplication to crash. (CVE-2016-1762, CVE-2016-1833, CVE-2016-1835,\nCVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839,\nCVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-4448,\nCVE-2016-4449)\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-June/021917.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?363b0705\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-June/021929.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?af9d923d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libxml2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-4448\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libxml2-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x / 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"libxml2-2.7.6-21.el6_8.1\", el_string:\"el6_8\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"libxml2-devel-2.7.6-21.el6_8.1\", el_string:\"el6_8\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"libxml2-python-2.7.6-21.el6_8.1\", el_string:\"el6_8\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"libxml2-static-2.7.6-21.el6_8.1\", el_string:\"el6_8\")) flag++;\n\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libxml2-2.9.1-6.el7_2.3\", el_string:\"el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libxml2-devel-2.9.1-6.el7_2.3\", el_string:\"el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libxml2-python-2.9.1-6.el7_2.3\", el_string:\"el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libxml2-static-2.9.1-6.el7_2.3\", el_string:\"el7_2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2 / libxml2-devel / libxml2-python / libxml2-static\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-13T14:53:11", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - Update doc/redhat.gif in tarball\n\n - Add libxml2-oracle-enterprise.patch and update logos in tarball\n\n - Heap-based buffer overread in xmlNextChar (CVE-2016-1762)\n\n - Bug 763071: Heap-buffer-overflow in xmlStrncat (CVE-2016-1834)\n\n - Bug 757711: Heap-buffer-overflow in xmlFAParsePosCharGroup (CVE-2016-1840)\n\n - Bug 758588: Heap-based buffer overread in xmlParserPrintFileContextInternal (CVE-2016-1838)\n\n - Bug 758605: Heap-based buffer overread in xmlDictAddString (CVE-2016-1839)\n\n - Bug 759398: Heap use-after-free in xmlDictComputeFastKey (CVE-2016-1836)\n\n - Fix inappropriate fetch of entities content (CVE-2016-4449)\n\n - Heap use-after-free in htmlParsePubidLiteral and htmlParseSystemiteral (CVE-2016-1837)\n\n - Heap use-after-free in xmlSAX2AttributeNs (CVE-2016-1835)\n\n - Heap-based buffer-underreads due to xmlParseName (CVE-2016-4447)\n\n - Heap-based buffer overread in htmlCurrentChar (CVE-2016-1833)\n\n - Add missing increments of recursion depth counter to XML parser. (CVE-2016-3705)\n\n - Avoid building recursive entities (CVE-2016-3627)\n\n - Fix some format string warnings with possible format string vulnerability (CVE-2016-4448)\n\n - More format string warnings with possible format string vulnerability (CVE-2016-4448)\n\n - Fix large parse of file from memory (rhbz#862969)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-06-24T00:00:00", "type": "nessus", "title": "OracleVM 3.3 / 3.4 : libxml2 (OVMSA-2016-0087)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1762", "CVE-2016-1833", "CVE-2016-1834", "CVE-2016-1835", "CVE-2016-1836", "CVE-2016-1837", "CVE-2016-1838", "CVE-2016-1839", "CVE-2016-1840", "CVE-2016-3627", "CVE-2016-3705", "CVE-2016-4447", "CVE-2016-4448", "CVE-2016-4449"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:libxml2", "p-cpe:/a:oracle:vm:libxml2-python", "cpe:/o:oracle:vm_server:3.3", "cpe:/o:oracle:vm_server:3.4"], "id": "ORACLEVM_OVMSA-2016-0087.NASL", "href": "https://www.tenable.com/plugins/nessus/91800", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2016-0087.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91800);\n script_version(\"2.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-1762\", \"CVE-2016-1833\", \"CVE-2016-1834\", \"CVE-2016-1835\", \"CVE-2016-1836\", \"CVE-2016-1837\", \"CVE-2016-1838\", \"CVE-2016-1839\", \"CVE-2016-1840\", \"CVE-2016-3627\", \"CVE-2016-3705\", \"CVE-2016-4447\", \"CVE-2016-4448\", \"CVE-2016-4449\");\n\n script_name(english:\"OracleVM 3.3 / 3.4 : libxml2 (OVMSA-2016-0087)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - Update doc/redhat.gif in tarball\n\n - Add libxml2-oracle-enterprise.patch and update logos in\n tarball\n\n - Heap-based buffer overread in xmlNextChar\n (CVE-2016-1762)\n\n - Bug 763071: Heap-buffer-overflow in xmlStrncat\n (CVE-2016-1834)\n\n - Bug 757711: Heap-buffer-overflow in\n xmlFAParsePosCharGroup (CVE-2016-1840)\n\n - Bug 758588: Heap-based buffer overread in\n xmlParserPrintFileContextInternal (CVE-2016-1838)\n\n - Bug 758605: Heap-based buffer overread in\n xmlDictAddString (CVE-2016-1839)\n\n - Bug 759398: Heap use-after-free in xmlDictComputeFastKey\n (CVE-2016-1836)\n\n - Fix inappropriate fetch of entities content\n (CVE-2016-4449)\n\n - Heap use-after-free in htmlParsePubidLiteral and\n htmlParseSystemiteral (CVE-2016-1837)\n\n - Heap use-after-free in xmlSAX2AttributeNs\n (CVE-2016-1835)\n\n - Heap-based buffer-underreads due to xmlParseName\n (CVE-2016-4447)\n\n - Heap-based buffer overread in htmlCurrentChar\n (CVE-2016-1833)\n\n - Add missing increments of recursion depth counter to XML\n parser. (CVE-2016-3705)\n\n - Avoid building recursive entities (CVE-2016-3627)\n\n - Fix some format string warnings with possible format\n string vulnerability (CVE-2016-4448)\n\n - More format string warnings with possible format string\n vulnerability (CVE-2016-4448)\n\n - Fix large parse of file from memory (rhbz#862969)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.gnome.org/show_bug.cgi?id=757711\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.gnome.org/show_bug.cgi?id=758588\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.gnome.org/show_bug.cgi?id=758605\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.gnome.org/show_bug.cgi?id=759398\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/oraclevm-errata/2016-June/000502.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/oraclevm-errata/2016-June/000501.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libxml2 / libxml2-python packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"(3\\.3|3\\.4)\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3 / 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"libxml2-2.7.6-21.0.1.el6_8.1\")) flag++;\nif (rpm_check(release:\"OVS3.3\", reference:\"libxml2-python-2.7.6-21.0.1.el6_8.1\")) flag++;\n\nif (rpm_check(release:\"OVS3.4\", reference:\"libxml2-2.7.6-21.0.1.el6_8.1\")) flag++;\nif (rpm_check(release:\"OVS3.4\", reference:\"libxml2-python-2.7.6-21.0.1.el6_8.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2 / libxml2-python\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-13T14:54:08", "description": "A heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or execute arbitrary code with the permissions of the user running the application.\n(CVE-2016-1834 , CVE-2016-1840)\n\nMultiple denial of service flaws were found in libxml2. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, could cause that application to crash. (CVE-2016-1762 , CVE-2016-1833 , CVE-2016-1835 , CVE-2016-1836 , CVE-2016-1837 , CVE-2016-1838 , CVE-2016-1839 , CVE-2016-3627 , CVE-2016-3705 , CVE-2016-4447 , CVE-2016-4448 , CVE-2016-4449)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-07-15T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : libxml2 (ALAS-2016-719)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1762", "CVE-2016-1833", "CVE-2016-1834", "CVE-2016-1835", "CVE-2016-1836", "CVE-2016-1837", "CVE-2016-1838", "CVE-2016-1839", "CVE-2016-1840", "CVE-2016-3627", "CVE-2016-3705", "CVE-2016-4447", "CVE-2016-4448", "CVE-2016-4449"], "modified": "2019-04-11T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:libxml2", "p-cpe:/a:amazon:linux:libxml2-debuginfo", "p-cpe:/a:amazon:linux:libxml2-devel", "p-cpe:/a:amazon:linux:libxml2-python26", "p-cpe:/a:amazon:linux:libxml2-python27", "p-cpe:/a:amazon:linux:libxml2-static", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2016-719.NASL", "href": "https://www.tenable.com/plugins/nessus/92221", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2016-719.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92221);\n script_version(\"2.4\");\n script_cvs_date(\"Date: 2019/04/11 17:23:06\");\n\n script_cve_id(\"CVE-2016-1762\", \"CVE-2016-1833\", \"CVE-2016-1834\", \"CVE-2016-1835\", \"CVE-2016-1836\", \"CVE-2016-1837\", \"CVE-2016-1838\", \"CVE-2016-1839\", \"CVE-2016-1840\", \"CVE-2016-3627\", \"CVE-2016-3705\", \"CVE-2016-4447\", \"CVE-2016-4448\", \"CVE-2016-4449\");\n script_xref(name:\"ALAS\", value:\"2016-719\");\n\n script_name(english:\"Amazon Linux AMI : libxml2 (ALAS-2016-719)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A heap-based buffer overflow flaw was found in the way libxml2 parsed\ncertain crafted XML input. A remote attacker could provide a specially\ncrafted XML file that, when opened in an application linked against\nlibxml2, would cause the application to crash or execute arbitrary\ncode with the permissions of the user running the application.\n(CVE-2016-1834 , CVE-2016-1840)\n\nMultiple denial of service flaws were found in libxml2. A remote\nattacker could provide a specially crafted XML file that, when\nprocessed by an application using libxml2, could cause that\napplication to crash. (CVE-2016-1762 , CVE-2016-1833 , CVE-2016-1835 ,\nCVE-2016-1836 , CVE-2016-1837 , CVE-2016-1838 , CVE-2016-1839 ,\nCVE-2016-3627 , CVE-2016-3705 , CVE-2016-4447 , CVE-2016-4448 ,\nCVE-2016-4449)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2016-719.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update libxml2' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libxml2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libxml2-python26\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libxml2-python27\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libxml2-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"libxml2-2.9.1-6.3.49.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libxml2-debuginfo-2.9.1-6.3.49.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libxml2-devel-2.9.1-6.3.49.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libxml2-python26-2.9.1-6.3.49.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libxml2-python27-2.9.1-6.3.49.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libxml2-static-2.9.1-6.3.49.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2 / libxml2-debuginfo / libxml2-devel / libxml2-python26 / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-07-17T14:25:51", "description": "This host is installed with Apple Safari\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2016-12-01T00:00:00", "type": "openvas", "title": "Apple Safari Multiple Vulnerabilities December16 (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4584", "CVE-2016-4623", "CVE-2016-4583", "CVE-2016-4624", "CVE-2016-4586", "CVE-2016-4591", "CVE-2016-4651", "CVE-2016-4589", "CVE-2016-4622", "CVE-2016-4585", "CVE-2016-4592", "CVE-2016-4590"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310810225", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810225", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple Safari Multiple Vulnerabilities December16 (Mac OS X)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apple:safari\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810225\");\n script_version(\"2019-07-05T08:56:43+0000\");\n script_cve_id(\"CVE-2016-4589\", \"CVE-2016-4622\", \"CVE-2016-4623\", \"CVE-2016-4624\",\n \"CVE-2016-4586\", \"CVE-2016-4583\", \"CVE-2016-4592\", \"CVE-2016-4591\",\n \"CVE-2016-4590\", \"CVE-2016-4651\", \"CVE-2016-4585\", \"CVE-2016-4584\");\n script_bugtraq_id(91830);\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 08:56:43 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-12-01 13:55:02 +0530 (Thu, 01 Dec 2016)\");\n script_name(\"Apple Safari Multiple Vulnerabilities December16 (Mac OS X)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apple Safari\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - The multiple errors in WebKit Page Loading implementation.\n\n - An error in WebKit JavaScript bindings.\n\n - The WebKit mishandles about: URLs, location variable.\n\n - Some unspecified errors in WebKit.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to obtain sensitive information, bypass security and execute\n arbitrary code or cause a denial of service.\");\n\n script_tag(name:\"affected\", value:\"Apple Safari versions before 9.1.2\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple Safari version 9.1.2 or\n later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT206900\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"macosx_safari_detect.nasl\");\n script_mandatory_keys(\"AppleSafari/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!safVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:safVer, test_version:\"9.1.2\"))\n{\n report = report_fixed_ver(installed_version:safVer, fixed_version:\"9.1.2\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-07-17T14:25:15", "description": "This host is running Apple Mac OS X and\n is prone to code execution and denial of service vulnerabilities.", "cvss3": {}, "published": "2016-11-22T00:00:00", "type": "openvas", "title": "Apple Mac OS X Code Execution And Denial of Service Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4614", "CVE-2015-8126", "CVE-2016-1836", "CVE-2016-4616", "CVE-2016-4610", "CVE-2016-4609", "CVE-2013-7456", "CVE-2016-4629", "CVE-2016-4630", "CVE-2016-4483", "CVE-2016-4612", "CVE-2016-4607", "CVE-2016-4637", "CVE-2016-4449", "CVE-2016-4448", "CVE-2016-4615", "CVE-2016-5093", "CVE-2016-5094", "CVE-2016-1684", "CVE-2016-4608", "CVE-2016-5096", "CVE-2016-4447", "CVE-2016-4619", "CVE-2016-1798"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310810210", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810210", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple Mac OS X Code Execution And Denial of Service Vulnerabilities\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810210\");\n script_version(\"2019-07-05T09:12:25+0000\");\n script_cve_id(\"CVE-2016-5093\", \"CVE-2016-5094\", \"CVE-2016-5096\", \"CVE-2013-7456\",\n \"CVE-2016-4637\", \"CVE-2016-4629\", \"CVE-2016-4630\", \"CVE-2016-1836\",\n \"CVE-2016-4447\", \"CVE-2016-4448\", \"CVE-2016-4483\", \"CVE-2016-4614\",\n \"CVE-2016-4615\", \"CVE-2016-4616\", \"CVE-2016-4619\", \"CVE-2016-4449\",\n \"CVE-2016-1684\", \"CVE-2016-4607\", \"CVE-2016-4608\", \"CVE-2016-4609\",\n \"CVE-2016-4610\", \"CVE-2016-4612\", \"CVE-2016-1798\", \"CVE-2015-8126\");\n script_bugtraq_id(90696, 77568);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 09:12:25 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-11-22 11:05:47 +0530 (Tue, 22 Nov 2016)\");\n script_name(\"Apple Mac OS X Code Execution And Denial of Service Vulnerabilities\");\n\n script_tag(name:\"summary\", value:\"This host is running Apple Mac OS X and\n is prone to code execution and denial of service vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - A null pointer dereference error.\n\n - An improper processing of .png file by libpng.\n\n - The multiple memory corruption errors.\n\n - An access issue in the parsing of maliciously crafted XML files.\n\n - The multiple errors in php.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker\n to execute arbitrary code or cause a denial of service and to obtain sensitive\n information.\");\n\n script_tag(name:\"affected\", value:\"Apple Mac OS X versions 10.10.x through\n 10.10.5 prior to build 14F1808\");\n\n script_tag(name:\"solution\", value:\"Apply the appropriate patch.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT206567\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT206903\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\", re:\"ssh/login/osx_version=^10\\.10\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName)\n exit(0);\n\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer)\n exit(0);\n\nif(\"Mac OS X\" >< osName && osVer =~ \"^10\\.10\")\n{\n buildVer = get_kb_item(\"ssh/login/osx_build\");\n if(!buildVer){\n exit(0);\n }\n\n if(osVer == \"10.10.5\" && version_is_less(version:buildVer, test_version:\"14F1808\"))\n {\n fix = \"Apply patch from vendor\";\n osVer = osVer + \" Build \" + buildVer;\n }\n\n else if(version_in_range(version:osVer, test_version:\"10.10\", test_version2:\"10.10.4\")){\n fix = \"10.10.5 build 14F1808\";\n }\n}\nif(fix)\n{\n report = report_fixed_ver(installed_version:osVer, fixed_version:fix);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:36:28", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for libxslt (EulerOS-SA-2019-2627)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4610", "CVE-2016-4609", "CVE-2016-4612", "CVE-2016-4607", "CVE-2019-18197", "CVE-2016-1683", "CVE-2016-1684", "CVE-2016-4608", "CVE-2015-7995"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192627", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192627", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2627\");\n script_version(\"2020-01-23T13:10:10+0000\");\n script_cve_id(\"CVE-2015-7995\", \"CVE-2016-1683\", \"CVE-2016-1684\", \"CVE-2016-4607\", \"CVE-2016-4608\", \"CVE-2016-4609\", \"CVE-2016-4610\", \"CVE-2019-18197\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 13:10:10 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 13:10:10 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libxslt (EulerOS-SA-2019-2627)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2627\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2627\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libxslt' package(s) announced via the EulerOS-SA-2019-2627 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a 'type confusion' issue.(CVE-2015-7995)\n\nnumbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory access) or possibly have unspecified other impact via a crafted document.(CVE-2016-1683)\n\nnumbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles the i format token for xsl:number data, which allows remote attackers to cause a denial of service (integer overflow or resource consumption) or possibly have unspecified other impact via a crafted document.(CVE-2016-1684)\n\nlibxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4608, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612.(CVE-2016-4607)\n\nlibxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612.(CVE-2016-4608)\n\nlibxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4610, and CVE-2016-4612.(CVE-2016-4609)\n\nlibxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, and CVE-2016-4612.(CVE-2016-4610)\n\nIn xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed.(CVE-2019-18197)\");\n\n script_tag(name:\"affected\", value:\"'libxslt' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libxslt\", rpm:\"libxslt~1.1.28~5.h6\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxslt-devel\", rpm:\"libxslt-devel~1.1.28~5.h6\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxslt-python\", rpm:\"libxslt-python~1.1.28~5.h6\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:15", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-08-28T00:00:00", "type": "openvas", "title": "Fedora Update for webkitgtk4 FEDORA-2016-4728dfe3ec", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4624", "CVE-2016-4591", "CVE-2016-4622", "CVE-2016-4590"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310809173", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809173", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for webkitgtk4 FEDORA-2016-4728dfe3ec\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809173\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-08-28 05:51:49 +0200 (Sun, 28 Aug 2016)\");\n script_cve_id(\"CVE-2016-4622\", \"CVE-2016-4624\", \"CVE-2016-4591\", \"CVE-2016-4590\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for webkitgtk4 FEDORA-2016-4728dfe3ec\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'webkitgtk4'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"webkitgtk4 on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-4728dfe3ec\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DMH2BISRAFHBODS7RDC5BDBEQZGPE3MU\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"webkitgtk4\", rpm:\"webkitgtk4~2.12.4~1.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-05-29T18:35:00", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-09-07T00:00:00", "type": "openvas", "title": "Fedora Update for webkitgtk4 FEDORA-2016-d957ffbac1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4624", "CVE-2016-4591", "CVE-2016-4622", "CVE-2016-4590"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310809208", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809208", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for webkitgtk4 FEDORA-2016-d957ffbac1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809208\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-09-07 10:08:55 +0530 (Wed, 07 Sep 2016)\");\n script_cve_id(\"CVE-2016-4622\", \"CVE-2016-4624\", \"CVE-2016-4591\", \"CVE-2016-4590\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for webkitgtk4 FEDORA-2016-d957ffbac1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'webkitgtk4'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"webkitgtk4 on Fedora 23\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-d957ffbac1\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/52FAWU4LC36EYVTVLITMFJEBN4VNN4TK\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC23\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC23\")\n{\n\n if ((res = isrpmvuln(pkg:\"webkitgtk4\", rpm:\"webkitgtk4~2.12.4~1.fc23\", rls:\"FC23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-03-14T16:48:45", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for libxslt (EulerOS-SA-2019-2519)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4610", "CVE-2016-4609", "CVE-2016-4612", "CVE-2016-4607", "CVE-2019-13118", "CVE-2019-18197", "CVE-2016-1683", "CVE-2019-13117", "CVE-2016-1684", "CVE-2016-4608", "CVE-2015-7995"], "modified": "2020-03-12T00:00:00", "id": "OPENVAS:1361412562311220192519", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192519", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2519\");\n script_version(\"2020-03-12T11:29:21+0000\");\n script_cve_id(\"CVE-2015-7995\", \"CVE-2016-1683\", \"CVE-2016-1684\", \"CVE-2016-4607\", \"CVE-2016-4608\", \"CVE-2016-4609\", \"CVE-2016-4610\", \"CVE-2016-4612\", \"CVE-2019-13117\", \"CVE-2019-13118\", \"CVE-2019-18197\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-03-12 11:29:21 +0000 (Thu, 12 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 13:03:09 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libxslt (EulerOS-SA-2019-2519)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2519\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2519\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libxslt' package(s) announced via the EulerOS-SA-2019-2519 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed.(CVE-2019-18197)\n\nThe xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a 'type confusion' issue.(CVE-2015-7995)\n\nnumbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory access) or possibly have unspecified other impact via a crafted document.(CVE-2016-1683)\n\nnumbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles the i format token for xsl:number data, which allows remote attackers to cause a denial of service (integer overflow or resource consumption) or possibly have unspecified other impact via a crafted document.(CVE-2016-1684)\n\nlibxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4608, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612.(CVE-2016-4607)\n\nlibxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612.(CVE-2016-4608)\n\nlibxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4610, and CVE-2016-4612.(CVE-2016-4609)\n\nlibxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corrupt ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'libxslt' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libxslt\", rpm:\"libxslt~1.1.28~5.h6\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxslt-devel\", rpm:\"libxslt-devel~1.1.28~5.h6\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxslt-python\", rpm:\"libxslt-python~1.1.28~5.h6\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:30", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-09-15T00:00:00", "type": "openvas", "title": "Ubuntu Update for webkit2gtk USN-3079-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1858", "CVE-2016-4623", "CVE-2016-4583", "CVE-2016-4624", "CVE-2016-1856", "CVE-2016-1857", "CVE-2016-4586", "CVE-2016-4588", "CVE-2016-1859", "CVE-2016-4591", "CVE-2016-4651", "CVE-2016-4589", "CVE-2016-4622", "CVE-2016-4585", "CVE-2016-1854", "CVE-2016-4590"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842883", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842883", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for webkit2gtk USN-3079-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842883\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-09-15 05:46:35 +0200 (Thu, 15 Sep 2016)\");\n script_cve_id(\"CVE-2016-1854\", \"CVE-2016-1856\", \"CVE-2016-1857\", \"CVE-2016-1858\",\n\t\t\"CVE-2016-1859\", \"CVE-2016-4583\", \"CVE-2016-4585\", \"CVE-2016-4586\",\n\t\t\"CVE-2016-4588\", \"CVE-2016-4589\", \"CVE-2016-4590\", \"CVE-2016-4591\",\n\t\t\"CVE-2016-4622\", \"CVE-2016-4623\", \"CVE-2016-4624\", \"CVE-2016-4651\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for webkit2gtk USN-3079-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'webkit2gtk'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"A large number of security issues were\n discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked\n into viewing a malicious website, a remote attacker could exploit a variety of\n issues related to web browser security, including cross-site scripting attacks,\n denial of service attacks, and arbitrary code execution.\");\n script_tag(name:\"affected\", value:\"webkit2gtk on Ubuntu 16.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3079-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3079-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libjavascriptcoregtk-4.0-18:i386\", ver:\"2.12.5-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libjavascriptcoregtk-4.0-18:amd64\", ver:\"2.12.5-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libwebkit2gtk-4.0-37:i386\", ver:\"2.12.5-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libwebkit2gtk-4.0-37:amd64\", ver:\"2.12.5-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-06-21T12:42:37", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-06-19T00:00:00", "type": "openvas", "title": "Fedora Update for mingw-libxslt FEDORA-2019-320d5295fc", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1841", "CVE-2016-4610", "CVE-2016-4609", "CVE-2016-4607", "CVE-2016-4738", "CVE-2016-1683", "CVE-2016-1684", "CVE-2016-4608", "CVE-2019-11068"], "modified": "2019-06-20T00:00:00", "id": "OPENVAS:1361412562310876512", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876512", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876512\");\n script_version(\"2019-06-20T06:01:12+0000\");\n script_cve_id(\"CVE-2016-1841\", \"CVE-2016-4607\", \"CVE-2016-4608\", \"CVE-2016-4610\", \"CVE-2016-4609\", \"CVE-2019-11068\", \"CVE-2016-1684\", \"CVE-2016-1683\", \"CVE-2016-4738\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-06-20 06:01:12 +0000 (Thu, 20 Jun 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-06-19 02:14:42 +0000 (Wed, 19 Jun 2019)\");\n script_name(\"Fedora Update for mingw-libxslt FEDORA-2019-320d5295fc\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2019-320d5295fc\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mingw-libxslt'\n package(s) announced via the FEDORA-2019-320d5295fc advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This C library allows to transform XML files into other XML files\n(or HTML, text, ...) using the standard XSLT stylesheet transformation\nmechanism. To use it you need to have a version of libxml2 >= 2.6.27\ninstalled. The xsltproc command is a command line interface to the XSLT engine\");\n\n script_tag(name:\"affected\", value:\"'mingw-libxslt' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"mingw-libxslt\", rpm:\"mingw-libxslt~1.1.33~1.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-17T14:25:57", "description": "This host is running Apple Mac OS X and\n is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2016-12-02T00:00:00", "type": "openvas", "title": "Apple Mac OS X Multiple Vulnerabilities December-2016", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4634", "CVE-2014-9862", "CVE-2016-4653", "CVE-2016-4626", "CVE-2016-4614", "CVE-2016-4646", "CVE-2016-4645", "CVE-2016-4649", "CVE-2016-4643", "CVE-2016-1836", "CVE-2016-4598", "CVE-2016-4652", "CVE-2016-4616", "CVE-2016-4644", "CVE-2016-4602", "CVE-2016-4638", "CVE-2016-4582", "CVE-2016-4610", "CVE-2016-4609", "CVE-2016-2108", "CVE-2013-7456", "CVE-2016-1863", "CVE-2016-4629", "CVE-2016-4632", "CVE-2016-4630", "CVE-2016-2105", "CVE-2016-4600", "CVE-2016-4483", "CVE-2016-2107", "CVE-2016-4612", "CVE-2016-4642", "CVE-2016-0718", "CVE-2016-4647", "CVE-2016-2109", "CVE-2016-4607", "CVE-2016-4637", "CVE-2016-4621", "CVE-2016-4449", "CVE-2016-4648", "CVE-2016-4595", "CVE-2016-4625", "CVE-2016-4448", "CVE-2016-4599", "CVE-2016-4635", "CVE-2016-4615", "CVE-2016-4633", "CVE-2016-5093", "CVE-2016-5094", "CVE-2016-2176", "CVE-2016-4597", "CVE-2016-1684", "CVE-2016-4608", "CVE-2016-5096", "CVE-2016-4641", "CVE-2016-4447", "CVE-2016-4619", "CVE-2016-4631", "CVE-2016-1865", "CVE-2016-4596", "CVE-2016-4601", "CVE-2016-2106", "CVE-2016-4594", "CVE-2016-4639", "CVE-2016-4640"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310810227", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810227", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple Mac OS X Multiple Vulnerabilities December-2016\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810227\");\n script_version(\"2019-07-05T09:12:25+0000\");\n script_cve_id(\"CVE-2016-5093\", \"CVE-2016-5094\", \"CVE-2016-5096\", \"CVE-2013-7456\",\n \"CVE-2016-4649\", \"CVE-2016-4647\", \"CVE-2016-4648\", \"CVE-2016-4646\",\n \"CVE-2014-9862\", \"CVE-2016-4645\", \"CVE-2016-4644\", \"CVE-2016-4643\",\n \"CVE-2016-4642\", \"CVE-2016-4652\", \"CVE-2016-4637\", \"CVE-2016-4635\",\n \"CVE-2016-4634\", \"CVE-2016-4629\", \"CVE-2016-4630\", \"CVE-2016-4632\",\n \"CVE-2016-4631\", \"CVE-2016-4633\", \"CVE-2016-4626\", \"CVE-2016-4625\",\n \"CVE-2016-1863\", \"CVE-2016-4653\", \"CVE-2016-4582\", \"CVE-2016-1865\",\n \"CVE-2016-4621\", \"CVE-2016-0718\", \"CVE-2016-2108\", \"CVE-2016-2109\",\n \"CVE-2016-4447\", \"CVE-2016-4448\", \"CVE-2016-4483\", \"CVE-2016-4614\",\n \"CVE-2016-4615\", \"CVE-2016-4616\", \"CVE-2016-4619\", \"CVE-2016-4449\",\n \"CVE-2016-1684\", \"CVE-2016-4607\", \"CVE-2016-4608\", \"CVE-2016-4609\",\n \"CVE-2016-4610\", \"CVE-2016-4612\", \"CVE-2016-4638\", \"CVE-2016-4640\",\n \"CVE-2016-4641\", \"CVE-2016-4639\", \"CVE-2016-2105\", \"CVE-2016-2106\",\n \"CVE-2016-2107\", \"CVE-2016-2176\", \"CVE-2016-1836\", \"CVE-2016-4594\",\n \"CVE-2016-4601\", \"CVE-2016-4599\", \"CVE-2016-4596\", \"CVE-2016-4597\",\n \"CVE-2016-4600\", \"CVE-2016-4602\", \"CVE-2016-4598\", \"CVE-2016-4595\");\n script_bugtraq_id(90861, 90859, 91834);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 09:12:25 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-12-02 12:37:39 +0530 (Fri, 02 Dec 2016)\");\n script_name(\"Apple Mac OS X Multiple Vulnerabilities December-2016\");\n\n script_tag(name:\"summary\", value:\"This host is running Apple Mac OS X and\n is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists. For details\n refer the reference links.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker\n to execute arbitrary code or cause a denial of service (memory corruption),\n gain access to potentially sensitive information, escalate privileges,\n bypass certain protection mechanism and have other impacts.\");\n\n script_tag(name:\"affected\", value:\"Apple Mac OS X versions 10.11.x before\n 10.11.6\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple Mac OS X version\n 10.11.6 or later.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT206903\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\", re:\"ssh/login/osx_version=^10\\.11\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName)\n exit(0);\n\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer)\n exit(0);\n\nif(\"Mac OS X\" >< osName && osVer =~ \"^10\\.11\")\n{\n if(version_is_less(version:osVer, test_version:\"10.11.6\"))\n {\n report = report_fixed_ver(installed_version:osVer, fixed_version:\"10.11.6\");\n security_message(data:report);\n exit(0);\n }\n exit(99);\n}\n\nexit(0);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:33:04", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for libxslt (EulerOS-SA-2019-2212)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1683", "CVE-2016-1684", "CVE-2015-7995"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192212", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192212", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2212\");\n script_version(\"2020-01-23T12:40:04+0000\");\n script_cve_id(\"CVE-2015-7995\", \"CVE-2016-1683\", \"CVE-2016-1684\");\n script_tag(name:\"cvss_base\", value:\"5.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:40:04 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:40:04 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libxslt (EulerOS-SA-2019-2212)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP5\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2212\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2212\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libxslt' package(s) announced via the EulerOS-SA-2019-2212 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a 'type confusion' issue.(CVE-2015-7995)\n\nnumbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory access) or possibly have unspecified other impact via a crafted document.(CVE-2016-1683)\n\nnumbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles the i format token for xsl:number data, which allows remote attackers to cause a denial of service (integer overflow or resource consumption) or possibly have unspecified other impact via a crafted document.(CVE-2016-1684)\");\n\n script_tag(name:\"affected\", value:\"'libxslt' package(s) on Huawei EulerOS V2.0SP5.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP5\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libxslt\", rpm:\"libxslt~1.1.28~5.h5.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxslt-devel\", rpm:\"libxslt-devel~1.1.28~5.h5.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxslt-python\", rpm:\"libxslt-python~1.1.28~5.h5.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:17", "description": "Several vulnerabilities were discovered\nin libxslt, an XSLT processing runtime library, which could lead to information\ndisclosure or denial-of-service (application crash) against an application\nusing the libxslt library.", "cvss3": {}, "published": "2016-06-19T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3605-1 (libxslt - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1683", "CVE-2016-1684", "CVE-2015-7995"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703605", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703605", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3605.nasl 14279 2019-03-18 14:48:34Z cfischer $\n# Auto-generated from advisory DSA 3605-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703605\");\n script_version(\"$Revision: 14279 $\");\n script_cve_id(\"CVE-2015-7995\", \"CVE-2016-1683\", \"CVE-2016-1684\");\n script_name(\"Debian Security Advisory DSA 3605-1 (libxslt - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:48:34 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-19 00:00:00 +0200 (Sun, 19 Jun 2016)\");\n script_tag(name:\"cvss_base\", value:\"5.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2016/dsa-3605.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"libxslt on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie),\nthese problems have been fixed in version 1.1.28-2+deb8u1.\n\nWe recommend that you upgrade your libxslt packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities were discovered\nin libxslt, an XSLT processing runtime library, which could lead to information\ndisclosure or denial-of-service (application crash) against an application\nusing the libxslt library.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libxslt1-dbg:amd64\", ver:\"1.1.28-2+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxslt1-dbg:i386\", ver:\"1.1.28-2+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif((res = isdpkgvuln(pkg:\"libxslt1-dev:amd64\", ver:\"1.1.28-2+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxslt1-dev:i386\", ver:\"1.1.28-2+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif((res = isdpkgvuln(pkg:\"libxslt1.1:amd64\", ver:\"1.1.28-2+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxslt1.1:i386\", ver:\"1.1.28-2+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif((res = isdpkgvuln(pkg:\"python-libxslt1\", ver:\"1.1.28-2+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-libxslt1-dbg\", ver:\"1.1.28-2+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xsltproc\", ver:\"1.1.28-2+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:54:45", "description": "Several vulnerabilities were discovered\nin libxslt, an XSLT processing runtime library, which could lead to information\ndisclosure or denial-of-service (application crash) against an application\nusing the libxslt library.", "cvss3": {}, "published": "2016-06-19T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3605-1 (libxslt - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1683", "CVE-2016-1684", "CVE-2015-7995"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:703605", "href": "http://plugins.openvas.org/nasl.php?oid=703605", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3605.nasl 6608 2017-07-07 12:05:05Z cfischer $\n# Auto-generated from advisory DSA 3605-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703605);\n script_version(\"$Revision: 6608 $\");\n script_cve_id(\"CVE-2015-7995\", \"CVE-2016-1683\", \"CVE-2016-1684\");\n script_name(\"Debian Security Advisory DSA 3605-1 (libxslt - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:05 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2016-06-19 00:00:00 +0200 (Sun, 19 Jun 2016)\");\n script_tag(name:\"cvss_base\", value:\"5.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3605.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"libxslt on Debian Linux\");\n script_tag(name: \"insight\", value: \"XSLT is an XML language for defining\ntransformations of XML files from XML to some other arbitrary format, such as\nXML, HTML, plain text, etc. using standard XSLT stylesheets. libxslt is a C\nlibrary which implements XSLT version 1.0.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie),\nthese problems have been fixed in version 1.1.28-2+deb8u1.\n\nWe recommend that you upgrade your libxslt packages.\");\n script_tag(name: \"summary\", value: \"Several vulnerabilities were discovered\nin libxslt, an XSLT processing runtime library, which could lead to information\ndisclosure or denial-of-service (application crash) against an application\nusing the libxslt library.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libxslt1-dbg:amd64\", ver:\"1.1.28-2+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxslt1-dbg:i386\", ver:\"1.1.28-2+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif ((res = isdpkgvuln(pkg:\"libxslt1-dev:amd64\", ver:\"1.1.28-2+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxslt1-dev:i386\", ver:\"1.1.28-2+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif ((res = isdpkgvuln(pkg:\"libxslt1.1:amd64\", ver:\"1.1.28-2+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxslt1.1:i386\", ver:\"1.1.28-2+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif ((res = isdpkgvuln(pkg:\"python-libxslt1\", ver:\"1.1.28-2+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-libxslt1-dbg\", ver:\"1.1.28-2+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xsltproc\", ver:\"1.1.28-2+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-01-29T19:24:34", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-07-23T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for libxslt (DLA-1860-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4610", "CVE-2016-4609", "CVE-2019-13118", "CVE-2019-13117"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891860", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891860", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891860\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2016-4609\", \"CVE-2016-4610\", \"CVE-2019-13117\", \"CVE-2019-13118\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-07-23 02:00:10 +0000 (Tue, 23 Jul 2019)\");\n script_name(\"Debian LTS: Security Advisory for libxslt (DLA-1860-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DLA-1860-1\");\n script_xref(name:\"URL\", value:\"https://bugs.debian.org/932321\");\n script_xref(name:\"URL\", value:\"https://bugs.debian.org/932320\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libxslt'\n package(s) announced via the DLA-1860-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Several vulnerabilities were found in libxslt the XSLT 1.0 processing\nlibrary.\n\nCVE-2016-4610\n\nInvalid memory access leading to DoS at exsltDynMapFunction. libxslt\nallows remote attackers to cause a denial of service (memory\ncorruption) or possibly have unspecified other impact via unknown\nvectors.\n\nCVE-2016-4609\n\nOut-of-bounds read at xmlGetLineNoInternal()\nlibxslt allows remote attackers to cause a denial of service (memory\ncorruption) or possibly have unspecified other impact via unknown\nvectors.\n\nCVE-2019-13117\n\nAn xsl:number with certain format strings could lead to an\nuninitialized read in xsltNumberFormatInsertNumbers. This could\nallow an attacker to discern whether a byte on the stack contains\nthe characters A, a, I, i, or 0, or any other character.\n\nCVE-2019-13118\n\nA type holding grouping characters of an xsl:number instruction was\ntoo narrow and an invalid character/length combination could be\npassed to xsltNumberFormatDecimal, leading to a read of\nuninitialized stack data.\");\n\n script_tag(name:\"affected\", value:\"'libxslt' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n1.1.28-2+deb8u5.\n\nWe recommend that you upgrade your libxslt packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libxslt1-dbg\", ver:\"1.1.28-2+deb8u5\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxslt1-dev\", ver:\"1.1.28-2+deb8u5\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxslt1.1\", ver:\"1.1.28-2+deb8u5\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"python-libxslt1\", ver:\"1.1.28-2+deb8u5\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"python-libxslt1-dbg\", ver:\"1.1.28-2+deb8u5\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xsltproc\", ver:\"1.1.28-2+deb8u5\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-14T16:54:22", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-03-13T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for libxslt (EulerOS-SA-2020-1215)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-18197", "CVE-2016-1683", "CVE-2016-1684", "CVE-2015-7995"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562311220201215", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201215", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1215\");\n script_version(\"2020-03-13T07:15:14+0000\");\n script_cve_id(\"CVE-2015-7995\", \"CVE-2016-1683\", \"CVE-2016-1684\", \"CVE-2019-18197\");\n script_tag(name:\"cvss_base\", value:\"5.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 07:15:14 +0000 (Fri, 13 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-03-13 07:15:14 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libxslt (EulerOS-SA-2020-1215)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.2\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1215\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1215\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libxslt' package(s) announced via the EulerOS-SA-2020-1215 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles the i format token for xsl:number data, which allows remote attackers to cause a denial of service (integer overflow or resource consumption) or possibly have unspecified other impact via a crafted document.(CVE-2016-1684)\n\nnumbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory access) or possibly have unspecified other impact via a crafted document.(CVE-2016-1683)\n\nA type confusion vulnerability was discovered in the xsltStylePreCompute() function of libxslt. A remote attacker could possibly exploit this flaw to cause an application using libxslt to crash by tricking the application into processing a specially crafted XSLT document.(CVE-2015-7995)\n\nIn xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed.(CVE-2019-18197)\");\n\n script_tag(name:\"affected\", value:\"'libxslt' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.2.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.2.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libxslt\", rpm:\"libxslt~1.1.28~5.h6\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxslt-python\", rpm:\"libxslt-python~1.1.28~5.h6\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-17T22:56:07", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2016-10-26T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2016-719)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3705", "CVE-2016-1840", "CVE-2016-1836", "CVE-2016-1762", "CVE-2016-1834", "CVE-2016-3627", "CVE-2016-1835", "CVE-2016-4449", "CVE-2016-1837", "CVE-2016-4448", "CVE-2016-1838", "CVE-2016-1839", "CVE-2016-4447", "CVE-2016-1833"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120708", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120708", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120708\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2016-10-26 15:38:14 +0300 (Wed, 26 Oct 2016)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2016-719)\");\n script_tag(name:\"insight\", value:\"A heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or execute arbitrary code with the permissions of the user running the application. (CVE-2016-1834, CVE-2016-1840 )Multiple denial of service flaws were found in libxml2. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, could cause that application to crash. (CVE-2016-1762, CVE-2016-1833, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449 )\");\n script_tag(name:\"solution\", value:\"Run yum update libxml2 to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2016-719.html\");\n script_cve_id(\"CVE-2016-4448\", \"CVE-2016-4449\", \"CVE-2016-1835\", \"CVE-2016-3705\", \"CVE-2016-4447\", \"CVE-2016-1834\", \"CVE-2016-1840\", \"CVE-2016-1836\", \"CVE-2016-1837\", \"CVE-2016-3627\", \"CVE-2016-1833\", \"CVE-2016-1838\", \"CVE-2016-1839\", \"CVE-2016-1762\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"debuginfo\", rpm:\"debuginfo~2.9.1~6.3.49.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"static\", rpm:\"static~2.9.1~6.3.49.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"devel\", rpm:\"devel~2.9.1~6.3.49.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:07", "description": "Check the version of libxml2", "cvss3": {}, "published": "2016-06-24T00:00:00", "type": "openvas", "title": "CentOS Update for libxml2 CESA-2016:1292 centos6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3705", "CVE-2016-1840", "CVE-2016-1836", "CVE-2016-1762", "CVE-2016-1834", "CVE-2016-3627", "CVE-2016-1835", "CVE-2016-4449", "CVE-2016-1837", "CVE-2016-4448", "CVE-2016-1838", "CVE-2016-1839", "CVE-2016-4447", "CVE-2016-1833"], "modified": "2019-03-08T00:00:00", "id": "OPENVAS:1361412562310882513", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882513", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libxml2 CESA-2016:1292 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882513\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-24 05:26:46 +0200 (Fri, 24 Jun 2016)\");\n script_cve_id(\"CVE-2016-1762\", \"CVE-2016-1833\", \"CVE-2016-1834\", \"CVE-2016-1835\",\n \"CVE-2016-1836\", \"CVE-2016-1837\", \"CVE-2016-1838\", \"CVE-2016-1839\",\n \"CVE-2016-1840\", \"CVE-2016-3627\", \"CVE-2016-3705\", \"CVE-2016-4447\",\n \"CVE-2016-4448\", \"CVE-2016-4449\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for libxml2 CESA-2016:1292 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of libxml2\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The libxml2 library is a development toolbox\nproviding the implementation of various XML standards.\n\nSecurity Fix(es):\n\nA heap-based buffer overflow flaw was found in the way libxml2 parsed\ncertain crafted XML input. A remote attacker could provide a specially\ncrafted XML file that, when opened in an application linked against\nlibxml2, would cause the application to crash or execute arbitrary code\nwith the permissions of the user running the application. (CVE-2016-1834,\nCVE-2016-1840)\n\nMultiple denial of service flaws were found in libxml2. A remote attacker\ncould provide a specially crafted XML file that, when processed by an\napplication using libxml2, could cause that application to crash.\n(CVE-2016-1762, CVE-2016-1833, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837,\nCVE-2016-1838, CVE-2016-1839, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447,\nCVE-2016-4448, CVE-2016-4449)\");\n script_tag(name:\"affected\", value:\"libxml2 on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2016:1292\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2016-June/021917.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.7.6~21.el6_8.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.7.6~21.el6_8.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.7.6~21.el6_8.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-static\", rpm:\"libxml2-static~2.7.6~21.el6_8.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:05", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-06-24T00:00:00", "type": "openvas", "title": "RedHat Update for libxml2 RHSA-2016:1292-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3705", "CVE-2016-1840", "CVE-2016-1836", "CVE-2016-1762", "CVE-2016-1834", "CVE-2016-3627", "CVE-2016-1835", "CVE-2016-4449", "CVE-2016-1837", "CVE-2016-4448", "CVE-2016-1838", "CVE-2016-1839", "CVE-2016-4447", "CVE-2016-1833"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871634", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871634", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for libxml2 RHSA-2016:1292-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871634\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-24 05:25:35 +0200 (Fri, 24 Jun 2016)\");\n script_cve_id(\"CVE-2016-1762\", \"CVE-2016-1833\", \"CVE-2016-1834\", \"CVE-2016-1835\",\n \"CVE-2016-1836\", \"CVE-2016-1837\", \"CVE-2016-1838\", \"CVE-2016-1839\",\n \"CVE-2016-1840\", \"CVE-2016-3627\", \"CVE-2016-3705\", \"CVE-2016-4447\",\n \"CVE-2016-4448\", \"CVE-2016-4449\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for libxml2 RHSA-2016:1292-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libxml2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The libxml2 library is a development\ntoolbox providing the implementation of various XML standards.\n\nSecurity Fix(es):\n\nA heap-based buffer overflow flaw was found in the way libxml2 parsed\ncertain crafted XML input. A remote attacker could provide a specially\ncrafted XML file that, when opened in an application linked against\nlibxml2, would cause the application to crash or execute arbitrary code\nwith the permissions of the user running the application. (CVE-2016-1834,\nCVE-2016-1840)\n\nMultiple denial of service flaws were found in libxml2. A remote attacker\ncould provide a specially crafted XML file that, when processed by an\napplication using libxml2, could cause that application to crash.\n(CVE-2016-1762, CVE-2016-1833, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837,\nCVE-2016-1838, CVE-2016-1839, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447,\nCVE-2016-4448, CVE-2016-4449)\");\n script_tag(name:\"affected\", value:\"libxml2 on Red Hat Enterprise Linux\n Server (v. 6),\n Red Hat Enterprise Linux Server (v. 7),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2016:1292-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2016-June/msg00022.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(7|6)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.9.1~6.el7_2.3\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-debuginfo\", rpm:\"libxml2-debuginfo~2.9.1~6.el7_2.3\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.9.1~6.el7_2.3\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.9.1~6.el7_2.3\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.7.6~21.el6_8.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-debuginfo\", rpm:\"libxml2-debuginfo~2.7.6~21.el6_8.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.7.6~21.el6_8.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.7.6~21.el6_8.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:07", "description": "Check the version of libxml2", "cvss3": {}, "published": "2016-06-24T00:00:00", "type": "openvas", "title": "CentOS Update for libxml2 CESA-2016:1292 centos7", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3705", "CVE-2016-1840", "CVE-2016-1836", "CVE-2016-1762", "CVE-2016-1834", "CVE-2016-3627", "CVE-2016-1835", "CVE-2016-4449", "CVE-2016-1837", "CVE-2016-4448", "CVE-2016-1838", "CVE-2016-1839", "CVE-2016-4447", "CVE-2016-1833"], "modified": "2019-03-08T00:00:00", "id": "OPENVAS:1361412562310882515", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882515", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libxml2 CESA-2016:1292 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882515\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-24 05:27:06 +0200 (Fri, 24 Jun 2016)\");\n script_cve_id(\"CVE-2016-1762\", \"CVE-2016-1833\", \"CVE-2016-1834\", \"CVE-2016-1835\",\n \"CVE-2016-1836\", \"CVE-2016-1837\", \"CVE-2016-1838\", \"CVE-2016-1839\",\n \"CVE-2016-1840\", \"CVE-2016-3627\", \"CVE-2016-3705\", \"CVE-2016-4447\",\n \"CVE-2016-4448\", \"CVE-2016-4449\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for libxml2 CESA-2016:1292 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of libxml2\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The libxml2 library is a development toolbox\nproviding the implementation of various XML standards.\n\nSecurity Fix(es):\n\nA heap-based buffer overflow flaw was found in the way libxml2 parsed\ncertain crafted XML input. A remote attacker could provide a specially\ncrafted XML file that, when opened in an application linked against\nlibxml2, would cause the application to crash or execute arbitrary code\nwith the permissions of the user running the application. (CVE-2016-1834,\nCVE-2016-1840)\n\nMultiple denial of service flaws were found in libxml2. A remote attacker\ncould provide a specially crafted XML file that, when processed by an\napplication using libxml2, could cause that application to crash.\n(CVE-2016-1762, CVE-2016-1833, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837,\nCVE-2016-1838, CVE-2016-1839, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447,\nCVE-2016-4448, CVE-2016-4449)\");\n script_tag(name:\"affected\", value:\"libxml2 on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2016:1292\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2016-June/021929.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.9.1~6.el7_2.3\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.9.1~6.el7_2.3\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.9.1~6.el7_2.3\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-static\", rpm:\"libxml2-static~2.9.1~6.el7_2.3\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "debiancve": [{"lastseen": "2022-09-10T15:42:48", "description": "libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4610, and CVE-2016-4612.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-07-22T02:59:00", "type": "debiancve", "title": "CVE-2016-4609", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4607", "CVE-2016-4608", "CVE-2016-4609", "CVE-2016-4610", "CVE-2016-4612"], "modified": "2016-07-22T02:59:00", "id": "DEBIANCVE:CVE-2016-4609", "href": "https://security-tracker.debian.org/tracker/CVE-2016-4609", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-09-10T15:42:48", "description": "libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-07-22T02:59:00", "type": "debiancve", "title": "CVE-2016-4608", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4607", "CVE-2016-4608", "CVE-2016-4609", "CVE-2016-4610", "CVE-2016-4612"], "modified": "2016-07-22T02:59:00", "id": "DEBIANCVE:CVE-2016-4608", "href": "https://security-tracker.debian.org/tracker/CVE-2016-4608", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-09-10T15:42:48", "description": "libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, and CVE-2016-4612.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-07-22T02:59:00", "type": "debiancve", "title": "CVE-2016-4610", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4607", "CVE-2016-4608", "CVE-2016-4609", "CVE-2016-4610", "CVE-2016-4612"], "modified": "2016-07-22T02:59:00", "id": "DEBIANCVE:CVE-2016-4610", "href": "https://security-tracker.debian.org/tracker/CVE-2016-4610", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-22T02:10:07", "description": "WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4589, CVE-2016-4623, and CVE-2016-4624.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-07-22T02:59:00", "type": "debiancve", "title": "CVE-2016-4622", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4589", "CVE-2016-4622", "CVE-2016-4623", "CVE-2016-4624"], "modified": "2016-07-22T02:59:00", "id": "DEBIANCVE:CVE-2016-4622", "href": "https://security-tracker.debian.org/tracker/CVE-2016-4622", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-22T02:10:07", "description": "WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4589, CVE-2016-4622, and CVE-2016-4623.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-07-22T02:59:00", "type": "debiancve", "title": "CVE-2016-4624", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4589", "CVE-2016-4622", "CVE-2016-4623", "CVE-2016-4624"], "modified": "2016-07-22T02:59:00", "id": "DEBIANCVE:CVE-2016-4624", "href": "https://security-tracker.debian.org/tracker/CVE-2016-4624", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-12-17T15:18:14", "description": "The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read.", "cvss3": {}, "published": "2015-12-15T21:59:00", "type": "debiancve", "title": "CVE-2015-8317", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8317"], "modified": "2015-12-15T21:59:00", "id": "DEBIANCVE:CVE-2015-8317", "href": "https://security-tracker.debian.org/tracker/CVE-2015-8317", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-03-22T02:10:07", "description": "WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-07-22T02:59:00", "type": "debiancve", "title": "CVE-2016-4591", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4591"], "modified": "2016-07-22T02:59:00", "id": "DEBIANCVE:CVE-2016-4591", "href": "https://security-tracker.debian.org/tracker/CVE-2016-4591", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2023-03-22T02:10:07", "description": "WebKit in Apple iOS before 9.3.3 and Safari before 9.1.2 mishandles about: URLs, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 5.4, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 2.5}, "published": "2016-07-22T02:59:00", "type": "debiancve", "title": "CVE-2016-4590", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4590"], "modified": "2016-07-22T02:59:00", "id": "DEBIANCVE:CVE-2016-4590", "href": "https://security-tracker.debian.org/tracker/CVE-2016-4590", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-09-10T15:42:48", "description": "numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory access) or possibly have unspecified other impact via a crafted document.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-06-05T23:59:00", "type": "debiancve", "title": "CVE-2016-1683", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1683"], "modified": "2016-06-05T23:59:00", "id": "DEBIANCVE:CVE-2016-1683", "href": "https://security-tracker.debian.org/tracker/CVE-2016-1683", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "redhatcve": [{"lastseen": "2021-10-13T16:57:21", "description": "libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4610, and CVE-2016-4612.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-05-29T10:53:16", "type": "redhatcve", "title": "CVE-2016-4609", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4607", "CVE-2016-4608", "CVE-2016-4609", "CVE-2016-4610", "CVE-2016-4612"], "modified": "2021-10-13T16:51:55", "id": "RH:CVE-2016-4609", "href": "https://access.redhat.com/security/cve/cve-2016-4609", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-13T16:57:21", "description": "libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, and CVE-2016-4612.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-05-29T10:51:20", "type": "redhatcve", "title": "CVE-2016-4610", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4607", "CVE-2016-4608", "CVE-2016-4609", "CVE-2016-4610", "CVE-2016-4612"], "modified": "2021-10-13T16:52:00", "id": "RH:CVE-2016-4610", "href": "https://access.redhat.com/security/cve/cve-2016-4610", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-13T16:57:21", "description": "libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-05-29T10:52:20", "type": "redhatcve", "title": "CVE-2016-4608", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4607", "CVE-2016-4608", "CVE-2016-4609", "CVE-2016-4610", "CVE-2016-4612"], "modified": "2021-10-13T16:51:50", "id": "RH:CVE-2016-4608", "href": "https://access.redhat.com/security/cve/cve-2016-4608", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-13T16:57:21", "description": "libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4608, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-05-29T10:50:38", "type": "redhatcve", "title": "CVE-2016-4607", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4607", "CVE-2016-4608", "CVE-2016-4609", "CVE-2016-4610", "CVE-2016-4612"], "modified": "2021-10-13T16:51:50", "id": "RH:CVE-2016-4607", "href": "https://access.redhat.com/security/cve/cve-2016-4607", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-29T04:47:45", "description": "numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory access) or possibly have unspecified other impact via a crafted document.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-05-26T10:48:43", "type": "redhatcve", "title": "CVE-2016-1683", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1683"], "modified": "2020-08-18T13:50:53", "id": "RH:CVE-2016-1683", "href": "https://access.redhat.com/security/cve/cve-2016-1683", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "ubuntucve": [{"lastseen": "2022-08-04T14:09:51", "description": "libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before\n12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and\nwatchOS before 2.2.2 allows remote attackers to cause a denial of service\n(memory corruption) or possibly have unspecified other impact via unknown\nvectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608,\nCVE-2016-4610, and CVE-2016-4612.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | per Nick Wellnhofer, possibly one of these commits: https://git.gnome.org/browse/libxslt/commit/?id=ef7429bb4f1433726cc8fc4fe3d134d8a439fab1 https://git.gnome.org/browse/libxslt/commit/?id=93bb314768aafaffad1df15bbee10b7c5423e283 https://git.gnome.org/browse/libxslt/commit/?id=8b90c9a699e0eaa98bbeec63a473ddc73aaa238c https://git.gnome.org/browse/libxslt/commit/?id=87c3d9ea214fc0503fd8130b6dd97431d69cc066 \n[sbeattie](<https://launchpad.net/~sbeattie>) | given the above, these were fixed in the upstream 1.1.29 release incorporated patches into USN 3271-1\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-07-22T00:00:00", "type": "ubuntucve", "title": "CVE-2016-4609", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4607", "CVE-2016-4608", "CVE-2016-4609", "CVE-2016-4610", "CVE-2016-4612"], "modified": "2016-07-22T00:00:00", "id": "UB:CVE-2016-4609", "href": "https://ubuntu.com/security/CVE-2016-4609", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T14:09:52", "description": "libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before\n12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and\nwatchOS before 2.2.2 allows remote attackers to cause a denial of service\n(memory corruption) or possibly have unspecified other impact via unknown\nvectors, a different vulnerability than CVE-2016-4608, CVE-2016-4609,\nCVE-2016-4610, and CVE-2016-4612.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | per Nick Wellnhofer, possibly one of these commits: https://git.gnome.org/browse/libxslt/commit/?id=ef7429bb4f1433726cc8fc4fe3d134d8a439fab1 https://git.gnome.org/browse/libxslt/commit/?id=93bb314768aafaffad1df15bbee10b7c5423e283 https://git.gnome.org/browse/libxslt/commit/?id=8b90c9a699e0eaa98bbeec63a473ddc73aaa238c https://git.gnome.org/browse/libxslt/commit/?id=87c3d9ea214fc0503fd8130b6dd97431d69cc066 \n[sbeattie](<https://launchpad.net/~sbeattie>) | given the above, these were fixed in the upstream 1.1.29 release incorporated patches into USN 3271-1\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-07-22T00:00:00", "type": "ubuntucve", "title": "CVE-2016-4607", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4607", "CVE-2016-4608", "CVE-2016-4609", "CVE-2016-4610", "CVE-2016-4612"], "modified": "2016-07-22T00:00:00", "id": "UB:CVE-2016-4607", "href": "https://ubuntu.com/security/CVE-2016-4607", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T14:09:51", "description": "libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before\n12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and\nwatchOS before 2.2.2 allows remote attackers to cause a denial of service\n(memory corruption) or possibly have unspecified other impact via unknown\nvectors, a different vulnerability than CVE-2016-4607, CVE-2016-4609,\nCVE-2016-4610, and CVE-2016-4612.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[sbeattie](<https://launchpad.net/~sbeattie>) | may be https://bugzilla.gnome.org/show_bug.cgi?id=765380 or https://bugzilla.gnome.org/show_bug.cgi?id=765271 and possibly addressed in 1.1.29; similar for CVE-2016-4612. fixes would be: https://git.gnome.org/browse/libxslt/commit/?id=5d0c6565bab5b9b7efceb33b626916d22b4101a7 https://git.gnome.org/browse/libxslt/commit/?id=d8862309f08054218b28e2c8f5fb3cb2f650cac7 given the above, these were fixed in the upstream 1.1.29 release \n[sbettie](<https://launchpad.net/~sbettie>) | incorporated patches into USN 3271-1\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-07-22T00:00:00", "type": "ubuntucve", "title": "CVE-2016-4608", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4607", "CVE-2016-4608", "CVE-2016-4609", "CVE-2016-4610", "CVE-2016-4612"], "modified": "2016-07-22T00:00:00", "id": "UB:CVE-2016-4608", "href": "https://ubuntu.com/security/CVE-2016-4608", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T14:09:51", "description": "libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before\n12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and\nwatchOS before 2.2.2 allows remote attackers to cause a denial of service\n(memory corruption) or possibly have unspecified other impact via unknown\nvectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608,\nCVE-2016-4609, and CVE-2016-4612.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | per Nick Wellnhofer, possibly one of these commits: https://git.gnome.org/browse/libxslt/commit/?id=ef7429bb4f1433726cc8fc4fe3d134d8a439fab1 https://git.gnome.org/browse/libxslt/commit/?id=93bb314768aafaffad1df15bbee10b7c5423e283 https://git.gnome.org/browse/libxslt/commit/?id=8b90c9a699e0eaa98bbeec63a473ddc73aaa238c https://git.gnome.org/browse/libxslt/commit/?id=87c3d9ea214fc0503fd8130b6dd97431d69cc066 \n[sbeattie](<https://launchpad.net/~sbeattie>) | given the above, these were fixed in the upstream 1.1.29 release \n[sbettie](<https://launchpad.net/~sbettie>) | incorporated patches into USN 3271-1\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-07-22T00:00:00", "type": "ubuntucve", "title": "CVE-2016-4610", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4607", "CVE-2016-4608", "CVE-2016-4609", "CVE-2016-4610", "CVE-2016-4612"], "modified": "2016-07-22T00:00:00", "id": "UB:CVE-2016-4610", "href": "https://ubuntu.com/security/CVE-2016-4610", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T14:09:54", "description": "WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before\n9.2.2 allows remote attackers to execute arbitrary code or cause a denial\nof service (memory corruption) via a crafted web site, a different\nvulnerability than CVE-2016-4589, CVE-2016-4622, and CVE-2016-4624.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-07-21T00:00:00", "type": "ubuntucve", "title": "CVE-2016-4623", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4589", "CVE-2016-4622", "CVE-2016-4623", "CVE-2016-4624"], "modified": "2016-07-21T00:00:00", "id": "UB:CVE-2016-4623", "href": "https://ubuntu.com/security/CVE-2016-4623", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T14:09:55", "description": "WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before\n9.2.2 allows remote attackers to execute arbitrary code or cause a denial\nof service (memory corruption) via a crafted web site, a different\nvulnerability than CVE-2016-4622, CVE-2016-4623, and CVE-2016-4624.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-07-21T00:00:00", "type": "ubuntucve", "title": "CVE-2016-4589", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4589", "CVE-2016-4622", "CVE-2016-4623", "CVE-2016-4624"], "modified": "2016-07-21T00:00:00", "id": "UB:CVE-2016-4589", "href": "https://ubuntu.com/security/CVE-2016-4589", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T14:09:54", "description": "WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before\n9.2.2 allows remote attackers to execute arbitrary code or cause a denial\nof service (memory corruption) via a crafted web site, a different\nvulnerability than CVE-2016-4589, CVE-2016-4623, and CVE-2016-4624.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-07-21T00:00:00", "type": "ubuntucve", "title": "CVE-2016-4622", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4589", "CVE-2016-4622", "CVE-2016-4623", "CVE-2016-4624"], "modified": "2016-07-21T00:00:00", "id": "UB:CVE-2016-4622", "href": "https://ubuntu.com/security/CVE-2016-4622", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T14:09:55", "description": "WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before\n9.2.2 allows remote attackers to execute arbitrary code or cause a denial\nof service (memory corruption) via a crafted web site, a different\nvulnerability than CVE-2016-4589, CVE-2016-4622, and CVE-2016-4623.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-07-21T00:00:00", "type": "ubuntucve", "title": "CVE-2016-4624", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4589", "CVE-2016-4622", "CVE-2016-4623", "CVE-2016-4624"], "modified": "2016-07-21T00:00:00", "id": "UB:CVE-2016-4624", "href": "https://ubuntu.com/security/CVE-2016-4624", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T14:09:51", "description": "libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before\n12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and\nwatchOS before 2.2.2 allows remote attackers to cause a denial of service\n(memory corruption) or possibly have unspecified other impact via unknown\nvectors, a different vulnerability than CVE-2016-4615, CVE-2016-4616, and\nCVE-2016-4619.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | possibly apple-specific, no details as of 2017-11-16 marking as not-affected\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-07-22T00:00:00", "type": "ubuntucve", "title": "CVE-2016-4614", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4614", "CVE-2016-4615", "CVE-2016-4616", "CVE-2016-4619"], "modified": "2016-07-22T00:00:00", "id": "UB:CVE-2016-4614", "href": "https://ubuntu.com/security/CVE-2016-4614", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T14:09:51", "description": "libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before\n12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and\nwatchOS before 2.2.2 allows remote attackers to cause a denial of service\n(memory corruption) or possibly have unspecified other impact via unknown\nvectors, a different vulnerability than CVE-2016-4614, CVE-2016-4615, and\nCVE-2016-4619.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | possibly apple-specific, no details as of 2017-11-16 marking as not-affected\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-07-22T00:00:00", "type": "ubuntucve", "title": "CVE-2016-4616", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4614", "CVE-2016-4615", "CVE-2016-4616", "CVE-2016-4619"], "modified": "2016-07-22T00:00:00", "id": "UB:CVE-2016-4616", "href": "https://ubuntu.com/security/CVE-2016-4616", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T14:09:51", "description": "libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before\n12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and\nwatchOS before 2.2.2 allows remote attackers to cause a denial of service\n(memory corruption) or possibly have unspecified other impact via unknown\nvectors, a different vulnerability than CVE-2016-4614, CVE-2016-4616, and\nCVE-2016-4619.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | possibly apple-specific, no details as of 2017-11-16 marking as not-affected\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-07-22T00:00:00", "type": "ubuntucve", "title": "CVE-2016-4615", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4614", "CVE-2016-4615", "CVE-2016-4616", "CVE-2016-4619"], "modified": "2016-07-22T00:00:00", "id": "UB:CVE-2016-4615", "href": "https://ubuntu.com/security/CVE-2016-4615", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T14:09:56", "description": "WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before\n9.2.2 allows remote attackers to bypass the Same Origin Policy and obtain\nimage date from an unintended web site via a timing attack involving an SVG\ndocument.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.1, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2016-07-21T00:00:00", "type": "ubuntucve", "title": "CVE-2016-4583", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4583"], "modified": "2016-07-21T00:00:00", "id": "UB:CVE-2016-4583", "href": "https://ubuntu.com/security/CVE-2016-4583", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-08-04T14:09:55", "description": "Cross-site scripting (XSS) vulnerability in the WebKit Page Loading\nimplementation in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS\nbefore 9.2.2 allows remote attackers to inject arbitrary web script or HTML\nvia an HTTP response specifying redirection that is mishandled by Safari.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2016-07-21T00:00:00", "type": "ubuntucve", "title": "CVE-2016-4585", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4585"], "modified": "2016-07-21T00:00:00", "id": "UB:CVE-2016-4585", "href": "https://ubuntu.com/security/CVE-2016-4585", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-08-04T14:09:52", "description": "The WebKit Page Loading implementation in Apple iOS before 9.3.3, Safari\nbefore 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute\narbitrary code or cause a denial of service (memory corruption) via a\ncrafted web site.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-07-22T00:00:00", "type": "ubuntucve", "title": "CVE-2016-4584", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4584"], "modified": "2016-07-22T00:00:00", "id": "UB:CVE-2016-4584", "href": "https://ubuntu.com/security/CVE-2016-4584", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T14:14:21", "description": "The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows\ncontext-dependent attackers to obtain sensitive information via an (1)\nunterminated encoding value or (2) incomplete XML declaration in XML data,\nwhich triggers an out-of-bounds heap read.\n\n#### Bugs\n\n * <https://bugzilla.gnome.org/show_bug.cgi?id=751631>\n * <https://bugzilla.gnome.org/show_bug.cgi?id=751603>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | already fixed by the following patches in wily+: 0011-Do-not-process-encoding-values-if-the-declaration-if.patch 0012-Fail-parsing-early-on-if-encoding-conversion-failed.patch\n", "cvss3": {}, "published": "2015-11-23T00:00:00", "type": "ubuntucve", "title": "CVE-2015-8317", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8317"], "modified": "2015-11-23T00:00:00", "id": "UB:CVE-2015-8317", "href": "https://ubuntu.com/security/CVE-2015-8317", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-08-04T14:09:54", "description": "Cross-site scripting (XSS) vulnerability in the WebKit JavaScript bindings\nin Apple iOS before 9.3.3 and Safari before 9.1.2 allows remote attackers\nto inject arbitrary web script or HTML via a crafted HTTP/0.9 response,\nrelated to a \"cross-protocol cross-site scripting (XPXSS)\" vulnerability.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2016-07-21T00:00:00", "type": "ubuntucve", "title": "CVE-2016-4651", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4651"], "modified": "2016-07-21T00:00:00", "id": "UB:CVE-2016-4651", "href": "https://ubuntu.com/security/CVE-2016-4651", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-08-04T14:09:55", "description": "WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before\n9.2.2 mishandles the location variable, which allows remote attackers to\naccess the local filesystem via unspecified vectors.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-07-21T00:00:00", "type": "ubuntucve", "title": "CVE-2016-4591", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4591"], "modified": "2016-07-21T00:00:00", "id": "UB:CVE-2016-4591", "href": "https://ubuntu.com/security/CVE-2016-4591", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-08-04T14:09:52", "description": "WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before\n9.2.2 allows remote attackers to cause a denial of service (memory\nconsumption) via a crafted web site.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2016-07-22T00:00:00", "type": "ubuntucve", "title": "CVE-2016-4592", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4592"], "modified": "2016-07-22T00:00:00", "id": "UB:CVE-2016-4592", "href": "https://ubuntu.com/security/CVE-2016-4592", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-08-04T14:09:55", "description": "WebKit in Apple iOS before 9.3.3 and Safari before 9.1.2 mishandles about:\nURLs, which allows remote attackers to bypass the Same Origin Policy via a\ncrafted web site.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 5.4, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 2.5}, "published": "2016-07-21T00:00:00", "type": "ubuntucve", "title": "CVE-2016-4590", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4590"], "modified": "2016-07-21T00:00:00", "id": "UB:CVE-2016-4590", "href": "https://ubuntu.com/security/CVE-2016-4590", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-08-04T14:11:00", "description": "numbers.c in libxslt before 1.1.29, as used in Google Chrome before\n51.0.2704.63, mishandles namespace nodes, which allows remote attackers to\ncause a denial of service (out-of-bounds heap memory access) or possibly\nhave unspecified other impact via a crafted document.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[sbeattie](<https://launchpad.net/~sbeattie>) | reproducer in chromium bug report precise needed prerequisites: 0d6713d715509da1fec27bec220d43aa4fc48d0f 102099fb3bc0b29ede7dadc6388337ef4de59a74 (fix for 1st prereq)\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-05-31T00:00:00", "type": "ubuntucve", "title": "CVE-2016-1683", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1683"], "modified": "2016-05-31T00:00:00", "id": "UB:CVE-2016-1683", "href": "https://ubuntu.com/security/CVE-2016-1683", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2023-02-09T14:12:06", "description": "libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-07-22T02:59:00", "type": "cve", "title": "CVE-2016-4608", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4607", "CVE-2016-4608", "CVE-2016-4609", "CVE-2016-4610", "CVE-2016-4612"], "modified": "2020-11-20T19:03:00", "cpe": ["cpe:/a:xmlsoft:libxslt:1.1.28", "cpe:/o:fedoraproject:fedora:30"], "id": "CVE-2016-4608", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4608", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxslt:1.1.28:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:12:06", "description": "libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, and CVE-2016-4612.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-07-22T02:59:00", "type": "cve", "title": "CVE-2016-4610", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4607", "CVE-2016-4608", "CVE-2016-4609", "CVE-2016-4610", "CVE-2016-4612"], "modified": "2020-11-20T15:54:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "cpe:/o:fedoraproject:fedora:30"], "id": "CVE-2016-4610", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4610", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:12:06", "description": "libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4608, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-07-22T02:59:00", "type": "cve", "title": "CVE-2016-4607", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4607", "CVE-2016-4608", "CVE-2016-4609", "CVE-2016-4610", "CVE-2016-4612"], "modified": "2020-10-09T18:03:00", "cpe": ["cpe:/o:fedoraproject:fedora:30"], "id": "CVE-2016-4607", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4607", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:12:06", "description": "libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4610, and CVE-2016-4612.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-07-22T02:59:00", "type": "cve", "title": "CVE-2016-4609", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4607", "CVE-2016-4608", "CVE-2016-4609", "CVE-2016-4610", "CVE-2016-4612"], "modified": "2020-10-09T18:32:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "cpe:/o:fedoraproject:fedora:30"], "id": "CVE-2016-4609", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4609", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:12:03", "description": "WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4622, CVE-2016-4623, and CVE-2016-4624.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-07-22T02:59:00", "type": "cve", "title": "CVE-2016-4589", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4589", "CVE-2016-4622", "CVE-2016-4623", "CVE-2016-4624"], "modified": "2019-03-25T17:04:00", "cpe": ["cpe:/a:apple:webkit:*"], "id": "CVE-2016-4589", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4589", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:apple:webkit:*:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:12:08", "description": "WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4589, CVE-2016-4622, and CVE-2016-4623.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-07-22T02:59:00", "type": "cve", "title": "CVE-2016-4624", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4589", "CVE-2016-4622", "CVE-2016-4623", "CVE-2016-4624"], "modified": "2019-03-25T17:04:00", "cpe": [], "id": "CVE-2016-4624", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4624", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-02-09T14:12:09", "description": "WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4589, CVE-2016-4623, and CVE-2016-4624.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-07-22T02:59:00", "type": "cve", "title": "CVE-2016-4622", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4589", "CVE-2016-4622", "CVE-2016-4623", "CVE-2016-4624"], "modified": "2019-03-25T17:04:00", "cpe": [], "id": "CVE-2016-4622", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4622", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-02-09T14:12:08", "description": "WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4589, CVE-2016-4622, and CVE-2016-4624.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-07-22T02:59:00", "type": "cve", "title": "CVE-2016-4623", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4589", "CVE-2016-4622", "CVE-2016-4623", "CVE-2016-4624"], "modified": "2019-03-25T17:04:00", "cpe": [], "id": "CVE-2016-4623", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4623", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-02-09T14:12:07", "description": "libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4615, CVE-2016-4616, and CVE-2016-4619.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-07-22T02:59:00", "type": "cve", "title": "CVE-2016-4614", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4614", "CVE-2016-4615", "CVE-2016-4616", "CVE-2016-4619"], "modified": "2020-12-01T19:57:00", "cpe": [], "id": "CVE-2016-4614", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4614", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-02-09T14:12:09", "description": "libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4614, CVE-2016-4616, and CVE-2016-4619.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-07-22T02:59:00", "type": "cve", "title": "CVE-2016-4615", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4614", "CVE-2016-4615", "CVE-2016-4616", "CVE-2016-4619"], "modified": "2019-03-25T16:52:00", "cpe": [], "id": "CVE-2016-4615", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4615", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-02-09T14:12:08", "description": "libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4614, CVE-2016-4615, and CVE-2016-4619.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-07-22T02:59:00", "type": "cve", "title": "CVE-2016-4616", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4614", "CVE-2016-4615", "CVE-2016-4616", "CVE-2016-4619"], "modified": "2019-03-25T16:52:00", "cpe": [], "id": "CVE-2016-4616", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4616", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-02-09T14:05:54", "description": "The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4582 and CVE-2016-4653.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-07-22T02:59:00", "type": "cve", "title": "CVE-2016-1863", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1863", "CVE-2016-4582", "CVE-2016-4653"], "modified": "2019-03-20T15:20:00", "cpe": [], "id": "CVE-2016-1863", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1863", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": []}, {"lastseen": "2023-02-09T14:12:06", "description": "The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1863 and CVE-2016-4653.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-07-22T02:59:00", "type": "cve", "title": "CVE-2016-4582", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1863", "CVE-2016-4582", "CVE-2016-4653"], "modified": "2019-03-25T17:34:00", "cpe": [], "id": "CVE-2016-4582", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4582", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": []}, {"lastseen": "2023-02-09T14:12:12", "description": "The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1863 and CVE-2016-4582.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-07-22T03:00:00", "type": "cve", "title": "CVE-2016-4653", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1863", "CVE-2016-4582", "CVE-2016-4653"], "modified": "2019-03-25T16:53:00", "cpe": [], "id": "CVE-2016-4653", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4653", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": []}, {"lastseen": "2022-03-23T14:06:45", "description": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-1683. Reason: This candidate is a reservation duplicate of CVE-2016-1683. Notes: All CVE users should reference CVE-2016-1683 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.", "cvss3": {}, "published": "2016-07-22T02:59:00", "type": "cve", "title": "CVE-2016-4612", "cwe": [], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2016-1683", "CVE-2016-4612"], "modified": "2017-06-08T01:29:00", "cpe": [], "id": "CVE-2016-4612", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4612", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": []}, {"lastseen": "2022-03-23T14:06:53", "description": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-8317. Reason: This candidate is a reservation duplicate of CVE-2015-8317. Notes: All CVE users should reference CVE-2015-8317 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.", "cvss3": {}, "published": "2016-07-22T02:59:00", "type": "cve", "title": "CVE-2016-4619", "cwe": [], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2015-8317", "CVE-2016-4619"], "modified": "2017-06-08T01:29:00", "cpe": [], "id": "CVE-2016-4619", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4619", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": []}, {"lastseen": "2023-02-09T14:12:10", "description": "IOAcceleratorFamily in Apple iOS before 9.3.3 and watchOS before 2.2.2 allows local users to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) via unspecified vectors.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-07-22T02:59:00", "type": "cve", "title": "CVE-2016-4628", "cwe": ["CWE-200", "CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4628"], "modified": "2017-09-01T01:29:00", "cpe": ["cpe:/o:apple:iphone_os:9.3.2", "cpe:/o:apple:watchos:2.2.1"], "id": "CVE-2016-4628", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4628", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}, "cpe23": ["cpe:2.3:o:apple:iphone_os:9.3.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:watchos:2.2.1:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:12:09", "description": "IOAcceleratorFamily in Apple iOS before 9.3.3, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-07-22T02:59:00", "type": "cve", "title": "CVE-2016-4627", "cwe": ["CWE-476"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4627"], "modified": "2019-03-19T18:59:00", "cpe": [], "id": "CVE-2016-4627", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4627", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": []}, {"lastseen": "2023-02-09T14:12:04", "description": "The Siri Contacts component in Apple iOS before 9.3.3 allows physically proximate attackers to read arbitrary Contact card information via unspecified vectors.", "cvss3": {"exploitabilityScore": 0.9, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 2.4, "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2016-07-22T02:59:00", "type": "cve", "title": "CVE-2016-4593", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4593"], "modified": "2017-09-01T01:29:00", "cpe": ["cpe:/o:apple:iphone_os:9.3.2"], "id": "CVE-2016-4593", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4593", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:apple:iphone_os:9.3.2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:12:09", "description": "IOHIDFamily in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-07-22T02:59:00", "type": "cve", "title": "CVE-2016-4626", "cwe": ["CWE-476"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4626"], "modified": "2019-03-25T16:52:00", "cpe": [], "id": "CVE-2016-4626", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4626", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": []}, {"lastseen": "2023-02-09T14:12:02", "description": "WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to bypass the Same Origin Policy and obtain image date from an unintended web site via a timing attack involving an SVG document.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.1, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2016-07-22T02:59:00", "type": "cve", "title": "CVE-2016-4583", "cwe": ["CWE-362"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4583"], "modified": "2019-03-20T14:24:00", "cpe": ["cpe:/a:apple:webkit:-"], "id": "CVE-2016-4583", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4583", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:apple:webkit:-:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:12:16", "description": "CoreGraphics in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted BMP image.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-07-22T02:59:00", "type": "cve", "title": "CVE-2016-4637", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4637"], "modified": "2019-03-25T16:53:00", "cpe": [], "id": "CVE-2016-4637", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4637", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-02-09T14:12:05", "description": "The Sandbox Profiles component in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows attackers to access the process list via a crafted app that makes an API call.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-07-22T02:59:00", "type": "cve", "title": "CVE-2016-4594", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4594"], "modified": "2019-03-20T13:41:00", "cpe": [], "id": "CVE-2016-4594", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4594", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-02-09T14:12:05", "description": "Cross-site scripting (XSS) vulnerability in the WebKit Page Loading implementation in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to inject arbitrary web script or HTML via an HTTP response specifying redirection that is mishandled by Safari.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2016-07-22T02:59:00", "type": "cve", "title": "CVE-2016-4585", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4585"], "modified": "2019-03-18T19:44:00", "cpe": ["cpe:/a:apple:webkit:*"], "id": "CVE-2016-4585", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4585", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:apple:webkit:*:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:12:03", "description": "The WebKit Page Loading implementation in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-07-22T02:59:00", "type": "cve", "title": "CVE-2016-4584", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4584"], "modified": "2019-03-25T17:35:00", "cpe": [], "id": "CVE-2016-4584", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4584", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-02-09T14:12:08", "description": "ImageIO in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TIFF file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-07-22T02:59:00", "type": "cve", "title": "CVE-2016-4631", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4631"], "modified": "2019-03-25T16:52:00", "cpe": [], "id": "CVE-2016-4631", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4631", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-02-09T02:45:25", "description": "The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read.", "cvss3": {}, "published": "2015-12-15T21:59:00", "type": "cve", "title": "CVE-2015-8317", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8317"], "modified": "2017-09-14T01:29:00", "cpe": ["cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/a:xmlsoft:libxml2:2.9.2", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/o:debian:debian_linux:7.0", "cpe:/o:redhat:enterprise_linux_server:6.0", "cpe:/o:canonical:ubuntu_linux:15.10", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:redhat:enterprise_linux_hpc_node:6.0", "cpe:/a:hp:icewall_federation_agent:3.0", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:15.04", "cpe:/a:hp:icewall_file_manager:3.0", "cpe:/o:debian:debian_linux:8.0"], "id": "CVE-2015-8317", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8317", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.9.2:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", "cpe:2.3:a:hp:icewall_file_manager:3.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:hp:icewall_federation_agent:3.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:12:12", "description": "In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, proxy authentication incorrectly reported HTTP proxies received credentials securely. This issue was addressed through improved warnings.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-01-11T18:29:00", "type": "cve", "title": "CVE-2016-4642", "cwe": ["CWE-254"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4642"], "modified": "2019-01-17T15:37:00", "cpe": [], "id": "CVE-2016-4642", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4642", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": []}, {"lastseen": "2023-02-09T14:12:09", "description": "ImageIO in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-07-22T02:59:00", "type": "cve", "title": "CVE-2016-4632", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4632"], "modified": "2019-03-25T16:52:00", "cpe": [], "id": "CVE-2016-4632", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4632", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": []}, {"lastseen": "2023-02-09T14:12:12", "description": "Cross-site scripting (XSS) vulnerability in the WebKit JavaScript bindings in Apple iOS before 9.3.3 and Safari before 9.1.2 allows remote attackers to inject arbitrary web script or HTML via a crafted HTTP/0.9 response, related to a \"cross-protocol cross-site scripting (XPXSS)\" vulnerability.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2016-07-22T03:00:00", "type": "cve", "title": "CVE-2016-4651", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4651"], "modified": "2018-10-09T20:00:00", "cpe": ["cpe:/o:apple:iphone_os:9.3.2", "cpe:/a:apple:safari:9.1.1"], "id": "CVE-2016-4651", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4651", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:o:apple:iphone_os:9.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:9.1.1:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:12:05", "description": "WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-07-22T02:59:00", "type": "cve", "title": "CVE-2016-4591", "cwe": ["CWE-284"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4591"], "modified": "2019-03-25T17:04:00", "cpe": ["cpe:/a:apple:webkit:*"], "id": "CVE-2016-4591", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4591", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N"}, "cpe23": ["cpe:2.3:a:apple:webkit:*:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:12:05", "description": "Safari in Apple iOS before 9.3.3 allows remote attackers to spoof the displayed URL via an HTTP response specifying redirection to an invalid TCP port number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 5.4, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 2.5}, "published": "2016-07-22T02:59:00", "type": "cve", "title": "CVE-2016-4604", "cwe": ["CWE-601"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4604"], "modified": "2017-09-01T01:29:00", "cpe": ["cpe:/a:apple:safari:*"], "id": "CVE-2016-4604", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4604", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}, "cpe23": ["cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:12:09", "description": "FaceTime in Apple iOS before 9.3.3 and OS X before 10.11.6 allows man-in-the-middle attackers to spoof relayed-call termination, and obtain sensitive audio information in opportunistic circumstances, via unspecified vectors.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-07-22T02:59:00", "type": "cve", "title": "CVE-2016-4635", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4635"], "modified": "2017-09-01T01:29:00", "cpe": ["cpe:/o:apple:iphone_os:9.3.2", "cpe:/o:apple:mac_os_x:10.11.5"], "id": "CVE-2016-4635", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4635", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:apple:iphone_os:9.3.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.11.5:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T15:22:49", "description": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none.", "cvss3": {}, "published": "2017-05-11T14:30:00", "type": "cve", "title": "CVE-2016-7705", "cwe": [], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2016-7705"], "modified": "2017-05-11T14:30:00", "cpe": [], "id": "CVE-2016-7705", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7705", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": []}, {"lastseen": "2023-02-09T14:12:03", "description": "WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to cause a denial of service (memory consumption) via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2016-07-22T02:59:00", "type": "cve", "title": "CVE-2016-4592", "cwe": ["CWE-400"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4592"], "modified": "2019-03-20T14:10:00", "cpe": ["cpe:/a:apple:webkit:-"], "id": "CVE-2016-4592", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4592", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:a:apple:webkit:-:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:12:07", "description": "Calendar in Apple iOS before 9.3.3 allows remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a crafted invitation.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2016-07-22T02:59:00", "type": "cve", "title": "CVE-2016-4605", "cwe": ["CWE-476"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4605"], "modified": "2017-09-01T01:29:00", "cpe": ["cpe:/o:apple:iphone_os:9.3.2"], "id": "CVE-2016-4605", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4605", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:apple:iphone_os:9.3.2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:18:45", "description": "In iOS before 9.3.3, a memory corruption issue existed in the kernel. This issue was addressed through improved memory handling.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-01-11T18:29:00", "type": "cve", "title": "CVE-2016-7576", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7576"], "modified": "2019-01-17T14:40:00", "cpe": [], "id": "CVE-2016-7576", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7576", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": []}, {"lastseen": "2023-02-09T14:16:28", "description": "Improper bounds checking of the obuf variable in the link_ntoa() function in linkaddr.c of the BSD libc library may allow an attacker to read or write from memory. The full impact and severity depends on the method of exploit and how the library is used by applications. According to analysis by FreeBSD developers, it is very unlikely that applications exist that utilize link_ntoa() in an exploitable manner, and the CERT/CC is not aware of any proof of concept. A blog post describes the functionality of link_ntoa() and points out that none of the base utilities use this function in an exploitable manner. For more information, please see FreeBSD Security Advisory SA-16:37.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-07-13T20:29:00", "type": "cve", "title": "CVE-2016-6559", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6559"], "modified": "2019-10-09T23:19:00", "cpe": ["cpe:/o:freebsd:freebsd:11.0", "cpe:/o:freebsd:freebsd:10.3", "cpe:/o:freebsd:freebsd:10.2", "cpe:/o:freebsd:freebsd:9.3", "cpe:/o:freebsd:freebsd:10.1"], "id": "CVE-2016-6559", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6559", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:freebsd:freebsd:10.1:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:10.3:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:10.2:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:9.3:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:11.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:12:05", "description": "Web Media in Apple iOS before 9.3.3 allows attackers to bypass the Private Browsing protection mechanism and obtain sensitive video URL information by leveraging Safari View Controller misbehavior.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 4.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2016-07-22T02:59:00", "type": "cve", "title": "CVE-2016-4603", "cwe": ["CWE-254"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4603"], "modified": "2017-09-01T01:29:00", "cpe": ["cpe:/o:apple:iphone_os:9.3.2"], "id": "CVE-2016-4603", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4603", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:apple:iphone_os:9.3.2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:12:04", "description": "WebKit in Apple iOS before 9.3.3 and Safari before 9.1.2 mishandles about: URLs, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 5.4, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 2.5}, "published": "2016-07-22T02:59:00", "type": "cve", "title": "CVE-2016-4590", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4590"], "modified": "2018-10-09T20:00:00", "cpe": ["cpe:/a:apple:safari:9.1.1", "cpe:/a:apple:webkit:*"], "id": "CVE-2016-4590", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4590", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:apple:webkit:*:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:9.1.1:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:05:53", "description": "The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-07-22T02:59:00", "type": "cve", "title": "CVE-2016-1865", "cwe": ["CWE-476"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1865"], "modified": "2019-03-20T15:17:00", "cpe": [], "id": "CVE-2016-1865", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1865", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": []}, {"lastseen": "2023-02-09T14:12:11", "description": "In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, a downgrade issue existed with HTTP authentication credentials saved in Keychain. This issue was addressed by storing the authentication types with the credentials.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-01-11T18:29:00", "type": "cve", "title": "CVE-2016-4644", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4644"], "modified": "2019-01-17T17:55:00", "cpe": [], "id": "CVE-2016-4644", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4644", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cpe23": []}, {"lastseen": "2023-02-09T14:05:25", "description": "numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory access) or possibly have unspecified other impact via a crafted document.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-06-05T23:59:00", "type": "cve", "title": "CVE-2016-1683", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1683"], "modified": "2018-10-30T16:27:00", "cpe": ["cpe:/a:xmlsoft:libxslt:1.1.28", "cpe:/o:opensuse:opensuse:13.2", "cpe:/a:google:chrome:50.0.2661.102", "cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/o:opensuse:leap:42.1", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:canonical:ubuntu_linux:15.10", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/o:suse:linux_enterprise:12.0", "cpe:/o:redhat:enterprise_linux_server:6.0"], "id": "CVE-2016-1683", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1683", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:50.0.2661.102:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxslt:1.1.28:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*"]}], "fedora": [{"lastseen": "2020-12-21T08:17:53", "description": "WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. This package contains WebKitGTK+ for GTK+ 3. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-08-27T15:19:54", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: webkitgtk4-2.12.4-1.fc24", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4590", "CVE-2016-4591", "CVE-2016-4622", "CVE-2016-4624"], "modified": "2016-08-27T15:19:54", "id": "FEDORA:6581060802E6", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/DMH2BISRAFHBODS7RDC5BDBEQZGPE3MU/", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:53", "description": "WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. This package contains WebKitGTK+ for GTK+ 3. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-09-01T18:54:33", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: webkitgtk4-2.12.4-1.fc23", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4590", "CVE-2016-4591", "CVE-2016-4622", "CVE-2016-4624"], "modified": "2016-09-01T18:54:33", "id": "FEDORA:5D7E560600D0", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/52FAWU4LC36EYVTVLITMFJEBN4VNN4TK/", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-07-28T18:41:38", "description": "This C library allows to transform XML files into other XML files (or HTML, text, ...) using the standard XSLT stylesheet transformation mechanism. To use it you need to have a version of libxml2 >=3D 2.6.27 installed. The xsltproc command is a command line interface to the XSLT eng ine ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-06-18T18:15:35", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: mingw-libxslt-1.1.33-1.fc30", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1683", "CVE-2016-1684", "CVE-2016-1841", "CVE-2016-4607", "CVE-2016-4608", "CVE-2016-4609", "CVE-2016-4610", "CVE-2016-4738", "CVE-2019-11068"], "modified": "2019-06-18T18:15:35", "id": "FEDORA:A7F076CB1D2F", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "archlinux": [{"lastseen": "2016-09-02T13:01:05", "description": "- CVE-2016-4590 (same-origin policy bypass)\n\nxisigr of Tencent’s Xuanwu Lab discovered a vulnerability in the way\nwebkit handles URLs, which allows remote attackers to bypass the Same\nOrigin Policy via a crafted web site.\n\n- CVE-2016-4591 (arbitrary filesystem access)\n\nma.la of LINE Corporation discoveered a vulnerability in the way webkit\nhandles the location variable, which allows remote attackers to access\nthe local filesystem via unspecified vectors.\n\n- CVE-2016-4622 (arbitrary code execution)\n\nSamuel Gross working with Trend Micro’s Zero Day Initiative discovered a\nvulnerability that allows remote attackers to execute arbitrary code or\ncause a denial of service (memory corruption) via a crafted web site.\n\n- CVE-2016-4624 (arbitrary code execution)\n\nApple found a vulnerability that allows remote attackers to execute\narbitrary code or cause a denial of service (memory corruption) via a\ncrafted web site.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-09-01T00:00:00", "type": "archlinux", "title": "webkit2gtk: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4624", "CVE-2016-4591", "CVE-2016-4622", "CVE-2016-4590"], "modified": "2016-09-01T00:00:00", "id": "ASA-201609-2", "href": "https://lists.archlinux.org/pipermail/arch-security/2016-September/000698.html", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}}], "ubuntu": [{"lastseen": "2023-01-26T13:21:41", "description": "## Releases\n\n * Ubuntu 16.04 ESM\n\n## Packages\n\n * webkit2gtk \\- JavaScript engine library from WebKitGTK+ - GObject introspection\n\nA large number of security issues were discovered in the WebKitGTK+ Web and \nJavaScript engines. If a user were tricked into viewing a malicious \nwebsite, a remote attacker could exploit a variety of issues related to web \nbrowser security, including cross-site scripting attacks, denial of service \nattacks, and arbitrary code execution.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-09-14T00:00:00", "type": "ubuntu", "title": "WebKitGTK+ vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1854", "CVE-2016-1856", "CVE-2016-1857", "CVE-2016-1858", "CVE-2016-1859", "CVE-2016-4583", "CVE-2016-4585", "CVE-2016-4586", "CVE-2016-4588", "CVE-2016-4589", "CVE-2016-4590", "CVE-2016-4591", "CVE-2016-4622", "CVE-2016-4623", "CVE-2016-4624", "CVE-2016-4651"], "modified": "2016-09-14T00:00:00", "id": "USN-3079-1", "href": "https://ubuntu.com/security/notices/USN-3079-1", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N"}}], "slackware": [{"lastseen": "2023-02-13T02:13:55", "description": "New libxml2 packages are available for Slackware 14.0, 14.1, and -current to\nfix security issues.\n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n\npatches/packages/libxml2-2.9.4-i486-1_slack14.1.txz: Upgraded.\n This release fixes bugs and security issues:\n Heap-based buffer underreads due to xmlParseName (CVE-2016-4447).\n Format string vulnerability (CVE-2016-4448).\n Inappropriate fetch of entities content (CVE-2016-4449).\n For more information, see:\n http://xmlsoft.org/news.html\n https://vulners.com/cve/CVE-2016-4447\n https://vulners.com/cve/CVE-2016-4448\n https://vulners.com/cve/CVE-2016-4449\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/libxml2-2.9.4-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/libxml2-2.9.4-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/libxml2-2.9.4-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/libxml2-2.9.4-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libxml2-2.9.4-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libxml2-2.9.4-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 14.0 package:\nc498433ae7d6077a9d5245877aa2c06e libxml2-2.9.4-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\nc92258a87bb30a6cdce2b5428d640bd5 libxml2-2.9.4-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n2b74b913a164a23ad2da10eebf923e46 libxml2-2.9.4-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\ne2dee612c7de77822824e43a61414c2c libxml2-2.9.4-x86_64-1_slack14.1.txz\n\nSlackware -current package:\n98d1ede4a347a49f2ad972ac5339b9e6 l/libxml2-2.9.4-i586-1.txz\n\nSlackware x86_64 -current package:\nc2d5721aac77b74d7e47a2a8a372d47a l/libxml2-2.9.4-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg libxml2-2.9.4-i486-1_slack14.1.txz", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-05-27T23:33:14", "type": "slackware", "title": "[slackware-security] libxml2", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4447", "CVE-2016-4448", "CVE-2016-4449"], "modified": "2016-05-27T23:33:14", "id": "SSA-2016-148-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.404722", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ibm": [{"lastseen": "2023-02-21T01:48:40", "description": "## Summary\n\nA set of Libxml2 vulnerabilities were disclosed by the Libxml2 Project. Libxml2 is used by Rational Systems Tester. Rational Systems Tester has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2016-4447](<https://vulners.com/cve/CVE-2016-4447>)** \nDESCRIPTION:** libxml2 is vulnerable to a denial of service, caused by a heap-based buffer overflow. By persuading a victim to open a specially crafted XML file, a remote attacker could overflow a buffer and cause the application to crash. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/113522> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n\n**CVEID:** [CVE-2016-4448](<https://vulners.com/cve/CVE-2016-4448>)** \nDESCRIPTION:** libxml2 could allow a remote attacker to execute arbitrary code on the system, caused by a format string error. By using a specially crafted html file containing malicious format specifiers, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/113523> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2016-4449](<https://vulners.com/cve/CVE-2016-4449>)** \nDESCRIPTION:** libxml2 could allow a remote attacker to obtain sensitive information, caused by a XML external entity (XXE) error when processing XML data by the XML parser. A remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/113524> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n## Affected Products and Versions\n\nRational Systems Tester 3.3, 3.3.0.1, 3.3.0.2, 3.3.0.3, 3.3.0.4, 3.3.0.5, 3.3.0.6, 3.3.0.7, 3.3.0.7 Interim Fix 1, 3.3.0.7 Interim Fix 2, 3.3.0.7 Interim Fix 3, 3.3.0.7 Interim Fix 4\n\n## Remediation/Fixes\n\nUpgrade to [Rational Systems Tester Interim Fix 5 for 3.3.0.7](<http://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Systems+Tester&release=3.3.0.7&platform=All&function=all>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-17T05:14:21", "type": "ibm", "title": "Security Bulletin: Rational Systems Tester is affected by Libxml2 vulnerabilities (CVE-2016-4447, CVE-2016-4448, CVE-2016-4449)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4447", "CVE-2016-4448", "CVE-2016-4449"], "modified": "2018-06-17T05:14:21", "id": "3033CEC46BF22E7E12BC3CCFAA8D29B6F551CF4E9D9382E3751615A2B8453073", "href": "https://www.ibm.com/support/pages/node/283873", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T01:50:25", "description": "## Summary\n\nOpen Source XMLsoft Libxml2 Vulnerabilities affects IBM Security Guardium. IBM Security Guardium has fixed these vulnerabilites \n\n## Vulnerability Details\n\n**CVEID:** [CVE-2016-4447](<https://vulners.com/cve/CVE-2016-4447>)** \nDESCRIPTION:** libxml2 is vulnerable to a denial of service, caused by a heap-based buffer overflow. By persuading a victim to open a specially crafted XML file, a remote attacker could overflow a buffer and cause the application to crash. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/113522> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n\n**CVEID:** [CVE-2016-4448](<https://vulners.com/cve/CVE-2016-4448>)** \nDESCRIPTION:** libxml2 could allow a remote attacker to execute arbitrary code on the system, caused by a format string error. By using a specially crafted html file containing malicious format specifiers, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/113523> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n**CVEID:** [CVE-2016-4449](<https://vulners.com/cve/CVE-2016-4449>)** \nDESCRIPTION:** libxml2 could allow a remote attacker to obtain sensitive information, caused by a XML external entity (XXE) error when processing XML data by the XML parser. A remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/113524> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n\n## Affected Products and Versions\n\nIBM Security Guardium V 10, 10.1\n\n## Remediation/Fixes\n\n \n| \n_VRMF_| \n_Remediation/First Fix_ \n---|---|--- \nIBM Security Guardium.| \n_10x_| [_https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%2BSecurity&product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard_10.0p6021_SecurityUpdate&includeSupersedes=0&source=fc_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%2BSecurity&product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard_10.0p6021_SecurityUpdate&includeSupersedes=0&source=fc>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-16T21:44:21", "type": "ibm", "title": "Security Bulletin: IBM Security Guardium is affected by Open Source XMLsoft Libxml2 Vulnerabilities (CVE-2016-4447 CVE-2016-4448 CVE-2016-4449)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4447", "CVE-2016-4448", "CVE-2016-4449"], "modified": "2018-06-16T21:44:21", "id": "AC55B5CA914D3699B6FFB572364AB471AF9D451850945C25BB12A4641AA0A58C", "href": "https://www.ibm.com/support/pages/node/284267", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T05:53:36", "description": "## Summary\n\nA set of Libxml2 vulnerabilities were disclosed by the Libxml2 Project. Libxml2 is used by IBM Streams. IBM Streams has addressed the applicable CVEs. \n \n\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-4447_](<https://vulners.com/cve/CVE-2016-4447>)** \nDESCRIPTION:** libxml2 is vulnerable to a denial of service, caused by a heap-based buffer overflow. By persuading a victim to open a specially crafted XML file, a remote attacker could overflow a buffer and cause the application to crash. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113522_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113522>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n\n**CVEID:** [_CVE-2016-4448_](<https://vulners.com/cve/CVE-2016-4448>)** \nDESCRIPTION:** libxml2 could allow a remote attacker to execute arbitrary code on the system, caused by a format string error. By using a specially crafted html file containing malicious format specifiers, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113523_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113523>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n\n**CVEID:** [_CVE-2016-4449_](<https://vulners.com/cve/CVE-2016-4449>)** \nDESCRIPTION:** libxml2 could allow a remote attacker to obtain sensitive information, caused by a XML external entity (XXE) error when processing XML data by the XML parser. A remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113524_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113524>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n\n\n## Affected Products and Versions\n\n * * IBM Streams Version 4.1.1.1 and earlier\n * IBM InfoSphere Streams Version 4.0.1.2 and earlier\n * IBM InfoSphere Streams Version 3.2.1.5 and earlier\n * IBM InfoSphere Streams Version 3.1.0.7 and earlier\n * IBM InfoSphere Streams Version 3.0.0.5 and earlier\n * IBM InfoSphere Streams Version 2.0.0.4 and earlier\n * IBM InfoSphere Streams Version 1.2.1.0 \n\n\n## Remediation/Fixes\n\nNOTE: Fix Packs are available on IBM Fix Central. \n\n\n * **Version 4.1.1:**\n * Apply [4.1.1 Fix Pack 2 (4.1.1.2) or higher.](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/InfoSphere+Streams&release=4.1.1.0&platform=All&function=all>)\n * **Version 4.0.1:**\n * Apply [4.0.1 Fix Pack 3 (4.0.1.3) or higher.](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/InfoSphere+Streams&release=4.0.1.0&platform=All&function=all>)\n * **Version 3.2.1:**\n * Apply [3.2.1 Fix Pack 6 (3.2.1.6) or higher.](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/InfoSphere+Streams&release=3.2.1.0&platform=All&function=all>)\n * **Version 3.1.0:**\n * Contact IBM Technical Support.\n * **Version 3.0.0:**\n * Contact IBM Technical Support.\n * **Versions 1.2 and 2.0:**\n * For version 1.x and 2.x, IBM recommends upgrading to a fixed, supported version/release/platform of the product. Customers who cannot upgrade and need to secure their installation should open a PMR with IBM Technical Support and request assistance securing their InfoSphere Streams system against the vulnerabilities identified in this Security Bulletin. \n \n\n\n## Workarounds and Mitigations\n\nNone \n\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-16T13:43:11", "type": "ibm", "title": "Security Bulletin: IBM Streams is affected by Libxml2 vulnerabilities (CVE-2016-4447, CVE-2016-4448, CVE-2016-4449)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4447", "CVE-2016-4448", "CVE-2016-4449"], "modified": "2018-06-16T13:43:11", "id": "FD0134E542D5A247E77129A86B361F41356357DC01CCAC79F41AF23EACDA7CF6", "href": "https://www.ibm.com/support/pages/node/552671", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T05:51:13", "description": "## Summary\n\nVulnerabilities have been identified in the libxml2 library, which is a development toolbox providing the implementation of various XML standards. \n \nIBM Security Access Manager for Web uses libxml2 and is affected by these vulnerabilities. \n\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2016-4448](<https://vulners.com/cve/CVE-2016-4448>)** \nDESCRIPTION:** libxml2 could allow a remote attacker to execute arbitrary code on the system, caused by a format string error. By using a specially crafted html file containing malicious format specifiers, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/113523> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n\n**CVEID:** [CVE-2016-4449](<https://vulners.com/cve/CVE-2016-4449>)** \nDESCRIPTION:** libxml2 could allow a remote attacker to obtain sensitive information, caused by a XML external entity (XXE) error when processing XML data by the XML parser. A remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/113524> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2016-3627](<https://vulners.com/cve/CVE-2016-3627>)** \nDESCRIPTION:** libxml2 is vulnerable to a denial of service, caused by an error in the xmlStringGetNodeList() function when parsing xml files while in recover mode. An attacker could exploit this vulnerability to exhaust the stack and cause a segmentation fault. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/111586> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2016-3705](<https://vulners.com/cve/CVE-2016-3705>)** \nDESCRIPTION:** libxml2 is vulnerable to a stack-based buffer overflow, caused by an out-of-bounds read of xmlParserEntityCheck() and xmlParseAttValueComplex() functions in parser.c. By persuading a victim to open a specially crafted XML file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 6.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/112885> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2016-4447](<https://vulners.com/cve/CVE-2016-4447>)** \nDESCRIPTION:** libxml2 is vulnerable to a denial of service, caused by a heap-based buffer overflow. By persuading a victim to open a specially crafted XML file, a remote attacker could overflow a buffer and cause the application to crash. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/113522> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nIBM Security Access Manager for Web 7.0 appliances \n\nIBM Security Access Manager for Web 8.0, all firmware versions\n\nIBM Security Access Manager 9.0, all firmware versions\n\n## Remediation/Fixes\n\nIBM has provided patches for all affected versions. Follow the installation instructions in the README files included with the patch. \n \n\n\n**Product**| **VRMF**| **APAR**| **Remediation** \n---|---|---|--- \nIBM Security Access Manager for Web| 7.0 (appliance)| IV80986| Apply Interim Fix 26: \n[7.0.0-ISS-WGA-IF0026](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=7.0.0&platform=All&function=all>) \nIBM Security Access Manager for Web| 8.0.0.0 - \n8.0.1.4| IV89324| 1\\. For versions prior to 8.0.1.4, upgrade to 8.0.1.4:[](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=8.0.1.3&platform=All&function=all>) \n[_8.0.1-ISS-WGA-FP0004_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=8.0.1.3&platform=All&function=all>) \n2\\. Apply 8.0.1.4 Interim Fix 2: \n[_8.0.1.4-ISS-WGA-IF0003_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=8.0.1.3&platform=All&function=all>) \nIBM Security Access Manager| 9.0 - \n9.0.1.0| IV89330| 1\\. For versions prior to 9.0.1.0, upgrade to 9.0.1.0: \n[IBM Security Access Manager V9.0.1 Multiplatform, Multilingual (CRW4EML) ](<http://www-01.ibm.com/software/passportadvantage/pacustomers.html>) \n2\\. Apply 9.0.1.0 Interim Fix 5: \n[_9.0.1.0-ISS-ISAM-IF0005_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=9.0.0.0&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-16T21:46:39", "type": "ibm", "title": "Security Bulletin: IBM Security Access Manager for Web is affected by security vulnerabilities in libxml2", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3627", "CVE-2016-3705", "CVE-2016-4447", "CVE-2016-4448", "CVE-2016-4449"], "modified": "2018-06-16T21:46:39", "id": "E5020E25CC0D31B3DD625C72F6EB591C437E68772CFDB40BEECC3F7C69328CB0", "href": "https://www.ibm.com/support/pages/node/552319", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T05:56:28", "description": "## Summary\n\nIBM DataPower Gateways has addressed vulnerabilities in processing certain XML files that could cause a denial of service or obtain sensitive information. \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-4448_](<https://vulners.com/cve/CVE-2016-4448>)** \nDESCRIPTION:** `libxml2` could allow a remote attacker to execute arbitrary code on the system, caused by a format string error. By using a specially crafted HTML file that contains malicious format specifiers, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113523_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113523>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n\n**CVEID:** [_CVE-2016-4449_](<https://vulners.com/cve/CVE-2016-4449>)** \nDESCRIPTION:** `libxml2` could allow a remote attacker to obtain sensitive information, caused by a XML external entity (XXE) error when processing XML data by the XML parser. A remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113524_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113524>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2016-3627_](<https://vulners.com/cve/CVE-2016-3627>)** \nDESCRIPTION:** libxml2 is vulnerable to a denial of service, caused by an error in the `xmlStringGetNodeList()` function when parsing xml files while in recover mode. An attacker could exploit this vulnerability to exhaust the stack and cause a segmentation fault. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/111586_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111586>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-3705_](<https://vulners.com/cve/CVE-2016-3705>)** \nDESCRIPTION:** `libxml2` is vulnerable to a stack-based buffer overflow, caused by an out-of-bounds `read of xmlParserEntityCheck()` and `xmlParseAttValueComplex()` functions in `parser.c`. By persuading a victim to open a specially crafted XML file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 6.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-4447_](<https://vulners.com/cve/CVE-2016-4447>)** \nDESCRIPTION:** `libxml2` is vulnerable to a denial of service, caused by a heap-based buffer overflow. By persuading a victim to open a specially crafted XML file, a remote attacker could overflow a buffer and cause the application to crash. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113522_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113522>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nIBM DataPower Gateways versions 7.2.0.0 to 7.2.0.8, 7.5.0.0 to 7.5.0.2, and 7.5.1.0 to 7.5.1.1.\n\n## Remediation/Fixes\n\nFix is available in versions 7.2.0.9, 7.5.0.3, and 7.5.1.2. Refer to [APAR IT16307](<http://www-01.ibm.com/support/docview.wss?uid=swg1IT16307>) for URLs to download the fix. \n \nYou should verify applying this fix does not cause any compatibility issues. \n\n\n_For DataPower customers using versions 6.x and earlier versions, IBM recommends upgrading to a fixed, supported version/release/platform of the product. _\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-15T07:06:13", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in XML processing affect IBM DataPower Gateways", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3627", "CVE-2016-3705", "CVE-2016-4447", "CVE-2016-4448", "CVE-2016-4449"], "modified": "2018-06-15T07:06:13", "id": "2406147E7F1A480D16DAF974D9B99C2725C43B01A994C65A6210C059B36B3A7F", "href": "https://www.ibm.com/support/pages/node/551163", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T05:51:15", "description": "## Summary\n\nVulnerabilities have been identified in the libxml2 library, which is a development toolbox providing the implementation of various XML standards. \n \nIBM Security Access Manager for Mobile uses libxml2 and is affected by these vulnerabilities. \n\n## Vulnerability Details\n\n**CVEID:** [CVE-2016-4448](<https://vulners.com/cve/CVE-2016-4448>)** \nDESCRIPTION:** libxml2 could allow a remote attacker to execute arbitrary code on the system, caused by a format string error. By using a specially crafted html file containing malicious format specifiers, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/113523> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n\n**CVEID:** [CVE-2016-4449](<https://vulners.com/cve/CVE-2016-4449>)** \nDESCRIPTION:** libxml2 could allow a remote attacker to obtain sensitive information, caused by a XML external entity (XXE) error when processing XML data by the XML parser. A remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/113524> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2016-3627](<https://vulners.com/cve/CVE-2016-3627>)** \nDESCRIPTION:** libxml2 is vulnerable to a denial of service, caused by an error in the xmlStringGetNodeList() function when parsing xml files while in recover mode. An attacker could exploit this vulnerability to exhaust the stack and cause a segmentation fault. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/111586> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2016-3705](<https://vulners.com/cve/CVE-2016-3705>)** \nDESCRIPTION:** libxml2 is vulnerable to a stack-based buffer overflow, caused by an out-of-bounds read of xmlParserEntityCheck() and xmlParseAttValueComplex() functions in parser.c. By persuading a victim to open a specially crafted XML file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 6.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/112885> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2016-4447](<https://vulners.com/cve/CVE-2016-4447>)** \nDESCRIPTION:** libxml2 is vulnerable to a denial of service, caused by a heap-based buffer overflow. By persuading a victim to open a specially crafted XML file, a remote attacker could overflow a buffer and cause the application to crash. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/113522> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nIBM Security Access Manager for Mobile 8.0, all firmware versions \n\nIBM Security Access Manager 9.0, all firmware versions\n\n## Remediation/Fixes\n\nThe table below provides links to patches for all affected versions. Follow the installation instructions in the README file included with the patch. \n \n\n\n**Product**| **VRMF**| **APAR**| **Remediation** \n---|---|---|--- \nIBM Security Access Manager for Mobile| 8.0.0.0 - \n8.0.1.4| IV89294 | 1\\. For releases prior to 8.0.1.4, upgrade to 8.0.1.4: \n[8.0.1-ISS-ISAM-FP0004](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Security+Access+Manager+for+Mobile&release=8.0&platform=Linux&function=all>) \n2\\. Apply 8.0.1.4 Interim Fix 3: \n[8.0.1.4-ISS-ISAM-IF0003](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Security+Access+Manager+for+Mobile&release=8.0&platform=Linux&function=all>) \nIBM Security Access Manager| 9.0 - \n9.0.1.0| IV89330| 1\\. For 9.0 environments, upgrade to 9.0.1.0: \n[IBM Security Access Manager V9.0.1 Multiplatform, Multilingual (CRW4EML) ](<http://www-01.ibm.com/software/passportadvantage/pacustomers.html>) \n2\\. Apply 9.0.1.0 Interim Fix 5: \n[_9.0.1.0-ISS-ISAM-IF0005_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=9.0.0.0&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-16T21:46:39", "type": "ibm", "title": "Security Bulletin: IBM Security Access Manager for Mobile is affected by security vulnerabilities in libxml2", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3627", "CVE-2016-3705", "CVE-2016-4447", "CVE-2016-4448", "CVE-2016-4449"], "modified": "2018-06-16T21:46:39", "id": "D5DA548187DF2EFE03F7040FF05BC360041CF8C1CFAF6CD126E5A8B7D72A93AC", "href": "https://www.ibm.com/support/pages/node/552317", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-23T21:51:55", "description": "## Summary\n\nx and BladeCenter systems have addressed the following vulnerabilities in libxml2.\n\n## Vulnerability Details\n\n## Summary\n\nIBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter systems have addressed the following vulnerabilities in libxml2.\n\n**Vulnerability Details:**\n\n**CVE-ID:** [CVE-2015-8806](<https://vulners.com/cve/CVE-2015-8806>)\n\n**Description:** libxml2 is vulnerable to a denial of service, caused by a heap-buffer overread in dict.c. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.\n\nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/110613> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVE-ID:** [CVE-2016-3705](<https://vulners.com/cve/CVE-2016-3705>)\n\n**Description:** libxml2 is vulnerable to a stack-based buffer overflow, caused by an out-of-bounds read of xmlParserEntityCheck() and xmlParseAttValueComplex() functions in parser.c. By persuading a victim to open a specially crafted XML file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.\n\nCVSS Base Score: 6.3 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/112885> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVE-ID:** [CVE-2016-4447](<https://vulners.com/cve/CVE-2016-4447>)\n\n**Description:** libxml2 is vulnerable to a denial of service, caused by a heap-based buffer overflow. By persuading a victim to open a specially crafted XML file, a remote attacker could overflow a buffer and cause the application to crash.\n\nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/113522> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVE-ID:** [CVE-2016-4448](<https://vulners.com/cve/CVE-2016-4448>)\n\n**Description:** libxml2 could allow a remote attacker to execute arbitrary code on the system, caused by a format string error. By using a specially crafted html file containing malicious format specifiers, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash.\n\nCVSS Base Score: 7.3 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/113523> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS
Apple iOS < 9.3.3 Multiple Vulnerabilities
