Search...

F5 Networks BIG-IP : libxml2 vulnerability (K16712298)

2016-12-20T00:00:00

ID F5_BIGIP_SOL16712298.NASL
Type nessus
Reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2020-03-09T00:00:00

Description

Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document. (CVE-2016-1834)

                                        
                                            #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from F5 Networks BIG-IP Solution K16712298.
#
# The text description of this plugin is (C) F5 Networks.
#

include("compat.inc");

if (description)
{
  script_id(95938);
  script_version("3.11");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/09");

  script_cve_id("CVE-2016-1834");

  script_name(english:"F5 Networks BIG-IP : libxml2 vulnerability (K16712298)");
  script_summary(english:"Checks the BIG-IP version.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote device is missing a vendor-supplied security patch."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Heap-based buffer overflow in the xmlStrncat function in libxml2
before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5,
tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers
to execute arbitrary code or cause a denial of service (memory
corruption) via a crafted XML document. (CVE-2016-1834)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://support.f5.com/csp/article/K16712298"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade to one of the non-vulnerable versions listed in the F5
Solution K16712298."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_access_policy_manager");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_advanced_firewall_manager");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_acceleration_manager");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_security_manager");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_visibility_and_reporting");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_global_traffic_manager");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_link_controller");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_local_traffic_manager");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_policy_enforcement_manager");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_webaccelerator");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip_protocol_security_manager");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/05/20");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/12/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/12/20");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"F5 Networks Local Security Checks");

  script_dependencies("f5_bigip_detect.nbin");
  script_require_keys("Host/local_checks_enabled", "Host/BIG-IP/hotfix", "Host/BIG-IP/modules", "Host/BIG-IP/version");

  exit(0);
}


include("f5_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
version = get_kb_item("Host/BIG-IP/version");
if ( ! version ) audit(AUDIT_OS_NOT, "F5 Networks BIG-IP");
if ( isnull(get_kb_item("Host/BIG-IP/hotfix")) ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/hotfix");
if ( ! get_kb_item("Host/BIG-IP/modules") ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/modules");

sol = "K16712298";
vmatrix = make_array();

# AFM
vmatrix["AFM"] = make_array();
vmatrix["AFM"]["affected"  ] = make_list("12.0.0-12.1.1","11.4.0-11.6.1");
vmatrix["AFM"]["unaffected"] = make_list("12.1.2");

# AM
vmatrix["AM"] = make_array();
vmatrix["AM"]["affected"  ] = make_list("12.0.0-12.1.1","11.4.0-11.6.1");
vmatrix["AM"]["unaffected"] = make_list("12.1.2");

# APM
vmatrix["APM"] = make_array();
vmatrix["APM"]["affected"  ] = make_list("12.0.0-12.1.1","11.4.0-11.6.1","11.2.1","10.2.1-10.2.4");
vmatrix["APM"]["unaffected"] = make_list("12.1.2");

# ASM
vmatrix["ASM"] = make_array();
vmatrix["ASM"]["affected"  ] = make_list("12.0.0-12.1.1","11.4.0-11.6.1","11.2.1","10.2.1-10.2.4");
vmatrix["ASM"]["unaffected"] = make_list("12.1.2");

# AVR
vmatrix["AVR"] = make_array();
vmatrix["AVR"]["affected"  ] = make_list("12.0.0-12.1.1","11.4.0-11.6.1","11.2.1");
vmatrix["AVR"]["unaffected"] = make_list("12.1.2");

# LC
vmatrix["LC"] = make_array();
vmatrix["LC"]["affected"  ] = make_list("12.0.0-12.1.1","11.4.0-11.6.1","11.2.1","10.2.1-10.2.4");
vmatrix["LC"]["unaffected"] = make_list("12.1.2");

# LTM
vmatrix["LTM"] = make_array();
vmatrix["LTM"]["affected"  ] = make_list("12.0.0-12.1.1","11.4.0-11.6.1","11.2.1","10.2.1-10.2.4");
vmatrix["LTM"]["unaffected"] = make_list("12.1.2");

# PEM
vmatrix["PEM"] = make_array();
vmatrix["PEM"]["affected"  ] = make_list("12.0.0-12.1.1","11.4.0-11.6.1");
vmatrix["PEM"]["unaffected"] = make_list("12.1.2");


if (bigip_is_affected(vmatrix:vmatrix, sol:sol))
{
  if (report_verbosity &gt; 0) security_hole(port:0, extra:bigip_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = bigip_get_tested_modules();
  audit_extra = "For BIG-IP module(s) " + tested + ",";
  if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);
  else audit(AUDIT_HOST_NOT, "running any of the affected modules");
}

JSON Vulners Source

Initial Source

{"id": "F5_BIGIP_SOL16712298.NASL", "type": "nessus", "bulletinFamily": "scanner", "title": "F5 Networks BIG-IP : libxml2 vulnerability (K16712298)", "description": "Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document. (CVE-2016-1834)", "published": "2016-12-20T00:00:00", "modified": "2020-03-09T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/95938", "reporter": "This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1834", "https://support.f5.com/csp/article/K16712298"], "cvelist": ["CVE-2016-1834"], "immutableFields": [], "lastseen": "2021-08-19T12:38:29", "viewCount": 36, "enchantments": {"dependencies": {"references": [{"type": "amazon", "idList": ["ALAS-2016-719"]}, {"type": "apple", "idList": ["APPLE:004B37C869B56A0F993458CA68A5A5C1", "APPLE:3299E9EFA9B676AE490ABAACC350C359", "APPLE:888E607C6699469D7890D958FC8D36F7", "APPLE:D2896F9EF4E86DBA2ADA7F8FB613BAEF", "APPLE:HT206564", "APPLE:HT206566", "APPLE:HT206567", "APPLE:HT206568"]}, {"type": "archlinux", "idList": ["ASA-201605-27"]}, {"type": "centos", "idList": ["CESA-2016:1292"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:DCC31D4961650B41BAF732BB0B28B011"]}, {"type": "cve", "idList": ["CVE-2016-1834"]}, {"type": "debian", "idList": ["DEBIAN:DLA-503-1:11947", "DEBIAN:DLA-503-1:6F8B6", "DEBIAN:DSA-3593-1:95A95", "DEBIAN:DSA-3593-1:F14D3"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2016-1834"]}, {"type": "f5", "idList": ["F5:K16712298"]}, {"type": "fedora", "idList": ["FEDORA:09EA7605EEEE", "FEDORA:D1EB860677B7"]}, {"type": "freebsd", "idList": ["E195679D-045B-4953-BB33-BE0073BA2AC6"]}, {"type": "ibm", "idList": ["200EB5D05FDD22F6EA7DB38F81D5DFDB97686B3E63B80F435FD2CC4BE274FC98", "4E0F3F37822FD6C37F3F06A94F967EABE3AAC2F9D4382E4932DAA8EA6754AFF7", "6253D6195173C24D2F250E5EBA9E1FFC8DBDFC9645E89016FCD04E6F2D9EBEB3", "C9A098A495C84449FE37F5185D9511BAF41B34B7A322B48105FF2EE7EC21E28E"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/CENTOS_LINUX-CVE-2016-1834/", "MSF:ILITIES/REDHAT_LINUX-CVE-2016-1834/"]}, {"type": "nessus", "idList": ["802004.PRM", "9332.PRM", "9337.PRM", "9392.PRM", "ALA_ALAS-2016-719.NASL", "APPLETV_9_2_1.NASL", "APPLE_IOS_932_CHECK.NBIN", "CENTOS_RHSA-2016-1292.NASL", "DEBIAN_DLA-503.NASL", "DEBIAN_DSA-3593.NASL", "FEDORA_2017-A3A47973EB.NASL", "FEDORA_2017-BE8574D593.NASL", "FREEBSD_PKG_E195679D045B4953BB33BE0073BA2AC6.NASL", "LCE_4_8_1.NASL", "MACOSX_10_11_5.NASL", "MACOSX_SECUPD2016-003.NASL", "OPENSUSE-2016-733.NASL", "OPENSUSE-2016-734.NASL", "ORACLELINUX_ELSA-2016-1292.NASL", "ORACLEVM_OVMSA-2016-0087.NASL", "REDHAT-RHSA-2016-1292.NASL", "SL_20160623_LIBXML2_ON_SL6_X.NASL", "SUSE_SU-2016-1538-1.NASL", "SUSE_SU-2016-1604-1.NASL", "UBUNTU_USN-2994-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310106510", "OPENVAS:1361412562310120708", "OPENVAS:1361412562310703593", "OPENVAS:1361412562310806695", "OPENVAS:1361412562310810209", "OPENVAS:1361412562310842783", "OPENVAS:1361412562310851331", "OPENVAS:1361412562310851340", "OPENVAS:1361412562310851341", "OPENVAS:1361412562310871634", "OPENVAS:1361412562310872590", "OPENVAS:1361412562310872591", "OPENVAS:1361412562310882513", "OPENVAS:1361412562310882515", "OPENVAS:703593"]}, {"type": "oraclelinux", "idList": ["ELSA-2016-1292"]}, {"type": "redhat", "idList": ["RHSA-2016:1292", "RHSA-2016:2957"]}, {"type": "redhatcve", "idList": ["RH:CVE-2016-1834"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2016:1594-1", "OPENSUSE-SU-2016:1595-1", "SUSE-SU-2016:1538-1", "SUSE-SU-2016:1604-1", "SUSE-SU-2017:2699-1", "SUSE-SU-2017:2700-1"]}, {"type": "symantec", "idList": ["SMNTC-1377"]}, {"type": "ubuntu", "idList": ["USN-2994-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2016-1834"]}]}, "score": {"value": 7.8, "vector": "NONE"}, "backreferences": {"references": [{"type": "apple", "idList": ["APPLE:HT206568"]}, {"type": "centos", "idList": ["CESA-2016:1292"]}, {"type": "cve", "idList": ["CVE-2016-1834"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3593-1:95A95"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2016-1834"]}, {"type": "f5", "idList": ["F5:K16712298"]}, {"type": "fedora", "idList": ["FEDORA:D1EB860677B7"]}, {"type": "freebsd", "idList": ["E195679D-045B-4953-BB33-BE0073BA2AC6"]}, {"type": "ibm", "idList": ["4E0F3F37822FD6C37F3F06A94F967EABE3AAC2F9D4382E4932DAA8EA6754AFF7"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/CENTOS_LINUX-CVE-2016-1834/"]}, {"type": "nessus", "idList": ["APPLETV_9_2_1.NASL", "MACOSX_SECUPD2016-003.NASL", "REDHAT-RHSA-2016-1292.NASL", "SUSE_SU-2016-1538-1.NASL", "SUSE_SU-2016-1604-1.NASL", "UBUNTU_USN-2994-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310872590"]}, {"type": "redhat", "idList": ["RHSA-2016:1292"]}, {"type": "suse", "idList": ["SUSE-SU-2016:1604-1"]}, {"type": "symantec", "idList": ["SMNTC-1377"]}]}, "exploitation": null, "vulnersScore": 7.8}, "pluginID": "95938", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K16712298.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95938);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/09\");\n\n script_cve_id(\"CVE-2016-1834\");\n\n script_name(english:\"F5 Networks BIG-IP : libxml2 vulnerability (K16712298)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Heap-based buffer overflow in the xmlStrncat function in libxml2\nbefore 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5,\ntvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers\nto execute arbitrary code or cause a denial of service (memory\ncorruption) via a crafted XML document. (CVE-2016-1834)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K16712298\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K16712298.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K16712298\";\nvmatrix = make_array();\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"12.0.0-12.1.1\",\"11.4.0-11.6.1\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"12.1.2\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"12.0.0-12.1.1\",\"11.4.0-11.6.1\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"12.1.2\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"12.0.0-12.1.1\",\"11.4.0-11.6.1\",\"11.2.1\",\"10.2.1-10.2.4\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"12.1.2\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"12.0.0-12.1.1\",\"11.4.0-11.6.1\",\"11.2.1\",\"10.2.1-10.2.4\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"12.1.2\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"12.0.0-12.1.1\",\"11.4.0-11.6.1\",\"11.2.1\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"12.1.2\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"12.0.0-12.1.1\",\"11.4.0-11.6.1\",\"11.2.1\",\"10.2.1-10.2.4\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"12.1.2\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"12.0.0-12.1.1\",\"11.4.0-11.6.1\",\"11.2.1\",\"10.2.1-10.2.4\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"12.1.2\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"12.0.0-12.1.1\",\"11.4.0-11.6.1\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"12.1.2\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "naslFamily": "F5 Networks Local Security Checks", "cpe": ["cpe:/a:f5:big-ip_access_policy_manager", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_webaccelerator", "cpe:/h:f5:big-ip", "cpe:/h:f5:big-ip_protocol_security_manager"], "solution": "Upgrade to one of the non-vulnerable versions listed in the F5 Solution K16712298.", "nessusSeverity": "High", "cvssScoreSource": "", "vpr": {"risk factor": "Medium", "score": "6.7"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2016-12-19T00:00:00", "vulnerabilityPublicationDate": "2016-05-20T00:00:00", "exploitableWith": [], "_state": {"dependencies": 1647589307, "score": 0}}

{"metasploit": [{"lastseen": "2021-09-03T13:45:16", "description": "\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "1976-01-01T00:00:00", "type": "metasploit", "title": "Red Hat: CVE-2016-1834: Important: libxml2 security update (RHSA-2016:1292)", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1834"], "modified": "1976-01-01T00:00:00", "id": "MSF:ILITIES/REDHAT_LINUX-CVE-2016-1834/", "href": "", "sourceData": "", "sourceHref": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-09-03T13:14:19", "description": "\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "1976-01-01T00:00:00", "type": "metasploit", "title": "CentOS: (CVE-2016-1834) CESA-2016:1292: libxml2", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1834"], "modified": "1976-01-01T00:00:00", "id": "MSF:ILITIES/CENTOS_LINUX-CVE-2016-1834/", "href": "", "sourceData": "", "sourceHref": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2022-03-23T12:54:11", "description": "Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-05-20T10:59:00", "type": "cve", "title": "CVE-2016-1834", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1834"], "modified": "2019-03-25T17:24:00", "cpe": ["cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:redhat:enterprise_linux_server_eus:7.2", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/o:debian:debian_linux:8.0", "cpe:/a:mcafee:web_gateway:7.6.2.3", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:redhat:enterprise_linux_server_aus:7.3", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:redhat:enterprise_linux_server_aus:7.2", "cpe:/o:redhat:enterprise_linux_server_tus:7.6", "cpe:/o:redhat:enterprise_linux_server:6.0", "cpe:/o:redhat:enterprise_linux_server_tus:7.2", "cpe:/a:mcafee:web_gateway:7.5.2.10", "cpe:/o:redhat:enterprise_linux_server_aus:7.4", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/o:canonical:ubuntu_linux:15.10", "cpe:/o:redhat:enterprise_linux_server_aus:7.6", "cpe:/o:redhat:enterprise_linux_server_tus:7.3", "cpe:/o:redhat:enterprise_linux_server_eus:7.3", "cpe:/o:redhat:enterprise_linux_server_eus:7.5", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:redhat:enterprise_linux_server_eus:7.6", "cpe:/o:redhat:enterprise_linux_server_eus:7.4"], "id": "CVE-2016-1834", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1834", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "cpe:2.3:a:mcafee:web_gateway:7.6.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:mcafee:web_gateway:7.5.2.10:*:*:*:*:*:*:*"]}], "f5": [{"lastseen": "2017-06-08T00:16:05", "description": "\nF5 Product Development has assigned ID 601059 (BIG-IP) and INSTALLER-2826 (Traffix SDC) to this vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H16712298 on the **Diagnostics** > **Identified** > **Low** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| 12.1.2| Low| libxml2 (XML Content Based Routing, iRules XML commands, External Application Verification (EAV) monitors that parses XML, iApps application programming language (APL) scripts) \nBIG-IP AAM| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1| 12.1.2| Low| libxml2 (Image Optimization, XML Content Based Routing, iRules XML commands, EAV monitors that parses XML, iApps APL scripts) \nBIG-IP AFM| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1| 12.1.2| Low| libxml2 (SSH plugin, XML Content Based Routing, iRules XML commands, EAV monitors that parses XML, iApps APL scripts) \nBIG-IP Analytics| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1| 12.1.2| Low| libxml2 (XML Content Based Routing, iRules XML commands, EAV monitors that parses XML, iApps APL scripts) \nBIG-IP APM| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| 12.1.2| Low| libxml2 (XML Content Based Routing, iRules XML commands, EAV monitors that parses XML, iApps APL scripts) \nBIG-IP ASM| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| 12.1.2| Low| libxml2 (XML Content Based Routing, iRules XML commands, EAV monitors that parses XML, iApps APL scripts) \nBIG-IP DNS| 12.0.0 - 12.1.1| 12.1.2| Low| libxml2 (XML Content Based Routing, iRules XML commands, EAV monitors that parses XML, iApps APL scripts) \nBIG-IP Edge Gateway| 11.2.1 \n10.2.1 - 10.2.4| None| Low| libxml2 (XML Content Based Routing, iRules XML commands, EAV monitors that parses XML, iApps APL scripts) \nBIG-IP GTM| 11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| None| Low| libxml2 (XML Content Based Routing, iRules XML commands, EAV monitors that parses XML, iApps APL scripts) \nBIG-IP Link Controller| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| 12.1.2| Low| libxml2 (XML Content Based Routing, iRules XML commands, EAV monitors that parses XML, iApps APL scripts) \nBIG-IP PEM| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1| 12.1.2| Low| libxml2 (XML Content Based Routing, iRules XML commands, EAV monitors that parses XML, iApps APL scripts) \nBIG-IP PSM| 11.4.0 - 11.4.1 \n10.2.1 - 10.2.4| None| Low| libxml2 (XML Content Based Routing, iRules XML commands, EAV monitors that parses XML, iApps APL scripts) \nBIG-IP WebAccelerator| 11.2.1 \n10.2.1 - 10.2.4| None| Low| libxml2 (Image Optimization, XML Content Based Routing, iRules XML commands, EAV monitors that parses XML, iApps APL scripts) \nBIG-IP WebSafe| 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1| 12.1.2| Low \n\n| libxml2 (XML Content Based Routing, iRules XML commands, EAV monitors that parses XML, iApps APL scripts) \nARX| None| 6.2.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.1.1| Not vulnerable| None \nFirePass| None| 7.0.0| Not vulnerable| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0 \n| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 5.0.0 - 5.1.0 \n4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nF5 iWorkflow| None| 2.0.0 - 2.0.2| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nTraffix SDC| 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0| None| Low| libxml2\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-12-20T04:30:00", "type": "f5", "title": "libxml2 vulnerability CVE-2016-1834", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1834"], "modified": "2017-04-04T21:40:00", "id": "F5:K16712298", "href": "https://support.f5.com/csp/article/K16712298", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "ubuntucve": [{"lastseen": "2021-11-22T21:46:51", "description": "Heap-based buffer overflow in the xmlStrncat function in libxml2 before\n2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before\n9.2.1, and watchOS before 2.2.1, allows remote attackers to execute\narbitrary code or cause a denial of service (memory corruption) via a\ncrafted XML document.\n\n#### Bugs\n\n * <https://bugzilla.gnome.org/show_bug.cgi?id=763071>\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-05-20T00:00:00", "type": "ubuntucve", "title": "CVE-2016-1834", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1834"], "modified": "2016-05-20T00:00:00", "id": "UB:CVE-2016-1834", "href": "https://ubuntu.com/security/CVE-2016-1834", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "redhatcve": [{"lastseen": "2021-07-29T04:47:46", "description": "Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-07-18T14:19:32", "type": "redhatcve", "title": "CVE-2016-1834", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1834"], "modified": "2020-08-18T13:51:14", "id": "RH:CVE-2016-1834", "href": "https://access.redhat.com/security/cve/cve-2016-1834", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "debiancve": [{"lastseen": "2022-05-10T18:55:41", "description": "Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-05-20T10:59:00", "type": "debiancve", "title": "CVE-2016-1834", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1834"], "modified": "2016-05-20T10:59:00", "id": "DEBIANCVE:CVE-2016-1834", "href": "https://security-tracker.debian.org/tracker/CVE-2016-1834", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-08-19T12:41:16", "description": "This update brings libxml2 to version 2.9.4.\n\nThese security issues were fixed :\n\n - CVE-2016-3627: The xmlStringGetNodeList function in tree.c, when used in recovery mode, allowed context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document (bsc#972335).\n\n - CVE-2016-1833: libxml2 allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2016-1834, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, and CVE-2016-1840 (bsc#981108).\n\n - CVE-2016-1835: libxml2 allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document (bsc#981109).\n\n - CVE-2016-1837: libxml2 allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2016-1833, CVE-2016-1834, CVE-2016-1836, CVE-2016-1838, CVE-2016-1839, and CVE-2016-1840 (bsc#981111).\n\n - CVE-2016-1836: libxml2 allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2016-1833, CVE-2016-1834, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, and CVE-2016-1840 (bsc#981110).\n\n - CVE-2016-1839: libxml2 allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2016-1833, CVE-2016-1834, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, and CVE-2016-1840 (bsc#981114).\n\n - CVE-2016-1838: libxml2 allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2016-1833, CVE-2016-1834, CVE-2016-1836, CVE-2016-1837, CVE-2016-1839, and CVE-2016-1840 (bsc#981112).\n\n - CVE-2016-1840: libxml2 allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2016-1833, CVE-2016-1834, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, and CVE-2016-1839 (bsc#981115).\n\n - CVE-2016-4483: out-of-bounds read parsing an XML using recover mode (bnc#978395).\n\n - CVE-2016-1834: libxml2 allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2016-1833, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, and CVE-2016-1840 (bsc#981041).\n\n - CVE-2016-3705: The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 did not properly keep track of the recursion depth, which allowed context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document containing a large number of nested entity references (bsc#975947).\n\n - CVE-2016-1762: libxml2 allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document (bsc#981040).\n\nThis non-security issue was fixed :\n\n - bnc#983288: Fix attribute decoding during XML schema validation", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-06-17T00:00:00", "type": "nessus", "title": "openSUSE Security Update : libxml2 (openSUSE-2016-734)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1762", "CVE-2016-1833", "CVE-2016-1834", "CVE-2016-1835", "CVE-2016-1836", "CVE-2016-1837", "CVE-2016-1838", "CVE-2016-1839", "CVE-2016-1840", "CVE-2016-3627", "CVE-2016-3705", "CVE-2016-4483"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libxml2-2", "p-cpe:/a:novell:opensuse:libxml2-2-32bit", "p-cpe:/a:novell:opensuse:libxml2-2-debuginfo", "p-cpe:/a:novell:opensuse:libxml2-2-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libxml2-debugsource", "p-cpe:/a:novell:opensuse:libxml2-devel", "p-cpe:/a:novell:opensuse:libxml2-devel-32bit", "p-cpe:/a:novell:opensuse:libxml2-tools", "p-cpe:/a:novell:opensuse:libxml2-tools-debuginfo", "p-cpe:/a:novell:opensuse:python-libxml2", "p-cpe:/a:novell:opensuse:python-libxml2-debuginfo", "p-cpe:/a:novell:opensuse:python-libxml2-debugsource", "cpe:/o:novell:opensuse:13.2"], "id": "OPENSUSE-2016-734.NASL", "href": "https://www.tenable.com/plugins/nessus/91640", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-734.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91640);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-1762\", \"CVE-2016-1833\", \"CVE-2016-1834\", \"CVE-2016-1835\", \"CVE-2016-1836\", \"CVE-2016-1837\", \"CVE-2016-1838\", \"CVE-2016-1839\", \"CVE-2016-1840\", \"CVE-2016-3627\", \"CVE-2016-3705\", \"CVE-2016-4483\");\n\n script_name(english:\"openSUSE Security Update : libxml2 (openSUSE-2016-734)\");\n script_summary(english:\"Check for the openSUSE-2016-734 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update brings libxml2 to version 2.9.4.\n\nThese security issues were fixed :\n\n - CVE-2016-3627: The xmlStringGetNodeList function in\n tree.c, when used in recovery mode, allowed\n context-dependent attackers to cause a denial of service\n (infinite recursion, stack consumption, and application\n crash) via a crafted XML document (bsc#972335).\n\n - CVE-2016-1833: libxml2 allowed remote attackers to\n execute arbitrary code or cause a denial of service\n (memory corruption) via a crafted XML document, a\n different vulnerability than CVE-2016-1834,\n CVE-2016-1836, CVE-2016-1837, CVE-2016-1838,\n CVE-2016-1839, and CVE-2016-1840 (bsc#981108).\n\n - CVE-2016-1835: libxml2 allowed remote attackers to\n execute arbitrary code or cause a denial of service\n (memory corruption) via a crafted XML document\n (bsc#981109).\n\n - CVE-2016-1837: libxml2 allowed remote attackers to\n execute arbitrary code or cause a denial of service\n (memory corruption) via a crafted XML document, a\n different vulnerability than CVE-2016-1833,\n CVE-2016-1834, CVE-2016-1836, CVE-2016-1838,\n CVE-2016-1839, and CVE-2016-1840 (bsc#981111).\n\n - CVE-2016-1836: libxml2 allowed remote attackers to\n execute arbitrary code or cause a denial of service\n (memory corruption) via a crafted XML document, a\n different vulnerability than CVE-2016-1833,\n CVE-2016-1834, CVE-2016-1837, CVE-2016-1838,\n CVE-2016-1839, and CVE-2016-1840 (bsc#981110).\n\n - CVE-2016-1839: libxml2 allowed remote attackers to\n execute arbitrary code or cause a denial of service\n (memory corruption) via a crafted XML document, a\n different vulnerability than CVE-2016-1833,\n CVE-2016-1834, CVE-2016-1836, CVE-2016-1837,\n CVE-2016-1838, and CVE-2016-1840 (bsc#981114).\n\n - CVE-2016-1838: libxml2 allowed remote attackers to\n execute arbitrary code or cause a denial of service\n (memory corruption) via a crafted XML document, a\n different vulnerability than CVE-2016-1833,\n CVE-2016-1834, CVE-2016-1836, CVE-2016-1837,\n CVE-2016-1839, and CVE-2016-1840 (bsc#981112).\n\n - CVE-2016-1840: libxml2 allowed remote attackers to\n execute arbitrary code or cause a denial of service\n (memory corruption) via a crafted XML document, a\n different vulnerability than CVE-2016-1833,\n CVE-2016-1834, CVE-2016-1836, CVE-2016-1837,\n CVE-2016-1838, and CVE-2016-1839 (bsc#981115).\n\n - CVE-2016-4483: out-of-bounds read parsing an XML using\n recover mode (bnc#978395).\n\n - CVE-2016-1834: libxml2 allowed remote attackers to\n execute arbitrary code or cause a denial of service\n (memory corruption) via a crafted XML document, a\n different vulnerability than CVE-2016-1833,\n CVE-2016-1836, CVE-2016-1837, CVE-2016-1838,\n CVE-2016-1839, and CVE-2016-1840 (bsc#981041).\n\n - CVE-2016-3705: The (1) xmlParserEntityCheck and (2)\n xmlParseAttValueComplex functions in parser.c in libxml2\n did not properly keep track of the recursion depth,\n which allowed context-dependent attackers to cause a\n denial of service (stack consumption and application\n crash) via a crafted XML document containing a large\n number of nested entity references (bsc#975947).\n\n - CVE-2016-1762: libxml2 allowed remote attackers to\n execute arbitrary code or cause a denial of service\n (memory corruption) via a crafted XML document\n (bsc#981040).\n\nThis non-security issue was fixed :\n\n - bnc#983288: Fix attribute decoding during XML schema\n validation\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=972335\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=975947\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=978395\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=981040\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=981041\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=981108\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=981109\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=981110\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=981111\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=981112\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=981114\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=981115\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=983288\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libxml2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-2-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-libxml2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-libxml2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libxml2-2-2.9.4-7.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libxml2-2-debuginfo-2.9.4-7.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libxml2-debugsource-2.9.4-7.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libxml2-devel-2.9.4-7.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libxml2-tools-2.9.4-7.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libxml2-tools-debuginfo-2.9.4-7.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"python-libxml2-2.9.4-7.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"python-libxml2-debuginfo-2.9.4-7.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"python-libxml2-debugsource-2.9.4-7.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libxml2-2-32bit-2.9.4-7.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libxml2-2-debuginfo-32bit-2.9.4-7.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libxml2-devel-32bit-2.9.4-7.17.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2-2 / libxml2-2-32bit / libxml2-2-debuginfo / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-16T13:55:49", "description": "The remote host is running a version of Mac OS X that is 10.9.5 or 10.10.5 and is missing Security Update 2016-003. It is, therefore, affected by multiple vulnerabilities in the following components :\n\n - AMD\n - Captive Network Assistant\n - libxml2\n - libxslt\n - OpenGL\n\nNote that successful exploitation of the most serious issues can result in arbitrary code execution.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-05-19T00:00:00", "type": "nessus", "title": "Mac OS X 10.9.5 / 10.10.5 Multiple Vulnerabilities (Security Update 2016-003)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1791", "CVE-2016-1800", "CVE-2016-1833", "CVE-2016-1834", "CVE-2016-1835", "CVE-2016-1836", "CVE-2016-1837", "CVE-2016-1838", "CVE-2016-1839", "CVE-2016-1840", "CVE-2016-1841", "CVE-2016-1847"], "modified": "2019-11-14T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_SECUPD2016-003.NASL", "href": "https://www.tenable.com/plugins/nessus/91229", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91229);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/11/14\");\n\n script_cve_id(\n \"CVE-2016-1791\",\n \"CVE-2016-1800\",\n \"CVE-2016-1833\",\n \"CVE-2016-1834\",\n \"CVE-2016-1835\",\n \"CVE-2016-1836\",\n \"CVE-2016-1837\",\n \"CVE-2016-1838\",\n \"CVE-2016-1839\",\n \"CVE-2016-1840\",\n \"CVE-2016-1841\",\n \"CVE-2016-1847\"\n );\n script_bugtraq_id(90696);\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2016-05-16-4\");\n\n script_name(english:\"Mac OS X 10.9.5 / 10.10.5 Multiple Vulnerabilities (Security Update 2016-003)\");\n script_summary(english:\"Checks for the presence of Security Update 2016-003.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X update that fixes multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X that is 10.9.5 or\n10.10.5 and is missing Security Update 2016-003. It is, therefore,\naffected by multiple vulnerabilities in the following components :\n\n - AMD\n - Captive Network Assistant\n - libxml2\n - libxslt\n - OpenGL\n\nNote that successful exploitation of the most serious issues can\nresult in arbitrary code execution.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT206567\");\n # http://lists.apple.com/archives/security-announce/2016/May/msg00004.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?46de3fda\");\n script_set_attribute(attribute:\"solution\", value:\n\"Install Security Update 2016-003 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-1834\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"Host/MacOSX/packages/boms\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\npatch = \"2016-003\";\n\n# Compare 2 patch numbers to determine if patch requirements are satisfied.\n# Return true if this patch or a later patch is applied\n# Return false otherwise\nfunction check_patch(year, number)\n{\n local_var p_split = split(patch, sep:\"-\");\n local_var p_year = int( p_split[0]);\n local_var p_num = int( p_split[1]);\n\n if (year > p_year) return TRUE;\n else if (year < p_year) return FALSE;\n else if (number >= p_num) return TRUE;\n else return FALSE;\n}\n\nif (!get_kb_item(\"Host/local_checks_enabled\"))\n audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os)\n audit(AUDIT_OS_NOT, \"Mac OS X\");\n\nif (!ereg(pattern:\"Mac OS X 10\\.(9|10)\\.5([^0-9]|$)\", string:os))\n audit(AUDIT_OS_NOT, \"Mac OS X 10.9.5 or Mac OS X 10.10.5\");\n\npackages = get_kb_item_or_exit(\"Host/MacOSX/packages/boms\", exit_code:1);\nsec_boms_report = egrep(pattern:\"^com\\.apple\\.pkg\\.update\\.security\\..*bom$\", string:packages);\nsec_boms = split(sec_boms_report, sep:'\\n');\n\nforeach package (sec_boms)\n{\n # Grab patch year and number\n match = eregmatch(pattern:\"[^0-9](20[0-9][0-9])[-.]([0-9]{3})[^0-9]\", string:package);\n if (empty_or_null(match[1]) || empty_or_null(match[2]))\n continue;\n\n patch_found = check_patch(year:int(match[1]), number:int(match[2]));\n if (patch_found) exit(0, \"The host has Security Update \" + patch + \" or later installed and is therefore not affected.\");\n}\n\nreport = '\\n Missing security update : ' + patch;\nreport += '\\n Installed security BOMs : ';\nif (sec_boms_report) report += str_replace(find:'\\n', replace:'\\n ', string:sec_boms_report);\nelse report += 'n/a';\nreport += '\\n';\n\nsecurity_report_v4(port:0, severity:SECURITY_HOLE, extra:report);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:40:28", "description": "Daniel Veillard reports :\n\nMore format string warnings with possible format string vulnerability (David Kilzer)\n\nAvoid building recursive entities (Daniel Veillard)\n\nHeap-based buffer overread in htmlCurrentChar (Pranjal Jumde)\n\nHeap-based buffer-underreads due to xmlParseName (David Kilzer)\n\nHeap use-after-free in xmlSAX2AttributeNs (Pranjal Jumde)\n\nHeap use-after-free in htmlParsePubidLiteral and htmlParseSystemiteral (Pranjal Jumde)\n\nFix some format string warnings with possible format string vulnerability (David Kilzer)\n\nDetect change of encoding when parsing HTML names (Hugh Davenport)\n\nFix inappropriate fetch of entities content (Daniel Veillard)\n\nBug 759398: Heap use-after-free in xmlDictComputeFastKey (Pranjal Jumde)\n\nBug 758605: Heap-based buffer overread in xmlDictAddString (Pranjal Jumde)\n\nBug 758588: Heap-based buffer overread in xmlParserPrintFileContextInternal (David Kilzer)\n\nBug 757711: heap-buffer-overflow in xmlFAParsePosCharGroup (Pranjal Jumde)\n\nAdd missing increments of recursion depth counter to XML parser.\n(Peter Simons)\n\nFix NULL pointer deref in XPointer range-to", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-08-29T00:00:00", "type": "nessus", "title": "FreeBSD : libxml2 -- multiple vulnerabilities (e195679d-045b-4953-bb33-be0073ba2ac6)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1762", "CVE-2016-1833", "CVE-2016-1834", "CVE-2016-1835", "CVE-2016-1836", "CVE-2016-1837", "CVE-2016-1838", "CVE-2016-1839", "CVE-2016-1840", "CVE-2016-3627", "CVE-2016-3705", "CVE-2016-4449", "CVE-2016-4483"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:libxml2", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_E195679D045B4953BB33BE0073BA2AC6.NASL", "href": "https://www.tenable.com/plugins/nessus/93145", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2019 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93145);\n script_version(\"2.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-1762\", \"CVE-2016-1833\", \"CVE-2016-1834\", \"CVE-2016-1835\", \"CVE-2016-1836\", \"CVE-2016-1837\", \"CVE-2016-1838\", \"CVE-2016-1839\", \"CVE-2016-1840\", \"CVE-2016-3627\", \"CVE-2016-3705\", \"CVE-2016-4449\", \"CVE-2016-4483\");\n\n script_name(english:\"FreeBSD : libxml2 -- multiple vulnerabilities (e195679d-045b-4953-bb33-be0073ba2ac6)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Daniel Veillard reports :\n\nMore format string warnings with possible format string vulnerability\n(David Kilzer)\n\nAvoid building recursive entities (Daniel Veillard)\n\nHeap-based buffer overread in htmlCurrentChar (Pranjal Jumde)\n\nHeap-based buffer-underreads due to xmlParseName (David Kilzer)\n\nHeap use-after-free in xmlSAX2AttributeNs (Pranjal Jumde)\n\nHeap use-after-free in htmlParsePubidLiteral and htmlParseSystemiteral\n(Pranjal Jumde)\n\nFix some format string warnings with possible format string\nvulnerability (David Kilzer)\n\nDetect change of encoding when parsing HTML names (Hugh Davenport)\n\nFix inappropriate fetch of entities content (Daniel Veillard)\n\nBug 759398: Heap use-after-free in xmlDictComputeFastKey (Pranjal\nJumde)\n\nBug 758605: Heap-based buffer overread in xmlDictAddString (Pranjal\nJumde)\n\nBug 758588: Heap-based buffer overread in\nxmlParserPrintFileContextInternal (David Kilzer)\n\nBug 757711: heap-buffer-overflow in xmlFAParsePosCharGroup (Pranjal\nJumde)\n\nAdd missing increments of recursion depth counter to XML parser.\n(Peter Simons)\n\nFix NULL pointer deref in XPointer range-to\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mail.gnome.org/archives/xml/2016-May/msg00023.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.gnome.org/show_bug.cgi?id=759398\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.gnome.org/show_bug.cgi?id=758605\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.gnome.org/show_bug.cgi?id=758588\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.gnome.org/show_bug.cgi?id=757711\"\n );\n # https://git.gnome.org/browse/libxml2/patch/?id=d8083bf77955b7879c1290f0c0a24ab8cc70f7fb\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?96b5bf04\"\n );\n # https://vuxml.freebsd.org/freebsd/e195679d-045b-4953-bb33-be0073ba2ac6.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9ec29647\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"libxml2<2.9.4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:41:10", "description": "From Red Hat Security Advisory 2016:1292 :\n\nAn update for libxml2 is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\n[Updated 18 July 2016] This advisory has been updated to push packages into the Red Hat Enterprise Linux 6 Desktop channels. The packages included in this revised update have not been changed in any way from the packages included in the original advisory.\n\nThe libxml2 library is a development toolbox providing the implementation of various XML standards.\n\nSecurity Fix(es) :\n\nA heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or execute arbitrary code with the permissions of the user running the application.\n(CVE-2016-1834, CVE-2016-1840)\n\nMultiple denial of service flaws were found in libxml2. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, could cause that application to crash. (CVE-2016-1762, CVE-2016-1833, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449)", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-06-24T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : libxml2 (ELSA-2016-1292)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1762", "CVE-2016-1833", "CVE-2016-1834", "CVE-2016-1835", "CVE-2016-1836", "CVE-2016-1837", "CVE-2016-1838", "CVE-2016-1839", "CVE-2016-1840", "CVE-2016-3627", "CVE-2016-3705", "CVE-2016-4447", "CVE-2016-4448", "CVE-2016-4449"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:libxml2", "p-cpe:/a:oracle:linux:libxml2-devel", "p-cpe:/a:oracle:linux:libxml2-python", "p-cpe:/a:oracle:linux:libxml2-static", "cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2016-1292.NASL", "href": "https://www.tenable.com/plugins/nessus/91797", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2016:1292 and \n# Oracle Linux Security Advisory ELSA-2016-1292 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91797);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-1762\", \"CVE-2016-1833\", \"CVE-2016-1834\", \"CVE-2016-1835\", \"CVE-2016-1836\", \"CVE-2016-1837\", \"CVE-2016-1838\", \"CVE-2016-1839\", \"CVE-2016-1840\", \"CVE-2016-3627\", \"CVE-2016-3705\", \"CVE-2016-4447\", \"CVE-2016-4448\", \"CVE-2016-4449\");\n script_xref(name:\"RHSA\", value:\"2016:1292\");\n\n script_name(english:\"Oracle Linux 6 / 7 : libxml2 (ELSA-2016-1292)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2016:1292 :\n\nAn update for libxml2 is now available for Red Hat Enterprise Linux 6\nand Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\n[Updated 18 July 2016] This advisory has been updated to push packages\ninto the Red Hat Enterprise Linux 6 Desktop channels. The packages\nincluded in this revised update have not been changed in any way from\nthe packages included in the original advisory.\n\nThe libxml2 library is a development toolbox providing the\nimplementation of various XML standards.\n\nSecurity Fix(es) :\n\nA heap-based buffer overflow flaw was found in the way libxml2 parsed\ncertain crafted XML input. A remote attacker could provide a specially\ncrafted XML file that, when opened in an application linked against\nlibxml2, would cause the application to crash or execute arbitrary\ncode with the permissions of the user running the application.\n(CVE-2016-1834, CVE-2016-1840)\n\nMultiple denial of service flaws were found in libxml2. A remote\nattacker could provide a specially crafted XML file that, when\nprocessed by an application using libxml2, could cause that\napplication to crash. (CVE-2016-1762, CVE-2016-1833, CVE-2016-1835,\nCVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839,\nCVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-4448,\nCVE-2016-4449)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-June/006135.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-June/006139.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libxml2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-4448\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libxml2-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"libxml2-2.7.6-21.0.1.el6_8.1\", el_string:\"el6_8\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"libxml2-devel-2.7.6-21.0.1.el6_8.1\", el_string:\"el6_8\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"libxml2-python-2.7.6-21.0.1.el6_8.1\", el_string:\"el6_8\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"libxml2-static-2.7.6-21.0.1.el6_8.1\", el_string:\"el6_8\")) flag++;\n\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libxml2-2.9.1-6.0.1.el7_2.3\", el_string:\"el7_2\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libxml2-devel-2.9.1-6.0.1.el7_2.3\", el_string:\"el7_2\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libxml2-python-2.9.1-6.0.1.el7_2.3\", el_string:\"el7_2\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libxml2-static-2.9.1-6.0.1.el7_2.3\", el_string:\"el7_2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2 / libxml2-devel / libxml2-python / libxml2-static\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-16T01:23:29", "description": "A heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or execute arbitrary code with the permissions of the user running the application.\n(CVE-2016-1834 , CVE-2016-1840)\n\nMultiple denial of service flaws were found in libxml2. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, could cause that application to crash. (CVE-2016-1762 , CVE-2016-1833 , CVE-2016-1835 , CVE-2016-1836 , CVE-2016-1837 , CVE-2016-1838 , CVE-2016-1839 , CVE-2016-3627 , CVE-2016-3705 , CVE-2016-4447 , CVE-2016-4448 , CVE-2016-4449)", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-07-15T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : libxml2 (ALAS-2016-719)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1762", "CVE-2016-1833", "CVE-2016-1834", "CVE-2016-1835", "CVE-2016-1836", "CVE-2016-1837", "CVE-2016-1838", "CVE-2016-1839", "CVE-2016-1840", "CVE-2016-3627", "CVE-2016-3705", "CVE-2016-4447", "CVE-2016-4448", "CVE-2016-4449"], "modified": "2019-04-11T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:libxml2", "p-cpe:/a:amazon:linux:libxml2-debuginfo", "p-cpe:/a:amazon:linux:libxml2-devel", "p-cpe:/a:amazon:linux:libxml2-python26", "p-cpe:/a:amazon:linux:libxml2-python27", "p-cpe:/a:amazon:linux:libxml2-static", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2016-719.NASL", "href": "https://www.tenable.com/plugins/nessus/92221", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2016-719.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92221);\n script_version(\"2.4\");\n script_cvs_date(\"Date: 2019/04/11 17:23:06\");\n\n script_cve_id(\"CVE-2016-1762\", \"CVE-2016-1833\", \"CVE-2016-1834\", \"CVE-2016-1835\", \"CVE-2016-1836\", \"CVE-2016-1837\", \"CVE-2016-1838\", \"CVE-2016-1839\", \"CVE-2016-1840\", \"CVE-2016-3627\", \"CVE-2016-3705\", \"CVE-2016-4447\", \"CVE-2016-4448\", \"CVE-2016-4449\");\n script_xref(name:\"ALAS\", value:\"2016-719\");\n\n script_name(english:\"Amazon Linux AMI : libxml2 (ALAS-2016-719)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A heap-based buffer overflow flaw was found in the way libxml2 parsed\ncertain crafted XML input. A remote attacker could provide a specially\ncrafted XML file that, when opened in an application linked against\nlibxml2, would cause the application to crash or execute arbitrary\ncode with the permissions of the user running the application.\n(CVE-2016-1834 , CVE-2016-1840)\n\nMultiple denial of service flaws were found in libxml2. A remote\nattacker could provide a specially crafted XML file that, when\nprocessed by an application using libxml2, could cause that\napplication to crash. (CVE-2016-1762 , CVE-2016-1833 , CVE-2016-1835 ,\nCVE-2016-1836 , CVE-2016-1837 , CVE-2016-1838 , CVE-2016-1839 ,\nCVE-2016-3627 , CVE-2016-3705 , CVE-2016-4447 , CVE-2016-4448 ,\nCVE-2016-4449)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2016-719.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update libxml2' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libxml2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libxml2-python26\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libxml2-python27\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libxml2-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"libxml2-2.9.1-6.3.49.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libxml2-debuginfo-2.9.1-6.3.49.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libxml2-devel-2.9.1-6.3.49.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libxml2-python26-2.9.1-6.3.49.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libxml2-python27-2.9.1-6.3.49.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libxml2-static-2.9.1-6.3.49.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2 / libxml2-debuginfo / libxml2-devel / libxml2-python26 / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:41:13", "description": "Security Fix(es) :\n\nA heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or execute arbitrary code with the permissions of the user running the application.\n(CVE-2016-1834, CVE-2016-1840)\n\nMultiple denial of service flaws were found in libxml2. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, could cause that application to crash. (CVE-2016-1762, CVE-2016-1833, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449)", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-06-24T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : libxml2 on SL6.x, SL7.x i386/x86_64 (20160623)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1762", "CVE-2016-1833", "CVE-2016-1834", "CVE-2016-1835", "CVE-2016-1836", "CVE-2016-1837", "CVE-2016-1838", "CVE-2016-1839", "CVE-2016-1840", "CVE-2016-3627", "CVE-2016-3705", "CVE-2016-4447", "CVE-2016-4448", "CVE-2016-4449"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:libxml2", "p-cpe:/a:fermilab:scientific_linux:libxml2-debuginfo", "p-cpe:/a:fermilab:scientific_linux:libxml2-devel", "p-cpe:/a:fermilab:scientific_linux:libxml2-python", "p-cpe:/a:fermilab:scientific_linux:libxml2-static", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20160623_LIBXML2_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/91808", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91808);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-1762\", \"CVE-2016-1833\", \"CVE-2016-1834\", \"CVE-2016-1835\", \"CVE-2016-1836\", \"CVE-2016-1837\", \"CVE-2016-1838\", \"CVE-2016-1839\", \"CVE-2016-1840\", \"CVE-2016-3627\", \"CVE-2016-3705\", \"CVE-2016-4447\", \"CVE-2016-4448\", \"CVE-2016-4449\");\n\n script_name(english:\"Scientific Linux Security Update : libxml2 on SL6.x, SL7.x i386/x86_64 (20160623)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\nA heap-based buffer overflow flaw was found in the way libxml2 parsed\ncertain crafted XML input. A remote attacker could provide a specially\ncrafted XML file that, when opened in an application linked against\nlibxml2, would cause the application to crash or execute arbitrary\ncode with the permissions of the user running the application.\n(CVE-2016-1834, CVE-2016-1840)\n\nMultiple denial of service flaws were found in libxml2. A remote\nattacker could provide a specially crafted XML file that, when\nprocessed by an application using libxml2, could cause that\napplication to crash. (CVE-2016-1762, CVE-2016-1833, CVE-2016-1835,\nCVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839,\nCVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-4448,\nCVE-2016-4449)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1606&L=scientific-linux-errata&F=&S=&P=6600\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f06629c4\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-4448\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libxml2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libxml2-static\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"libxml2-2.7.6-21.el6_8.1\", el_string:\"el6_8\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libxml2-debuginfo-2.7.6-21.el6_8.1\", el_string:\"el6_8\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libxml2-devel-2.7.6-21.el6_8.1\", el_string:\"el6_8\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libxml2-python-2.7.6-21.el6_8.1\", el_string:\"el6_8\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libxml2-static-2.7.6-21.el6_8.1\", el_string:\"el6_8\")) flag++;\n\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libxml2-2.9.1-6.el7_2.3\", el_string:\"el7_2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libxml2-debuginfo-2.9.1-6.el7_2.3\", el_string:\"el7_2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libxml2-devel-2.9.1-6.el7_2.3\", el_string:\"el7_2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libxml2-python-2.9.1-6.el7_2.3\", el_string:\"el7_2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libxml2-static-2.9.1-6.el7_2.3\", el_string:\"el7_2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2 / libxml2-debuginfo / libxml2-devel / libxml2-python / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:41:16", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - Update doc/redhat.gif in tarball\n\n - Add libxml2-oracle-enterprise.patch and update logos in tarball\n\n - Heap-based buffer overread in xmlNextChar (CVE-2016-1762)\n\n - Bug 763071: Heap-buffer-overflow in xmlStrncat (CVE-2016-1834)\n\n - Bug 757711: Heap-buffer-overflow in xmlFAParsePosCharGroup (CVE-2016-1840)\n\n - Bug 758588: Heap-based buffer overread in xmlParserPrintFileContextInternal (CVE-2016-1838)\n\n - Bug 758605: Heap-based buffer overread in xmlDictAddString (CVE-2016-1839)\n\n - Bug 759398: Heap use-after-free in xmlDictComputeFastKey (CVE-2016-1836)\n\n - Fix inappropriate fetch of entities content (CVE-2016-4449)\n\n - Heap use-after-free in htmlParsePubidLiteral and htmlParseSystemiteral (CVE-2016-1837)\n\n - Heap use-after-free in xmlSAX2AttributeNs (CVE-2016-1835)\n\n - Heap-based buffer-underreads due to xmlParseName (CVE-2016-4447)\n\n - Heap-based buffer overread in htmlCurrentChar (CVE-2016-1833)\n\n - Add missing increments of recursion depth counter to XML parser. (CVE-2016-3705)\n\n - Avoid building recursive entities (CVE-2016-3627)\n\n - Fix some format string warnings with possible format string vulnerability (CVE-2016-4448)\n\n - More format string warnings with possible format string vulnerability (CVE-2016-4448)\n\n - Fix large parse of file from memory (rhbz#862969)", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-06-24T00:00:00", "type": "nessus", "title": "OracleVM 3.3 / 3.4 : libxml2 (OVMSA-2016-0087)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1762", "CVE-2016-1833", "CVE-2016-1834", "CVE-2016-1835", "CVE-2016-1836", "CVE-2016-1837", "CVE-2016-1838", "CVE-2016-1839", "CVE-2016-1840", "CVE-2016-3627", "CVE-2016-3705", "CVE-2016-4447", "CVE-2016-4448", "CVE-2016-4449"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:libxml2", "p-cpe:/a:oracle:vm:libxml2-python", "cpe:/o:oracle:vm_server:3.3", "cpe:/o:oracle:vm_server:3.4"], "id": "ORACLEVM_OVMSA-2016-0087.NASL", "href": "https://www.tenable.com/plugins/nessus/91800", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2016-0087.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91800);\n script_version(\"2.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-1762\", \"CVE-2016-1833\", \"CVE-2016-1834\", \"CVE-2016-1835\", \"CVE-2016-1836\", \"CVE-2016-1837\", \"CVE-2016-1838\", \"CVE-2016-1839\", \"CVE-2016-1840\", \"CVE-2016-3627\", \"CVE-2016-3705\", \"CVE-2016-4447\", \"CVE-2016-4448\", \"CVE-2016-4449\");\n\n script_name(english:\"OracleVM 3.3 / 3.4 : libxml2 (OVMSA-2016-0087)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - Update doc/redhat.gif in tarball\n\n - Add libxml2-oracle-enterprise.patch and update logos in\n tarball\n\n - Heap-based buffer overread in xmlNextChar\n (CVE-2016-1762)\n\n - Bug 763071: Heap-buffer-overflow in xmlStrncat\n (CVE-2016-1834)\n\n - Bug 757711: Heap-buffer-overflow in\n xmlFAParsePosCharGroup (CVE-2016-1840)\n\n - Bug 758588: Heap-based buffer overread in\n xmlParserPrintFileContextInternal (CVE-2016-1838)\n\n - Bug 758605: Heap-based buffer overread in\n xmlDictAddString (CVE-2016-1839)\n\n - Bug 759398: Heap use-after-free in xmlDictComputeFastKey\n (CVE-2016-1836)\n\n - Fix inappropriate fetch of entities content\n (CVE-2016-4449)\n\n - Heap use-after-free in htmlParsePubidLiteral and\n htmlParseSystemiteral (CVE-2016-1837)\n\n - Heap use-after-free in xmlSAX2AttributeNs\n (CVE-2016-1835)\n\n - Heap-based buffer-underreads due to xmlParseName\n (CVE-2016-4447)\n\n - Heap-based buffer overread in htmlCurrentChar\n (CVE-2016-1833)\n\n - Add missing increments of recursion depth counter to XML\n parser. (CVE-2016-3705)\n\n - Avoid building recursive entities (CVE-2016-3627)\n\n - Fix some format string warnings with possible format\n string vulnerability (CVE-2016-4448)\n\n - More format string warnings with possible format string\n vulnerability (CVE-2016-4448)\n\n - Fix large parse of file from memory (rhbz#862969)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.gnome.org/show_bug.cgi?id=757711\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.gnome.org/show_bug.cgi?id=758588\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.gnome.org/show_bug.cgi?id=758605\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.gnome.org/show_bug.cgi?id=759398\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/oraclevm-errata/2016-June/000502.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/oraclevm-errata/2016-June/000501.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libxml2 / libxml2-python packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"(3\\.3|3\\.4)\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3 / 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"libxml2-2.7.6-21.0.1.el6_8.1\")) flag++;\nif (rpm_check(release:\"OVS3.3\", reference:\"libxml2-python-2.7.6-21.0.1.el6_8.1\")) flag++;\n\nif (rpm_check(release:\"OVS3.4\", reference:\"libxml2-2.7.6-21.0.1.el6_8.1\")) flag++;\nif (rpm_check(release:\"OVS3.4\", reference:\"libxml2-python-2.7.6-21.0.1.el6_8.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2 / libxml2-python\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:41:29", "description": "An update for libxml2 is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\n[Updated 18 July 2016] This advisory has been updated to push packages into the Red Hat Enterprise Linux 6 Desktop channels. The packages included in this revised update have not been changed in any way from the packages included in the original advisory.\n\nThe libxml2 library is a development toolbox providing the implementation of various XML standards.\n\nSecurity Fix(es) :\n\nA heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or execute arbitrary code with the permissions of the user running the application.\n(CVE-2016-1834, CVE-2016-1840)\n\nMultiple denial of service flaws were found in libxml2. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, could cause that application to crash. (CVE-2016-1762, CVE-2016-1833, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449)", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-06-24T00:00:00", "type": "nessus", "title": "CentOS 6 / 7 : libxml2 (CESA-2016:1292)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1762", "CVE-2016-1833", "CVE-2016-1834", "CVE-2016-1835", "CVE-2016-1836", "CVE-2016-1837", "CVE-2016-1838", "CVE-2016-1839", "CVE-2016-1840", "CVE-2016-3627", "CVE-2016-3705", "CVE-2016-4447", "CVE-2016-4448", "CVE-2016-4449"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:libxml2", "p-cpe:/a:centos:centos:libxml2-devel", "p-cpe:/a:centos:centos:libxml2-python", "p-cpe:/a:centos:centos:libxml2-static", "cpe:/o:centos:centos:6", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2016-1292.NASL", "href": "https://www.tenable.com/plugins/nessus/91786", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:1292 and \n# CentOS Errata and Security Advisory 2016:1292 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91786);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-1762\", \"CVE-2016-1833\", \"CVE-2016-1834\", \"CVE-2016-1835\", \"CVE-2016-1836\", \"CVE-2016-1837\", \"CVE-2016-1838\", \"CVE-2016-1839\", \"CVE-2016-1840\", \"CVE-2016-3627\", \"CVE-2016-3705\", \"CVE-2016-4447\", \"CVE-2016-4448\", \"CVE-2016-4449\");\n script_xref(name:\"RHSA\", value:\"2016:1292\");\n\n script_name(english:\"CentOS 6 / 7 : libxml2 (CESA-2016:1292)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for libxml2 is now available for Red Hat Enterprise Linux 6\nand Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\n[Updated 18 July 2016] This advisory has been updated to push packages\ninto the Red Hat Enterprise Linux 6 Desktop channels. The packages\nincluded in this revised update have not been changed in any way from\nthe packages included in the original advisory.\n\nThe libxml2 library is a development toolbox providing the\nimplementation of various XML standards.\n\nSecurity Fix(es) :\n\nA heap-based buffer overflow flaw was found in the way libxml2 parsed\ncertain crafted XML input. A remote attacker could provide a specially\ncrafted XML file that, when opened in an application linked against\nlibxml2, would cause the application to crash or execute arbitrary\ncode with the permissions of the user running the application.\n(CVE-2016-1834, CVE-2016-1840)\n\nMultiple denial of service flaws were found in libxml2. A remote\nattacker could provide a specially crafted XML file that, when\nprocessed by an application using libxml2, could cause that\napplication to crash. (CVE-2016-1762, CVE-2016-1833, CVE-2016-1835,\nCVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839,\nCVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-4448,\nCVE-2016-4449)\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-June/021917.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?363b0705\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-June/021929.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?af9d923d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libxml2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-4448\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libxml2-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x / 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"libxml2-2.7.6-21.el6_8.1\", el_string:\"el6_8\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"libxml2-devel-2.7.6-21.el6_8.1\", el_string:\"el6_8\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"libxml2-python-2.7.6-21.el6_8.1\", el_string:\"el6_8\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"libxml2-static-2.7.6-21.el6_8.1\", el_string:\"el6_8\")) flag++;\n\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libxml2-2.9.1-6.el7_2.3\", el_string:\"el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libxml2-devel-2.9.1-6.el7_2.3\", el_string:\"el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libxml2-python-2.9.1-6.el7_2.3\", el_string:\"el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libxml2-static-2.9.1-6.el7_2.3\", el_string:\"el7_2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2 / libxml2-devel / libxml2-python / libxml2-static\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:41:26", "description": "An update for libxml2 is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\n[Updated 18 July 2016] This advisory has been updated to push packages into the Red Hat Enterprise Linux 6 Desktop channels. The packages included in this revised update have not been changed in any way from the packages included in the original advisory.\n\nThe libxml2 library is a development toolbox providing the implementation of various XML standards.\n\nSecurity Fix(es) :\n\nA heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or execute arbitrary code with the permissions of the user running the application.\n(CVE-2016-1834, CVE-2016-1840)\n\nMultiple denial of service flaws were found in libxml2. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, could cause that application to crash. (CVE-2016-1762, CVE-2016-1833, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449)", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-06-24T00:00:00", "type": "nessus", "title": "RHEL 6 / 7 : libxml2 (RHSA-2016:1292)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1762", "CVE-2016-1833", "CVE-2016-1834", "CVE-2016-1835", "CVE-2016-1836", "CVE-2016-1837", "CVE-2016-1838", "CVE-2016-1839", "CVE-2016-1840", "CVE-2016-3627", "CVE-2016-3705", "CVE-2016-4447", "CVE-2016-4448", "CVE-2016-4449"], "modified": "2020-04-08T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:libxml2", "p-cpe:/a:redhat:enterprise_linux:libxml2-debuginfo", "p-cpe:/a:redhat:enterprise_linux:libxml2-devel", "p-cpe:/a:redhat:enterprise_linux:libxml2-python", "p-cpe:/a:redhat:enterprise_linux:libxml2-static", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.2", "cpe:/o:redhat:enterprise_linux:7.3", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2016-1292.NASL", "href": "https://www.tenable.com/plugins/nessus/91802", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:1292. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91802);\n script_version(\"2.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/04/08\");\n\n script_cve_id(\"CVE-2016-1762\", \"CVE-2016-1833\", \"CVE-2016-1834\", \"CVE-2016-1835\", \"CVE-2016-1836\", \"CVE-2016-1837\", \"CVE-2016-1838\", \"CVE-2016-1839\", \"CVE-2016-1840\", \"CVE-2016-3627\", \"CVE-2016-3705\", \"CVE-2016-4447\", \"CVE-2016-4448\", \"CVE-2016-4449\");\n script_xref(name:\"RHSA\", value:\"2016:1292\");\n\n script_name(english:\"RHEL 6 / 7 : libxml2 (RHSA-2016:1292)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for libxml2 is now available for Red Hat Enterprise Linux 6\nand Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\n[Updated 18 July 2016] This advisory has been updated to push packages\ninto the Red Hat Enterprise Linux 6 Desktop channels. The packages\nincluded in this revised update have not been changed in any way from\nthe packages included in the original advisory.\n\nThe libxml2 library is a development toolbox providing the\nimplementation of various XML standards.\n\nSecurity Fix(es) :\n\nA heap-based buffer overflow flaw was found in the way libxml2 parsed\ncertain crafted XML input. A remote attacker could provide a specially\ncrafted XML file that, when opened in an application linked against\nlibxml2, would cause the application to crash or execute arbitrary\ncode with the permissions of the user running the application.\n(CVE-2016-1834, CVE-2016-1840)\n\nMultiple denial of service flaws were found in libxml2. A remote\nattacker could provide a specially crafted XML file that, when\nprocessed by an application using libxml2, could cause that\napplication to crash. (CVE-2016-1762, CVE-2016-1833, CVE-2016-1835,\nCVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839,\nCVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-4448,\nCVE-2016-4449)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:1292\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1762\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1833\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1834\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1835\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1836\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1837\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1838\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1839\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1840\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-3627\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-3705\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-4447\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-4448\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-4449\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libxml2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libxml2-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:1292\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"libxml2-2.7.6-21.el6_8.1\", el_string:\"el6_8\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"libxml2-debuginfo-2.7.6-21.el6_8.1\", el_string:\"el6_8\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"libxml2-devel-2.7.6-21.el6_8.1\", el_string:\"el6_8\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"libxml2-python-2.7.6-21.el6_8.1\", el_string:\"el6_8\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"libxml2-python-2.7.6-21.el6_8.1\", el_string:\"el6_8\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"libxml2-python-2.7.6-21.el6_8.1\", el_string:\"el6_8\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"libxml2-static-2.7.6-21.el6_8.1\", el_string:\"el6_8\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"libxml2-static-2.7.6-21.el6_8.1\", el_string:\"el6_8\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"libxml2-static-2.7.6-21.el6_8.1\", el_string:\"el6_8\")) flag++;\n\n\n if (rpm_check(release:\"RHEL7\", reference:\"libxml2-2.9.1-6.el7_2.3\", el_string:\"el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"libxml2-debuginfo-2.9.1-6.el7_2.3\", el_string:\"el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"libxml2-devel-2.9.1-6.el7_2.3\", el_string:\"el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libxml2-python-2.9.1-6.el7_2.3\", el_string:\"el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libxml2-python-2.9.1-6.el7_2.3\", el_string:\"el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"libxml2-static-2.9.1-6.el7_2.3\", el_string:\"el7_2\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2 / libxml2-debuginfo / libxml2-devel / libxml2-python / etc\");\n }\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:40:39", "description": "This update for libxml2 fixes the following security issues :\n\n - CVE-2016-2073, CVE-2015-8806, CVE-2016-1839: A Heap-buffer overread was fixed in libxml2/dict.c [bsc#963963, bsc#965283, bsc#981114].\n\n - CVE-2016-4483: Code was added to avoid an out of bound access when serializing malformed strings [bsc#978395].\n\n - CVE-2016-1762: Fixed a heap-based buffer overread in xmlNextChar [bsc#981040].\n\n - CVE-2016-1834: Fixed a heap-buffer-overflow in xmlStrncat [bsc#981041].\n\n - CVE-2016-1833: Fixed a heap-based buffer overread in htmlCurrentChar [bsc#981108].\n\n - CVE-2016-1835: Fixed a heap use-after-free in xmlSAX2AttributeNs [bsc#981109].\n\n - CVE-2016-1837: Fixed a heap use-after-free in htmlParsePubidLiteral and htmlParseSystemiteral [bsc#981111].\n\n - CVE-2016-1838: Fixed a heap-based buffer overread in xmlParserPrintFileContextInternal [bsc#981112].\n\n - CVE-2016-1840: Fixed a heap-buffer-overflow in xmlFAParsePosCharGroup [bsc#981115].\n\n - CVE-2016-4447: Fixed a heap-based buffer-underreads due to xmlParseName [bsc#981548].\n\n - CVE-2016-4448: Fixed some format string warnings with possible format string vulnerability [bsc#981549],\n\n - CVE-2016-4449: Fixed inappropriate fetch of entities content [bsc#981550].\n\n - CVE-2016-3705: Fixed missing increment of recursion counter.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-08-29T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : libxml2 (SUSE-SU-2016:1604-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8806", "CVE-2016-1762", "CVE-2016-1833", "CVE-2016-1834", "CVE-2016-1835", "CVE-2016-1837", "CVE-2016-1838", "CVE-2016-1839", "CVE-2016-1840", "CVE-2016-2073", "CVE-2016-3705", "CVE-2016-4447", "CVE-2016-4448", "CVE-2016-4449", "CVE-2016-4483"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libxml2", "p-cpe:/a:novell:suse_linux:libxml2-doc", "p-cpe:/a:novell:suse_linux:libxml2-python", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2016-1604-1.NASL", "href": "https://www.tenable.com/plugins/nessus/93154", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:1604-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93154);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-8806\", \"CVE-2016-1762\", \"CVE-2016-1833\", \"CVE-2016-1834\", \"CVE-2016-1835\", \"CVE-2016-1837\", \"CVE-2016-1838\", \"CVE-2016-1839\", \"CVE-2016-1840\", \"CVE-2016-2073\", \"CVE-2016-3705\", \"CVE-2016-4447\", \"CVE-2016-4448\", \"CVE-2016-4449\", \"CVE-2016-4483\");\n\n script_name(english:\"SUSE SLES11 Security Update : libxml2 (SUSE-SU-2016:1604-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for libxml2 fixes the following security issues :\n\n - CVE-2016-2073, CVE-2015-8806, CVE-2016-1839: A\n Heap-buffer overread was fixed in libxml2/dict.c\n [bsc#963963, bsc#965283, bsc#981114].\n\n - CVE-2016-4483: Code was added to avoid an out of bound\n access when serializing malformed strings [bsc#978395].\n\n - CVE-2016-1762: Fixed a heap-based buffer overread in\n xmlNextChar [bsc#981040].\n\n - CVE-2016-1834: Fixed a heap-buffer-overflow in\n xmlStrncat [bsc#981041].\n\n - CVE-2016-1833: Fixed a heap-based buffer overread in\n htmlCurrentChar [bsc#981108].\n\n - CVE-2016-1835: Fixed a heap use-after-free in\n xmlSAX2AttributeNs [bsc#981109].\n\n - CVE-2016-1837: Fixed a heap use-after-free in\n htmlParsePubidLiteral and htmlParseSystemiteral\n [bsc#981111].\n\n - CVE-2016-1838: Fixed a heap-based buffer overread in\n xmlParserPrintFileContextInternal [bsc#981112].\n\n - CVE-2016-1840: Fixed a heap-buffer-overflow in\n xmlFAParsePosCharGroup [bsc#981115].\n\n - CVE-2016-4447: Fixed a heap-based buffer-underreads due\n to xmlParseName [bsc#981548].\n\n - CVE-2016-4448: Fixed some format string warnings with\n possible format string vulnerability [bsc#981549],\n\n - CVE-2016-4449: Fixed inappropriate fetch of entities\n content [bsc#981550].\n\n - CVE-2016-3705: Fixed missing increment of recursion\n counter.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=963963\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=965283\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=978395\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=981040\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=981041\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=981108\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=981109\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=981111\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=981112\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=981114\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=981115\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=981548\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=981549\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=981550\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8806/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1762/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1833/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1834/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1835/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1837/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1838/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1839/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1840/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2073/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3705/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4447/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4448/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4449/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4483/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20161604-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?408e371e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 5 :\n\nzypper in -t patch sleclo50sp3-libxml2-12616=1\n\nSUSE Manager Proxy 2.1 :\n\nzypper in -t patch slemap21-libxml2-12616=1\n\nSUSE Manager 2.1 :\n\nzypper in -t patch sleman21-libxml2-12616=1\n\nSUSE Linux Enterprise Software Development Kit 11-SP4 :\n\nzypper in -t patch sdksp4-libxml2-12616=1\n\nSUSE Linux Enterprise Server 11-SP4 :\n\nzypper in -t patch slessp4-libxml2-12616=1\n\nSUSE Linux Enterprise Server 11-SP3-LTSS :\n\nzypper in -t patch slessp3-libxml2-12616=1\n\nSUSE Linux Enterprise Server 11-SP2-LTSS :\n\nzypper in -t patch slessp2-libxml2-12616=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4 :\n\nzypper in -t patch dbgsp4-libxml2-12616=1\n\nSUSE Linux Enterprise Debuginfo 11-SP3 :\n\nzypper in -t patch dbgsp3-libxml2-12616=1\n\nSUSE Linux Enterprise Debuginfo 11-SP2 :\n\nzypper in -t patch dbgsp2-libxml2-12616=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/02/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(2|3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP2/3/4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libxml2-32bit-2.7.6-0.44.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libxml2-32bit-2.7.6-0.44.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libxml2-2.7.6-0.44.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libxml2-doc-2.7.6-0.44.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libxml2-python-2.7.6-0.44.4\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"libxml2-32bit-2.7.6-0.44.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"s390x\", reference:\"libxml2-32bit-2.7.6-0.44.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"libxml2-2.7.6-0.44.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"libxml2-doc-2.7.6-0.44.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"libxml2-python-2.7.6-0.44.4\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"libxml2-32bit-2.7.6-0.44.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"s390x\", reference:\"libxml2-32bit-2.7.6-0.44.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"libxml2-2.7.6-0.44.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"libxml2-doc-2.7.6-0.44.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"libxml2-python-2.7.6-0.44.4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:41:10", "description": "This update for libxml2 fixes the following security issues :\n\n - CVE-2016-2073, CVE-2015-8806, CVE-2016-1839: A Heap-buffer overread was fixed in libxml2/dict.c [bsc#963963, bsc#965283, bsc#981114].\n\n - CVE-2016-4483: Code was added to avoid an out of bound access when serializing malformed strings [bsc#978395].\n\n - CVE-2016-1762: Fixed a heap-based buffer overread in xmlNextChar [bsc#981040].\n\n - CVE-2016-1834: Fixed a heap-buffer-overflow in xmlStrncat [bsc#981041].\n\n - CVE-2016-1833: Fixed a heap-based buffer overread in htmlCurrentChar [bsc#981108].\n\n - CVE-2016-1835: Fixed a heap use-after-free in xmlSAX2AttributeNs [bsc#981109].\n\n - CVE-2016-1837: Fixed a heap use-after-free in htmlParsePubidLiteral and htmlParseSystemiteral [bsc#981111].\n\n - CVE-2016-1838: Fixed a heap-based buffer overread in xmlParserPrintFileContextInternal [bsc#981112].\n\n - CVE-2016-1840: Fixed a heap-buffer-overflow in xmlFAParsePosCharGroup [bsc#981115].\n\n - CVE-2016-4447: Fixed a heap-based buffer-underreads due to xmlParseName [bsc#981548].\n\n - CVE-2016-4448: Fixed some format string warnings with possible format string vulnerability [bsc#981549],\n\n - CVE-2016-4449: Fixed inappropriate fetch of entities content [bsc#981550].\n\n - CVE-2016-3705: Fixed missing increment of recursion counter.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-06-17T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : libxml2 (SUSE-SU-2016:1538-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8806", "CVE-2016-1762", "CVE-2016-1833", "CVE-2016-1834", "CVE-2016-1835", "CVE-2016-1837", "CVE-2016-1838", "CVE-2016-1839", "CVE-2016-1840", "CVE-2016-2073", "CVE-2016-3705", "CVE-2016-4447", "CVE-2016-4448", "CVE-2016-4449", "CVE-2016-4483"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libxml2", "p-cpe:/a:novell:suse_linux:libxml2-2", "p-cpe:/a:novell:suse_linux:libxml2-2-debuginfo", "p-cpe:/a:novell:suse_linux:libxml2-debugsource", "p-cpe:/a:novell:suse_linux:libxml2-tools", "p-cpe:/a:novell:suse_linux:libxml2-tools-debuginfo", "p-cpe:/a:novell:suse_linux:python-libxml2", "p-cpe:/a:novell:suse_linux:python-libxml2-debuginfo", "p-cpe:/a:novell:suse_linux:python-libxml2-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2016-1538-1.NASL", "href": "https://www.tenable.com/plugins/nessus/91656", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:1538-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91656);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-8806\", \"CVE-2016-1762\", \"CVE-2016-1833\", \"CVE-2016-1834\", \"CVE-2016-1835\", \"CVE-2016-1837\", \"CVE-2016-1838\", \"CVE-2016-1839\", \"CVE-2016-1840\", \"CVE-2016-2073\", \"CVE-2016-3705\", \"CVE-2016-4447\", \"CVE-2016-4448\", \"CVE-2016-4449\", \"CVE-2016-4483\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : libxml2 (SUSE-SU-2016:1538-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for libxml2 fixes the following security issues :\n\n - CVE-2016-2073, CVE-2015-8806, CVE-2016-1839: A\n Heap-buffer overread was fixed in libxml2/dict.c\n [bsc#963963, bsc#965283, bsc#981114].\n\n - CVE-2016-4483: Code was added to avoid an out of bound\n access when serializing malformed strings [bsc#978395].\n\n - CVE-2016-1762: Fixed a heap-based buffer overread in\n xmlNextChar [bsc#981040].\n\n - CVE-2016-1834: Fixed a heap-buffer-overflow in\n xmlStrncat [bsc#981041].\n\n - CVE-2016-1833: Fixed a heap-based buffer overread in\n htmlCurrentChar [bsc#981108].\n\n - CVE-2016-1835: Fixed a heap use-after-free in\n xmlSAX2AttributeNs [bsc#981109].\n\n - CVE-2016-1837: Fixed a heap use-after-free in\n htmlParsePubidLiteral and htmlParseSystemiteral\n [bsc#981111].\n\n - CVE-2016-1838: Fixed a heap-based buffer overread in\n xmlParserPrintFileContextInternal [bsc#981112].\n\n - CVE-2016-1840: Fixed a heap-buffer-overflow in\n xmlFAParsePosCharGroup [bsc#981115].\n\n - CVE-2016-4447: Fixed a heap-based buffer-underreads due\n to xmlParseName [bsc#981548].\n\n - CVE-2016-4448: Fixed some format string warnings with\n possible format string vulnerability [bsc#981549],\n\n - CVE-2016-4449: Fixed inappropriate fetch of entities\n content [bsc#981550].\n\n - CVE-2016-3705: Fixed missing increment of recursion\n counter.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=963963\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=965283\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=978395\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=981040\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=981041\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=981108\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=981109\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=981111\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=981112\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=981114\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=981115\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=981548\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=981549\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=981550\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8806/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1762/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1833/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1834/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1835/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1837/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1838/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1839/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1840/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2073/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3705/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4447/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4448/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4449/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4483/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20161538-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4955850f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP1 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP1-2016-915=1\n\nSUSE Linux Enterprise Software Development Kit 12 :\n\nzypper in -t patch SUSE-SLE-SDK-12-2016-915=1\n\nSUSE Linux Enterprise Server 12-SP1 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-915=1\n\nSUSE Linux Enterprise Server 12 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-2016-915=1\n\nSUSE Linux Enterprise Desktop 12-SP1 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-915=1\n\nSUSE Linux Enterprise Desktop 12 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-2016-915=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2-2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-libxml2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-libxml2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/02/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0/1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP0/1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libxml2-2-2.9.1-24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libxml2-2-debuginfo-2.9.1-24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libxml2-debugsource-2.9.1-24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libxml2-tools-2.9.1-24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libxml2-tools-debuginfo-2.9.1-24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"python-libxml2-2.9.1-24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"python-libxml2-debuginfo-2.9.1-24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"python-libxml2-debugsource-2.9.1-24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libxml2-2-32bit-2.9.1-24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libxml2-2-debuginfo-32bit-2.9.1-24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libxml2-2-2.9.1-24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libxml2-2-debuginfo-2.9.1-24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libxml2-debugsource-2.9.1-24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libxml2-tools-2.9.1-24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libxml2-tools-debuginfo-2.9.1-24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-libxml2-2.9.1-24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-libxml2-debuginfo-2.9.1-24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-libxml2-debugsource-2.9.1-24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libxml2-2-32bit-2.9.1-24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libxml2-2-debuginfo-32bit-2.9.1-24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libxml2-2-2.9.1-24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libxml2-2-32bit-2.9.1-24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libxml2-2-debuginfo-2.9.1-24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libxml2-2-debuginfo-32bit-2.9.1-24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libxml2-debugsource-2.9.1-24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libxml2-tools-2.9.1-24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libxml2-tools-debuginfo-2.9.1-24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"python-libxml2-2.9.1-24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"python-libxml2-debuginfo-2.9.1-24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"python-libxml2-debugsource-2.9.1-24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libxml2-2-2.9.1-24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libxml2-2-32bit-2.9.1-24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libxml2-2-debuginfo-2.9.1-24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libxml2-2-debuginfo-32bit-2.9.1-24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libxml2-debugsource-2.9.1-24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libxml2-tools-2.9.1-24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libxml2-tools-debuginfo-2.9.1-24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"python-libxml2-2.9.1-24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"python-libxml2-debuginfo-2.9.1-24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"python-libxml2-debugsource-2.9.1-24.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:41:40", "description": "Several vulnerabilities were discovered in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause a denial of service against the application, or potentially the execution of arbitrary code with the privileges of the user running the application.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 2.8.0+dfsg1-7+wheezy6.\n\nWe recommend that you upgrade your libxml2 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-06-06T00:00:00", "type": "nessus", "title": "Debian DLA-503-1 : libxml2 security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8806", "CVE-2016-1762", "CVE-2016-1833", "CVE-2016-1834", "CVE-2016-1835", "CVE-2016-1837", "CVE-2016-1838", "CVE-2016-1839", "CVE-2016-1840", "CVE-2016-2073", "CVE-2016-3627", "CVE-2016-3705", "CVE-2016-4447", "CVE-2016-4449", "CVE-2016-4483"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libxml2", "p-cpe:/a:debian:debian_linux:libxml2-dbg", "p-cpe:/a:debian:debian_linux:libxml2-dev", "p-cpe:/a:debian:debian_linux:libxml2-doc", "p-cpe:/a:debian:debian_linux:libxml2-utils", "p-cpe:/a:debian:debian_linux:libxml2-utils-dbg", "p-cpe:/a:debian:debian_linux:python-libxml2", "p-cpe:/a:debian:debian_linux:python-libxml2-dbg", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-503.NASL", "href": "https://www.tenable.com/plugins/nessus/91472", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-503-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91472);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-8806\", \"CVE-2016-1762\", \"CVE-2016-1833\", \"CVE-2016-1834\", \"CVE-2016-1835\", \"CVE-2016-1837\", \"CVE-2016-1838\", \"CVE-2016-1839\", \"CVE-2016-1840\", \"CVE-2016-2073\", \"CVE-2016-3627\", \"CVE-2016-3705\", \"CVE-2016-4447\", \"CVE-2016-4449\", \"CVE-2016-4483\");\n\n script_name(english:\"Debian DLA-503-1 : libxml2 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were discovered in libxml2, a library\nproviding support to read, modify and write XML and HTML files. A\nremote attacker could provide a specially crafted XML or HTML file\nthat, when processed by an application using libxml2, would cause a\ndenial of service against the application, or potentially the\nexecution of arbitrary code with the privileges of the user running\nthe application.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n2.8.0+dfsg1-7+wheezy6.\n\nWe recommend that you upgrade your libxml2 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2016/06/msg00004.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/libxml2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxml2-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxml2-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxml2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxml2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxml2-utils-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python-libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python-libxml2-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/02/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libxml2\", reference:\"2.8.0+dfsg1-7+wheezy6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libxml2-dbg\", reference:\"2.8.0+dfsg1-7+wheezy6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libxml2-dev\", reference:\"2.8.0+dfsg1-7+wheezy6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libxml2-doc\", reference:\"2.8.0+dfsg1-7+wheezy6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libxml2-utils\", reference:\"2.8.0+dfsg1-7+wheezy6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libxml2-utils-dbg\", reference:\"2.8.0+dfsg1-7+wheezy6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"python-libxml2\", reference:\"2.8.0+dfsg1-7+wheezy6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"python-libxml2-dbg\", reference:\"2.8.0+dfsg1-7+wheezy6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:41:14", "description": "This update for libxml2 fixes the following security issues :\n\n - CVE-2016-2073, CVE-2015-8806, CVE-2016-1839: A Heap-buffer overread was fixed in libxml2/dict.c [bsc#963963, bsc#965283, bsc#981114].\n\n - CVE-2016-4483: Code was added to avoid an out of bound access when serializing malformed strings [bsc#978395].\n\n - CVE-2016-1762: Fixed a heap-based buffer overread in xmlNextChar [bsc#981040].\n\n - CVE-2016-1834: Fixed a heap-buffer-overflow in xmlStrncat [bsc#981041].\n\n - CVE-2016-1833: Fixed a heap-based buffer overread in htmlCurrentChar [bsc#981108].\n\n - CVE-2016-1835: Fixed a heap use-after-free in xmlSAX2AttributeNs [bsc#981109].\n\n - CVE-2016-1837: Fixed a heap use-after-free in htmlParsePubidLiteral and htmlParseSystemiteral [bsc#981111].\n\n - CVE-2016-1838: Fixed a heap-based buffer overread in xmlParserPrintFileContextInternal [bsc#981112].\n\n - CVE-2016-1840: Fixed a heap-buffer-overflow in xmlFAParsePosCharGroup [bsc#981115].\n\n - CVE-2016-4447: Fixed a heap-based buffer-underreads due to xmlParseName [bsc#981548].\n\n - CVE-2016-4448: Fixed some format string warnings with possible format string vulnerability [bsc#981549],\n\n - CVE-2016-4449: Fixed inappropriate fetch of entities content [bsc#981550].\n\n - CVE-2016-3705: Fixed missing increment of recursion counter.\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-06-17T00:00:00", "type": "nessus", "title": "openSUSE Security Update : libxml2 (openSUSE-2016-733)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8806", "CVE-2016-1762", "CVE-2016-1833", "CVE-2016-1834", "CVE-2016-1835", "CVE-2016-1837", "CVE-2016-1838", "CVE-2016-1839", "CVE-2016-1840", "CVE-2016-2073", "CVE-2016-3705", "CVE-2016-4447", "CVE-2016-4448", "CVE-2016-4449", "CVE-2016-4483"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libxml2-2", "p-cpe:/a:novell:opensuse:libxml2-2-32bit", "p-cpe:/a:novell:opensuse:libxml2-2-debuginfo", "p-cpe:/a:novell:opensuse:libxml2-2-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libxml2-debugsource", "p-cpe:/a:novell:opensuse:libxml2-devel", "p-cpe:/a:novell:opensuse:libxml2-devel-32bit", "p-cpe:/a:novell:opensuse:libxml2-tools", "p-cpe:/a:novell:opensuse:libxml2-tools-debuginfo", "p-cpe:/a:novell:opensuse:python-libxml2", "p-cpe:/a:novell:opensuse:python-libxml2-debuginfo", "p-cpe:/a:novell:opensuse:python-libxml2-debugsource", "cpe:/o:novell:opensuse:42.1"], "id": "OPENSUSE-2016-733.NASL", "href": "https://www.tenable.com/plugins/nessus/91639", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-733.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91639);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-8806\", \"CVE-2016-1762\", \"CVE-2016-1833\", \"CVE-2016-1834\", \"CVE-2016-1835\", \"CVE-2016-1837\", \"CVE-2016-1838\", \"CVE-2016-1839\", \"CVE-2016-1840\", \"CVE-2016-2073\", \"CVE-2016-3705\", \"CVE-2016-4447\", \"CVE-2016-4448\", \"CVE-2016-4449\", \"CVE-2016-4483\");\n\n script_name(english:\"openSUSE Security Update : libxml2 (openSUSE-2016-733)\");\n script_summary(english:\"Check for the openSUSE-2016-733 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for libxml2 fixes the following security issues :\n\n - CVE-2016-2073, CVE-2015-8806, CVE-2016-1839: A\n Heap-buffer overread was fixed in libxml2/dict.c\n [bsc#963963, bsc#965283, bsc#981114].\n\n - CVE-2016-4483: Code was added to avoid an out of bound\n access when serializing malformed strings [bsc#978395].\n\n - CVE-2016-1762: Fixed a heap-based buffer overread in\n xmlNextChar [bsc#981040].\n\n - CVE-2016-1834: Fixed a heap-buffer-overflow in\n xmlStrncat [bsc#981041].\n\n - CVE-2016-1833: Fixed a heap-based buffer overread in\n htmlCurrentChar [bsc#981108].\n\n - CVE-2016-1835: Fixed a heap use-after-free in\n xmlSAX2AttributeNs [bsc#981109].\n\n - CVE-2016-1837: Fixed a heap use-after-free in\n htmlParsePubidLiteral and htmlParseSystemiteral\n [bsc#981111].\n\n - CVE-2016-1838: Fixed a heap-based buffer overread in\n xmlParserPrintFileContextInternal [bsc#981112].\n\n - CVE-2016-1840: Fixed a heap-buffer-overflow in\n xmlFAParsePosCharGroup [bsc#981115].\n\n - CVE-2016-4447: Fixed a heap-based buffer-underreads due\n to xmlParseName [bsc#981548].\n\n - CVE-2016-4448: Fixed some format string warnings with\n possible format string vulnerability [bsc#981549],\n\n - CVE-2016-4449: Fixed inappropriate fetch of entities\n content [bsc#981550].\n\n - CVE-2016-3705: Fixed missing increment of recursion\n counter.\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=963963\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=965283\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=978395\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=981040\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=981041\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=981108\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=981109\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=981111\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=981112\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=981114\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=981115\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=981548\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=981549\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=981550\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libxml2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-2-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-libxml2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-libxml2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libxml2-2-2.9.1-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libxml2-2-debuginfo-2.9.1-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libxml2-debugsource-2.9.1-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libxml2-devel-2.9.1-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libxml2-tools-2.9.1-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libxml2-tools-debuginfo-2.9.1-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"python-libxml2-2.9.1-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"python-libxml2-debuginfo-2.9.1-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"python-libxml2-debugsource-2.9.1-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libxml2-2-32bit-2.9.1-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libxml2-2-debuginfo-32bit-2.9.1-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libxml2-devel-32bit-2.9.1-19.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2-2 / libxml2-2-32bit / libxml2-2-debuginfo / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:37:16", "description": "Update to latest upstream release, includes several security related fixes.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-04-20T00:00:00", "type": "nessus", "title": "Fedora 24 : libxml2 (2017-be8574d593)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1762", "CVE-2016-1833", "CVE-2016-1834", "CVE-2016-1835", "CVE-2016-1836", "CVE-2016-1837", "CVE-2016-1838", "CVE-2016-1839", "CVE-2016-1840", "CVE-2016-4447", "CVE-2016-4448", "CVE-2016-4449", "CVE-2016-4658", "CVE-2016-5131", "CVE-2016-9318", "CVE-2017-5969"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:libxml2", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2017-BE8574D593.NASL", "href": "https://www.tenable.com/plugins/nessus/99492", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-be8574d593.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99492);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-1762\", \"CVE-2016-1833\", \"CVE-2016-1834\", \"CVE-2016-1835\", \"CVE-2016-1836\", \"CVE-2016-1837\", \"CVE-2016-1838\", \"CVE-2016-1839\", \"CVE-2016-1840\", \"CVE-2016-4447\", \"CVE-2016-4448\", \"CVE-2016-4449\", \"CVE-2016-4658\", \"CVE-2016-5131\", \"CVE-2016-9318\", \"CVE-2017-5969\");\n script_xref(name:\"FEDORA\", value:\"2017-be8574d593\");\n\n script_name(english:\"Fedora 24 : libxml2 (2017-be8574d593)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to latest upstream release, includes several security related\nfixes.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-be8574d593\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libxml2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"libxml2-2.9.4-2.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:41:48", "description": "Several vulnerabilities were discovered in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause a denial-of-service against the application, or potentially the execution of arbitrary code with the privileges of the user running the application.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-06-03T00:00:00", "type": "nessus", "title": "Debian DSA-3593-1 : libxml2 - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8806", "CVE-2016-1762", "CVE-2016-1833", "CVE-2016-1834", "CVE-2016-1835", "CVE-2016-1836", "CVE-2016-1837", "CVE-2016-1838", "CVE-2016-1839", "CVE-2016-1840", "CVE-2016-2073", "CVE-2016-3627", "CVE-2016-3705", "CVE-2016-4447", "CVE-2016-4449", "CVE-2016-4483"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libxml2", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3593.NASL", "href": "https://www.tenable.com/plugins/nessus/91447", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3593. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91447);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-8806\", \"CVE-2016-1762\", \"CVE-2016-1833\", \"CVE-2016-1834\", \"CVE-2016-1835\", \"CVE-2016-1836\", \"CVE-2016-1837\", \"CVE-2016-1838\", \"CVE-2016-1839\", \"CVE-2016-1840\", \"CVE-2016-2073\", \"CVE-2016-3627\", \"CVE-2016-3705\", \"CVE-2016-4447\", \"CVE-2016-4449\", \"CVE-2016-4483\");\n script_xref(name:\"DSA\", value:\"3593\");\n\n script_name(english:\"Debian DSA-3593-1 : libxml2 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were discovered in libxml2, a library\nproviding support to read, modify and write XML and HTML files. A\nremote attacker could provide a specially crafted XML or HTML file\nthat, when processed by an application using libxml2, would cause a\ndenial-of-service against the application, or potentially the\nexecution of arbitrary code with the privileges of the user running\nthe application.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812807\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813613\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819006\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823405\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823414\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/libxml2\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2016/dsa-3593\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the libxml2 packages.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 2.9.1+dfsg1-5+deb8u2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/02/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libxml2\", reference:\"2.9.1+dfsg1-5+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libxml2-dbg\", reference:\"2.9.1+dfsg1-5+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libxml2-dev\", reference:\"2.9.1+dfsg1-5+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libxml2-doc\", reference:\"2.9.1+dfsg1-5+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libxml2-utils\", reference:\"2.9.1+dfsg1-5+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libxml2-utils-dbg\", reference:\"2.9.1+dfsg1-5+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"python-libxml2\", reference:\"2.9.1+dfsg1-5+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"python-libxml2-dbg\", reference:\"2.9.1+dfsg1-5+deb8u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:41:45", "description": "It was discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service. (CVE-2015-8806, CVE-2016-2073, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447)\n\nIt was discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a specially crafted document, an attacker could cause libxml2 to crash, resulting in a denial of service, or possibly execute arbitrary code.\n(CVE-2016-1762, CVE-2016-1834)\n\nMateusz Jurczyk discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a specially crafted document, an attacker could cause libxml2 to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-1833, CVE-2016-1838, CVE-2016-1839)\n\nWei Lei and Liu Yang discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a specially crafted document, an attacker could cause libxml2 to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-1835, CVE-2016-1837)\n\nWei Lei and Liu Yang discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a specially crafted document, an attacker could cause libxml2 to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 15.10 and Ubuntu 16.04 LTS. (CVE-2016-1836)\n\nKostya Serebryany discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a specially crafted document, an attacker could cause libxml2 to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-1840)\n\nIt was discovered that libxml2 would load certain XML external entities. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly obtain access to arbitrary files or cause resource consumption. (CVE-2016-4449)\n\nGustavo Grieco discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service. (CVE-2016-4483).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-06-07T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 15.10 / 16.04 LTS : libxml2 vulnerabilities (USN-2994-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8806", "CVE-2016-1762", "CVE-2016-1833", "CVE-2016-1834", "CVE-2016-1835", "CVE-2016-1836", "CVE-2016-1837", "CVE-2016-1838", "CVE-2016-1839", "CVE-2016-1840", "CVE-2016-2073", "CVE-2016-3627", "CVE-2016-3705", "CVE-2016-4447", "CVE-2016-4449", "CVE-2016-4483"], "modified": "2019-09-18T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libxml2", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:15.10", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-2994-1.NASL", "href": "https://www.tenable.com/plugins/nessus/91499", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2994-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91499);\n script_version(\"2.9\");\n script_cvs_date(\"Date: 2019/09/18 12:31:45\");\n\n script_cve_id(\"CVE-2015-8806\", \"CVE-2016-1762\", \"CVE-2016-1833\", \"CVE-2016-1834\", \"CVE-2016-1835\", \"CVE-2016-1836\", \"CVE-2016-1837\", \"CVE-2016-1838\", \"CVE-2016-1839\", \"CVE-2016-1840\", \"CVE-2016-2073\", \"CVE-2016-3627\", \"CVE-2016-3705\", \"CVE-2016-4447\", \"CVE-2016-4449\", \"CVE-2016-4483\");\n script_xref(name:\"USN\", value:\"2994-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 15.10 / 16.04 LTS : libxml2 vulnerabilities (USN-2994-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that libxml2 incorrectly handled certain malformed\ndocuments. If a user or automated system were tricked into opening a\nspecially crafted document, an attacker could possibly cause libxml2\nto crash, resulting in a denial of service. (CVE-2015-8806,\nCVE-2016-2073, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447)\n\nIt was discovered that libxml2 incorrectly handled certain malformed\ndocuments. If a user or automated system were tricked into opening a\nspecially crafted document, an attacker could cause libxml2 to crash,\nresulting in a denial of service, or possibly execute arbitrary code.\n(CVE-2016-1762, CVE-2016-1834)\n\nMateusz Jurczyk discovered that libxml2 incorrectly handled certain\nmalformed documents. If a user or automated system were tricked into\nopening a specially crafted document, an attacker could cause libxml2\nto crash, resulting in a denial of service, or possibly execute\narbitrary code. (CVE-2016-1833, CVE-2016-1838, CVE-2016-1839)\n\nWei Lei and Liu Yang discovered that libxml2 incorrectly handled\ncertain malformed documents. If a user or automated system were\ntricked into opening a specially crafted document, an attacker could\ncause libxml2 to crash, resulting in a denial of service, or possibly\nexecute arbitrary code. (CVE-2016-1835, CVE-2016-1837)\n\nWei Lei and Liu Yang discovered that libxml2 incorrectly handled\ncertain malformed documents. If a user or automated system were\ntricked into opening a specially crafted document, an attacker could\ncause libxml2 to crash, resulting in a denial of service, or possibly\nexecute arbitrary code. This issue only applied to Ubuntu 14.04 LTS,\nUbuntu 15.10 and Ubuntu 16.04 LTS. (CVE-2016-1836)\n\nKostya Serebryany discovered that libxml2 incorrectly handled certain\nmalformed documents. If a user or automated system were tricked into\nopening a specially crafted document, an attacker could cause libxml2\nto crash, resulting in a denial of service, or possibly execute\narbitrary code. (CVE-2016-1840)\n\nIt was discovered that libxml2 would load certain XML external\nentities. If a user or automated system were tricked into opening a\nspecially crafted document, an attacker could possibly obtain access\nto arbitrary files or cause resource consumption. (CVE-2016-4449)\n\nGustavo Grieco discovered that libxml2 incorrectly handled certain\nmalformed documents. If a user or automated system were tricked into\nopening a specially crafted document, an attacker could possibly cause\nlibxml2 to crash, resulting in a denial of service. (CVE-2016-4483).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2994-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libxml2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/02/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|15\\.10|16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 15.10 / 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libxml2\", pkgver:\"2.7.8.dfsg-5.1ubuntu4.15\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libxml2\", pkgver:\"2.9.1+dfsg1-3ubuntu4.8\")) flag++;\nif (ubuntu_check(osver:\"15.10\", pkgname:\"libxml2\", pkgver:\"2.9.2+zdfsg1-4ubuntu0.4\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libxml2\", pkgver:\"2.9.3+dfsg1-1ubuntu0.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:37:22", "description": "Update to latest upstream release, includes several security related fixes.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-04-20T00:00:00", "type": "nessus", "title": "Fedora 25 : libxml2 (2017-a3a47973eb)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1762", "CVE-2016-1833", "CVE-2016-1834", "CVE-2016-1835", "CVE-2016-1836", "CVE-2016-1837", "CVE-2016-1838", "CVE-2016-1839", "CVE-2016-1840", "CVE-2016-4447", "CVE-2016-4448", "CVE-2016-4449", "CVE-2016-4658", "CVE-2016-5131", "CVE-2016-9318", "CVE-2017-5969"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:libxml2", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2017-A3A47973EB.NASL", "href": "https://www.tenable.com/plugins/nessus/99491", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-a3a47973eb.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99491);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-1762\", \"CVE-2016-1833\", \"CVE-2016-1834\", \"CVE-2016-1835\", \"CVE-2016-1836\", \"CVE-2016-1837\", \"CVE-2016-1838\", \"CVE-2016-1839\", \"CVE-2016-1840\", \"CVE-2016-4447\", \"CVE-2016-4448\", \"CVE-2016-4449\", \"CVE-2016-4658\", \"CVE-2016-5131\", \"CVE-2016-9318\", \"CVE-2017-5969\");\n script_xref(name:\"FEDORA\", value:\"2017-a3a47973eb\");\n\n script_name(english:\"Fedora 25 : libxml2 (2017-a3a47973eb)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to latest upstream release, includes several security related\nfixes.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-a3a47973eb\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libxml2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"libxml2-2.9.4-2.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T15:38:49", "description": "The version of Tenable Log Correlation Engine (LCE) installed on the remote host is prior to 4.8.1. It is, therefore, affected by the following vulnerabilities :\n\n - Multiple cross-site scripting (XSS) vulnerabilities exist in the Handlebars library in the lib/handlebars/utils.js script due to a failure to properly escape input passed as unquoted attributes to templates. An unauthenticated, remote attacker can exploit these vulnerabilities, via a specially crafted request, to execute arbitrary script code in a user's browser session. (CVE-2015-8861, CVE-2015-8862)\n\n - A heap-based buffer overflow condition exists in the Perl-Compatible Regular Expressions (PCRE) component that is triggered when processing nested back references in a duplicate named group. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code.\n (CVE-2016-1283)\n\n - An out-of-bounds read error exists in the libxml2 component in parserInternals.c due to improper parsing of characters in an XML file. An unauthenticated, remote attacker can exploit this to disclose sensitive information or cause a denial of service condition.\n (CVE-2016-1833)\n\n - An overflow condition exists in the libxml2 component in xmlstring.c due to improper validation of user-supplied input when handling a string with NULL. An unauthenticated, remote attacker can exploit this, via a specially crafted file, to cause a denial of service condition or the execution of arbitrary code.\n (CVE-2016-1834)\n\n - Multiple use-after-free errors exist in the libxml2 component in parser.c that is triggered when parsing complex names. An unauthenticated, remote attacker can exploit these issues, via a specially crafted file, to dereference already freed memory and potentially execute arbitrary code. (CVE-2016-1835, CVE-2016-1836)\n\n - Multiple heap-based buffer overflow conditions exist in the libxml2 component in HTMLparser.c and xmlregexp.c due to improper validation of user-supplied input when parsing characters in a range. An unauthenticated, remote attacker can exploit these issues, via a specially crafted file, to cause a denial of service condition or the execution of arbitrary code.\n (CVE-2016-1837, CVE-2016-1839, CVE-2016-1840)\n\n - Multiple out-of-bounds read errors exist in the libxml2 component in parser.c. An unauthenticated, remote attacker can exploit these issues to disclose sensitive information or cause a denial of service condition.\n (CVE-2016-1838, CVE-2016-4447)\n\n - A heap buffer overflow condition exists in the OpenSSL component in the EVP_EncodeUpdate() function within file crypto/evp/encode.c that is triggered when handling a large amount of input data. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2105)\n\n - A heap buffer overflow condition exists in the OpenSSL component in the EVP_EncryptUpdate() function within file crypto/evp/evp_enc.c that is triggered when handling a large amount of input data after a previous call occurs to the same function with a partial block.\n An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2106)\n\n - Flaws exist in the aesni_cbc_hmac_sha1_cipher() function in file crypto/evp/e_aes_cbc_hmac_sha1.c and the aesni_cbc_hmac_sha256_cipher() function in file crypto/evp/e_aes_cbc_hmac_sha256.c that are triggered when the connection uses an AES-CBC cipher and AES-NI is supported by the server. A man-in-the-middle attacker can exploit these to conduct a padding oracle attack, resulting in the ability to decrypt the network traffic.\n (CVE-2016-2107)\n\n - A remote code execution vulnerability exists in the OpenSSL component in the ASN.1 encoder due to an underflow condition that occurs when attempting to encode the value zero represented as a negative integer.\n An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in the execution of arbitrary code. (CVE-2016-2108)\n\n - Multiple unspecified flaws exist in the d2i BIO functions when reading ASN.1 data from a BIO due to invalid encoding causing a large allocation of memory.\n An unauthenticated, remote attacker can exploit these to cause a denial of service condition through resource exhaustion. (CVE-2016-2109)\n\n - An out-of-bounds read error exists in the X509_NAME_oneline() function within file crypto/x509/x509_obj.c when handling very long ASN1 strings. An unauthenticated, remote attacker can exploit this to disclose the contents of stack memory.\n (CVE-2016-2176)\n\n - An overflow condition exists in the Perl-Compatible Regular Expressions (PCRE) component due to improper validation of user-supplied input when handling the (*ACCEPT) verb. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-3191)\n\n - A flaw exists in the libxml2 component in parser.c that occurs when handling XML content in recovery mode. An unauthenticated, remote attacker can exploit this to cause a stack exhaustion, resulting in a denial of service condition. (CVE-2016-3627)\n\n - A flaw exists in the libxml2 component in parser.c due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a stack exhaustion, resulting in a denial of service condition. (CVE-2016-3705)\n\n - A format string flaw exists in the libxml2 component due to improper use of string format specifiers (e.g. %s and %x). An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-4448)\n\n - An XML external entity injection vulnerability exists in parser.c due to improper parsing of XML data. An unauthenticated, remote attacker can exploit this, via specially crafted XML data, to disclose arbitrary files or cause a denial of service condition. (CVE-2016-4449)\n\n - An out-of-bounds read error exists in the libxml2 component in xmlsave.c that occurs when handling XML content in recovery mode. An unauthenticated, remote attacker can exploit this to disclose sensitive information or cause a denial of service condition.\n (CVE-2016-4483)\n\n - A security bypass vulnerability exists in the libcurl component due to the program attempting to resume TLS sessions even if the client certificate fails. An unauthenticated, remote attacker can exploit this to bypass validation mechanisms. (CVE-2016-5419)\n\n - An information disclosure vulnerability exists in the libcurl component due to the program reusing TLS connections with different client certificates. An unauthenticated, remote attacker can exploit this to disclose sensitive cross-realm information.\n (CVE-2016-5420)\n\n - A use-after-free error exists in the libcurl component that is triggered as connection pointers are not properly cleared for easy handles. An unauthenticated, remote attacker can exploit this to dereference already freed memory, potentially resulting in the execution of arbitrary code. (CVE-2016-5421)\n\n - Multiple stored cross-site scripting (XSS) \tvulnerabilities exist due to improper validation of \tuser-supplied input. An authenticated, remote attacker \tcan exploit these, via a specially crafted request, to \texecute arbitrary script code in a user's browsers \tsession. (CVE-2016-9261)", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-03-22T00:00:00", "type": "nessus", "title": "Tenable Log Correlation Engine (LCE) < 4.8.1 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8861", "CVE-2015-8862", "CVE-2016-1283", "CVE-2016-1833", "CVE-2016-1834", "CVE-2016-1835", "CVE-2016-1836", "CVE-2016-1837", "CVE-2016-1838", "CVE-2016-1839", "CVE-2016-1840", "CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2108", "CVE-2016-2109", "CVE-2016-2176", "CVE-2016-3191", "CVE-2016-3627", "CVE-2016-3705", "CVE-2016-4447", "CVE-2016-4448", "CVE-2016-4449", "CVE-2016-4483", "CVE-2016-5419", "CVE-2016-5420", "CVE-2016-5421", "CVE-2016-9261"], "modified": "2021-10-25T00:00:00", "cpe": ["cpe:/a:tenable:log_correlation_engine"], "id": "LCE_4_8_1.NASL", "href": "https://www.tenable.com/plugins/nessus/97893", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(97893);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/25\");\n\n script_cve_id(\n \"CVE-2015-8861\",\n \"CVE-2015-8862\",\n \"CVE-2016-1283\",\n \"CVE-2016-1833\",\n \"CVE-2016-1834\",\n \"CVE-2016-1835\",\n \"CVE-2016-1836\",\n \"CVE-2016-1837\",\n \"CVE-2016-1838\",\n \"CVE-2016-1839\",\n \"CVE-2016-1840\",\n \"CVE-2016-2105\",\n \"CVE-2016-2106\",\n \"CVE-2016-2107\",\n \"CVE-2016-2108\",\n \"CVE-2016-2109\",\n \"CVE-2016-2176\",\n \"CVE-2016-3191\",\n \"CVE-2016-3627\",\n \"CVE-2016-3705\",\n \"CVE-2016-4447\",\n \"CVE-2016-4448\",\n \"CVE-2016-4449\",\n \"CVE-2016-4483\",\n \"CVE-2016-5419\",\n \"CVE-2016-5420\",\n \"CVE-2016-5421\",\n \"CVE-2016-9261\"\n );\n script_bugtraq_id(\n 79825,\n 84810,\n 84992,\n 87940,\n 89744,\n 89746,\n 89752,\n 89757,\n 89760,\n 89854,\n 90013,\n 90856,\n 90864,\n 90865,\n 92292,\n 92306,\n 92309,\n 96434,\n 96436\n );\n script_xref(name:\"EDB-ID\", value:\"39491\");\n script_xref(name:\"EDB-ID\", value:\"39492\");\n script_xref(name:\"EDB-ID\", value:\"39493\");\n script_xref(name:\"EDB-ID\", value:\"39494\");\n script_xref(name:\"EDB-ID\", value:\"39768\");\n\n script_name(english:\"Tenable Log Correlation Engine (LCE) < 4.8.1 Multiple Vulnerabilities\");\n script_summary(english:\"Performs a version check.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A data aggregation application installed on the remote host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Tenable Log Correlation Engine (LCE) installed on the\nremote host is prior to 4.8.1. It is, therefore, affected by the\nfollowing vulnerabilities :\n\n - Multiple cross-site scripting (XSS) vulnerabilities\n exist in the Handlebars library in the\n lib/handlebars/utils.js script due to a failure to\n properly escape input passed as unquoted attributes to\n templates. An unauthenticated, remote attacker can\n exploit these vulnerabilities, via a specially crafted\n request, to execute arbitrary script code in a user's\n browser session. (CVE-2015-8861, CVE-2015-8862)\n\n - A heap-based buffer overflow condition exists in the\n Perl-Compatible Regular Expressions (PCRE) component\n that is triggered when processing nested back references\n in a duplicate named group. An unauthenticated, remote\n attacker can exploit this to cause a denial of service\n condition or the execution of arbitrary code.\n (CVE-2016-1283)\n\n - An out-of-bounds read error exists in the libxml2\n component in parserInternals.c due to improper parsing\n of characters in an XML file. An unauthenticated, remote\n attacker can exploit this to disclose sensitive\n information or cause a denial of service condition.\n (CVE-2016-1833)\n\n - An overflow condition exists in the libxml2 component in\n xmlstring.c due to improper validation of user-supplied\n input when handling a string with NULL. An\n unauthenticated, remote attacker can exploit this, via a\n specially crafted file, to cause a denial of service\n condition or the execution of arbitrary code.\n (CVE-2016-1834)\n\n - Multiple use-after-free errors exist in the libxml2\n component in parser.c that is triggered when parsing\n complex names. An unauthenticated, remote attacker can\n exploit these issues, via a specially crafted file, to\n dereference already freed memory and potentially execute\n arbitrary code. (CVE-2016-1835, CVE-2016-1836)\n\n - Multiple heap-based buffer overflow conditions exist in\n the libxml2 component in HTMLparser.c and xmlregexp.c\n due to improper validation of user-supplied input when\n parsing characters in a range. An unauthenticated,\n remote attacker can exploit these issues, via a\n specially crafted file, to cause a denial of service\n condition or the execution of arbitrary code.\n (CVE-2016-1837, CVE-2016-1839, CVE-2016-1840)\n\n - Multiple out-of-bounds read errors exist in the libxml2\n component in parser.c. An unauthenticated, remote\n attacker can exploit these issues to disclose sensitive\n information or cause a denial of service condition.\n (CVE-2016-1838, CVE-2016-4447)\n\n - A heap buffer overflow condition exists in the OpenSSL\n component in the EVP_EncodeUpdate() function within file\n crypto/evp/encode.c that is triggered when handling a\n large amount of input data. An unauthenticated, remote\n attacker can exploit this to cause a denial of service\n condition. (CVE-2016-2105)\n\n - A heap buffer overflow condition exists in the OpenSSL\n component in the EVP_EncryptUpdate() function within\n file crypto/evp/evp_enc.c that is triggered when\n handling a large amount of input data after a previous\n call occurs to the same function with a partial block.\n An unauthenticated, remote attacker can exploit this to\n cause a denial of service condition. (CVE-2016-2106)\n\n - Flaws exist in the aesni_cbc_hmac_sha1_cipher()\n function in file crypto/evp/e_aes_cbc_hmac_sha1.c and\n the aesni_cbc_hmac_sha256_cipher() function in file\n crypto/evp/e_aes_cbc_hmac_sha256.c that are triggered\n when the connection uses an AES-CBC cipher and AES-NI\n is supported by the server. A man-in-the-middle attacker\n can exploit these to conduct a padding oracle attack,\n resulting in the ability to decrypt the network traffic.\n (CVE-2016-2107)\n\n - A remote code execution vulnerability exists in the\n OpenSSL component in the ASN.1 encoder due to an\n underflow condition that occurs when attempting to\n encode the value zero represented as a negative integer.\n An unauthenticated, remote attacker can exploit this to\n corrupt memory, resulting in the execution of arbitrary\n code. (CVE-2016-2108)\n\n - Multiple unspecified flaws exist in the d2i BIO\n functions when reading ASN.1 data from a BIO due to\n invalid encoding causing a large allocation of memory.\n An unauthenticated, remote attacker can exploit these to\n cause a denial of service condition through resource\n exhaustion. (CVE-2016-2109)\n\n - An out-of-bounds read error exists in the\n X509_NAME_oneline() function within file\n crypto/x509/x509_obj.c when handling very long ASN1\n strings. An unauthenticated, remote attacker can exploit\n this to disclose the contents of stack memory.\n (CVE-2016-2176)\n\n - An overflow condition exists in the Perl-Compatible\n Regular Expressions (PCRE) component due to improper\n validation of user-supplied input when handling the\n (*ACCEPT) verb. An unauthenticated, remote attacker can\n exploit this to cause a denial of service condition or\n the execution of arbitrary code. (CVE-2016-3191)\n\n - A flaw exists in the libxml2 component in parser.c that\n occurs when handling XML content in recovery mode. An\n unauthenticated, remote attacker can exploit this to\n cause a stack exhaustion, resulting in a denial of\n service condition. (CVE-2016-3627)\n\n - A flaw exists in the libxml2 component in parser.c due\n to improper validation of user-supplied input. An\n unauthenticated, remote attacker can exploit this to\n cause a stack exhaustion, resulting in a denial of\n service condition. (CVE-2016-3705)\n\n - A format string flaw exists in the libxml2 component due\n to improper use of string format specifiers (e.g. %s and\n %x). An unauthenticated, remote attacker can exploit\n this to cause a denial of service condition or the\n execution of arbitrary code. (CVE-2016-4448)\n\n - An XML external entity injection vulnerability exists in\n parser.c due to improper parsing of XML data. An\n unauthenticated, remote attacker can exploit this, via\n specially crafted XML data, to disclose arbitrary files\n or cause a denial of service condition. (CVE-2016-4449)\n\n - An out-of-bounds read error exists in the libxml2\n component in xmlsave.c that occurs when handling XML\n content in recovery mode. An unauthenticated, remote\n attacker can exploit this to disclose sensitive\n information or cause a denial of service condition.\n (CVE-2016-4483)\n\n - A security bypass vulnerability exists in the libcurl\n component due to the program attempting to resume TLS\n sessions even if the client certificate fails. An\n unauthenticated, remote attacker can exploit this to\n bypass validation mechanisms. (CVE-2016-5419)\n\n - An information disclosure vulnerability exists in the\n libcurl component due to the program reusing TLS\n connections with different client certificates. An\n unauthenticated, remote attacker can exploit this to\n disclose sensitive cross-realm information.\n (CVE-2016-5420)\n\n - A use-after-free error exists in the libcurl component\n that is triggered as connection pointers are not\n properly cleared for easy handles. An unauthenticated,\n remote attacker can exploit this to dereference already\n freed memory, potentially resulting in the execution of\n arbitrary code. (CVE-2016-5421)\n\n - Multiple stored cross-site scripting (XSS)\n \tvulnerabilities exist due to improper validation of\n \tuser-supplied input. An authenticated, remote attacker\n \tcan exploit these, via a specially crafted request, to\n \texecute arbitrary script code in a user's browsers\n \tsession. (CVE-2016-9261)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.tenable.com/security/tns-2016-18\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20160503.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Tenable LCE version 4.8.1 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/09/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:tenable:log_correlation_engine\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"lce_installed.nbin\");\n script_require_keys(\"installed_sw/Log Correlation Engine Server\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"install_func.inc\");\ninclude(\"misc_func.inc\");\n\napp_name = \"Log Correlation Engine Server\";\n\ninstall = get_single_install(app_name:app_name, exit_if_unknown_ver:TRUE);\nversion = install['version'];\npath = install['path'];\n\nfixed_version = '4.8.1';\n\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) < 0)\n{\n security_report_v4(\n port:0,\n severity:SECURITY_HOLE,\n xss:TRUE,\n extra:\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version +\n '\\n'\n );\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, app_name, version, path);\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:41:36", "description": "Versions of Apple TV earlier than 9.2.1 are unpatched for vulnerabilities in the following components :\n\n - CFNetwork Proxies\n - CommonCrypto\n - CoreCapture\n - Disk Images\n - ImageIO\n - IOAcceleratorFamily\n - IOHIDFamily\n - Kernel\n - libc\n - libxml2\n - libxslt\n - OpenGL\n - WebKit\n - WebKit Canvas\n ", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-05-27T00:00:00", "type": "nessus", "title": "Apple TV < 9.2.1 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1833", "CVE-2016-1834", "CVE-2016-1837", "CVE-2016-1838", "CVE-2016-1839", "CVE-2016-1840", "CVE-2016-1836", "CVE-2016-1854", "CVE-2016-1856", "CVE-2016-1857", "CVE-2016-1858", "CVE-2016-1859", "CVE-2016-1841", "CVE-2016-1802", "CVE-2016-1803", "CVE-2016-1807", "CVE-2016-1808", "CVE-2016-1811", "CVE-2016-1817", "CVE-2016-1818", "CVE-2016-1819", "CVE-2016-1813", "CVE-2016-1823", "CVE-2016-1824", "CVE-2016-1827", "CVE-2016-1828", "CVE-2016-1829", "CVE-2016-1830", "CVE-2016-1832", "CVE-2016-1847", "CVE-2016-1801", "CVE-2016-1814", "CVE-2016-1855"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:apple:apple_tv:*:*:*:*:*:*:*:*"], "id": "9337.PRM", "href": "https://www.tenable.com/plugins/nnm/9337", "sourceData": "Binary data 9337.prm", "cvss": {"score": 9.3, "vector": "CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-16T01:26:13", "description": "According to its banner, the version of the remote Apple TV device is prior to 9.2.1. It is, therefore, affected by multiple vulnerabilities in the following components :\n\n - CFNetwork Proxies\n - CommonCrypto\n - CoreCapture\n - Disk Images\n - ImageIO\n - IOAcceleratorFamily\n - IOHIDFamily\n - Kernel\n - libc\n - libxml2\n - libxslt\n - OpenGL\n - WebKit\n - WebKit Canvas\n\nNote that only 4th generation models are affected by the vulnerabilities.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-05-24T00:00:00", "type": "nessus", "title": "Apple TV < 9.2.1 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1801", "CVE-2016-1802", "CVE-2016-1803", "CVE-2016-1807", "CVE-2016-1808", "CVE-2016-1811", "CVE-2016-1813", "CVE-2016-1814", "CVE-2016-1817", "CVE-2016-1818", "CVE-2016-1819", "CVE-2016-1823", "CVE-2016-1824", "CVE-2016-1827", "CVE-2016-1828", "CVE-2016-1829", "CVE-2016-1830", "CVE-2016-1832", "CVE-2016-1833", "CVE-2016-1834", "CVE-2016-1836", "CVE-2016-1837", "CVE-2016-1838", "CVE-2016-1839", "CVE-2016-1840", "CVE-2016-1841", "CVE-2016-1847", "CVE-2016-1854", "CVE-2016-1855", "CVE-2016-1856", "CVE-2016-1857", "CVE-2016-1858", "CVE-2016-1859", "CVE-2016-4650"], "modified": "2019-11-14T00:00:00", "cpe": ["cpe:/a:apple:apple_tv"], "id": "APPLETV_9_2_1.NASL", "href": "https://www.tenable.com/plugins/nessus/91311", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91311);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/11/14\");\n\n script_cve_id(\n \"CVE-2016-1801\",\n \"CVE-2016-1802\",\n \"CVE-2016-1803\",\n \"CVE-2016-1807\",\n \"CVE-2016-1808\",\n \"CVE-2016-1811\",\n \"CVE-2016-1813\",\n \"CVE-2016-1814\",\n \"CVE-2016-1817\",\n \"CVE-2016-1818\",\n \"CVE-2016-1819\",\n \"CVE-2016-1823\",\n \"CVE-2016-1824\",\n \"CVE-2016-1827\",\n \"CVE-2016-1828\",\n \"CVE-2016-1829\",\n \"CVE-2016-1830\",\n \"CVE-2016-1832\",\n \"CVE-2016-1833\",\n \"CVE-2016-1834\",\n \"CVE-2016-1836\",\n \"CVE-2016-1837\",\n \"CVE-2016-1838\",\n \"CVE-2016-1839\",\n \"CVE-2016-1840\",\n \"CVE-2016-1841\",\n \"CVE-2016-1847\",\n \"CVE-2016-1854\",\n \"CVE-2016-1855\",\n \"CVE-2016-1856\",\n \"CVE-2016-1857\",\n \"CVE-2016-1858\",\n \"CVE-2016-1859\",\n \"CVE-2016-4650\"\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2016-05-16-1\");\n\n script_name(english:\"Apple TV < 9.2.1 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the build number.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of the remote Apple TV device is\nprior to 9.2.1. It is, therefore, affected by multiple vulnerabilities\nin the following components :\n\n - CFNetwork Proxies\n - CommonCrypto\n - CoreCapture\n - Disk Images\n - ImageIO\n - IOAcceleratorFamily\n - IOHIDFamily\n - Kernel\n - libc\n - libxml2\n - libxslt\n - OpenGL\n - WebKit\n - WebKit Canvas\n\nNote that only 4th generation models are affected by the\nvulnerabilities.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT206564\");\n # https://lists.apple.com/archives/security-announce/2016/May/msg00001.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?618f77f3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple TV version 9.2.1 or later. Note that this update is\nonly available for 4th generation models.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-4650\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:apple_tv\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"appletv_version.nasl\");\n script_require_keys(\"AppleTV/Version\", \"AppleTV/Model\", \"AppleTV/URL\", \"AppleTV/Port\");\n script_require_ports(\"Services/www\", 7000);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"appletv_func.inc\");\n\nurl = get_kb_item('AppleTV/URL');\nif (empty_or_null(url)) exit(0, 'Cannot determine Apple TV URL.');\nport = get_kb_item('AppleTV/Port');\nif (empty_or_null(port)) exit(0, 'Cannot determine Apple TV port.');\n\nbuild = get_kb_item('AppleTV/Version');\nif (empty_or_null(build)) audit(AUDIT_UNKNOWN_DEVICE_VER, 'Apple TV');\n\nmodel = get_kb_item('AppleTV/Model');\nif (empty_or_null(model)) exit(0, 'Cannot determine Apple TV model.');\n\nfixed_build = \"13Y772\";\ntvos_ver = '9.2.1';\n\n# determine gen from the model\ngen = APPLETV_MODEL_GEN[model];\n\nappletv_check_version(\n build : build,\n fix : fixed_build,\n affected_gen : 4,\n fix_tvos_ver : tvos_ver,\n model : model,\n gen : gen,\n port : port,\n url : url,\n severity : SECURITY_HOLE\n);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:41:36", "description": "The remote host is running a version of iOS that is prior to version 9.3.2 and the following components contain vulnerabilities :\n\n - Accessibility\n - CFNetwork Proxies\n - CommonCrypto\n - CoreCapture\n - Disk Images\n - ImageIO\n - IOAcceleratorFamily\n - IOHIDFamily\n - Kernel\n - libc\n - libxml2\n - libxslt\n - MapKit\n - OpenGL\n - Safari\n - Siri\n - WebKit\n - WebKit Canvas", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-05-26T00:00:00", "type": "nessus", "title": "Apple iOS < 9.3.2 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1833", "CVE-2016-1834", "CVE-2016-1835", "CVE-2016-1837", "CVE-2016-1838", "CVE-2016-1839", "CVE-2016-1840", "CVE-2016-1836", "CVE-2016-1854", "CVE-2016-1856", "CVE-2016-1857", "CVE-2016-1858", "CVE-2016-1859", "CVE-2016-1841", "CVE-2016-1802", "CVE-2016-1803", "CVE-2016-1807", "CVE-2016-1808", "CVE-2016-1811", "CVE-2016-1817", "CVE-2016-1818", "CVE-2016-1819", "CVE-2016-1813", "CVE-2016-1823", "CVE-2016-1824", "CVE-2016-1827", "CVE-2016-1828", "CVE-2016-1829", "CVE-2016-1830", "CVE-2016-1832", "CVE-2016-1842", "CVE-2016-1847", "CVE-2016-1801", "CVE-2016-1814", "CVE-2016-1855", "CVE-2016-1790", "CVE-2016-1831", "CVE-2016-1849", "CVE-2016-1852"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*"], "id": "9332.PRM", "href": "https://www.tenable.com/plugins/nnm/9332", "sourceData": "Binary data 9332.prm", "cvss": {"score": 9.3, "vector": "CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T14:57:02", "description": "The mobile device is running a version of iOS prior to 9.3.2. It is, therefore, affected by multiple vulnerabilities in the following components :\n\n - Accessibility\n - CFNetwork Proxies\n - CommonCrypto\n - CoreCapture\n - Disk Images\n - ImageIO\n - IOAcceleratorFamily\n - IOHIDFamily\n - Kernel\n - libc\n - libxml2\n - libxslt\n - MapKit\n - OpenGL\n - Safari\n - Siri\n - WebKit\n - WebKit Canvas", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-05-18T00:00:00", "type": "nessus", "title": "Apple iOS < 9.3.2 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1790", "CVE-2016-1801", "CVE-2016-1802", "CVE-2016-1803", "CVE-2016-1807", "CVE-2016-1808", "CVE-2016-1811", "CVE-2016-1813", "CVE-2016-1814", "CVE-2016-1817", "CVE-2016-1818", "CVE-2016-1819", "CVE-2016-1823", "CVE-2016-1824", "CVE-2016-1827", "CVE-2016-1828", "CVE-2016-1829", "CVE-2016-1830", "CVE-2016-1831", "CVE-2016-1832", "CVE-2016-1833", "CVE-2016-1834", "CVE-2016-1835", "CVE-2016-1836", "CVE-2016-1837", "CVE-2016-1838", "CVE-2016-1839", "CVE-2016-1840", "CVE-2016-1841", "CVE-2016-1842", "CVE-2016-1847", "CVE-2016-1849", "CVE-2016-1852", "CVE-2016-1854", "CVE-2016-1855", "CVE-2016-1856", "CVE-2016-1857", "CVE-2016-1858", "CVE-2016-1859"], "modified": "2022-02-14T00:00:00", "cpe": ["cpe:/o:apple:iphone_os"], "id": "APPLE_IOS_932_CHECK.NBIN", "href": "https://www.tenable.com/plugins/nessus/91225", "sourceData": "Binary data apple_ios_932_check.nbin", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:40:13", "description": "\nThe specific version of Mac OS X that the system is running is reportedly affected by the following vulnerabilities:\n\n- Apple Mac OS X contains a use-after-free error in the WindowServer process that is triggered when handling CFData objects in memory. This may allow a local attacker to dereference already freed memory and gain elevated privileges. (CVE-2016-1804)\n\n- Apple Mac OS X contains an array indexing flaw in the blit3d_submit_commands() function within the IOAcceleratorFamily component. This may allow a local attacker to corrupt memory and potentially execute arbitrary code with kernel privileges. (CVE-2016-1815)\n\n- Multiple Apple products contains a flaw as HTTP and HTTPS requests are not properly handled. This may allow an attacker with the ability to intercept network traffic (e.g. MitM, DNS cache poisoning) to disclose transmitted data. (CVE-2016-1801)\n\n- Multiple Apple products contain a flaw that is triggered when handling return values related to key lengths in CommonCrypto (CCCrypt). This may allow a local attacker to gain unauthorized access to sensitive user information. (CVE-2016-1802)\n\n- Multiple Apple products contain a NULL pointer dereference flaw in CoreCapture that is triggered as input is not properly validated. This may allow a local attacker to cause a crash or potentially execute arbitrary code with kernel privileges. (CVE-2016-1803)\n\n- Multiple Apple products contain a flaw related to disk images that is triggered by a race condition related to locking. This may allow a local attacker to gain unauthorized access to kernel memory information. (CVE-2016-1807)\n\n- Multiple Apple products contain a flaw that is triggered as user-supplied input is not properly validated when handling disk images. This may allow a local attacker to corrupt memory to cause a denial of service or potentially execute arbitrary code. (CVE-2016-1808)\n\n- Multiple Apple products contain a NULL pointer dereference flaw in ImageIO that is triggered when handling a specially crafted image. This may allow a context-dependent attacker to cause a denial of service. (CVE-2016-1811)\n\n- Multiple Apple products contain an overflow condition in the IOAcceleratorFamily component that is triggered as user-supplied input is not properly validated. This may allow a local attacker to cause a buffer overflow and potentially execute arbitrary code with kernel privileges. (CVE-2016-1817)\n\n- Multiple Apple products contains a flaw in the IOAcceleratorFamily component that is triggered as user-supplied input is not properly validated. This may allow a local attacker to corrupt memory and potentially execute arbitrary code with kernel privileges. (CVE-2016-1818)\n\n- Multiple Apple products contain a use-after-free condition in the IOAcceleratorFamily component that is triggered as user-supplied input is not properly validated. This may allow a local attacker to dereference already freed memory and potentially execute arbitrary code with kernel privileges. (CVE-2016-1819)\n\n- Multiple Apple products contain a NULL pointer dereference in IOAcceleratorFamily related to improper locking. This may allow a local attacker to cause a denial of service. (CVE-2016-1814)\n\n- Multiple Apple products contain a NULL pointer dereference in the IOAccelSharedUserClient2::page_off_resource() function that is triggered as user-supplied input is not properly sanitized. This may allow a local attacker to cause a crash or potentially execute arbitrary code with kernel privileges. (CVE-2016-1813)\n\n- Multiple Apple products contains an out-of-bounds access flaw in the IOHIDFamily component that is triggered as user-supplied input is not properly validated. This may allow a local attacker to corrupt memory and potentially execute arbitrary code with kernel privileges. (CVE-2016-1823)\n\n- Multiple Apple products contains a flaw in the IOHIDFamily component. The issue is triggered as user-supplied input is not properly validated. This may allow a local attacker to corrupt memory to cause a denial of service or potentially execute arbitrary code with kernel privileges. (CVE-2016-1824)\n\n- Multiple Apple products contain a flaw in the kernel. The issue is triggered as user-supplied input is not properly validated. This may allow a local attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code with kernel privileges. (CVE-2016-1827, CVE-2016-1828, CVE-2016-1829, CVE-2016-1830, CVE-2016-1831)\n\n- Multiple Apple products contains a flaw in libc. The issue is triggered as user-supplied input is not properly validated. This may allow a local attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-1832)\n\n- Libxml2 contains an overflow condition in the xmlStrncatNew() function of xmlstring.c . The issue is triggered as user-supplied input is not properly validated when handling a string with a NULL. With a specially crafted file, a context-dependent attacker can cause a heap-based buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code. (CVE-2016-1834)\n\n- Libxml2 contains a use-after-free error in the xmlParseStartTag2() function of parser.c. The issue is triggered when parsing complex names. With a specially crafted file, a context-dependent attacker can dereference already freed memory and potentially execute arbitrary code. (CVE-2016-1835)\n\n- Libxml2 contains a use-after-free error in the xmlParseNCNameComplex() function of parser.c. The issue is triggered when parsing complex names. With a specially crafted file, a context-dependent attacker can dereference already freed memory and potentially execute arbitrary code. (CVE-2016-1836)\n\n- Libxml2 contains an overflow condition in the htmlParseSystemLiteral() and htmlParsePubidLiteral() functions of HTMLparser.c. The issue is triggered as user-supplied input is not properly validated when parsing characters in a range. With a specially crafted file, a context-dependent attacker can cause a heap-based buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code. (CVE-2016-1837)\n\n- Libxml2 contains an overflow condition in the xmlFAParseCharRange() function of xmlregexp.c. The issue is triggered as user-supplied input is not properly validated when parsing characters in a range. With a specially crafted file, a context-dependent attacker can cause a heap-based buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code. (CVE-2016-1840)\n\n- Multiple Apple products contains a flaw in libxslt. The issue is triggered as user-supplied input is not properly validated when handling a specially crafted website. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1841)\n\n- Multiple Apple products contain a flaw in MapKit that is triggered as shared links are transferred insecurely over HTTP. This may potentially allow a man-in-the-middle attacker to gain unauthorized access to sensitive information in these links. (CVE-2016-1842)\n\n- Multiple Apple products contains a flaw in the OpenGL component. The issue is triggered as user-supplied input is not properly validated when handling specially crafted web content. This may allow a context-dependent attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-1847)\n\n- Apple Mac OS X contains a flaw in the AMD component. The issue is triggered as user-supplied input is not properly validated. This may allow a local attacker to corrupt memory and potentially execute arbitrary code with kernel privileges. (CVE-2016-1792)\n\n- Apple Mac OS X contains a flaw in the AMD component. The issue is triggered as bounds are not properly checked. This may allow a local attacker to determine kernel memory layout. (CVE-2016-1791)\n\n- Apple Mac OS X contains a NULL pointer dereference flaw in the AppleGraphicsControl component that is triggered as user-supplied input is not properly validated. This may allow a local attacker to cause a crash or potentially execute arbitrary code with kernel privileges. (CVE-2016-1793)\n\n- Apple Mac OS X contains a NULL pointer dereference flaw in the AppleGraphicsControlClient::checkArguments() function in AppleMuxControl.kext that is triggered as user-supplied input is not properly validated. This may allow a local attacker to cause a crash or potentially execute arbitrary code with kernel privileges. (CVE-2016-1794)\n\n- Apple Mac OS X contains a flaw in the AppleGraphicsPowerManagement component. The issue is triggered as user-supplied input is not properly validated. This may allow a local attacker to corrupt memory and potentially execute arbitrary code with kernel privileges. (CVE-2016-1795)\n\n- Apple Mac OS X contains an out-of-bounds read flaw in the ATS component. This may allow a local attacker to potentially disclose kernel memory layout. (CVE-2016-1796)\n\n- Apple Mac OS X contains a flaw in the ATS component that is triggered the sandbox policy is not properly implemented for FontValidator. This may allow a local attacker to potentially execute arbitrary code with system privileges. (CVE-2016-1797)\n\n- Apple Mac OS X contains a NULL pointer dereference flaw in the Audio component that is triggered as user-supplied input is not properly validated. This may allow a local attacker to cause a denial of service. (CVE-2016-1798)\n\n- Apple Mac OS X contains a flaw in the Audio component. The issue is triggered as user-supplied input is not properly validated. This may allow a local attacker to corrupt memory and potentially execute arbitrary code with kernel privileges. (CVE-2016-1799)\n\n- Apple Mac OS X contains a flaw in the Captive Network Assistant component that is triggered as URL schemes are not properly validated. This may allow a user-assisted, man-in-the-middle attacker to potentially execute arbitrary code. (CVE-2016-1800)\n\n- Apple Mac OS X contains an unspecified configuration flaw in the CoreStorage component. This may allow a local attacker to potentially execute arbitrary code with kernel privileges. (CVE-2016-1805)\n\n- Apple Mac OS X contains a flaw in the Crash Reporter component (com.apple.SubmitDiagInfo) that is triggered when handling user-supplied paths when creating directories. This may allow a local attacker to execute arbitrary code with root privileges. (CVE-2016-1806)\n\n- Apple Mac OS X contains a flaw in the Disk Utility component that is triggered as the incorrect keys were used to encrypt disk images. This may result in disk images not being properly compressed and encrypted. (CVE-2016-1809)\n\n- Apple Mac OS X contains a NULL pointer dereference flaw in the ImageIO component that is triggered when handling a specially crafted image. This may allow a context-dependent attacker to cause a denial of service. (CVE-2016-1810)\n\n- Apple Mac OS X contains an overflow condition in the Intel Graphics Driver component. The issue is triggered as user-supplied input is not properly validated. This may allow a local attacker to cause a buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code with kernel privileges. (CVE-2016-1812)\n\n- Apple Mac OS X contains a NULL pointer dereference in IOAcceleratorFamily that is triggered as user-supplied input is not properly sanitized. This may allow a local attacker to execute arbitrary code with kernel privileges. (CVE-2016-1816)\n\n- Apple Mac OS X contains an overflow condition in the IOAudioFamily component. The issue is triggered as user-supplied input is not properly validated. This may allow a local attacker to cause a buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code with kernel privileges. (CVE-2016-1820)\n\n- Apple Mac OS X contains a NULL pointer dereference in the IOAudioFamily component. This may allow a local attacker to cause a crash or potentially execute arbitrary code with kernel privileges. (CVE-2016-1821)\n\n- Apple Mac OS X contains a flaw in the IOFireWireFamily component. The issue is triggered as user-supplied input is not properly validated. This may allow a local attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code with kernel privileges. (CVE-2016-1822)\n\n- Apple Mac OS X contains multiple flaws in the IOHIDFamily component. These issues are triggered as user-supplied input is not properly validated. This may allow a local attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code with kernel privileges. (CVE-2016-1825)\n\n- Apple Mac OS X contains an integer overflow condition in its dtrace implementation. The issue is triggered as user-supplied input is not properly validated. This may allow a local attacker to execute arbitrary code with kernel privileges. (CVE-2016-1826)\n\n- Apple Mac OS X contains a flaw in the Messages component that is triggered by a failure to properly validate roster changes. This may allow an authenticated remote attacker, or a malicious server, to manipulate another user's contact list. (CVE-2016-1844)\n\n- Apple Mac OS X contains a flaw in the Messages component that is triggered by an encoding issue in filename parsing. This may allow a remote attacker to gain unauthorized access to potentially sensitive user information. (CVE-2016-1843)\n\n- Apple Mac OS X contains a NULL pointer dereference flaw in the nvCommandQueue::GetHandleIndex() function in the NVIDIA Graphics Driver (GeForce.kext). This may allow a local attacker to cause a crash or potentially execute arbitrary code with kernel privileges. (CVE-2016-1846)\n\n- Apple Mac OS X contains a flaw in the QuickTime component. The issue is triggered as user-supplied input is not properly validated when handling a specially crafted file. This may allow a context-dependent attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-1848)\n\n- Apple Mac OS X contains a flaw in the SceneKit component. The issue is triggered as user-supplied input is not properly validated when handling a specially crafted file. This may allow a context-dependent attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-1850)\n\n- Apple Mac OS X contains a flaw in the management of password profiles. This may allow a physically present attacker to bypass the screen lock and reset an expired password. (CVE-2016-1851)\n\n- Apple Mac OS X contains a flaw in the Tcl component related to the usage of SSLv2. This may potentially allow an attacker with the ability to intercept network traffic (e.g. MitM, DNS cache poisoning) to disclose transmitted data. (CVE-2016-1853)\n\n- Apple Mac OS X contains an overflow condition in the NVIDIA Graphics Driver (GeForce.kext). This may allow a local attacker to cause a stack-based buffer overflow and potentially execute arbitrary code with kernel privileges. (CVE-2016-1861)\n\n- No description supplied (CVE-2016-1833, CVE-2016-1839, CVE-2016-1815, CVE-2016-1804)\n", "cvss3": {"score": null, "vector": null}, "published": "2016-08-23T00:00:00", "type": "nessus", "title": "macOS < 10.11.5 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1833", "CVE-2016-1834", "CVE-2016-1835", "CVE-2016-1837", "CVE-2016-1839", "CVE-2016-1840", "CVE-2016-1836", "CVE-2016-1841", "CVE-2016-1802", "CVE-2016-1803", "CVE-2016-1807", "CVE-2016-1808", "CVE-2016-1811", "CVE-2016-1817", "CVE-2016-1818", "CVE-2016-1819", "CVE-2016-1813", "CVE-2016-1823", "CVE-2016-1824", "CVE-2016-1827", "CVE-2016-1828", "CVE-2016-1829", "CVE-2016-1830", "CVE-2016-1832", "CVE-2016-1842", "CVE-2016-1847", "CVE-2016-1801", "CVE-2016-1814", "CVE-2016-1831", "CVE-2016-1792", "CVE-2016-1791", "CVE-2016-1793", "CVE-2016-1794", "CVE-2016-1795", "CVE-2016-1796", "CVE-2016-1797", "CVE-2016-1798", "CVE-2016-1799", "CVE-2016-1800", "CVE-2016-1805", "CVE-2016-1806", "CVE-2016-1809", "CVE-2016-1810", "CVE-2016-1812", "CVE-2016-1815", "CVE-2016-1816", "CVE-2016-1820", "CVE-2016-1821", "CVE-2016-1822", "CVE-2016-1825", "CVE-2016-1826", "CVE-2016-1844", "CVE-2016-1843", "CVE-2016-1804", "CVE-2016-1846", "CVE-2016-1861", "CVE-2016-1848", "CVE-2016-1850", "CVE-2016-1851", "CVE-2016-1853"], "modified": "2016-08-23T00:00:00", "cpe": [], "id": "802004.PRM", "href": "https://www.tenable.com/plugins/lce/802004", "sourceData": "Binary data 802004.prm", "cvss": {"score": 9.3, "vector": "CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-16T13:56:03", "description": "The remote host is running a version of Mac OS X that is 10.11.x prior to 10.11.5. It is, therefore, affected by multiple vulnerabilities in the following components :\n\n - AMD\n - apache_mod_php\n - AppleGraphicsControl\n - AppleGraphicsPowerManagement\n - Assistant\n - ATS\n - Audio\n - Captive\n - CFNetwork\n - CommonCrypto\n - CoreCapture\n - CoreStorage\n - Crash\n - Disk\n - Disk\n - Driver\n - Drivers\n - Drivers\n - Graphics\n - Graphics\n - Graphics\n - ImageIO\n - Images\n - Intel\n - IOAcceleratorFamily\n - IOAudioFamily\n - IOFireWireFamily\n - IOHIDFamily\n - Kernel\n - libc\n - libxml2\n - libxslt\n - Lock\n - MapKit\n - Messages\n - Multi-Touch\n - Network\n - NVIDIA\n - OpenGL\n - Proxies\n - QuickTime\n - Reporter\n - SceneKit\n - Screen\n - Tcl\n - Utility\n\nNote that successful exploitation of the most serious issues can result in arbitrary code execution.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-05-19T00:00:00", "type": "nessus", "title": "Mac OS X 10.11.x < 10.11.5 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1792", "CVE-2016-1793", "CVE-2016-1794", "CVE-2016-1795", "CVE-2016-1796", "CVE-2016-1797", "CVE-2016-1798", "CVE-2016-1799", "CVE-2016-1801", "CVE-2016-1802", "CVE-2016-1803", "CVE-2016-1804", "CVE-2016-1805", "CVE-2016-1806", "CVE-2016-1807", "CVE-2016-1808", "CVE-2016-1809", "CVE-2016-1810", "CVE-2016-1811", "CVE-2016-1812", "CVE-2016-1813", "CVE-2016-1814", "CVE-2016-1815", "CVE-2016-1816", "CVE-2016-1817", "CVE-2016-1818", "CVE-2016-1819", "CVE-2016-1820", "CVE-2016-1821", "CVE-2016-1822", "CVE-2016-1823", "CVE-2016-1824", "CVE-2016-1825", "CVE-2016-1826", "CVE-2016-1827", "CVE-2016-1828", "CVE-2016-1829", "CVE-2016-1830", "CVE-2016-1831", "CVE-2016-1832", "CVE-2016-1833", "CVE-2016-1834", "CVE-2016-1835", "CVE-2016-1836", "CVE-2016-1837", "CVE-2016-1838", "CVE-2016-1839", "CVE-2016-1840", "CVE-2016-1842", "CVE-2016-1843", "CVE-2016-1844", "CVE-2016-1846", "CVE-2016-1848", "CVE-2016-1850", "CVE-2016-1851", "CVE-2016-1853", "CVE-2016-1861", "CVE-2016-3141", "CVE-2016-3142", "CVE-2016-4070", "CVE-2016-4071", "CVE-2016-4072", "CVE-2016-4073", "CVE-2016-4650"], "modified": "2019-11-19T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_10_11_5.NASL", "href": "https://www.tenable.com/plugins/nessus/91228", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91228);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/11/19\");\n\n script_cve_id(\n \"CVE-2016-1792\",\n \"CVE-2016-1793\",\n \"CVE-2016-1794\",\n \"CVE-2016-1795\",\n \"CVE-2016-1796\",\n \"CVE-2016-1797\",\n \"CVE-2016-1798\",\n \"CVE-2016-1799\",\n \"CVE-2016-1801\",\n \"CVE-2016-1802\",\n \"CVE-2016-1803\",\n \"CVE-2016-1804\",\n \"CVE-2016-1805\",\n \"CVE-2016-1806\",\n \"CVE-2016-1807\",\n \"CVE-2016-1808\",\n \"CVE-2016-1809\",\n \"CVE-2016-1810\",\n \"CVE-2016-1811\",\n \"CVE-2016-1812\",\n \"CVE-2016-1813\",\n \"CVE-2016-1814\",\n \"CVE-2016-1815\",\n \"CVE-2016-1816\",\n \"CVE-2016-1817\",\n \"CVE-2016-1818\",\n \"CVE-2016-1819\",\n \"CVE-2016-1820\",\n \"CVE-2016-1821\",\n \"CVE-2016-1822\",\n \"CVE-2016-1823\",\n \"CVE-2016-1824\",\n \"CVE-2016-1825\",\n \"CVE-2016-1826\",\n \"CVE-2016-1827\",\n \"CVE-2016-1828\",\n \"CVE-2016-1829\",\n \"CVE-2016-1830\",\n \"CVE-2016-1831\",\n \"CVE-2016-1832\",\n \"CVE-2016-1833\",\n \"CVE-2016-1834\",\n \"CVE-2016-1835\",\n \"CVE-2016-1836\",\n \"CVE-2016-1837\",\n \"CVE-2016-1838\",\n \"CVE-2016-1839\",\n \"CVE-2016-1840\",\n \"CVE-2016-1842\",\n \"CVE-2016-1843\",\n \"CVE-2016-1844\",\n \"CVE-2016-1846\",\n \"CVE-2016-1848\",\n \"CVE-2016-1850\",\n \"CVE-2016-1851\",\n \"CVE-2016-1853\",\n \"CVE-2016-1861\",\n \"CVE-2016-3141\",\n \"CVE-2016-3142\",\n \"CVE-2016-4070\",\n \"CVE-2016-4071\",\n \"CVE-2016-4072\",\n \"CVE-2016-4073\",\n \"CVE-2016-4650\"\n );\n script_bugtraq_id(\n 84271,\n 84306,\n 85800,\n 85801,\n 85991,\n 85993,\n 90692,\n 90694,\n 90696,\n 90697,\n 90698,\n 90801,\n 91353,\n 92034\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2016-05-16-4\");\n\n script_name(english:\"Mac OS X 10.11.x < 10.11.5 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of Mac OS X.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X that is 10.11.x prior\nto 10.11.5. It is, therefore, affected by multiple vulnerabilities in\nthe following components :\n\n - AMD\n - apache_mod_php\n - AppleGraphicsControl\n - AppleGraphicsPowerManagement\n - Assistant\n - ATS\n - Audio\n - Captive\n - CFNetwork\n - CommonCrypto\n - CoreCapture\n - CoreStorage\n - Crash\n - Disk\n - Disk\n - Driver\n - Drivers\n - Drivers\n - Graphics\n - Graphics\n - Graphics\n - ImageIO\n - Images\n - Intel\n - IOAcceleratorFamily\n - IOAudioFamily\n - IOFireWireFamily\n - IOHIDFamily\n - Kernel\n - libc\n - libxml2\n - libxslt\n - Lock\n - MapKit\n - Messages\n - Multi-Touch\n - Network\n - NVIDIA\n - OpenGL\n - Proxies\n - QuickTime\n - Reporter\n - SceneKit\n - Screen\n - Tcl\n - Utility\n\nNote that successful exploitation of the most serious issues can\nresult in arbitrary code execution.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT206567\");\n # http://lists.apple.com/archives/security-announce/2016/May/msg00004.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?46de3fda\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mac OS X version 10.11.5 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-4650\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"os_fingerprint.nasl\");\n script_require_ports(\"Host/MacOSX/Version\", \"Host/OS\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os)\n{\n os = get_kb_item_or_exit(\"Host/OS\");\n if (\"Mac OS X\" >!< os)\n audit(AUDIT_OS_NOT, \"Mac OS X\");\n\n c = get_kb_item(\"Host/OS/Confidence\");\n if (c <= 70)\n exit(1, \"Cannot determine the host's OS with sufficient confidence.\");\n}\nif (!os)\n audit(AUDIT_OS_NOT, \"Mac OS X\");\n\nmatch = eregmatch(pattern:\"Mac OS X ([0-9]+(\\.[0-9]+)+)\", string:os);\nif (isnull(match)) exit(1, \"Failed to parse the Mac OS X version ('\" + os + \"').\");\n\nversion = match[1];\n\nif (\n version !~ \"^10\\.11([^0-9]|$)\"\n) audit(AUDIT_OS_NOT, \"Mac OS X 10.11 or later\", \"Mac OS X \"+version);\n\nfix = \"10.11.5\";\nif (ver_compare(ver:version, fix:fix, strict:FALSE) == -1)\n{\n items = make_array(\"Installed version\", version,\n \"Fixed version\", fix\n );\n order = make_list(\"Installed version\", \"Fixed version\");\n report = report_items_str(report_items:items, ordered_fields:order);\n\n security_report_v4(port:0, extra:report, severity:SECURITY_HOLE);\n exit(0);\n\n }\nelse\n audit(AUDIT_INST_VER_NOT_VULN, \"Mac OS X\", version);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:41:08", "description": "The remote host is running a version of Mac OS X version 10.11.x prior to 10.11.5 and is affected by multiple vulnerabilities in the following components :\n\n - AMD\n - apache_mod_php\n - AppleGraphicsControl\n - AppleGraphicsPowerManagement\n - ATS\n - Audio\n - Captive Network Assistant\n - CFNetwork Proxies\n - CommonCrypto\n - CoreCapture\n - CoreStorage\n - Crash Reporter\n - Disk Images\n - Disk Utility\n - Graphics Drivers\n - ImageIO\n - Intel Graphics Driver\n - IOAcceleratorFamily\n - IOAudioFamily\n - IOFireWireFamily\n - IOHIDFamilyKernel\n - libc\n - libxml2\n - libxslt\n - MapKit\n - Messages\n - Multi-Touch\n - NVIDIA Graphics Drivers\n - OpenGL\n - QuickTime\n - SceneKit\n - Screen Lock\n - Tcl", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-07-13T00:00:00", "type": "nessus", "title": "Mac OS X 10.11.x < 10.11.5 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3141", "CVE-2016-3142", "CVE-2016-4070", "CVE-2016-4073", "CVE-2016-1833", "CVE-2016-1834", "CVE-2016-1835", "CVE-2016-1837", "CVE-2016-1838", "CVE-2016-1839", "CVE-2016-1840", "CVE-2016-4071", "CVE-2016-4072", "CVE-2016-1836", "CVE-2015-8865", "CVE-2016-1841", "CVE-2016-1802", "CVE-2016-1803", "CVE-2016-1807", "CVE-2016-1808", "CVE-2016-1811", "CVE-2016-1817", "CVE-2016-1818", "CVE-2016-1819", "CVE-2016-1813", "CVE-2016-1823", "CVE-2016-1824", "CVE-2016-1827", "CVE-2016-1828", "CVE-2016-1829", "CVE-2016-1830", "CVE-2016-1832", "CVE-2016-1842", "CVE-2016-1847", "CVE-2016-1801", "CVE-2016-1814", "CVE-2016-1831", "CVE-2016-1792", "CVE-2016-1791", "CVE-2016-1793", "CVE-2016-1794", "CVE-2016-1795", "CVE-2016-1796", "CVE-2016-1797", "CVE-2016-1798", "CVE-2016-1799", "CVE-2016-1800", "CVE-2016-1805", "CVE-2016-1806", "CVE-2016-1809", "CVE-2016-1810", "CVE-2016-1812", "CVE-2016-1860", "CVE-2016-1862", "CVE-2016-1815", "CVE-2016-1816", "CVE-2016-1820", "CVE-2016-1821", "CVE-2016-1822", "CVE-2016-1825", "CVE-2016-1826", "CVE-2016-1844", "CVE-2016-1843", "CVE-2016-1804", "CVE-2016-1846", "CVE-2016-1861", "CVE-2016-1848", "CVE-2016-1850", "CVE-2016-1851", "CVE-2016-1853"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*"], "id": "9392.PRM", "href": "https://www.tenable.com/plugins/nnm/9392", "sourceData": "Binary data 9392.prm", "cvss": {"score": 9.3, "vector": "CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2020-01-31T18:34:27", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-06-17T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for libxml2 (openSUSE-SU-2016:1594-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3705", "CVE-2016-1840", "CVE-2016-1836", "CVE-2016-1762", "CVE-2016-1834", "CVE-2016-3627", "CVE-2016-4483", "CVE-2016-1835", "CVE-2016-1837", "CVE-2016-1838", "CVE-2016-1839", "CVE-2016-1833"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851340", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851340", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851340\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-06-17 05:19:58 +0200 (Fri, 17 Jun 2016)\");\n script_cve_id(\"CVE-2016-1762\", \"CVE-2016-1833\", \"CVE-2016-1834\", \"CVE-2016-1835\",\n \"CVE-2016-1836\", \"CVE-2016-1837\", \"CVE-2016-1838\", \"CVE-2016-1839\",\n \"CVE-2016-1840\", \"CVE-2016-3627\", \"CVE-2016-3705\", \"CVE-2016-4483\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for libxml2 (openSUSE-SU-2016:1594-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libxml2'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update brings libxml2 to version 2.9.4.\n\n These security issues were fixed:\n\n - CVE-2016-3627: The xmlStringGetNodeList function in tree.c, when used in\n recovery mode, allowed context-dependent attackers to cause a denial of\n service (infinite recursion, stack consumption, and application crash)\n via a crafted XML document (bsc#972335).\n\n - CVE-2016-1833: libxml2 allowed remote attackers to execute arbitrary\n code or cause a denial of service (memory corruption) via a crafted XML\n document, a different vulnerability than CVE-2016-1834, CVE-2016-1836,\n CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, and CVE-2016-1840\n (bsc#981108).\n\n - CVE-2016-1835: libxml2 allowed remote attackers to execute arbitrary\n code or cause a denial of service (memory corruption) via a crafted XML\n document (bsc#981109).\n\n - CVE-2016-1837: libxml2 allowed remote attackers to execute arbitrary\n code or cause a denial of service (memory corruption) via a crafted XML\n document, a different vulnerability than CVE-2016-1833, CVE-2016-1834,\n CVE-2016-1836, CVE-2016-1838, CVE-2016-1839, and CVE-2016-1840\n (bsc#981111).\n\n - CVE-2016-1836: libxml2 allowed remote attackers to execute arbitrary\n code or cause a denial of service (memory corruption) via a crafted XML\n document, a different vulnerability than CVE-2016-1833, CVE-2016-1834,\n CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, and CVE-2016-1840\n (bsc#981110).\n\n - CVE-2016-1839: libxml2 allowed remote attackers to execute arbitrary\n code or cause a denial of service (memory corruption) via a crafted XML\n document, a different vulnerability than CVE-2016-1833, CVE-2016-1834,\n CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, and CVE-2016-1840\n (bsc#981114).\n\n - CVE-2016-1838: libxml2 allowed remote attackers to execute arbitrary\n code or cause a denial of service (memory corruption) via a crafted XML\n document, a different vulnerability than CVE-2016-1833, CVE-2016-1834,\n CVE-2016-1836, CVE-2016-1837, CVE-2016-1839, and CVE-2016-1840\n (bsc#981112).\n\n - CVE-2016-1840: libxml2 allowed remote attackers to execute arbitrary\n code or cause a denial of service (memory corruption) via a crafted XML\n document, a different vulnerability than CVE-2016-1833, CVE-2016-1834,\n CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, and CVE-2016-1839\n (bsc#981115).\n\n - CVE-2016-4483: out-of-bounds read parsing an XML using recover mode\n (bnc#978395).\n\n - CVE-2016-1834: libxml2 allowed remote attackers to execute arbitrary\n code or cause a denial of service (memory corruption) via a crafted XML\n document, a different vulnerability than CVE-2016-1833, CVE-2016-1836,\n ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"libxml2 on openSUSE 13.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:1594-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.2\")\n{\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-2\", rpm:\"libxml2-2~2.9.4~7.17.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-2-debuginfo\", rpm:\"libxml2-2-debuginfo~2.9.4~7.17.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-debugsource\", rpm:\"libxml2-debugsource~2.9.4~7.17.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.9.4~7.17.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-tools\", rpm:\"libxml2-tools~2.9.4~7.17.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-tools-debuginfo\", rpm:\"libxml2-tools-debuginfo~2.9.4~7.17.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-libxml2\", rpm:\"python-libxml2~2.9.4~7.17.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-libxml2-debuginfo\", rpm:\"python-libxml2-debuginfo~2.9.4~7.17.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-libxml2-debugsource\", rpm:\"python-libxml2-debugsource~2.9.4~7.17.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-2-32bit\", rpm:\"libxml2-2-32bit~2.9.4~7.17.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-2-debuginfo-32bit\", rpm:\"libxml2-2-debuginfo-32bit~2.9.4~7.17.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-devel-32bit\", rpm:\"libxml2-devel-32bit~2.9.4~7.17.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-doc\", rpm:\"libxml2-doc~2.9.4~7.17.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-17T22:56:07", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2016-10-26T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2016-719)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3705", "CVE-2016-1840", "CVE-2016-1836", "CVE-2016-1762", "CVE-2016-1834", "CVE-2016-3627", "CVE-2016-1835", "CVE-2016-4449", "CVE-2016-1837", "CVE-2016-4448", "CVE-2016-1838", "CVE-2016-1839", "CVE-2016-4447", "CVE-2016-1833"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120708", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120708", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120708\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2016-10-26 15:38:14 +0300 (Wed, 26 Oct 2016)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2016-719)\");\n script_tag(name:\"insight\", value:\"A heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or execute arbitrary code with the permissions of the user running the application. (CVE-2016-1834, CVE-2016-1840 )Multiple denial of service flaws were found in libxml2. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, could cause that application to crash. (CVE-2016-1762, CVE-2016-1833, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449 )\");\n script_tag(name:\"solution\", value:\"Run yum update libxml2 to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2016-719.html\");\n script_cve_id(\"CVE-2016-4448\", \"CVE-2016-4449\", \"CVE-2016-1835\", \"CVE-2016-3705\", \"CVE-2016-4447\", \"CVE-2016-1834\", \"CVE-2016-1840\", \"CVE-2016-1836\", \"CVE-2016-1837\", \"CVE-2016-3627\", \"CVE-2016-1833\", \"CVE-2016-1838\", \"CVE-2016-1839\", \"CVE-2016-1762\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"debuginfo\", rpm:\"debuginfo~2.9.1~6.3.49.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"static\", rpm:\"static~2.9.1~6.3.49.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"devel\", rpm:\"devel~2.9.1~6.3.49.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:05", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-06-24T00:00:00", "type": "openvas", "title": "RedHat Update for libxml2 RHSA-2016:1292-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3705", "CVE-2016-1840", "CVE-2016-1836", "CVE-2016-1762", "CVE-2016-1834", "CVE-2016-3627", "CVE-2016-1835", "CVE-2016-4449", "CVE-2016-1837", "CVE-2016-4448", "CVE-2016-1838", "CVE-2016-1839", "CVE-2016-4447", "CVE-2016-1833"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871634", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871634", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for libxml2 RHSA-2016:1292-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871634\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-24 05:25:35 +0200 (Fri, 24 Jun 2016)\");\n script_cve_id(\"CVE-2016-1762\", \"CVE-2016-1833\", \"CVE-2016-1834\", \"CVE-2016-1835\",\n \"CVE-2016-1836\", \"CVE-2016-1837\", \"CVE-2016-1838\", \"CVE-2016-1839\",\n \"CVE-2016-1840\", \"CVE-2016-3627\", \"CVE-2016-3705\", \"CVE-2016-4447\",\n \"CVE-2016-4448\", \"CVE-2016-4449\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for libxml2 RHSA-2016:1292-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libxml2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The libxml2 library is a development\ntoolbox providing the implementation of various XML standards.\n\nSecurity Fix(es):\n\nA heap-based buffer overflow flaw was found in the way libxml2 parsed\ncertain crafted XML input. A remote attacker could provide a specially\ncrafted XML file that, when opened in an application linked against\nlibxml2, would cause the application to crash or execute arbitrary code\nwith the permissions of the user running the application. (CVE-2016-1834,\nCVE-2016-1840)\n\nMultiple denial of service flaws were found in libxml2. A remote attacker\ncould provide a specially crafted XML file that, when processed by an\napplication using libxml2, could cause that application to crash.\n(CVE-2016-1762, CVE-2016-1833, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837,\nCVE-2016-1838, CVE-2016-1839, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447,\nCVE-2016-4448, CVE-2016-4449)\");\n script_tag(name:\"affected\", value:\"libxml2 on Red Hat Enterprise Linux\n Server (v. 6),\n Red Hat Enterprise Linux Server (v. 7),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2016:1292-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2016-June/msg00022.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(7|6)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.9.1~6.el7_2.3\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-debuginfo\", rpm:\"libxml2-debuginfo~2.9.1~6.el7_2.3\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.9.1~6.el7_2.3\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.9.1~6.el7_2.3\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.7.6~21.el6_8.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-debuginfo\", rpm:\"libxml2-debuginfo~2.7.6~21.el6_8.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.7.6~21.el6_8.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.7.6~21.el6_8.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:07", "description": "Check the version of libxml2", "cvss3": {}, "published": "2016-06-24T00:00:00", "type": "openvas", "title": "CentOS Update for libxml2 CESA-2016:1292 centos6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3705", "CVE-2016-1840", "CVE-2016-1836", "CVE-2016-1762", "CVE-2016-1834", "CVE-2016-3627", "CVE-2016-1835", "CVE-2016-4449", "CVE-2016-1837", "CVE-2016-4448", "CVE-2016-1838", "CVE-2016-1839", "CVE-2016-4447", "CVE-2016-1833"], "modified": "2019-03-08T00:00:00", "id": "OPENVAS:1361412562310882513", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882513", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libxml2 CESA-2016:1292 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882513\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-24 05:26:46 +0200 (Fri, 24 Jun 2016)\");\n script_cve_id(\"CVE-2016-1762\", \"CVE-2016-1833\", \"CVE-2016-1834\", \"CVE-2016-1835\",\n \"CVE-2016-1836\", \"CVE-2016-1837\", \"CVE-2016-1838\", \"CVE-2016-1839\",\n \"CVE-2016-1840\", \"CVE-2016-3627\", \"CVE-2016-3705\", \"CVE-2016-4447\",\n \"CVE-2016-4448\", \"CVE-2016-4449\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for libxml2 CESA-2016:1292 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of libxml2\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The libxml2 library is a development toolbox\nproviding the implementation of various XML standards.\n\nSecurity Fix(es):\n\nA heap-based buffer overflow flaw was found in the way libxml2 parsed\ncertain crafted XML input. A remote attacker could provide a specially\ncrafted XML file that, when opened in an application linked against\nlibxml2, would cause the application to crash or execute arbitrary code\nwith the permissions of the user running the application. (CVE-2016-1834,\nCVE-2016-1840)\n\nMultiple denial of service flaws were found in libxml2. A remote attacker\ncould provide a specially crafted XML file that, when processed by an\napplication using libxml2, could cause that application to crash.\n(CVE-2016-1762, CVE-2016-1833, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837,\nCVE-2016-1838, CVE-2016-1839, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447,\nCVE-2016-4448, CVE-2016-4449)\");\n script_tag(name:\"affected\", value:\"libxml2 on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2016:1292\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2016-June/021917.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.7.6~21.el6_8.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.7.6~21.el6_8.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.7.6~21.el6_8.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-static\", rpm:\"libxml2-static~2.7.6~21.el6_8.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:07", "description": "Check the version of libxml2", "cvss3": {}, "published": "2016-06-24T00:00:00", "type": "openvas", "title": "CentOS Update for libxml2 CESA-2016:1292 centos7", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3705", "CVE-2016-1840", "CVE-2016-1836", "CVE-2016-1762", "CVE-2016-1834", "CVE-2016-3627", "CVE-2016-1835", "CVE-2016-4449", "CVE-2016-1837", "CVE-2016-4448", "CVE-2016-1838", "CVE-2016-1839", "CVE-2016-4447", "CVE-2016-1833"], "modified": "2019-03-08T00:00:00", "id": "OPENVAS:1361412562310882515", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882515", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libxml2 CESA-2016:1292 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882515\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-24 05:27:06 +0200 (Fri, 24 Jun 2016)\");\n script_cve_id(\"CVE-2016-1762\", \"CVE-2016-1833\", \"CVE-2016-1834\", \"CVE-2016-1835\",\n \"CVE-2016-1836\", \"CVE-2016-1837\", \"CVE-2016-1838\", \"CVE-2016-1839\",\n \"CVE-2016-1840\", \"CVE-2016-3627\", \"CVE-2016-3705\", \"CVE-2016-4447\",\n \"CVE-2016-4448\", \"CVE-2016-4449\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for libxml2 CESA-2016:1292 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of libxml2\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The libxml2 library is a development toolbox\nproviding the implementation of various XML standards.\n\nSecurity Fix(es):\n\nA heap-based buffer overflow flaw was found in the way libxml2 parsed\ncertain crafted XML input. A remote attacker could provide a specially\ncrafted XML file that, when opened in an application linked against\nlibxml2, would cause the application to crash or execute arbitrary code\nwith the permissions of the user running the application. (CVE-2016-1834,\nCVE-2016-1840)\n\nMultiple denial of service flaws were found in libxml2. A remote attacker\ncould provide a specially crafted XML file that, when processed by an\napplication using libxml2, could cause that application to crash.\n(CVE-2016-1762, CVE-2016-1833, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837,\nCVE-2016-1838, CVE-2016-1839, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447,\nCVE-2016-4448, CVE-2016-4449)\");\n script_tag(name:\"affected\", value:\"libxml2 on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2016:1292\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2016-June/021929.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.9.1~6.el7_2.3\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.9.1~6.el7_2.3\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.9.1~6.el7_2.3\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-static\", rpm:\"libxml2-static~2.9.1~6.el7_2.3\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:35:54", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-06-10T00:00:00", "type": "openvas", "title": "SUSE: Security Advisory for libxml2 (SUSE-SU-2016:1538-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3705", "CVE-2016-1840", "CVE-2016-1762", "CVE-2016-1834", "CVE-2016-4483", "CVE-2016-1835", "CVE-2016-4449", "CVE-2016-1837", "CVE-2016-4448", "CVE-2016-1838", "CVE-2016-1839", "CVE-2016-4447", "CVE-2015-8806", "CVE-2016-2073", "CVE-2016-1833"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851331", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851331", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851331\");\n script_version(\"2020-01-31T07:58:03+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 07:58:03 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-06-10 05:23:45 +0200 (Fri, 10 Jun 2016)\");\n script_cve_id(\"CVE-2015-8806\", \"CVE-2016-1762\", \"CVE-2016-1833\", \"CVE-2016-1834\",\n \"CVE-2016-1835\", \"CVE-2016-1837\", \"CVE-2016-1838\", \"CVE-2016-1839\",\n \"CVE-2016-1840\", \"CVE-2016-2073\", \"CVE-2016-3705\", \"CVE-2016-4447\",\n \"CVE-2016-4448\", \"CVE-2016-4449\", \"CVE-2016-4483\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SUSE: Security Advisory for libxml2 (SUSE-SU-2016:1538-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libxml2'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for libxml2 fixes the following security issues:\n\n - CVE-2016-2073, CVE-2015-8806, CVE-2016-1839: A Heap-buffer overread was\n fixed in libxml2/dict.c [bsc#963963, bsc#965283, bsc#981114].\n\n - CVE-2016-4483: Code was added to avoid an out of bound access when\n serializing malformed strings [bsc#978395].\n\n - CVE-2016-1762: Fixed a heap-based buffer overread in xmlNextChar\n [bsc#981040].\n\n - CVE-2016-1834: Fixed a heap-buffer-overflow in xmlStrncat [bsc#981041].\n\n - CVE-2016-1833: Fixed a heap-based buffer overread in htmlCurrentChar\n [bsc#981108].\n\n - CVE-2016-1835: Fixed a heap use-after-free in xmlSAX2AttributeNs\n [bsc#981109].\n\n - CVE-2016-1837: Fixed a heap use-after-free in htmlParsePubidLiteral and\n htmlParseSystemiteral [bsc#981111].\n\n - CVE-2016-1838: Fixed a heap-based buffer overread in\n xmlParserPrintFileContextInternal [bsc#981112].\n\n - CVE-2016-1840: Fixed a heap-buffer-overflow in xmlFAParsePosCharGroup\n [bsc#981115].\n\n - CVE-2016-4447: Fixed a heap-based buffer-underreads due to xmlParseName\n [bsc#981548].\n\n - CVE-2016-4448: Fixed some format string warnings with possible format\n string vulnerability [bsc#981549],\n\n - CVE-2016-4449: Fixed inappropriate fetch of entities content\n [bsc#981550].\n\n - CVE-2016-3705: Fixed missing increment of recursion counter.\");\n\n script_tag(name:\"affected\", value:\"libxml2 on SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Desktop 12\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"SUSE-SU\", value:\"2016:1538-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(SLED12\\.0SP0|SLES12\\.0SP0)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"SLED12.0SP0\") {\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-2\", rpm:\"libxml2-2~2.9.1~24.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-2-32bit\", rpm:\"libxml2-2-32bit~2.9.1~24.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-2-debuginfo\", rpm:\"libxml2-2-debuginfo~2.9.1~24.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-2-debuginfo-32bit\", rpm:\"libxml2-2-debuginfo-32bit~2.9.1~24.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-debugsource\", rpm:\"libxml2-debugsource~2.9.1~24.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-tools\", rpm:\"libxml2-tools~2.9.1~24.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-tools-debuginfo\", rpm:\"libxml2-tools-debuginfo~2.9.1~24.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-libxml2\", rpm:\"python-libxml2~2.9.1~24.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-libxml2-debuginfo\", rpm:\"python-libxml2-debuginfo~2.9.1~24.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-libxml2-debugsource\", rpm:\"python-libxml2-debugsource~2.9.1~24.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"SLES12.0SP0\") {\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-2\", rpm:\"libxml2-2~2.9.1~24.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-2-debuginfo\", rpm:\"libxml2-2-debuginfo~2.9.1~24.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-debugsource\", rpm:\"libxml2-debugsource~2.9.1~24.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-tools\", rpm:\"libxml2-tools~2.9.1~24.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-tools-debuginfo\", rpm:\"libxml2-tools-debuginfo~2.9.1~24.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-libxml2\", rpm:\"python-libxml2~2.9.1~24.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-libxml2-debuginfo\", rpm:\"python-libxml2-debuginfo~2.9.1~24.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-libxml2-debugsource\", rpm:\"python-libxml2-debugsource~2.9.1~24.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-2-32bit\", rpm:\"libxml2-2-32bit~2.9.1~24.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-2-debuginfo-32bit\", rpm:\"libxml2-2-debuginfo-32bit~2.9.1~24.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-doc\", rpm:\"libxml2-doc~2.9.1~24.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:58", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-04-20T00:00:00", "type": "openvas", "title": "Fedora Update for libxml2 FEDORA-2017-be8574d593", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1840", "CVE-2016-1836", "CVE-2016-1762", "CVE-2016-1834", "CVE-2016-9318", "CVE-2016-1835", "CVE-2016-4449", "CVE-2016-1837", "CVE-2016-4448", "CVE-2016-1838", "CVE-2016-5131", "CVE-2016-1839", "CVE-2016-4447", "CVE-2016-4658", "CVE-2016-1833"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872590", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872590", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libxml2 FEDORA-2017-be8574d593\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872590\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-04-20 06:41:10 +0200 (Thu, 20 Apr 2017)\");\n script_cve_id(\"CVE-2016-9318\", \"CVE-2016-4658\", \"CVE-2016-5131\", \"CVE-2016-1762\",\n \"CVE-2016-1834\", \"CVE-2016-1840\", \"CVE-2016-1838\", \"CVE-2016-1839\",\n \"CVE-2016-1836\", \"CVE-2016-4449\", \"CVE-2016-4448\", \"CVE-2016-1837\",\n \"CVE-2016-1835\", \"CVE-2016-4447\", \"CVE-2016-1833\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for libxml2 FEDORA-2017-be8574d593\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libxml2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"libxml2 on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-be8574d593\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LAU7AKDLMTZM2WRM2TPNPFLYQCKYMG7G\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.9.4~2.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:07", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-04-20T00:00:00", "type": "openvas", "title": "Fedora Update for libxml2 FEDORA-2017-a3a47973eb", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1840", "CVE-2016-1836", "CVE-2016-1762", "CVE-2016-1834", "CVE-2016-9318", "CVE-2016-1835", "CVE-2016-4449", "CVE-2016-1837", "CVE-2016-4448", "CVE-2016-1838", "CVE-2016-5131", "CVE-2016-1839", "CVE-2016-4447", "CVE-2016-4658", "CVE-2016-1833"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872591", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872591", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libxml2 FEDORA-2017-a3a47973eb\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872591\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-04-20 06:41:51 +0200 (Thu, 20 Apr 2017)\");\n script_cve_id(\"CVE-2016-9318\", \"CVE-2016-4658\", \"CVE-2016-5131\", \"CVE-2016-1762\",\n \"CVE-2016-1834\", \"CVE-2016-1840\", \"CVE-2016-1838\", \"CVE-2016-1839\",\n \"CVE-2016-1836\", \"CVE-2016-4449\", \"CVE-2016-4448\", \"CVE-2016-1837\",\n \"CVE-2016-1835\", \"CVE-2016-4447\", \"CVE-2016-1833\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for libxml2 FEDORA-2017-a3a47973eb\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libxml2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"libxml2 on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-a3a47973eb\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I6RYADVQ3O3C3UNPVVMTGCWLDPTVRGEJ\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.9.4~2.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:35:37", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-06-17T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for libxml2 (openSUSE-SU-2016:1595-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3705", "CVE-2016-1840", "CVE-2016-1762", "CVE-2016-1834", "CVE-2016-4483", "CVE-2016-1835", "CVE-2016-4449", "CVE-2016-1837", "CVE-2016-4448", "CVE-2016-1838", "CVE-2016-1839", "CVE-2016-4447", "CVE-2015-8806", "CVE-2016-2073", "CVE-2016-1833"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851341", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851341", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851341\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-06-17 05:20:19 +0200 (Fri, 17 Jun 2016)\");\n script_cve_id(\"CVE-2015-8806\", \"CVE-2016-1762\", \"CVE-2016-1833\", \"CVE-2016-1834\",\n \"CVE-2016-1835\", \"CVE-2016-1837\", \"CVE-2016-1838\", \"CVE-2016-1839\",\n \"CVE-2016-1840\", \"CVE-2016-2073\", \"CVE-2016-3705\", \"CVE-2016-4447\",\n \"CVE-2016-4448\", \"CVE-2016-4449\", \"CVE-2016-4483\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for libxml2 (openSUSE-SU-2016:1595-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libxml2'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for libxml2 fixes the following security issues:\n\n - CVE-2016-2073, CVE-2015-8806, CVE-2016-1839: A Heap-buffer overread was\n fixed in libxml2/dict.c [bsc#963963, bsc#965283, bsc#981114].\n\n - CVE-2016-4483: Code was added to avoid an out of bound access when\n serializing malformed strings [bsc#978395].\n\n - CVE-2016-1762: Fixed a heap-based buffer overread in xmlNextChar\n [bsc#981040].\n\n - CVE-2016-1834: Fixed a heap-buffer-overflow in xmlStrncat [bsc#981041].\n\n - CVE-2016-1833: Fixed a heap-based buffer overread in htmlCurrentChar\n [bsc#981108].\n\n - CVE-2016-1835: Fixed a heap use-after-free in xmlSAX2AttributeNs\n [bsc#981109].\n\n - CVE-2016-1837: Fixed a heap use-after-free in htmlParsePubidLiteral and\n htmlParseSystemiteral [bsc#981111].\n\n - CVE-2016-1838: Fixed a heap-based buffer overread in\n xmlParserPrintFileContextInternal [bsc#981112].\n\n - CVE-2016-1840: Fixed a heap-buffer-overflow in xmlFAParsePosCharGroup\n [bsc#981115].\n\n - CVE-2016-4447: Fixed a heap-based buffer-underreads due to xmlParseName\n [bsc#981548].\n\n - CVE-2016-4448: Fixed some format string warnings with possible format\n string vulnerability [bsc#981549],\n\n - CVE-2016-4449: Fixed inappropriate fetch of entities content\n [bsc#981550].\n\n - CVE-2016-3705: Fixed missing increment of recursion counter.\n\n This update was imported from the SUSE:SLE-12:Update update project.\");\n\n script_tag(name:\"affected\", value:\"libxml2 on openSUSE Leap 42.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:1595-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-2\", rpm:\"libxml2-2~2.9.1~19.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-2-debuginfo\", rpm:\"libxml2-2-debuginfo~2.9.1~19.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-debugsource\", rpm:\"libxml2-debugsource~2.9.1~19.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.9.1~19.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-tools\", rpm:\"libxml2-tools~2.9.1~19.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-tools-debuginfo\", rpm:\"libxml2-tools-debuginfo~2.9.1~19.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-libxml2\", rpm:\"python-libxml2~2.9.1~19.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-libxml2-debuginfo\", rpm:\"python-libxml2-debuginfo~2.9.1~19.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-libxml2-debugsource\", rpm:\"python-libxml2-debugsource~2.9.1~19.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-2-32bit\", rpm:\"libxml2-2-32bit~2.9.1~19.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-2-debuginfo-32bit\", rpm:\"libxml2-2-debuginfo-32bit~2.9.1~19.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-devel-32bit\", rpm:\"libxml2-devel-32bit~2.9.1~19.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-doc\", rpm:\"libxml2-doc~2.9.1~19.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:35", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-06-07T00:00:00", "type": "openvas", "title": "Ubuntu Update for libxml2 USN-2994-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3705", "CVE-2016-1840", "CVE-2016-1836", "CVE-2016-1762", "CVE-2016-1834", "CVE-2016-3627", "CVE-2016-4483", "CVE-2016-1835", "CVE-2016-4449", "CVE-2016-1837", "CVE-2016-1838", "CVE-2016-1839", "CVE-2016-4447", "CVE-2015-8806", "CVE-2016-2073", "CVE-2016-1833"], "modified": "2019-03-29T00:00:00", "id": "OPENVAS:1361412562310842783", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842783", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for libxml2 USN-2994-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842783\");\n script_version(\"2019-03-29T08:13:51+0000\");\n script_tag(name:\"last_modification\", value:\"2019-03-29 08:13:51 +0000 (Fri, 29 Mar 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-06-07 05:25:23 +0200 (Tue, 07 Jun 2016)\");\n script_cve_id(\"CVE-2015-8806\", \"CVE-2016-2073\", \"CVE-2016-3627\", \"CVE-2016-3705\",\n\t\t\"CVE-2016-4447\", \"CVE-2016-1762\", \"CVE-2016-1834\", \"CVE-2016-1833\",\n\t\t\"CVE-2016-1838\", \"CVE-2016-1839\", \"CVE-2016-1835\", \"CVE-2016-1837\",\n\t\t\"CVE-2016-1836\", \"CVE-2016-1840\", \"CVE-2016-4449\", \"CVE-2016-4483\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for libxml2 USN-2994-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libxml2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that libxml2 incorrectly\n handled certain malformed documents. If a user or automated system were tricked\n into opening a specially crafted document, an attacker could possibly cause\n libxml2 to crash, resulting in a denial of service. (CVE-2015-8806, CVE-2016-2073,\n CVE-2016-3627, CVE-2016-3705, CVE-2016-4447)\n\n It was discovered that libxml2 incorrectly handled certain malformed\n documents. If a user or automated system were tricked into opening a\n specially crafted document, an attacker could cause libxml2 to crash,\n resulting in a denial of service, or possibly execute arbitrary code.\n (CVE-2016-1762, CVE-2016-1834)\n\n Mateusz Jurczyk discovered that libxml2 incorrectly handled certain\n malformed documents. If a user or automated system were tricked into\n opening a specially crafted document, an attacker could cause libxml2 to\n crash, resulting in a denial of service, or possibly execute arbitrary\n code. (CVE-2016-1833, CVE-2016-1838, CVE-2016-1839)\n\n Wei Lei and Liu Yang discovered that libxml2 incorrectly handled certain\n malformed documents. If a user or automated system were tricked into\n opening a specially crafted document, an attacker could cause libxml2 to\n crash, resulting in a denial of service, or possibly execute arbitrary\n code. (CVE-2016-1835, CVE-2016-1837)\n\n Wei Lei and Liu Yang discovered that libxml2 incorrectly handled certain\n malformed documents. If a user or automated system were tricked into\n opening a specially crafted document, an attacker could cause libxml2 to\n crash, resulting in a denial of service, or possibly execute arbitrary\n code. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 15.10 and\n Ubuntu 16.04 LTS. (CVE-2016-1836)\n\n Kostya Serebryany discovered that libxml2 incorrectly handled certain\n malformed documents. If a user or automated system were tricked into\n opening a specially crafted document, an attacker could cause libxml2 to\n crash, resulting in a denial of service, or possibly execute arbitrary\n code. (CVE-2016-1840)\n\n It was discovered that libxml2 would load certain XML external entities. If\n a user or automated system were tricked into opening a specially crafted\n document, an attacker could possibly obtain access to arbitrary files or\n cause resource consumption. (CVE-2016-4449)\n\n Gustavo Grieco discovered that libxml2 incorrectly handled certain\n malformed documents. If a user or automated system were tricked into\n opening a specially crafted document, an attacker could possibly cause\n libxml2 to crash, resulting in a denial of service. (CVE-2016-4483)\");\n script_tag(name:\"affected\", value:\"libxml2 on Ubuntu 16.04 LTS,\n Ubuntu 15.10,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"2994-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2994-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS|16\\.04 LTS|15\\.10)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libxml2:i386\", ver:\"2.9.1+dfsg1-3ubuntu4.8\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libxml2:amd64\", ver:\"2.9.1+dfsg1-3ubuntu4.8\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libxml2:i386\", ver:\"2.7.8.dfsg-5.1ubuntu4.15\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libxml2:amd64\", ver:\"2.7.8.dfsg-5.1ubuntu4.15\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libxml2:i386\", ver:\"2.9.3+dfsg1-1ubuntu0.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libxml2:amd64\", ver:\"2.9.3+dfsg1-1ubuntu0.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU15.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libxml2:i386\", ver:\"2.9.2+zdfsg1-4ubuntu0.4\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libxml2:amd64\", ver:\"2.9.2+zdfsg1-4ubuntu0.4\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:54:51", "description": "Several vulnerabilities were discovered\nin libxml2, a library providing support to read, modify and write XML and HTML\nfiles. A remote attacker could provide a specially crafted XML or HTML file that,\nwhen processed by an application using libxml2, would cause a denial-of-service\nagainst the application, or potentially the execution of arbitrary code with the\nprivileges of the user running the application.", "cvss3": {}, "published": "2016-06-02T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3593-1 (libxml2 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3705", "CVE-2016-1840", "CVE-2016-1836", "CVE-2016-1762", "CVE-2016-1834", "CVE-2016-3627", "CVE-2016-4483", "CVE-2016-1835", "CVE-2016-4449", "CVE-2016-1837", "CVE-2016-1838", "CVE-2016-1839", "CVE-2016-4447", "CVE-2015-8806", "CVE-2016-2073", "CVE-2016-1833"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:703593", "href": "http://plugins.openvas.org/nasl.php?oid=703593", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3593.nasl 6608 2017-07-07 12:05:05Z cfischer $\n# Auto-generated from advisory DSA 3593-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703593);\n script_version(\"$Revision: 6608 $\");\n script_cve_id(\"CVE-2015-8806\", \"CVE-2016-1762\", \"CVE-2016-1833\", \"CVE-2016-1834\",\n \"CVE-2016-1835\", \"CVE-2016-1836\", \"CVE-2016-1837\", \"CVE-2016-1838\",\n \"CVE-2016-1839\", \"CVE-2016-1840\", \"CVE-2016-2073\", \"CVE-2016-3627\",\n \"CVE-2016-3705\", \"CVE-2016-4447\", \"CVE-2016-4449\", \"CVE-2016-4483\");\n script_name(\"Debian Security Advisory DSA 3593-1 (libxml2 - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:05 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2016-06-02 00:00:00 +0200 (Thu, 02 Jun 2016)\");\n script_tag(name: \"cvss_base\", value: \"10.0\");\n script_tag(name: \"cvss_base_vector\", value: \"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3593.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"libxml2 on Debian Linux\");\n script_tag(name: \"insight\", value: \"XML is a metalanguage to let you design\nyour own markup language. A regular markup language defines a way to describe\ninformation in a certain class of documents (eg HTML). XML lets you define your\nown customized markup languages for many classes of document. It\ncan do this because it's written in SGML, the international standard\nmetalanguage for markup languages.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie),\nthese problems have been fixed in version 2.9.1+dfsg1-5+deb8u2.\n\nWe recommend that you upgrade your libxml2 packages.\");\n script_tag(name: \"summary\", value: \"Several vulnerabilities were discovered\nin libxml2, a library providing support to read, modify and write XML and HTML\nfiles. A remote attacker could provide a specially crafted XML or HTML file that,\nwhen processed by an application using libxml2, would cause a denial-of-service\nagainst the application, or potentially the execution of arbitrary code with the\nprivileges of the user running the application.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libxml2:amd64\", ver:\"2.9.1+dfsg1-5+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxml2:i386\", ver:\"2.9.1+dfsg1-5+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxml2-dbg:amd64\", ver:\"2.9.1+dfsg1-5+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxml2-dbg:i386\", ver:\"2.9.1+dfsg1-5+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif ((res = isdpkgvuln(pkg:\"libxml2-dev:amd64\", ver:\"2.9.1+dfsg1-5+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxml2-dev:i386\", ver:\"2.9.1+dfsg1-5+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif ((res = isdpkgvuln(pkg:\"libxml2-doc\", ver:\"2.9.1+dfsg1-5+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxml2-utils\", ver:\"2.9.1+dfsg1-5+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxml2-utils-dbg\", ver:\"2.9.1+dfsg1-5+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-libxml2\", ver:\"2.9.1+dfsg1-5+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-libxml2-dbg\", ver:\"2.9.1+dfsg1-5+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:35:17", "description": "Several vulnerabilities were discovered\nin libxml2, a library providing support to read, modify and write XML and HTML\nfiles. A remote attacker could provide a specially crafted XML or HTML file that,\nwhen processed by an application using libxml2, would cause a denial-of-service\nagainst the application, or potentially the execution of arbitrary code with the\nprivileges of the user running the application.", "cvss3": {}, "published": "2016-06-02T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3593-1 (libxml2 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3705", "CVE-2016-1840", "CVE-2016-1836", "CVE-2016-1762", "CVE-2016-1834", "CVE-2016-3627", "CVE-2016-4483", "CVE-2016-1835", "CVE-2016-4449", "CVE-2016-1837", "CVE-2016-1838", "CVE-2016-1839", "CVE-2016-4447", "CVE-2015-8806", "CVE-2016-2073", "CVE-2016-1833"], "modified": "2019-03-29T00:00:00", "id": "OPENVAS:1361412562310703593", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703593", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3593.nasl 14279 2019-03-18 14:48:34Z cfischer $\n# Auto-generated from advisory DSA 3593-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703593\");\n script_version(\"2019-03-29T08:13:51+0000\");\n script_cve_id(\"CVE-2015-8806\", \"CVE-2016-1762\", \"CVE-2016-1833\", \"CVE-2016-1834\",\n \"CVE-2016-1835\", \"CVE-2016-1836\", \"CVE-2016-1837\", \"CVE-2016-1838\",\n \"CVE-2016-1839\", \"CVE-2016-1840\", \"CVE-2016-2073\", \"CVE-2016-3627\",\n \"CVE-2016-3705\", \"CVE-2016-4447\", \"CVE-2016-4449\", \"CVE-2016-4483\");\n script_name(\"Debian Security Advisory DSA 3593-1 (libxml2 - security update)\");\n script_tag(name:\"last_modification\", value:\"2019-03-29 08:13:51 +0000 (Fri, 29 Mar 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-06-02 00:00:00 +0200 (Thu, 02 Jun 2016)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2016/dsa-3593.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"libxml2 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie),\nthese problems have been fixed in version 2.9.1+dfsg1-5+deb8u2.\n\nWe recommend that you upgrade your libxml2 packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities were discovered\nin libxml2, a library providing support to read, modify and write XML and HTML\nfiles. A remote attacker could provide a specially crafted XML or HTML file that,\nwhen processed by an application using libxml2, would cause a denial-of-service\nagainst the application, or potentially the execution of arbitrary code with the\nprivileges of the user running the application.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libxml2:amd64\", ver:\"2.9.1+dfsg1-5+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2:i386\", ver:\"2.9.1+dfsg1-5+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2-dbg:amd64\", ver:\"2.9.1+dfsg1-5+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2-dbg:i386\", ver:\"2.9.1+dfsg1-5+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif((res = isdpkgvuln(pkg:\"libxml2-dev:amd64\", ver:\"2.9.1+dfsg1-5+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2-dev:i386\", ver:\"2.9.1+dfsg1-5+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif((res = isdpkgvuln(pkg:\"libxml2-doc\", ver:\"2.9.1+dfsg1-5+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2-utils\", ver:\"2.9.1+dfsg1-5+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2-utils-dbg\", ver:\"2.9.1+dfsg1-5+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-libxml2\", ver:\"2.9.1+dfsg1-5+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-libxml2-dbg\", ver:\"2.9.1+dfsg1-5+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:43", "description": "This host is running Apple Mac OS X and\n is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2016-04-01T00:00:00", "type": "openvas", "title": "Apple Mac OS X Multiple Vulnerabilities-02 March-2016", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1841", "CVE-2016-1840", "CVE-2016-1836", "CVE-2015-5312", "CVE-2016-1761", "CVE-2016-1762", "CVE-2016-1834", "CVE-2016-1847", "CVE-2016-1791", "CVE-2016-1765", "CVE-2015-5334", "CVE-2016-1835", "CVE-2015-7500", "CVE-2016-1800", "CVE-2015-8242", "CVE-2015-1819", "CVE-2015-7499", "CVE-2016-1837", "CVE-2016-1759", "CVE-2016-1838", "CVE-2016-1754", "CVE-2015-0973", "CVE-2014-9495", "CVE-2016-1839", "CVE-2015-8472", "CVE-2016-0778", "CVE-2016-1755", "CVE-2015-5333", "CVE-2015-7942", "CVE-2015-8035", "CVE-2016-1833", "CVE-2016-0777"], "modified": "2019-05-03T00:00:00", "id": "OPENVAS:1361412562310806695", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806695", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple Mac OS X Multiple Vulnerabilities-02 March-2016\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806695\");\n script_version(\"2019-05-03T08:55:39+0000\");\n script_cve_id(\"CVE-2016-1754\", \"CVE-2016-1755\", \"CVE-2016-1759\", \"CVE-2016-1761\",\n \"CVE-2016-1765\", \"CVE-2015-8472\", \"CVE-2015-1819\", \"CVE-2015-5312\",\n \"CVE-2015-7499\", \"CVE-2015-7500\", \"CVE-2015-7942\", \"CVE-2015-8035\",\n \"CVE-2015-8242\", \"CVE-2016-1762\", \"CVE-2016-0777\", \"CVE-2016-0778\",\n \"CVE-2015-5333\", \"CVE-2015-5334\", \"CVE-2014-9495\", \"CVE-2015-0973\",\n \"CVE-2016-1791\", \"CVE-2016-1800\", \"CVE-2016-1833\", \"CVE-2016-1834\",\n \"CVE-2016-1835\", \"CVE-2016-1836\", \"CVE-2016-1837\", \"CVE-2016-1838\",\n \"CVE-2016-1839\", \"CVE-2016-1840\", \"CVE-2016-1841\", \"CVE-2016-1847\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-03 08:55:39 +0000 (Fri, 03 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-04-01 13:19:35 +0530 (Fri, 01 Apr 2016)\");\n script_name(\"Apple Mac OS X Multiple Vulnerabilities-02 March-2016\");\n\n script_tag(name:\"summary\", value:\"This host is running Apple Mac OS X and\n is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists. For details\n refer the reference links.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker\n to execute arbitrary code or cause a denial of service (memory corruption),\n gain access to potentially sensitive information, trigger a dialing action via a\n tel: URL, bypass a code-signing protection mechanism.\");\n\n script_tag(name:\"affected\", value:\"Apple Mac OS X versions 10.9.x before 10.9.5\n and 10.10.x before 10.10.5\");\n\n script_tag(name:\"solution\", value:\"Apply the appropriate security patch from\n the vendor. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT206567\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\", re:\"ssh/login/osx_version=^10\\.(9|10)\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName || \"Mac OS X\" >!< osName)\n exit(0);\n\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer || osVer !~ \"^10\\.(9|10)\"){\n exit(0);\n}\n\nif((osVer == \"10.9.5\") || (osVer == \"10.10.5\"))\n{\n buildVer = get_kb_item(\"ssh/login/osx_build\");\n if(!buildVer){\n exit(0);\n }\n if(osVer == \"10.9.5\" && version_is_less(version:buildVer, test_version:\"13F1808\"))\n {\n fix = \"Apply patch from vendor\";\n osVer = osVer + \" Build \" + buildVer;\n }\n else if(osVer == \"10.10.5\" && version_is_less(version:buildVer, test_version:\"14F1808\"))\n {\n fix = \"Apply patch from vendor\";\n osVer = osVer + \" Build \" + buildVer;\n }\n}\n\nelse if(version_in_range(version:osVer, test_version:\"10.9\", test_version2:\"10.9.4\")){\n fix = \"10.9.5 build 13F1808\";\n}\nelse if(version_in_range(version:osVer, test_version:\"10.10\", test_version2:\"10.10.4\")){\n fix = \"10.10.5 build 14F1808\";\n}\n\nif(fix)\n{\n report = report_fixed_ver(installed_version:osVer, fixed_version:fix);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:03", "description": "Junos Space is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2017-01-12T00:00:00", "type": "openvas", "title": "Junos Space Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3705", "CVE-2016-1840", "CVE-2015-8325", "CVE-2016-1836", "CVE-2017-2306", "CVE-2017-2310", "CVE-2015-5364", "CVE-2016-1762", "CVE-2017-2309", "CVE-2017-2311", "CVE-2016-1834", "CVE-2017-2307", "CVE-2016-3627", "CVE-2016-6515", "CVE-2016-1907", "CVE-2015-5366", "CVE-2016-1835", "CVE-2015-5307", "CVE-2016-4449", "CVE-2016-6662", "CVE-2016-1837", "CVE-2016-4448", "CVE-2016-1838", "CVE-2017-2308", "CVE-2016-1839", "CVE-2016-5195", "CVE-2016-5387", "CVE-2017-2305", "CVE-2016-4447", "CVE-2016-5573", "CVE-2016-1833", "CVE-2015-8104"], "modified": "2019-03-14T00:00:00", "id": "OPENVAS:1361412562310106510", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310106510", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_junos_space_JSA10770.nasl 14175 2019-03-14 11:27:57Z cfischer $\n#\n# Junos Space Multiple Vulnerabilities\n#\n# Authors:\n# Christian Kuersteiner <christian.kuersteiner@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:juniper:junos_space\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.106510\");\n script_version(\"$Revision: 14175 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-14 12:27:57 +0100 (Thu, 14 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-01-12 11:36:50 +0700 (Thu, 12 Jan 2017)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_cve_id(\"CVE-2016-1762\", \"CVE-2016-4448\", \"CVE-2015-5364\", \"CVE-2016-6515\", \"CVE-2015-8325\",\n\"CVE-2016-1833\", \"CVE-2016-1834\", \"CVE-2016-1835\", \"CVE-2016-1836\", \"CVE-2016-1837\", \"CVE-2016-1838\",\n\"CVE-2016-1839\", \"CVE-2016-1840\", \"CVE-2016-5573\", \"CVE-2016-4449\", \"CVE-2016-5387\", \"CVE-2015-5366\",\n\"CVE-2016-1907\", \"CVE-2016-3627\", \"CVE-2016-3705\", \"CVE-2016-4447\", \"CVE-2015-5307\", \"CVE-2015-8104\",\n\"CVE-2016-6662\", \"CVE-2016-5195\", \"CVE-2017-2305\", \"CVE-2017-2306\", \"CVE-2017-2307\", \"CVE-2017-2308\",\n\"CVE-2017-2309\", \"CVE-2017-2310\", \"CVE-2017-2311\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Junos Space Multiple Vulnerabilities\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"This script is Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"JunOS Local Security Checks\");\n script_dependencies(\"gb_junos_space_version.nasl\");\n script_mandatory_keys(\"junos_space/installed\");\n\n script_tag(name:\"summary\", value:\"Junos Space is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"insight\", value:\"Junos Space is prone to multiple vulnerabilities in OpenSSH, MySQL, Apache\n HTTP Server, OpenJDK, LibXML, OpenSSL, Linux Kernel and Junos Space itself.\");\n\n script_tag(name:\"affected\", value:\"This issue can affect any product or platform running Junos Space before\n 16.1R1.\");\n\n script_tag(name:\"solution\", value:\"Update to version 16.1R1 or later.\");\n\n script_xref(name:\"URL\", value:\"http://kb.juniper.net/JSA10770\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"junos.inc\");\ninclude(\"version_func.inc\");\n\nif (!version = get_app_version(cpe: CPE))\n exit(0);\n\nif (check_js_version(ver: version, fix: \"16.1R1\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"16.1R1\");\n security_message(port: 0, data: report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-17T14:25:44", "description": "This host is running Apple Mac OS X and\n is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2016-11-22T00:00:00", "type": "openvas", "title": "Apple Mac OS X Multiple Vulnerabilities-01 November-2016", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1809", "CVE-2016-1841", "CVE-2016-1831", "CVE-2016-1830", "CVE-2016-1820", "CVE-2016-1840", "CVE-2016-1824", "CVE-2016-1836", "CVE-2016-1851", "CVE-2016-1853", "CVE-2016-1808", "CVE-2016-1807", "CVE-2016-1843", "CVE-2016-1844", "CVE-2016-1815", "CVE-2016-1834", "CVE-2016-1847", "CVE-2016-1791", "CVE-2016-1822", "CVE-2016-1795", "CVE-2015-8865", "CVE-2016-1792", "CVE-2016-1794", "CVE-2016-1828", "CVE-2016-1793", "CVE-2016-1835", "CVE-2016-1842", "CVE-2016-1800", "CVE-2016-1802", "CVE-2016-1860", "CVE-2016-1826", "CVE-2016-1837", "CVE-2016-1838", "CVE-2016-4070", "CVE-2016-1823", "CVE-2016-1832", "CVE-2016-1819", "CVE-2016-1862", "CVE-2016-1796", "CVE-2016-1846", "CVE-2016-1839", "CVE-2016-1805", "CVE-2016-1814", "CVE-2016-1799", "CVE-2016-4073", "CVE-2016-1803", "CVE-2016-1816", "CVE-2016-1797", "CVE-2016-1806", "CVE-2016-1861", "CVE-2016-1825", "CVE-2016-3141", "CVE-2016-1817", "CVE-2016-1813", "CVE-2016-1810", "CVE-2016-4072", "CVE-2016-1801", "CVE-2016-1804", "CVE-2016-1850", "CVE-2016-1848", "CVE-2016-1798", "CVE-2016-1812", "CVE-2016-1827", "CVE-2016-1833", "CVE-2016-4071", "CVE-2016-3142", "CVE-2016-1818", "CVE-2016-1811", "CVE-2016-1829", "CVE-2016-1821"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310810209", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810209", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple Mac OS X Multiple Vulnerabilities-01 November-2016\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810209\");\n script_version(\"2019-07-05T09:12:25+0000\");\n script_cve_id(\"CVE-2016-1792\", \"CVE-2016-1791\", \"CVE-2016-1793\", \"CVE-2016-1794\",\n \"CVE-2016-1795\", \"CVE-2016-1796\", \"CVE-2016-1797\", \"CVE-2016-1798\",\n \"CVE-2016-1799\", \"CVE-2016-1800\", \"CVE-2016-1801\", \"CVE-2016-1802\",\n \"CVE-2016-1803\", \"CVE-2016-1805\", \"CVE-2016-1806\", \"CVE-2016-1807\",\n \"CVE-2016-1808\", \"CVE-2016-1809\", \"CVE-2016-1810\", \"CVE-2016-1811\",\n \"CVE-2016-1812\", \"CVE-2016-1860\", \"CVE-2016-1862\", \"CVE-2016-1814\",\n \"CVE-2016-1815\", \"CVE-2016-1817\", \"CVE-2016-1818\", \"CVE-2016-1819\",\n \"CVE-2016-1853\", \"CVE-2016-1851\", \"CVE-2016-1850\", \"CVE-2016-1848\",\n \"CVE-2016-1847\", \"CVE-2016-1861\", \"CVE-2016-1846\", \"CVE-2016-1804\",\n \"CVE-2016-1843\", \"CVE-2016-1844\", \"CVE-2016-1842\", \"CVE-2016-1841\",\n \"CVE-2016-1833\", \"CVE-2016-1834\", \"CVE-2016-1835\", \"CVE-2016-1836\",\n \"CVE-2016-1837\", \"CVE-2016-1838\", \"CVE-2016-1839\", \"CVE-2016-1840\",\n \"CVE-2016-1832\", \"CVE-2016-1826\", \"CVE-2016-1827\", \"CVE-2016-1828\",\n \"CVE-2016-1829\", \"CVE-2016-1830\", \"CVE-2016-1831\", \"CVE-2016-1825\",\n \"CVE-2016-1823\", \"CVE-2016-1824\", \"CVE-2016-1822\", \"CVE-2016-1821\",\n \"CVE-2016-1820\", \"CVE-2016-1816\", \"CVE-2016-1813\", \"CVE-2015-8865\",\n \"CVE-2016-3141\", \"CVE-2016-3142\", \"CVE-2016-4070\", \"CVE-2016-4071\",\n \"CVE-2016-4072\", \"CVE-2016-4073\");\n script_bugtraq_id(90696, 90694);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 09:12:25 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-11-22 11:05:47 +0530 (Tue, 22 Nov 2016)\");\n script_name(\"Apple Mac OS X Multiple Vulnerabilities-01 November-2016\");\n\n script_tag(name:\"summary\", value:\"This host is running Apple Mac OS X and\n is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists. For details\n refer the reference links.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker\n to execute arbitrary code or cause a denial of service (memory corruption),\n gain access to potentially sensitive information, bypass certain protection\n mechanism and have other impacts.\");\n\n script_tag(name:\"affected\", value:\"Apple Mac OS X versions 10.11.x before\n 10.11.5\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple Mac OS X version\n 10.11.5 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT206567\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\", re:\"ssh/login/osx_version=^10\\.11\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName)\n exit(0);\n\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer)\n exit(0);\n\nif(\"Mac OS X\" >< osName && osVer =~ \"^10\\.11\")\n{\n if(version_is_less(version:osVer, test_version:\"10.11.5\"))\n {\n report = report_fixed_ver(installed_version:osVer, fixed_version:\"10.11.5\");\n security_message(data:report);\n exit(0);\n }\n exit(99);\n}\n\nexit(0);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T12:08:03", "description": "This update brings libxml2 to version 2.9.4.\n\n These security issues were fixed:\n - CVE-2016-3627: The xmlStringGetNodeList function in tree.c, when used in\n recovery mode, allowed context-dependent attackers to cause a denial of\n service (infinite recursion, stack consumption, and application crash)\n via a crafted XML document (bsc#972335).\n - CVE-2016-1833: libxml2 allowed remote attackers to execute arbitrary\n code or cause a denial of service (memory corruption) via a crafted XML\n document, a different vulnerability than CVE-2016-1834, CVE-2016-1836,\n CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, and CVE-2016-1840\n (bsc#981108).\n - CVE-2016-1835: libxml2 allowed remote attackers to execute arbitrary\n code or cause a denial of service (memory corruption) via a crafted XML\n document (bsc#981109).\n - CVE-2016-1837: libxml2 allowed remote attackers to execute arbitrary\n code or cause a denial of service (memory corruption) via a crafted XML\n document, a different vulnerability than CVE-2016-1833, CVE-2016-1834,\n CVE-2016-1836, CVE-2016-1838, CVE-2016-1839, and CVE-2016-1840\n (bsc#981111).\n - CVE-2016-1836: libxml2 allowed remote attackers to execute arbitrary\n code or cause a denial of service (memory corruption) via a crafted XML\n document, a different vulnerability than CVE-2016-1833, CVE-2016-1834,\n CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, and CVE-2016-1840\n (bsc#981110).\n - CVE-2016-1839: libxml2 allowed remote attackers to execute arbitrary\n code or cause a denial of service (memory corruption) via a crafted XML\n document, a different vulnerability than CVE-2016-1833, CVE-2016-1834,\n CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, and CVE-2016-1840\n (bsc#981114).\n - CVE-2016-1838: libxml2 allowed remote attackers to execute arbitrary\n code or cause a denial of service (memory corruption) via a crafted XML\n document, a different vulnerability than CVE-2016-1833, CVE-2016-1834,\n CVE-2016-1836, CVE-2016-1837, CVE-2016-1839, and CVE-2016-1840\n (bsc#981112).\n - CVE-2016-1840: libxml2 allowed remote attackers to execute arbitrary\n code or cause a denial of service (memory corruption) via a crafted XML\n document, a different vulnerability than CVE-2016-1833, CVE-2016-1834,\n CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, and CVE-2016-1839\n (bsc#981115).\n - CVE-2016-4483: out-of-bounds read parsing an XML using recover mode\n (bnc#978395).\n - CVE-2016-1834: libxml2 allowed remote attackers to execute arbitrary\n code or cause a denial of service (memory corruption) via a crafted XML\n document, a different vulnerability than CVE-2016-1833, CVE-2016-1836,\n CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, and CVE-2016-1840\n (bsc#981041).\n - CVE-2016-3705: The (1) xmlParserEntityCheck and (2)\n xmlParseAttValueComplex functions in parser.c in libxml2 did not\n properly keep track of the recursion depth, which allowed\n context-dependent attackers to cause a denial of service (stack\n consumption and application crash) via a crafted XML document containing\n a large number of nested entity references (bsc#975947).\n - CVE-2016-1762: libxml2 allowed remote attackers to execute arbitrary\n code or cause a denial of service (memory corruption) via a crafted XML\n document (bsc#981040).\n\n This non-security issue was fixed:\n - bnc#983288: Fix attribute decoding during XML schema validation\n\n", "cvss3": {}, "published": "2016-06-16T13:08:21", "type": "suse", "title": "Security update for libxml2 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-3705", "CVE-2016-1840", "CVE-2016-1836", "CVE-2016-1762", "CVE-2016-1834", "CVE-2016-3627", "CVE-2016-4483", "CVE-2016-1835", "CVE-2016-1837", "CVE-2016-1838", "CVE-2016-1839", "CVE-2016-1833"], "modified": "2016-06-16T13:08:21", "id": "OPENSUSE-SU-2016:1594-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00025.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:50:47", "description": "This update for libxml2 fixes the following security issues:\n\n - CVE-2016-2073, CVE-2015-8806, CVE-2016-1839: A Heap-buffer overread was\n fixed in libxml2/dict.c [bsc#963963, bsc#965283, bsc#981114].\n - CVE-2016-4483: Code was added to avoid an out of bound access when\n serializing malformed strings [bsc#978395].\n - CVE-2016-1762: Fixed a heap-based buffer overread in xmlNextChar\n [bsc#981040].\n - CVE-2016-1834: Fixed a heap-buffer-overflow in xmlStrncat [bsc#981041].\n - CVE-2016-1833: Fixed a heap-based buffer overread in htmlCurrentChar\n [bsc#981108].\n - CVE-2016-1835: Fixed a heap use-after-free in xmlSAX2AttributeNs\n [bsc#981109].\n - CVE-2016-1837: Fixed a heap use-after-free in htmlParsePubidLiteral and\n htmlParseSystemiteral [bsc#981111].\n - CVE-2016-1838: Fixed a heap-based buffer overread in\n xmlParserPrintFileContextInternal [bsc#981112].\n - CVE-2016-1840: Fixed a heap-buffer-overflow in xmlFAParsePosCharGroup\n [bsc#981115].\n - CVE-2016-4447: Fixed a heap-based buffer-underreads due to xmlParseName\n [bsc#981548].\n - CVE-2016-4448: Fixed some format string warnings with possible format\n string vulnerability [bsc#981549],\n - CVE-2016-4449: Fixed inappropriate fetch of entities content\n [bsc#981550].\n - CVE-2016-3705: Fixed missing increment of recursion counter.\n\n This update was imported from the SUSE:SLE-12:Update update project.\n\n", "cvss3": {}, "published": "2016-06-16T13:10:48", "type": "suse", "title": "Security update for libxml2 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-3705", "CVE-2016-1840", "CVE-2016-1762", "CVE-2016-1834", "CVE-2016-4483", "CVE-2016-1835", "CVE-2016-4449", "CVE-2016-1837", "CVE-2016-4448", "CVE-2016-1838", "CVE-2016-1839", "CVE-2016-4447", "CVE-2015-8806", "CVE-2016-2073", "CVE-2016-1833"], "modified": "2016-06-16T13:10:48", "id": "OPENSUSE-SU-2016:1595-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00026.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:41:29", "description": "This update for libxml2 fixes the following security issues:\n\n - CVE-2016-2073, CVE-2015-8806, CVE-2016-1839: A Heap-buffer overread was\n fixed in libxml2/dict.c [bsc#963963, bsc#965283, bsc#981114].\n - CVE-2016-4483: Code was added to avoid an out of bound access when\n serializing malformed strings [bsc#978395].\n - CVE-2016-1762: Fixed a heap-based buffer overread in xmlNextChar\n [bsc#981040].\n - CVE-2016-1834: Fixed a heap-buffer-overflow in xmlStrncat [bsc#981041].\n - CVE-2016-1833: Fixed a heap-based buffer overread in htmlCurrentChar\n [bsc#981108].\n - CVE-2016-1835: Fixed a heap use-after-free in xmlSAX2AttributeNs\n [bsc#981109].\n - CVE-2016-1837: Fixed a heap use-after-free in htmlParsePubidLiteral and\n htmlParseSystemiteral [bsc#981111].\n - CVE-2016-1838: Fixed a heap-based buffer overread in\n xmlParserPrintFileContextInternal [bsc#981112].\n - CVE-2016-1840: Fixed a heap-buffer-overflow in xmlFAParsePosCharGroup\n [bsc#981115].\n - CVE-2016-4447: Fixed a heap-based buffer-underreads due to xmlParseName\n [bsc#981548].\n - CVE-2016-4448: Fixed some format string warnings with possible format\n string vulnerability [bsc#981549],\n - CVE-2016-4449: Fixed inappropriate fetch of entities content\n [bsc#981550].\n - CVE-2016-3705: Fixed missing increment of recursion counter.\n\n", "cvss3": {}, "published": "2016-06-09T18:07:56", "type": "suse", "title": "Security update for libxml2 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-3705", "CVE-2016-1840", "CVE-2016-1762", "CVE-2016-1834", "CVE-2016-4483", "CVE-2016-1835", "CVE-2016-4449", "CVE-2016-1837", "CVE-2016-4448", "CVE-2016-1838", "CVE-2016-1839", "CVE-2016-4447", "CVE-2015-8806", "CVE-2016-2073", "CVE-2016-1833"], "modified": "2016-06-09T18:07:56", "id": "SUSE-SU-2016:1538-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00012.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:38:06", "description": "This update for libxml2 fixes the following security issues:\n\n - CVE-2016-2073, CVE-2015-8806, CVE-2016-1839: A Heap-buffer overread was\n fixed in libxml2/dict.c [bsc#963963, bsc#965283, bsc#981114].\n - CVE-2016-4483: Code was added to avoid an out of bound access when\n serializing malformed strings [bsc#978395].\n - CVE-2016-1762: Fixed a heap-based buffer overread in xmlNextChar\n [bsc#981040].\n - CVE-2016-1834: Fixed a heap-buffer-overflow in xmlStrncat [bsc#981041].\n - CVE-2016-1833: Fixed a heap-based buffer overread in htmlCurrentChar\n [bsc#981108].\n - CVE-2016-1835: Fixed a heap use-after-free in xmlSAX2AttributeNs\n [bsc#981109].\n - CVE-2016-1837: Fixed a heap use-after-free in htmlParsePubidLiteral and\n htmlParseSystemiteral [bsc#981111].\n - CVE-2016-1838: Fixed a heap-based buffer overread in\n xmlParserPrintFileContextInternal [bsc#981112].\n - CVE-2016-1840: Fixed a heap-buffer-overflow in xmlFAParsePosCharGroup\n [bsc#981115].\n - CVE-2016-4447: Fixed a heap-based buffer-underreads due to xmlParseName\n [bsc#981548].\n - CVE-2016-4448: Fixed some format string warnings with possible format\n string vulnerability [bsc#981549],\n - CVE-2016-4449: Fixed inappropriate fetch of entities content\n [bsc#981550].\n - CVE-2016-3705: Fixed missing increment of recursion counter.\n\n", "cvss3": {}, "published": "2016-06-17T15:08:25", "type": "suse", "title": "Security update for libxml2 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-3705", "CVE-2016-1840", "CVE-2016-1762", "CVE-2016-1834", "CVE-2016-4483", "CVE-2016-1835", "CVE-2016-4449", "CVE-2016-1837", "CVE-2016-4448", "CVE-2016-1838", "CVE-2016-1839", "CVE-2016-4447", "CVE-2015-8806", "CVE-2016-2073", "CVE-2016-1833"], "modified": "2016-06-17T15:08:25", "id": "SUSE-SU-2016:1604-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00029.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-11T05:54:19", "description": "The SUSE Linux Enterprise Server 12 container image has been updated to\n include security and stability fixes.\n\n The following issues related to building of the container images have been\n fixed:\n\n - Included krb5 package to avoid the inclusion of krb5-mini which gets\n selected as a dependency by the Build Service solver. (bsc#1056193)\n - Do not install recommended packages when building container images.\n (bsc#975726)\n\n A number of security issues that have been already fixed by updates\n released for SUSE Linux Enterprise Server 12 are now included in the base\n image. A package/CVE cross-reference is available below.\n\n pam:\n\n - CVE-2015-3238\n\n libtasn1:\n\n - CVE-2015-3622\n - CVE-2016-4008\n\n libidn:\n\n - CVE-2015-2059\n - CVE-2015-8948\n - CVE-2016-6261\n - CVE-2016-6262\n - CVE-2016-6263\n\n zlib:\n\n - CVE-2016-9840\n - CVE-2016-9841\n - CVE-2016-9842\n - CVE-2016-9843\n\n curl:\n\n - CVE-2016-5419\n - CVE-2016-5420\n - CVE-2016-5421\n - CVE-2016-7141\n - CVE-2016-7167\n - CVE-2016-8615\n - CVE-2016-8616\n - CVE-2016-8617\n - CVE-2016-8618\n - CVE-2016-8619\n - CVE-2016-8620\n - CVE-2016-8621\n - CVE-2016-8622\n - CVE-2016-8623\n - CVE-2016-8624\n - CVE-2016-9586\n - CVE-2017-1000100\n - CVE-2017-1000101\n - CVE-2017-7407\n\n openssl:\n\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2177\n - CVE-2016-2178\n - CVE-2016-2179\n - CVE-2016-2180\n - CVE-2016-2181\n - CVE-2016-2182\n - CVE-2016-2183\n - CVE-2016-6302\n - CVE-2016-6303\n - CVE-2016-6304\n - CVE-2016-6306\n\n libxml2:\n\n - CVE-2014-0191\n - CVE-2015-8806\n - CVE-2016-1762\n - CVE-2016-1833\n - CVE-2016-1834\n - CVE-2016-1835\n - CVE-2016-1837\n - CVE-2016-1838\n - CVE-2016-1839\n - CVE-2016-1840\n - CVE-2016-2073\n - CVE-2016-3627\n - CVE-2016-3705\n - CVE-2016-4447\n - CVE-2016-4448\n - CVE-2016-4449\n - CVE-2016-4483\n - CVE-2016-4658\n - CVE-2016-9318\n - CVE-2016-9597\n - CVE-2017-9047\n - CVE-2017-9048\n - CVE-2017-9049\n - CVE-2017-9050\n\n util-linux:\n\n - CVE-2015-5218\n - CVE-2016-5011\n - CVE-2017-2616\n\n cracklib:\n\n - CVE-2016-6318\n\n systemd:\n\n - CVE-2014-9770\n - CVE-2015-8842\n - CVE-2016-7796\n\n pcre:\n\n - CVE-2014-8964\n - CVE-2015-2325\n - CVE-2015-2327\n - CVE-2015-2328\n - CVE-2015-3210\n - CVE-2015-3217\n - CVE-2015-5073\n - CVE-2015-8380\n - CVE-2015-8381\n - CVE-2015-8382\n - CVE-2015-8383\n - CVE-2015-8384\n - CVE-2015-8385\n - CVE-2015-8386\n - CVE-2015-8387\n - CVE-2015-8388\n - CVE-2015-8389\n - CVE-2015-8390\n - CVE-2015-8391\n - CVE-2015-8392\n - CVE-2015-8393\n - CVE-2015-8394\n - CVE-2015-8395\n - CVE-2016-1283\n - CVE-2016-3191\n\n appamor:\n\n - CVE-2017-6507\n\n bash:\n\n - CVE-2014-6277\n - CVE-2014-6278\n - CVE-2016-0634\n - CVE-2016-7543\n\n cpio:\n\n - CVE-2016-2037\n\n glibc:\n\n - CVE-2016-1234\n - CVE-2016-3075\n - CVE-2016-3706\n - CVE-2016-4429\n - CVE-2017-1000366\n\n perl:\n\n - CVE-2015-8853\n - CVE-2016-1238\n - CVE-2016-2381\n - CVE-2016-6185\n\n libssh2_org:\n\n - CVE-2016-0787\n\n expat:\n\n - CVE-2012-6702\n - CVE-2015-1283\n - CVE-2016-0718\n - CVE-2016-5300\n - CVE-2016-9063\n - CVE-2017-9233\n\n ncurses:\n\n - CVE-2017-10684\n - CVE-2017-10685\n - CVE-2017-11112\n - CVE-2017-11113\n\n libksba:\n\n - CVE-2016-4574\n - CVE-2016-4579\n\n libgcrypt:\n\n - CVE-2015-7511\n - CVE-2016-6313\n - CVE-2017-7526\n\n dbus-1:\n\n - CVE-2014-7824\n - CVE-2015-0245\n\n Finally, the following packages received non-security fixes:\n\n - augeas\n - bzip2\n - ca-certificates-mozilla\n - coreutils\n - cryptsetup\n - cyrus-sasl\n - dirmngr\n - e2fsprogs\n - findutils\n - gpg2\n - insserv-compat\n - kmod\n - libcap\n - libsolv\n - libzypp\n - openldap2\n - p11-kit\n - permissions\n - procps\n - rpm\n - sed\n - shadow\n - zypper\n\n", "cvss3": {}, "published": "2017-10-11T03:06:53", "type": "suse", "title": "Security update for SLES 12 Docker image (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-6262", "CVE-2017-7407", "CVE-2015-8388", "CVE-2016-8620", "CVE-2016-8623", "CVE-2017-9233", "CVE-2016-5420", "CVE-2016-9840", "CVE-2016-3705", "CVE-2016-1840", "CVE-2014-0191", "CVE-2016-8615", "CVE-2016-8616", "CVE-2015-5276", "CVE-2015-3210", "CVE-2015-2325", "CVE-2016-6261", "CVE-2016-8619", "CVE-2017-10685", "CVE-2016-6306", "CVE-2016-2183", "CVE-2016-2178", "CVE-2015-8391", "CVE-2016-6263", "CVE-2016-2108", "CVE-2016-9063", "CVE-2016-8618", "CVE-2016-1762", "CVE-2016-6302", "CVE-2016-5300", "CVE-2015-8395", "CVE-2016-7141", "CVE-2016-1834", "CVE-2017-11112", "CVE-2016-2177", "CVE-2014-7169", "CVE-2015-8382", "CVE-2016-3627", "CVE-2015-1283", "CVE-2014-6277", "CVE-2016-2105", "CVE-2016-9318", "CVE-2016-4483", "CVE-2016-2107", "CVE-2015-8386", "CVE-2014-6278", "CVE-2015-2327", "CVE-2017-9049", "CVE-2016-3075", "CVE-2016-8617", "CVE-2016-9842", "CVE-2016-7796", "CVE-2017-2616", "CVE-2016-0634", "CVE-2012-6702", "CVE-2015-3238", "CVE-2016-2180", "CVE-2016-1835", "CVE-2016-0787", "CVE-2016-1234", "CVE-2016-0718", "CVE-2016-6185", "CVE-2015-8392", "CVE-2016-4574", "CVE-2015-8389", "CVE-2016-2109", "CVE-2015-8380", "CVE-2016-2181", "CVE-2016-6304", "CVE-2016-4449", "CVE-2017-9048", "CVE-2014-8964", "CVE-2015-2059", "CVE-2017-11113", "CVE-2016-1283", "CVE-2016-6313", "CVE-2016-1837", "CVE-2016-6318", "CVE-2015-3622", "CVE-2016-4448", "CVE-2016-1238", "CVE-2015-8393", "CVE-2016-1838", "CVE-2016-3706", "CVE-2016-4429", "CVE-2016-2381", "CVE-2016-7543", "CVE-2017-1000101", "CVE-2016-8622", "CVE-2015-8853", "CVE-2014-7187", "CVE-2015-8394", "CVE-2016-4008", "CVE-2014-9770", "CVE-2015-3217", "CVE-2014-6271", "CVE-2017-7526", "CVE-2016-3191", "CVE-2017-1000366", "CVE-2016-1839", "CVE-2016-8624", "CVE-2015-8384", "CVE-2016-9843", "CVE-2017-9047", "CVE-2015-8948", "CVE-2014-7824", "CVE-2015-8842", "CVE-2016-9597", "CVE-2015-5218", "CVE-2016-6303", "CVE-2015-8383", "CVE-2017-1000100", "CVE-2015-8381", "CVE-2016-2182", "CVE-2016-5421", "CVE-2016-9586", "CVE-2015-5073", "CVE-2016-4447", "CVE-2016-5011", "CVE-2015-7511", "CVE-2015-8385", "CVE-2015-8806", "CVE-2016-9841", "CVE-2016-4579", "CVE-2015-0245", "CVE-2016-2037", "CVE-2016-2073", "CVE-2016-5419", "CVE-2015-2328", "CVE-2017-6507", "CVE-2016-4658", "CVE-2016-7167", "CVE-2017-10684", "CVE-2016-2179", "CVE-2016-2106", "CVE-2016-1833", "CVE-2015-8387", "CVE-2016-8621", "CVE-2015-8390", "CVE-2017-9050"], "modified": "2017-10-11T03:06:53", "id": "SUSE-SU-2017:2699-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-11T05:54:20", "description": "The SUSE Linux Enterprise Server 12 SP1 container image has been updated\n to include security and stability fixes.\n\n The following issues related to building of the container images have been\n fixed:\n\n - Included krb5 package to avoid the inclusion of krb5-mini which gets\n selected as a dependency by the Build Service solver. (bsc#1056193)\n - Do not install recommended packages when building container images.\n (bsc#975726)\n\n A number of security issues that have been already fixed by updates\n released for SUSE Linux Enterprise Server 12 SP1 are now included in the\n base image. A package/CVE cross-reference is available below.\n\n pam:\n\n - CVE-2015-3238\n\n libtasn1:\n\n - CVE-2015-3622\n - CVE-2016-4008\n\n expat:\n\n expat:\n\n - CVE-2012-6702\n - CVE-2015-1283\n - CVE-2016-0718\n - CVE-2016-5300\n - CVE-2016-9063\n - CVE-2017-9233\n\n libidn:\n\n - CVE-2015-2059\n - CVE-2015-8948\n - CVE-2016-6261\n - CVE-2016-6262\n - CVE-2016-6263\n\n\n zlib:\n\n - CVE-2016-9840\n - CVE-2016-9841\n - CVE-2016-9842\n - CVE-2016-9843\n\n curl:\n\n - CVE-2016-5419\n - CVE-2016-5420\n - CVE-2016-5421\n - CVE-2016-7141\n - CVE-2016-7167\n - CVE-2016-8615\n - CVE-2016-8616\n - CVE-2016-8617\n - CVE-2016-8618\n - CVE-2016-8619\n - CVE-2016-8620\n - CVE-2016-8621\n - CVE-2016-8622\n - CVE-2016-8623\n - CVE-2016-8624\n - CVE-2016-9586\n - CVE-2017-1000100\n - CVE-2017-1000101\n - CVE-2017-7407\n\n openssl:\n\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2177\n - CVE-2016-2178\n - CVE-2016-2179\n - CVE-2016-2180\n - CVE-2016-2181\n - CVE-2016-2182\n - CVE-2016-2183\n - CVE-2016-6302\n - CVE-2016-6303\n - CVE-2016-6304\n - CVE-2016-6306\n - CVE-2016-7056\n - CVE-2016-8610\n - CVE-2017-3731\n\n cracklib:\n\n - CVE-2016-6318\n\n pcre:\n\n - CVE-2014-8964\n - CVE-2015-2325\n - CVE-2015-2327\n - CVE-2015-2328\n - CVE-2015-3210\n - CVE-2015-3217\n - CVE-2015-5073\n - CVE-2015-8380\n - CVE-2015-8381\n - CVE-2015-8382\n - CVE-2015-8383\n - CVE-2015-8384\n - CVE-2015-8385\n - CVE-2015-8386\n - CVE-2015-8387\n - CVE-2015-8388\n - CVE-2015-8389\n - CVE-2015-8390\n - CVE-2015-8391\n - CVE-2015-8392\n - CVE-2015-8393\n - CVE-2015-8394\n - CVE-2015-8395\n - CVE-2016-1283\n - CVE-2016-3191\n\n appamor:\n\n - CVE-2017-6507\n\n bash:\n\n - CVE-2014-6277\n - CVE-2014-6278\n - CVE-2016-0634\n - CVE-2016-7543\n\n cpio:\n\n - CVE-2016-2037\n\n glibc:\n\n - CVE-2016-1234\n - CVE-2016-3075\n - CVE-2016-3706\n - CVE-2016-4429\n - CVE-2017-1000366\n\n perl:\n\n - CVE-2015-8853\n - CVE-2016-1238\n - CVE-2016-2381\n - CVE-2016-6185\n\n libssh2_org:\n\n - CVE-2016-0787\n\n util-linux:\n\n - CVE-2016-5011\n - CVE-2017-2616\n\n ncurses:\n\n - CVE-2017-10684\n - CVE-2017-10685\n - CVE-2017-11112\n - CVE-2017-11113\n\n libksba:\n\n - CVE-2016-4574\n - CVE-2016-4579\n\n libxml2:\n\n - CVE-2014-0191\n - CVE-2015-8806\n - CVE-2016-1762\n - CVE-2016-1833\n - CVE-2016-1834\n - CVE-2016-1835\n - CVE-2016-1837\n - CVE-2016-1838\n - CVE-2016-1839\n - CVE-2016-1840\n - CVE-2016-2073\n - CVE-2016-3627\n - CVE-2016-3705\n - CVE-2016-4447\n - CVE-2016-4448\n - CVE-2016-4449\n - CVE-2016-4483\n - CVE-2016-4658\n - CVE-2016-9318\n - CVE-2016-9597\n - CVE-2017-9047\n - CVE-2017-9048\n - CVE-2017-9049\n - CVE-2017-9050\n\n libgcrypt:\n\n - CVE-2015-7511\n - CVE-2016-6313\n - CVE-2017-7526\n\n update-alternatives:\n\n - CVE-2015-0860\n\n systemd:\n\n - CVE-2014-9770\n - CVE-2015-8842\n - CVE-2016-7796\n\n dbus-1:\n\n - CVE-2014-7824\n - CVE-2015-0245\n\n Finally, the following packages received non-security fixes:\n\n - augeas\n - bzip2\n - ca-certificates-mozilla\n - coreutils\n - cryptsetup\n - cyrus-sasl\n - dirmngr\n - e2fsprogs\n - findutils\n - gpg2\n - insserv-compat\n - kmod\n - libcap\n - libsolv\n - libzypp\n - lua51\n - lvm2\n - netcfg\n - p11-kit\n - permissions\n - procps\n - rpm\n - sed\n - sg3_utils\n - shadow\n - zypper\n\n", "cvss3": {}, "published": "2017-10-11T03:07:32", "type": "suse", "title": "Security update for SLES 12-SP1 Docker image (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-6262", "CVE-2016-7056", "CVE-2017-7407", "CVE-2015-8388", "CVE-2016-8620", "CVE-2016-8623", "CVE-2017-9233", "CVE-2016-5420", "CVE-2016-9840", "CVE-2016-3705", "CVE-2016-1840", "CVE-2014-0191", "CVE-2016-8615", "CVE-2016-8616", "CVE-2015-5276", "CVE-2015-3210", "CVE-2015-2325", "CVE-2016-6261", "CVE-2016-8619", "CVE-2017-10685", "CVE-2016-6306", "CVE-2016-2183", "CVE-2015-0860", "CVE-2016-2178", "CVE-2015-8391", "CVE-2016-6263", "CVE-2016-2108", "CVE-2016-9063", "CVE-2016-8618", "CVE-2016-1762", "CVE-2016-6302", "CVE-2016-5300", "CVE-2015-8395", "CVE-2016-7141", "CVE-2016-1834", "CVE-2017-11112", "CVE-2016-2177", "CVE-2014-7169", "CVE-2015-8382", "CVE-2016-3627", "CVE-2015-1283", "CVE-2014-6277", "CVE-2016-2105", "CVE-2016-9318", "CVE-2016-4483", "CVE-2016-2107", "CVE-2017-3731", "CVE-2015-8386", "CVE-2014-6278", "CVE-2015-2327", "CVE-2017-9049", "CVE-2016-3075", "CVE-2016-8617", "CVE-2016-9842", "CVE-2016-7796", "CVE-2017-2616", "CVE-2016-0634", "CVE-2012-6702", "CVE-2015-3238", "CVE-2016-2180", "CVE-2016-1835", "CVE-2016-0787", "CVE-2016-8610", "CVE-2016-1234", "CVE-2016-0718", "CVE-2016-6185", "CVE-2015-8392", "CVE-2016-4574", "CVE-2015-8389", "CVE-2016-2109", "CVE-2015-8380", "CVE-2016-2181", "CVE-2016-6304", "CVE-2016-4449", "CVE-2017-9048", "CVE-2014-8964", "CVE-2015-2059", "CVE-2017-11113", "CVE-2016-1283", "CVE-2016-6313", "CVE-2016-1837", "CVE-2016-6318", "CVE-2015-3622", "CVE-2016-4448", "CVE-2016-1238", "CVE-2015-8393", "CVE-2016-1838", "CVE-2016-3706", "CVE-2016-4429", "CVE-2016-2381", "CVE-2016-7543", "CVE-2017-1000101", "CVE-2016-8622", "CVE-2015-8853", "CVE-2014-7187", "CVE-2015-8394", "CVE-2016-4008", "CVE-2014-9770", "CVE-2015-3217", "CVE-2014-6271", "CVE-2017-7526", "CVE-2016-3191", "CVE-2017-1000366", "CVE-2016-1839", "CVE-2016-8624", "CVE-2015-8384", "CVE-2016-9843", "CVE-2017-9047", "CVE-2015-8948", "CVE-2014-7824", "CVE-2015-8842", "CVE-2016-9597", "CVE-2016-6303", "CVE-2015-8383", "CVE-2017-1000100", "CVE-2015-8381", "CVE-2016-2182", "CVE-2016-5421", "CVE-2016-9586", "CVE-2015-5073", "CVE-2016-4447", "CVE-2016-5011", "CVE-2015-7511", "CVE-2015-8385", "CVE-2015-8806", "CVE-2016-9841", "CVE-2016-4579", "CVE-2015-0245", "CVE-2016-2037", "CVE-2016-2073", "CVE-2016-5419", "CVE-2015-2328", "CVE-2017-6507", "CVE-2016-4658", "CVE-2016-7167", "CVE-2017-10684", "CVE-2016-2179", "CVE-2016-2106", "CVE-2016-1833", "CVE-2015-8387", "CVE-2016-8621", "CVE-2015-8390", "CVE-2017-9050"], "modified": "2017-10-11T03:07:32", "id": "SUSE-SU-2017:2700-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:36", "description": "- CVE-2016-1762 (denial of service)\n\nA vulnerability has been discovered that allows remote attackers to\ncause a denial of service (memory corruption) via a crafted XML document.\n\n- CVE-2016-1833 (denial of service)\n\nA maliciously crafted file could cause the application to crash due to\na heap-based out-of-bounds memory read.\n\n- CVE-2016-1834 (arbitrary code execution)\n\nIt has been discovered that a heap-buffer-overflow could happen in\nxmlStrncat.\n\n- CVE-2016-1835 (arbitrary code execution)\n\nIt has been discovered that a maliciously crafted file could cause the\napplication to crash due to a heap use-after-free in xmlSAX2AttributeNs.\n\n- CVE-2016-1836 (arbitrary code execution)\n\nIt has been discovered that a heap-use-after free can happen in the\nxmlDictComputeFastKey.\n\n- CVE-2016-1837 (arbitrary code execution)\n\nIt has been discovered that a maliciously crafted file could cause the\napplication to crash due to a Heap use-after-free in\nhtmlParsePubidLiteral and htmlParseSystemiteral.\n\n- CVE-2016-1838 (denial of service)\n\nIt has been discovered that a heap-based buffer overread could happen\nin xmlParserPrintFileContextInternal\n\n- CVE-2016-1839 (denial of service)\n\nIt has been discovered that a heap-based buffer overread could happen\nin xmlDictAddString.\n\n- CVE-2016-1840 (arbitrary code execution)\n\nIt has been discovered that a heap-buffer overflow could happen in\nxmlFAParsePosCharGroup\n\n- CVE-2016-3627 (denial of service)\n\nA vulnerability was found in a way libxml2 parses certain files. With\nthe libxml2 in recovery mode, a maliciously crafted filed could cause\nlibxml2 to crash.\n\n- CVE-2016-3705 (arbitrary code execution)\n\nIt is possible to trigger a stack overflow using a carefully crafted\ninvalid XML file, the stack overflow occurs before libxml2 determines\nthe XML file is invalid.\n\n- CVE-2016-4483 (denial of service)\n\nIt has been discovered that parsing a maliciously crafted XML file\ncould cause the application to crash if recover mode is used.", "edition": 2, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-05-26T00:00:00", "type": "archlinux", "title": "libxml2: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3705", "CVE-2016-1840", "CVE-2016-1836", "CVE-2016-1762", "CVE-2016-1834", "CVE-2016-3627", "CVE-2016-4483", "CVE-2016-1835", "CVE-2016-1837", "CVE-2016-1838", "CVE-2016-1839", "CVE-2016-1833"], "modified": "2016-05-26T00:00:00", "id": "ASA-201605-27", "href": "https://lists.archlinux.org/pipermail/arch-security/2016-May/000634.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2022-01-19T15:51:32", "description": "\n\nDaniel Veillard reports:\n\nMore format string warnings with possible format string\n\t vulnerability (David Kilzer)\nAvoid building recursive entities (Daniel Veillard)\nHeap-based buffer overread in htmlCurrentChar (Pranjal Jumde)\nHeap-based buffer-underreads due to xmlParseName (David Kilzer)\nHeap use-after-free in xmlSAX2AttributeNs (Pranjal Jumde)\nHeap use-after-free in htmlParsePubidLiteral and\n\t htmlParseSystemiteral (Pranjal Jumde)\nFix some format string warnings with possible format string\n\t vulnerability (David Kilzer)\nDetect change of encoding when parsing HTML names (Hugh Davenport)\nFix inappropriate fetch of entities content (Daniel Veillard)\nBug 759398: Heap use-after-free in xmlDictComputeFastKey\n\t (Pranjal Jumde)\nBug 758605: Heap-based buffer overread in xmlDictAddString\n\t (Pranjal Jumde)\nBug 758588: Heap-based buffer overread in\n\t xmlParserPrintFileContextInternal (David Kilzer)\nBug 757711: heap-buffer-overflow in xmlFAParsePosCharGroup\n\t (Pranjal Jumde)\nAdd missing increments of recursion depth counter to XML parser.\n\t (Peter Simons)\nFix NULL pointer deref in XPointer range-to\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-05-23T00:00:00", "type": "freebsd", "title": "libxml2 -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1762", "CVE-2016-1833", "CVE-2016-1834", "CVE-2016-1835", "CVE-2016-1836", "CVE-2016-1837", "CVE-2016-1838", "CVE-2016-1839", "CVE-2016-1840", "CVE-2016-3627", "CVE-2016-3705", "CVE-2016-4449", "CVE-2016-4483"], "modified": "2016-05-23T00:00:00", "id": "E195679D-045B-4953-BB33-BE0073BA2AC6", "href": "https://vuxml.freebsd.org/freebsd/e195679d-045b-4953-bb33-be0073ba2ac6.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2021-06-04T20:21:11", "description": "[2.9.1-6.0.1.3]\n- Update doc/redhat.gif in tarball\n- Add libxml2-oracle-enterprise.patch and update logos in tarball\n[libxml2-2.9.1-6.3]\n- Heap-based buffer overread in xmlNextChar (CVE-2016-1762)\n- Bug 763071: Heap-buffer-overflow in xmlStrncat \n (CVE-2016-1834)\n- Bug 757711: Heap-buffer-overflow in xmlFAParsePosCharGroup \n (CVE-2016-1840)\n- Bug 758588: Heap-based buffer overread in xmlParserPrintFileContextInternal \n (CVE-2016-1838)\n- Bug 758605: Heap-based buffer overread in xmlDictAddString \n (CVE-2016-1839)\n- Bug 759398: Heap use-after-free in xmlDictComputeFastKey \n (CVE-2016-1836)\n- Fix inappropriate fetch of entities content (CVE-2016-4449)\n- Heap use-after-free in htmlParsePubidLiteral and htmlParseSystemiteral (CVE-2016-1837)\n- Heap use-after-free in xmlSAX2AttributeNs (CVE-2016-1835)\n- Heap-based buffer-underreads due to xmlParseName (CVE-2016-4447)\n- Heap-based buffer overread in htmlCurrentChar (CVE-2016-1833)\n- Add missing increments of recursion depth counter to XML parser. (CVE-2016-3705)\n- Avoid building recursive entities (CVE-2016-3627)\n- Fix some format string warnings with possible format string vulnerability (CVE-2016-4448)\n- More format string warnings with possible format string vulnerability (CVE-2016-4448)", "cvss3": {}, "published": "2016-06-23T00:00:00", "type": "oraclelinux", "title": "libxml2 security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-1762", "CVE-2016-1833", "CVE-2016-1834", "CVE-2016-1835", "CVE-2016-1836", "CVE-2016-1837", "CVE-2016-1838", "CVE-2016-1839", "CVE-2016-1840", "CVE-2016-3627", "CVE-2016-3705", "CVE-2016-4447", "CVE-2016-4448", "CVE-2016-4449"], "modified": "2016-06-23T00:00:00", "id": "ELSA-2016-1292", "href": "http://linux.oracle.com/errata/ELSA-2016-1292.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ibm": [{"lastseen": "2021-12-30T21:43:04", "description": "## Summary\n\nSmartCloud Entry is vulerable to libxml2 vulnerabilities. An attacker could exploit these vulnerabilities to obtain sensitive information, execute arbitrary codes, or cause a denial of service, segmentation faults or crahes \nCVE-2016-1762 CVE-2016-1833 CVE-2016-1834 CVE-2016-1835 CVE-2016-1836 CVE-2016-1837 CVE-2016-1838 CVE-2016-4448 CVE-2016-4449 CVE-2016-1839 CVE-2016-1840 CVE-2016-3627 CVE-2016-3705 CVE-2016-4447 \n\n## Vulnerability Details\n\n \n**CVEID:** [_CVE-2016-1762_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1762>)** \nDESCRIPTION:** Apple Safari and Apple iOS could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error in libxml2. By persuading a victim to open a specially-crafted XML file, a remote attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 6.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/111628_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111628>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L) \n\n**CVEID:** [_CVE-2016-1833_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1833>)** \nDESCRIPTION:** Apple Mac OS X and Apple IOS could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error in libxml2. By persuading a victim to open a specially crafted XML file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base Score: 6.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113327_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113327>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-1834_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1834>)** \nDESCRIPTION:** Apple Mac OS X and Apple IOS could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error in libxml2. By persuading a victim to open a specially crafted XML file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base Score: 6.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113328_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113328>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-1835_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1835>)** \nDESCRIPTION:** Apple Mac OS X and Apple IOS could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error in libxml2. By persuading a victim to open a specially crafted XML file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base Score: 6.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113329_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113329>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-1836_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1836>)** \nDESCRIPTION:** Apple Mac OS X and Apple IOS could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error in libxml2. By persuading a victim to open a specially crafted XML file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base Score: 6.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113330_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113330>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-1837_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1837>)** \nDESCRIPTION:** Apple Mac OS X and Apple IOS could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error in libxml2. By persuading a victim to open a specially crafted XML file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base Score: 6.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113331_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113331>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-1838_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1838>)** \nDESCRIPTION:** Apple Mac OS X and Apple IOS could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error in libxml2. By persuading a victim to open a specially crafted XML file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base Score: 6.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113332_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113332>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-4448_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4448>)** \nDESCRIPTION:** libxml2 could allow a remote attacker to execute arbitrary code on the system, caused by a format string error. By using a specially crafted html file containing malicious format specifiers, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113523_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113523>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-4449_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4449>)** \nDESCRIPTION:** libxml2 could allow a remote attacker to obtain sensitive information, caused by a XML external entity (XXE) error when processing XML data by the XML parser. A remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113524_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113524>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2016-1839_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1839>)** \nDESCRIPTION:** Apple Mac OS X and Apple IOS could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error in libxml2. By persuading a victim to open a specially crafted XML file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base Score: 6.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113333_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113333>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-1840_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1840>)** \nDESCRIPTION:** Apple Mac OS X and Apple IOS could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error in libxml2. By persuading a victim to open a specially crafted XML file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base Score: 6.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113334_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113334>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-3627_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3627>)** \nDESCRIPTION:** libxml2 is vulnerable to a denial of service, caused by an error in the xmlStringGetNodeList() function when parsing xml files while in recover mode. An attacker could exploit this vulnerability to exhaust the stack and cause a segmentation fault. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/111586_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111586>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-3705_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3705>)** \nDESCRIPTION:** libxml2 is vulnerable to a stack-based buffer overflow, caused by an out-of-bounds read of xmlParserEntityCheck() and xmlParseAttValueComplex() functions in parser.c. By persuading a victim to open a specially crafted XML file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 6.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-4447_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4447>)** \nDESCRIPTION:** libxml2 is vulnerable to a denial of service, caused by a heap-based buffer overflow. By persuading a victim to open a specially crafted XML file, a remote attacker could overflow a buffer and cause the application to crash. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113522_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113522>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nIBM SmartCloud Entry 2.2.0 through 2.2.0.4 Appliance fix pack 6 \nIBM SmartCloud Entry 2.3.0 through 2.3.0.4 Appliance fix pack 6 \nIBM SmartCloud Entry 2.4.0 through 2.4.0.4 Appliance fix pack 6 \nIBM SmartCloud Entry 3.1.0 through 3.1.0.4 Appliance fix pack 21 \nIBM SmartCloud Entry 3.2.0 through 3.2.0.4 Appliance fix pack 21\n\n## Remediation/Fixes\n\nProduct\n\n| VRMF| APAR| Remediation/First Fix \n---|---|---|--- \nIBM SmartCloud Entry| 2.2| None| IBM SmartCloud Entry 2.2.0 Appliance fix pack 7: \n \n[http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FIBM+Starter+Kit+for+Cloud&fixids=2.2.0.4-IBM-SKC_APPL-FP007&source=SAR](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FIBM+Starter+Kit+for+Cloud&fixids=2.2.0.4-IBM-SKC_APPL-FP007&source=SAR>) \nIBM SmartCloud Entry| 2.3| None| IBM SmartCloud Entry 2.3.0 Appliance fix pack 7: \n \n[http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FIBM+SmartCloud+Entry&fixids=2.3.0.4-IBM-SCE_APPL-FP007&source=SAR](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FIBM+SmartCloud+Entry&fixids=2.3.0.4-IBM-SCE_APPL-FP007&source=SAR>) \nIBM SmartCloud Entry| 2.4| None| IBM SmartCloud Entry 2.4.0 Appliance fix pack 7: \n \n[http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FIBM+SmartCloud+Entry&fixids=2.4.0.4-IBM-SCE_APPL-FP007&source=SAR](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FIBM+SmartCloud+Entry&fixids=2.4.0.4-IBM-SCE_APPL-FP007&source=SAR>) \nIBM SmartCloud Entry| 3.1| None| IBM SmartCloud Entry 3.1.0 Appliance fix pack 22: \n \n[http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FIBM+SmartCloud+Entry&fixids=3.1.0.4-IBM-SCE_APPL-FP22&source=SAR](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FIBM+SmartCloud+Entry&fixids=3.1.0.4-IBM-SCE_APPL-FP22&source=SAR>) \nIBM SmartCloud Entry| 3.2| None| IBM SmartCloud Entry 3.2.0 Appliance fix pack 22: \n \n[http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FIBM+SmartCloud+Entry&fixids=3.2.0.4-IBM-SCE_APPL-FP22&source=SAR](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FIBM+SmartCloud+Entry&fixids=3.2.0.4-IBM-SCE_APPL-FP22&source=SAR>) \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n8 September 2016: Original version published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n[{\"Product\":{\"code\":\"SST55W\",\"label\":\"IBM Cloud Manager with OpenStack\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\"Not Applicable\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"2.3;2.4;3.1;3.2\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB10\",\"label\":\"Data and AI\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-07-19T00:49:12", "type": "ibm", "title": "Security Bulletin: Libxml2 vulnerabilities affect IBM SmartCloud Entry", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1762", "CVE-2016-1833", "CVE-2016-1834", "CVE-2016-1835", "CVE-2016-1836", "CVE-2016-1837", "CVE-2016-1838", "CVE-2016-1839", "CVE-2016-1840", "CVE-2016-3627", "CVE-2016-3705", "CVE-2016-4447", "CVE-2016-4448", "CVE-2016-4449"], "modified": "2020-07-19T00:49:12", "id": "6253D6195173C24D2F250E5EBA9E1FFC8DBDFC9645E89016FCD04E6F2D9EBEB3", "href": "https://www.ibm.com/support/pages/node/629559", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-24T00:35:33", "description": "## Summary\n\nThe libxml2 library is a development toolbox providing the implementation of various XML standards. Multiple vulnerabilities have been discovered in libxml2 used with IBM Security Network Protection.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-1762_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1762>)** \nDESCRIPTION:** Apple Safari and Apple iOS could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error in libxml2. By persuading a victim to open a specially-crafted XML file, a remote attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 6.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/111628_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111628>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L) \n\n**CVEID:** [_CVE-2016-1833_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1833>)** \nDESCRIPTION:** Apple Mac OS X and Apple IOS could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error in libxml2. By persuading a victim to open a specially crafted XML file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base Score: 6.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113327_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113327>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-1834_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1834>)** \nDESCRIPTION:** Apple Mac OS X and Apple IOS could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error in libxml2. By persuading a victim to open a specially crafted XML file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base Score: 6.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113328_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113328>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-1835_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1835>)** \nDESCRIPTION:** Apple Mac OS X and Apple IOS could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error in libxml2. By persuading a victim to open a specially crafted XML file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base Score: 6.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113329_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113329>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-1836_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1836>)** \nDESCRIPTION:** Apple Mac OS X and Apple IOS could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error in libxml2. By persuading a victim to open a specially crafted XML file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base Score: 6.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113330_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113330>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-1837_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1837>)** \nDESCRIPTION:** Apple Mac OS X and Apple IOS could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error in libxml2. By persuading a victim to open a specially crafted XML file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base Score: 6.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113331_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113331>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-1838_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1838>)** \nDESCRIPTION:** Apple Mac OS X and Apple IOS could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error in libxml2. By persuading a victim to open a specially crafted XML file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base Score: 6.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113332_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113332>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-4448_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4448>)** \nDESCRIPTION:** libxml2 could allow a remote attacker to execute arbitrary code on the system, caused by a format string error. By using a specially crafted html file containing malicious format specifiers, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113523_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113523>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-4449_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4449>)** \nDESCRIPTION:** libxml2 could allow a remote attacker to obtain sensitive information, caused by a XML external entity (XXE) error when processing XML data by the XML parser. A remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113524_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113524>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2016-1839_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1839>)** \nDESCRIPTION:** Apple Mac OS X and Apple IOS could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error in libxml2. By persuading a victim to open a specially crafted XML file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base Score: 6.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113333_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113333>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-1840_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1840>)** \nDESCRIPTION:** Apple Mac OS X and Apple IOS could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error in libxml2. By persuading a victim to open a specially crafted XML file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base Score: 6.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113334_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113334>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-3627_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3627>)** \nDESCRIPTION:** libxml2 is vulnerable to a denial of service, caused by an error in the xmlStringGetNodeList() function when parsing xml files while in recover mode. An attacker could exploit this vulnerability to exhaust the stack and cause a segmentation fault. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/111586_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111586>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-3705_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3705>)** \nDESCRIPTION:** libxml2 is vulnerable to a stack-based buffer overflow, caused by an out-of-bounds read of xmlParserEntityCheck() and xmlParseAttValueComplex() functions in parser.c. By persuading a victim to open a specially crafted XML file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 6.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-4447_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4447>)** \nDESCRIPTION:** libxml2 is vulnerable to a denial of service, caused by a heap-based buffer overflow. By persuading a victim to open a specially crafted XML file, a remote attacker could overflow a buffer and cause the application to crash. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113522_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113522>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nIBM Security Network Protection 5.3.1 \nIBM Security Network Protection 5.3.2\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _Remediation/First Fix_ \n---|---|--- \nIBM Security Network Protection| Firmware version 5.3.1| Download Firmware 5.3.1.10 from [IBM Security License Key and Download Center](<https://ibmss.flexnetoperations.com/control/isdl/home>) and upload and install via the Available Updates page of the Local Management Interface. \nIBM Security Network Protection| Firmware version 5.3.2| Install Firmware 5.3.2.4 from [IBM Security License Key and Download Center](<https://ibmss.flexnetoperations.com/control/isdl/home>) and upload and install via the Available Updates page of the Local Management Interface. \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n22 August 2016: Original Version Published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n[{\"Product\":{\"code\":\"SSHLHV\",\"label\":\"IBM Security Network Protection\"},\"Business Unit\":{\"code\":\"BU008\",\"label\":\"Security\"},\"Component\":\"--\",\"Platform\":[{\"code\":\"PF009\",\"label\":\"Firmware\"}],\"Version\":\"5.3.1;5.3.2\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB24\",\"label\":\"Security Software\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2018-06-16T21:44:27", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in libxml2 affect IBM Security Network Protection", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1762", "CVE-2016-1833", "CVE-2016-1834", "CVE-2016-1835", "CVE-2016-1836", "CVE-2016-1837", "CVE-2016-1838", "CVE-2016-1839", "CVE-2016-1840", "CVE-2016-3627", "CVE-2016-3705", "CVE-2016-4447", "CVE-2016-4448", "CVE-2016-4449"], "modified": "2018-06-16T21:44:27", "id": "4E0F3F37822FD6C37F3F06A94F967EABE3AAC2F9D4382E4932DAA8EA6754AFF7", "href": "https://www.ibm.com/support/pages/node/284687", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-30T21:41:06", "description": "## Summary\n\nVulnerabilities in libxml2 that is used by IBM Security Identity Governance\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-1762_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1762>)** \nDESCRIPTION:** Apple Safari and Apple iOS could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error in libxml2. By persuading a victim to open a specially-crafted XML file, a remote attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 6.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/111628_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111628>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L) \n\n**CVEID:** [_CVE-2016-1833_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1833>)** \nDESCRIPTION:** Apple Mac OS X and Apple IOS could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error in libxml2. By persuading a victim to open a specially crafted XML file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base Score: 6.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113327_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113327>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-1834_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1834>)** \nDESCRIPTION:** Apple Mac OS X and Apple IOS could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error in libxml2. By persuading a victim to open a specially crafted XML file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base Score: 6.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113328_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113328>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-1835_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1835>)** \nDESCRIPTION:** Apple Mac OS X and Apple IOS could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error in libxml2. By persuading a victim to open a specially crafted XML file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base Score: 6.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113329_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113329>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-1836_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1836>)** \nDESCRIPTION:** Apple Mac OS X and Apple IOS could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error in libxml2. By persuading a victim to open a specially crafted XML file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base Score: 6.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113330_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113330>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-1837_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1837>)** \nDESCRIPTION:** Apple Mac OS X and Apple IOS could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error in libxml2. By persuading a victim to open a specially crafted XML file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base Score: 6.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113331_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113331>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-1838_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1838>)** \nDESCRIPTION:** Apple Mac OS X and Apple IOS could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error in libxml2. By persuading a victim to open a specially crafted XML file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base Score: 6.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113332_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113332>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-4448_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4448>)** \nDESCRIPTION:** libxml2 could allow a remote attacker to execute arbitrary code on the system, caused by a format string error. By using a specially crafted html file containing malicious format specifiers, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113523_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113523>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-4449_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4449>)** \nDESCRIPTION:** libxml2 could allow a remote attacker to obtain sensitive information, caused by a XML external entity (XXE) error when processing XML data by the XML parser. A remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113524_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113524>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2016-1839_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1839>)** \nDESCRIPTION:** Apple Mac OS X and Apple IOS could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error in libxml2. By persuading a victim to open a specially crafted XML file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base Score: 6.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113333_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113333>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-1840_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1840>)** \nDESCRIPTION:** Apple Mac OS X and Apple IOS could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error in libxml2. By persuading a victim to open a specially crafted XML file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base Score: 6.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113334_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113334>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-3627_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3627>)** \nDESCRIPTION:** libxml2 is vulnerable to a denial of service, caused by an error in the xmlStringGetNodeList() function when parsing xml files while in recover mode. An attacker could exploit this vulnerability to exhaust the stack and cause a segmentation fault. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/111586_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111586>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-3705_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3705>)** \nDESCRIPTION:** libxml2 is vulnerable to a stack-based buffer overflow, caused by an out-of-bounds read of xmlParserEntityCheck() and xmlParseAttValueComplex() functions in parser.c. By persuading a victim to open a specially crafted XML file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 6.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-4447_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4447>)** \nDESCRIPTION:** libxml2 is vulnerable to a denial of service, caused by a heap-based buffer overflow. By persuading a victim to open a specially crafted XML file, a remote attacker could overflow a buffer and cause the application to crash. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113522_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113522>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nIBM Security Identity Governance and Intelligence 5.2.1 Virtual Appliance\n\n \n\n\n## Remediation/Fixes\n\nProduct Name\n\n| VRMF | APAR| Remediation/Fix \n---|---|---|--- \nIBM Security Identity Governance and Intelligence| 5.2.1| None| [5.2.1.3-ISS-SIGI-IF0004 ](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/IBM+Security+Identity+Governance&release=5.2.1.0&platform=Linux&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n[{\"Product\":{\"code\":\"SSGHJR\",\"label\":\"IBM Security Identity Governance and Intelligence\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\"--\",\"Platform\":[{\"code\":\"PF004\",\"label\":\"Appliance\"}],\"Version\":\"5.2.1\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB24\",\"label\":\"Security Software\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2018-06-16T21:46:32", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in libxml2 affect IBM Security Identity Governance", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1762", "CVE-2016-1833", "CVE-2016-1834", "CVE-2016-1835", "CVE-2016-1836", "CVE-2016-1837", "CVE-2016-1838", "CVE-2016-1839", "CVE-2016-1840", "CVE-2016-3627", "CVE-2016-3705", "CVE-2016-4447", "CVE-2016-4448", "CVE-2016-4449"], "modified": "2018-06-16T21:46:32", "id": "200EB5D05FDD22F6EA7DB38F81D5DFDB97686B3E63B80F435FD2CC4BE274FC98", "href": "https://www.ibm.com/support/pages/node/552183", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-22T07:37:47", "description": "## Summary\n\nThere are multiple security vulnerabilities in various components used by IBM Security Identity Manager Virtual Appliance\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-0351_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0351>)** \nDESCRIPTION:** IBM Security Identity Manager Virtual Appliance could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. By intercepting its transmission within an HTTP session, an attacker could exploit this vulnerability to capture the cookie and obtain sensitive information. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/111890_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111890>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID:** [_CVE-2016-0367_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0367>)** \nDESCRIPTION:** IBM Security Identity Manager Virtual Appliance displays sensitive information in an error message that an authenticated user could use to perform further attacks against the system. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112072_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112072>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID:** [_CVE-2016-0353_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0353>)** \nDESCRIPTION:** IBM Security Privileged Identity Manager Virtual Appliance could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. By intercepting its transmission within an HTTP session, an attacker could exploit this vulnerability to capture the cookie and obtain sensitive information. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/111892_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111892>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID:** [_CVE-2016-1762_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1762>)** \nDESCRIPTION:** Apple Safari and Apple iOS could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error in libxml2. By persuading a victim to open a specially-crafted XML file, a remote attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 6.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/111628_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111628>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L) \n\n**CVEID:** [_CVE-2016-1833_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1833>)** \nDESCRIPTION:** Apple Mac OS X and Apple IOS could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error in libxml2. By persuading a victim to open a specially crafted XML file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base Score: 6.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113327_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113327>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-1834_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1834>)** \nDESCRIPTION:** Apple Mac OS X and Apple IOS could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error in libxml2. By persuading a victim to open a specially crafted XML file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base Score: 6.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113328_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113328>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-1835_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1835>)** \nDESCRIPTION:** Apple Mac OS X and Apple IOS could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error in libxml2. By persuading a victim to open a specially crafted XML file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base Score: 6.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113329_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113329>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-1836_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1836>)** \nDESCRIPTION:** Apple Mac OS X and Apple IOS could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error in libxml2. By persuading a victim to open a specially crafted XML file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base Score: 6.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113330_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113330>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-1837_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1837>)** \nDESCRIPTION:** Apple Mac OS X and Apple IOS could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error in libxml2. By persuading a victim to open a specially crafted XML file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base Score: 6.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113331_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113331>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-1838_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1838>)** \nDESCRIPTION:** Apple Mac OS X and Apple IOS could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error in libxml2. By persuading a victim to open a specially crafted XML file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base Score: 6.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113332_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113332>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-4448_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4448>)** \nDESCRIPTION:** libxml2 could allow a remote attacker to execute arbitrary code on the system, caused by a format string error. By using a specially crafted html file containing malicious format specifiers, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113523_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113523>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-4449_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4449>)** \nDESCRIPTION:** libxml2 could allow a remote attacker to obtain sensitive information, caused by a XML external entity (XXE) error when processing XML data by the XML parser. A remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113524_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113524>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2016-1839_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1839>)** \nDESCRIPTION:** Apple Mac OS X and Apple IOS could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error in libxml2. By persuading a victim to open a specially crafted XML file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base Score: 6.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113333_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113333>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-1840_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1840>)** \nDESCRIPTION:** Apple Mac OS X and Apple IOS could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error in libxml2. By persuading a victim to open a specially crafted XML file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base Score: 6.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113334_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113334>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-3705_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3705>)** \nDESCRIPTION:** libxml2 is vulnerable to a stack-based buffer overflow, caused by an out-of-bounds read of xmlParserEntityCheck() and xmlParseAttValueComplex() functions in parser.c. By persuading a victim to open a specially crafted XML file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 6.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-4447_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4447>)** \nDESCRIPTION:** libxml2 is vulnerable to a denial of service, caused by a heap-based buffer overflow. By persuading a victim to open a specially crafted XML file, a remote attacker could overflow a buffer and cause the application to crash. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113522_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113522>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-3627_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3627>)** \nDESCRIPTION:** libxml2 is vulnerable to a denial of service, caused by an error in the xmlStringGetNodeList() function when parsing xml files while in recover mode. An attacker could exploit this vulnerability to exhaust the stack and cause a segmentation fault. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/111586_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111586>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n \n**CVEID:** [_CVE-2015-5194_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5194>)** \nDESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an uninitialized variable when processing malicious commands. By sending a specially crafted logconfig configuration command, a remote authenticated attacker could exploit this vulnerability to cause the daemon to crash. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107595_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107595>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [_CVE-2015-5195_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5195>)** \nDESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by the referencing of a statistics type that was not enabled during compilation by the statistics or filegen configuration command. By sending a specially crafted config command with statistics type, a remote authenticated attacker could exploit this vulnerability to cause a segmentation fault. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107596_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107596>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2015-5219_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5219>)** \nDESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in the sntp program. By sending specially crafted NTP packets, a remote attacker from within the local network could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107597_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107597>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2015-7691_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7691>)** \nDESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in ntp_crypto.c. An attacker could exploit this vulnerability using a packet containing an extension field with an invalid value for the length of its value field to cause ntpd to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107449_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107449>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2015-7692_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7692>)** \nDESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in ntp_crypto.c. An attacker could exploit this vulnerability using a packet containing an extension field with an invalid value for the length of its value field to cause ntpd to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107450_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107450>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2015-7701_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701>)** \nDESCRIPTION:** Network Time Protocol (NTP) could allow a remote attacker to obtain sensitive information, caused by a memory leak in CRYPTO_ASSOC. An attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107444_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107444>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2015-7702_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702>)** \nDESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in ntp_crypto.c. An attacker could exploit this vulnerability using a packet containing an extension field with an invalid value for the length of its value field to cause ntpd to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107451_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107451>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2015-7852_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852>)** \nDESCRIPTION:** Network Time Protocol (NTP) is vulnerable to a buffer overflow, caused by improper bounds checking by thecookedprint functionality. By sending an overly long string, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107439_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107439>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2015-7703_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7703>)** \nDESCRIPTION:** Network Time Protocol (NTP) could allow a remote attacker to traverse directories on the system, caused by the failure to enforce local access only of the \"pidfile\" and \"driftfile\" configuration directives. An attacker could exploit this vulnerability to view arbitrary files on the system. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107445_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107445>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2015-7977_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7977>)** \nDESCRIPTION:** NTP is vulnerable to a denial of service, caused by a NULL pointer dereference. By sending a specially crafted ntpdc reslist command, an attacker could exploit this vulnerability to cause a segmentation fault. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110022_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110022>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2015-7978_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7978>)** \nDESCRIPTION:** NTP is vulnerable to a denial of service. By sending a specially crafted reslist command, an attacker could exploit this vulnerability to consume all available stack memory. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110023_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110023>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2015-7979_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7979>)** \nDESCRIPTION:** NTP could allow a remote attacker to bypass security restrictions. By sending specially crafted broadcast packets with bad authentication, an attacker could exploit this vulnerability to cause the target broadcast client to tear down the association with the broadcast server. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110024_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110024>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n**CVEID:** [_CVE-2016-1547_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1547>)** \nDESCRIPTION:** NTP is vulnerable to a denial of service, caused by the demobilization of a preemptable client association. By sending specially crafted crypto NAK packets, an attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112739_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112739>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-1548_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1548>)** \nDESCRIPTION:** NTP could allow a remote attacker to bypass security restrictions, caused by an error in the ntpd client. By changing the client from basic client/server mode to interleaved symmetric mode, an attacker could exploit this vulnerability to modify the time of the client or cause a denial of service. \nCVSS Base Score: 7.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112740_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112740>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L)\n\n**CVEID:** [_CVE-2016-1550_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1550>)** \nDESCRIPTION:** NTP could allow a local attacker to bypass security restrictions, caused by the failure to use a constant-time memory comparison function when validating the authentication digest on incoming packets. By sending a specially crafted packet with an authentication payload, an attacker could exploit this vulnerability to conduct a timing attack to compute the value of the valid authentication digest. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112742_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112742>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\n**CVEID:** [_CVE-2016-2518_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2518>)** \nDESCRIPTION:** NTP is vulnerable to a denial of service, caused by an error when using a specially crafted packet to create a peer association with hmode > 7\\. An attacker could exploit this vulnerability to cause the MATCH_ASSOC() function to trigger an out-of-bounds read. \nCVSS Base Score: 2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112746_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112746>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L)\n\n \n\n\n## Affected Products and Versions\n\nIBM Security Identity Manager Virtual Appliance versions 7.0.0.0, 7.0.0.1, 7.0.0.2, 7.0.0.3, 7.0.1.0, 7.0.1.1, 7.0.1.3\n\n## Remediation/Fixes\n\nEnsure that the version listed below is installed on the system. \n\nProduct Version| Fix level \n---|--- \nIBM Security Identity Manager (ISIM) Virtual Appliance releases 7.0.0.0, 7.0.0.1, 7.0.0.2, 7.0.0.3, 7.0.1.0, 7.0.1.1, 7.0.1.3 \n \nNote: Interim Fix 1 (7.0.1.3-ISS-SIM-IF0001) requires ISIM fix pack 7.0.1.3 (7.0.1-ISS-SIM-FP0003) to be installed first. The 7.0.1.3 fix pack is available on Fix Central. \n \nUpgrading from firmware version 7.0.0.0 to 7.0.1.3 requires intermediate upgrade to 7.0.0.2 or 7.0.1.0. Upgrading from 7.0.0.2 or later requires no intermediate upgrade.| Apply \nIBM Security Identity Manager (ISIM)[ 7.0.1.3-ISS-SIM-IF0002](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FTivoli+Identity+Manager&fixids=7.0.1.3-ISS-SIM-IF0002&source=SAR>) \n \n \n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Acknowledgement\n\nCVE-2016-0351, CVE-2016-0367, CVE-2016-0353: IBM X-Force Ethical Hacking Team: Paul Ionescu, Warren Moynihan, Jonathan Fitz-Gerald, John Zuccato, Rodney Ryan, Chris Shepherd, Dmitriy Beryoza\n\n## Change History\n\n2016-08-19: Original Copy Published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n[{\"Product\":{\"code\":\"SSRMWJ\",\"label\":\"IBM Security Identity Manager\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\"Identity Manager Virtual Appliance\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"7.0\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB24\",\"label\":\"Security Software\"}}] \n\n## Product Synonym\n\nISIM", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-16T21:45:37", "type": "ibm", "title": "Security Bulletin: Fixes for Multiple Security Vulnerabilities in IBM Security Identity Manager Virtual Appliance available", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5194", "CVE-2015-5195", "CVE-2015-5219", "CVE-2015-7691", "CVE-2015-7692", "CVE-2015-7701", "CVE-2015-7702", "CVE-2015-7703", "CVE-2015-7852", "CVE-2015-7977", "CVE-2015-7978", "CVE-2015-7979", "CVE-2016-0351", "CVE-2016-0353", "CVE-2016-0367", "CVE-2016-1547", "CVE-2016-1548", "CVE-2016-1550", "CVE-2016-1762", "CVE-2016-1833", "CVE-2016-1834", "CVE-2016-1835", "CVE-2016-1836", "CVE-2016-1837", "CVE-2016-1838", "CVE-2016-1839", "CVE-2016-1840", "CVE-2016-2518", "CVE-2016-3627", "CVE-2016-3705", "CVE-2016-4447", "CVE-2016-4448", "CVE-2016-4449"], "modified": "2018-06-16T21:45:37", "id": "C9A098A495C84449FE37F5185D9511BAF41B34B7A322B48105FF2EE7EC21E28E", "href": "https://www.ibm.com/support/pages/node/549933", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "amazon": [{"lastseen": "2021-07-25T19:28:13", "description": "**Issue Overview:**\n\nA heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or execute arbitrary code with the permissions of the user running the application. (CVE-2016-1834, CVE-2016-1840)\n\nMultiple denial of service flaws were found in libxml2. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, could cause that application to crash. (CVE-2016-1762, CVE-2016-1833, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449)\n\n \n**Affected Packages:** \n\n\nlibxml2\n\n \n**Issue Correction:** \nRun _yum update libxml2_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 libxml2-debuginfo-2.9.1-6.3.49.amzn1.i686 \n \u00a0\u00a0\u00a0 libxml2-python27-2.9.1-6.3.49.amzn1.i686 \n \u00a0\u00a0\u00a0 libxml2-2.9.1-6.3.49.amzn1.i686 \n \u00a0\u00a0\u00a0 libxml2-static-2.9.1-6.3.49.amzn1.i686 \n \u00a0\u00a0\u00a0 libxml2-python26-2.9.1-6.3.49.amzn1.i686 \n \u00a0\u00a0\u00a0 libxml2-devel-2.9.1-6.3.49.amzn1.i686 \n \n src: \n \u00a0\u00a0\u00a0 libxml2-2.9.1-6.3.49.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 libxml2-static-2.9.1-6.3.49.amzn1.x86_64 \n \u00a0\u00a0\u00a0 libxml2-2.9.1-6.3.49.amzn1.x86_64 \n \u00a0\u00a0\u00a0 libxml2-debuginfo-2.9.1-6.3.49.amzn1.x86_64 \n \u00a0\u00a0\u00a0 libxml2-python26-2.9.1-6.3.49.amzn1.x86_64 \n \u00a0\u00a0\u00a0 libxml2-python27-2.9.1-6.3.49.amzn1.x86_64 \n \u00a0\u00a0\u00a0 libxml2-devel-2.9.1-6.3.49.amzn1.x86_64 \n \n \n", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2016-07-14T16:30:00", "type": "amazon", "title": "Important: libxml2", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1762", "CVE-2016-1833", "CVE-2016-1834", "CVE-2016-1835", "CVE-2016-1836", "CVE-2016-1837", "CVE-2016-1838", "CVE-2016-1839", "CVE-2016-1840", "CVE-2016-3627", "CVE-2016-3705", "CVE-2016-4447", "CVE-2016-4448", "CVE-2016-4449"], "modified": "2016-07-14T16:30:00", "id": "ALAS-2016-719", "href": "https://alas.aws.amazon.com/ALAS-2016-719.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2021-10-19T18:37:53", "description": "The libxml2 library is a development toolbox providing the implementation of various XML standards.\n\nSecurity Fix(es):\n\nA heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or execute arbitrary code with the permissions of the user running the application. (CVE-2016-1834, CVE-2016-1840)\n\nMultiple denial of service flaws were found in libxml2. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, could cause that application to crash. \n(CVE-2016-1762, CVE-2016-1833, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2016-06-23T08:21:08", "type": "redhat", "title": "(RHSA-2016:1292) Important: libxml2 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1762", "CVE-2016-1833", "CVE-2016-1834", "CVE-2016-1835", "CVE-2016-1836", "CVE-2016-1837", "CVE-2016-1838", "CVE-2016-1839", "CVE-2016-1840", "CVE-2016-3627", "CVE-2016-3705", "CVE-2016-4447", "CVE-2016-4448", "CVE-2016-4449"], "modified": "2018-06-06T16:24:26", "id": "RHSA-2016:1292", "href": "https://access.redhat.com/errata/RHSA-2016:1292", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-21T04:43:45", "description": "This release of Red Hat JBoss Core Services httpd 2.4.23 serves as a replacement for JBoss Core Services Apache HTTP Server 2.4.6.\n\nSecurity Fix(es):\n\n* This update fixes several flaws in OpenSSL. (CVE-2014-8176, CVE-2015-0209, CVE-2015-0286, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, CVE-2015-3216, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0799, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2177, CVE-2016-2178, CVE-2016-2842)\n\n* This update fixes several flaws in libxml2. (CVE-2016-1762, CVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449, CVE-2016-4483)\n\n* This update fixes three flaws in curl. (CVE-2016-5419, CVE-2016-5420, CVE-2016-7141)\n\n* This update fixes two flaws in httpd. (CVE-2014-3523, CVE-2015-3185)\n\n* This update fixes two flaws in mod_cluster. (CVE-2016-4459, CVE-2016-8612)\n\n* A buffer overflow flaw when concatenating virtual host names and URIs was fixed in mod_jk. (CVE-2016-6808)\n\n* A memory leak flaw was fixed in expat. (CVE-2012-1148)\n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2014-8176, CVE-2015-0286, CVE-2016-2108, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0799, and CVE-2016-2842. The CVE-2016-4459 issue was discovered by Robert Bost (Red Hat). Upstream acknowledges Stephen Henson (OpenSSL development team) as the original reporter of CVE-2015-0286; Huzaifa Sidhpurwala (Red Hat), Hanno B\u00f6ck, and David Benjamin (Google) as the original reporters of CVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2105, CVE-2016-2106, CVE-2016-0797, CVE-2016-0799, and CVE-2016-2842; Juraj Somorovsky as the original reporter of CVE-2016-2107; Yuval Yarom (University of Adelaide and NICTA), Daniel Genkin (Technion and Tel Aviv University), and Nadia Heninger (University of Pennsylvania) as the original reporters of CVE-2016-0702; and Adam Langley (Google/BoringSSL) as the original reporter of CVE-2016-0705.\n\nSee the corresponding CVE pages linked to in the References section for more information about each of the flaws listed in this advisory.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-12-15T22:02:12", "type": "redhat", "title": "(RHSA-2016:2957) Important: Red Hat JBoss Core Services Apache HTTP 2.4.23 Release", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0876", "CVE-2012-1148", "CVE-2014-3523", "CVE-2014-8176", "CVE-2015-0209", "CVE-2015-0286", "CVE-2015-3185", "CVE-2015-3194", "CVE-2015-3195", "CVE-2015-3196", "CVE-2015-3216", "CVE-2016-0702", "CVE-2016-0705", "CVE-2016-0797", "CVE-2016-0799", "CVE-2016-1762", "CVE-2016-1833", "CVE-2016-1834", "CVE-2016-1835", "CVE-2016-1836", "CVE-2016-1837", "CVE-2016-1838", "CVE-2016-1839", "CVE-2016-1840", "CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2108", "CVE-2016-2109", "CVE-2016-2177", "CVE-2016-2178", "CVE-2016-2842", "CVE-2016-3627", "CVE-2016-3705", "CVE-2016-4447", "CVE-2016-4448", "CVE-2016-4449", "CVE-2016-4459", "CVE-2016-4483", "CVE-2016-5419", "CVE-2016-5420", "CVE-2016-6808", "CVE-2016-7141", "CVE-2016-8612"], "modified": "2017-07-24T20:12:36", "id": "RHSA-2016:2957", "href": "https://access.redhat.com/errata/RHSA-2016:2957", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2022-02-27T11:52:18", "description": "**CentOS Errata and Security Advisory** CESA-2016:1292\n\n\nThe libxml2 library is a development toolbox providing the implementation of various XML standards.\n\nSecurity Fix(es):\n\nA heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or execute arbitrary code with the permissions of the user running the application. (CVE-2016-1834, CVE-2016-1840)\n\nMultiple denial of service flaws were found in libxml2. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, could cause that application to crash. \n(CVE-2016-1762, CVE-2016-1833, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449)\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2016-June/058836.html\nhttps://lists.centos.org/pipermail/centos-announce/2016-June/058848.html\n\n**Affected packages:**\nlibxml2\nlibxml2-devel\nlibxml2-python\nlibxml2-static\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2016:1292", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2016-06-23T15:28:21", "type": "centos", "title": "libxml2 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1762", "CVE-2016-1833", "CVE-2016-1834", "CVE-2016-1835", "CVE-2016-1836", "CVE-2016-1837", "CVE-2016-1838", "CVE-2016-1839", "CVE-2016-1840", "CVE-2016-3627", "CVE-2016-3705", "CVE-2016-4447", "CVE-2016-4448", "CVE-2016-4449"], "modified": "2016-06-23T23:41:40", "id": "CESA-2016:1292", "href": "https://lists.centos.org/pipermail/centos-announce/2016-June/058836.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:54", "description": "This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX stream or and in-memory DOM like representations. In this case one can use the built-in XPath and XPointer implementation to select sub nodes or ranges. A flexible Input/Output mechanism is available, with existing HTTP and FTP modules and combined to an URI library. ", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2017-04-19T09:32:17", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: libxml2-2.9.4-2.fc25", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1762", "CVE-2016-1833", "CVE-2016-1834", "CVE-2016-1835", "CVE-2016-1836", "CVE-2016-1837", "CVE-2016-1838", "CVE-2016-1839", "CVE-2016-1840", "CVE-2016-4447", "CVE-2016-4448", "CVE-2016-4449", "CVE-2016-4658", "CVE-2016-5131", "CVE-2016-9318"], "modified": "2017-04-19T09:32:17", "id": "FEDORA:09EA7605EEEE", "href": "", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "description": "This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX stream or and in-memory DOM like representations. In this case one can use the built-in XPath and XPointer implementation to select sub nodes or ranges. A flexible Input/Output mechanism is available, with existing HTTP and FTP modules and combined to an URI library. ", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2017-04-19T07:53:28", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: libxml2-2.9.4-2.fc24", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1762", "CVE-2016-1833", "CVE-2016-1834", "CVE-2016-1835", "CVE-2016-1836", "CVE-2016-1837", "CVE-2016-1838", "CVE-2016-1839", "CVE-2016-1840", "CVE-2016-4447", "CVE-2016-4448", "CVE-2016-4449", "CVE-2016-4658", "CVE-2016-5131", "CVE-2016-9318"], "modified": "2017-04-19T07:53:28", "id": "FEDORA:D1EB860677B7", "href": "", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2021-10-23T22:06:54", "description": "Package : libxml2\nVersion : 2.8.0+dfsg1-7+wheezy6\nCVE ID : CVE-2015-8806 CVE-2016-1762 CVE-2016-1833 CVE-2016-1834\n CVE-2016-1835 CVE-2016-1837 CVE-2016-1838 CVE-2016-1839\n CVE-2016-1840 CVE-2016-2073 CVE-2016-3627 CVE-2016-3705\n CVE-2016-4447 CVE-2016-4449 CVE-2016-4483\nDebian Bug : 812807 813613 819006 823405 823414\n\nSeveral vulnerabilities were discovered in libxml2, a library providing\nsupport to read, modify and write XML and HTML files. A remote attacker\ncould provide a specially crafted XML or HTML file that, when processed\nby an application using libxml2, would cause a denial-of-service against\nthe application, or potentially the execution of arbitrary code with the\nprivileges of the user running the application.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n2.8.0+dfsg1-7+wheezy6.\n\nWe recommend that you upgrade your libxml2 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-06-03T19:22:01", "type": "debian", "title": "[SECURITY] [DLA 503-1] libxml2 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8806", "CVE-2016-1762", "CVE-2016-1833", "CVE-2016-1834", "CVE-2016-1835", "CVE-2016-1837", "CVE-2016-1838", "CVE-2016-1839", "CVE-2016-1840", "CVE-2016-2073", "CVE-2016-3627", "CVE-2016-3705", "CVE-2016-4447", "CVE-2016-4449", "CVE-2016-4483"], "modified": "2016-06-03T19:22:01", "id": "DEBIAN:DLA-503-1:6F8B6", "href": "https://lists.debian.org/debian-lts-announce/2016/06/msg00004.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-11-30T16:46:22", "description": "Package : libxml2\nVersion : 2.8.0+dfsg1-7+wheezy6\nCVE ID : CVE-2015-8806 CVE-2016-1762 CVE-2016-1833 CVE-2016-1834\n CVE-2016-1835 CVE-2016-1837 CVE-2016-1838 CVE-2016-1839\n CVE-2016-1840 CVE-2016-2073 CVE-2016-3627 CVE-2016-3705\n CVE-2016-4447 CVE-2016-4449 CVE-2016-4483\nDebian Bug : 812807 813613 819006 823405 823414\n\nSeveral vulnerabilities were discovered in libxml2, a library providing\nsupport to read, modify and write XML and HTML files. A remote attacker\ncould provide a specially crafted XML or HTML file that, when processed\nby an application using libxml2, would cause a denial-of-service against\nthe application, or potentially the execution of arbitrary code with the\nprivileges of the user running the application.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n2.8.0+dfsg1-7+wheezy6.\n\nWe recommend that you upgrade your libxml2 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-06-03T19:22:01", "type": "debian", "title": "[SECURITY] [DLA 503-1] libxml2 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8806", "CVE-2016-1762", "CVE-2016-1833", "CVE-2016-1834", "CVE-2016-1835", "CVE-2016-1837", "CVE-2016-1838", "CVE-2016-1839", "CVE-2016-1840", "CVE-2016-2073", "CVE-2016-3627", "CVE-2016-3705", "CVE-2016-4447", "CVE-2016-4449", "CVE-2016-4483"], "modified": "2016-06-03T19:22:01", "id": "DEBIAN:DLA-503-1:11947", "href": "https://lists.debian.org/debian-lts-announce/2016/06/msg00004.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-30T13:08:24", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3593-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nJune 02, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : libxml2\nCVE ID : CVE-2015-8806 CVE-2016-1762 CVE-2016-1833 CVE-2016-1834\n CVE-2016-1835 CVE-2016-1836 CVE-2016-1837 CVE-2016-1838\n CVE-2016-1839 CVE-2016-1840 CVE-2016-2073 CVE-2016-3627\n CVE-2016-3705 CVE-2016-4447 CVE-2016-4449 CVE-2016-4483\nDebian Bug : 812807 813613 819006 823405 823414\n\nSeveral vulnerabilities were discovered in libxml2, a library providing\nsupport to read, modify and write XML and HTML files. A remote attacker\ncould provide a specially crafted XML or HTML file that, when processed\nby an application using libxml2, would cause a denial-of-service against\nthe application, or potentially the execution of arbitrary code with the\nprivileges of the user running the application.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 2.9.1+dfsg1-5+deb8u2.\n\nWe recommend that you upgrade your libxml2 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-06-02T20:28:31", "type": "debian", "title": "[SECURITY] [DSA 3593-1] libxml2 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8806", "CVE-2016-1762", "CVE-2016-1833", "CVE-2016-1834", "CVE-2016-1835", "CVE-2016-1836", "CVE-2016-1837", "CVE-2016-1838", "CVE-2016-1839", "CVE-2016-1840", "CVE-2016-2073", "CVE-2016-3627", "CVE-2016-3705", "CVE-2016-4447", "CVE-2016-4449", "CVE-2016-4483"], "modified": "2016-06-02T20:28:31", "id": "DEBIAN:DSA-3593-1:F14D3", "href": "https://lists.debian.org/debian-security-announce/2016/msg00170.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-21T22:14:21", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3593-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nJune 02, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : libxml2\nCVE ID : CVE-2015-8806 CVE-2016-1762 CVE-2016-1833 CVE-2016-1834\n CVE-2016-1835 CVE-2016-1836 CVE-2016-1837 CVE-2016-1838\n CVE-2016-1839 CVE-2016-1840 CVE-2016-2073 CVE-2016-3627\n CVE-2016-3705 CVE-2016-4447 CVE-2016-4449 CVE-2016-4483\nDebian Bug : 812807 813613 819006 823405 823414\n\nSeveral vulnerabilities were discovered in libxml2, a library providing\nsupport to read, modify and write XML and HTML files. A remote attacker\ncould provide a specially crafted XML or HTML file that, when processed\nby an application using libxml2, would cause a denial-of-service against\nthe application, or potentially the execution of arbitrary code with the\nprivileges of the user running the application.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 2.9.1+dfsg1-5+deb8u2.\n\nWe recommend that you upgrade your libxml2 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-06-02T20:28:31", "type": "debian", "title": "[SECURITY] [DSA 3593-1] libxml2 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8806", "CVE-2016-1762", "CVE-2016-1833", "CVE-2016-1834", "CVE-2016-1835", "CVE-2016-1836", "CVE-2016-1837", "CVE-2016-1838", "CVE-2016-1839", "CVE-2016-1840", "CVE-2016-2073", "CVE-2016-3627", "CVE-2016-3705", "CVE-2016-4447", "CVE-2016-4449", "CVE-2016-4483"], "modified": "2016-06-02T20:28:31", "id": "DEBIAN:DSA-3593-1:95A95", "href": "https://lists.debian.org/debian-security-announce/2016/msg00170.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "mageia": [{"lastseen": "2022-04-18T11:19:34", "description": "A heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or execute arbitrary code with the permissions of the user running the application (CVE-2016-1834, CVE-2016-1840). Multiple denial of service flaws were found in libxml2. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, could cause that application to crash (CVE-2016-1762, CVE-2016-1833, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2015-8806, CVE-2016-2073, CVE-2016-4483, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449). The libxml2 package has been updated to version 2.9.4, fixing these issues and other bugs. \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-07-26T21:59:16", "type": "mageia", "title": "Updated libxml2 packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8806", "CVE-2016-1762", "CVE-2016-1833", "CVE-2016-1834", "CVE-2016-1835", "CVE-2016-1836", "CVE-2016-1837", "CVE-2016-1838", "CVE-2016-1839", "CVE-2016-1840", "CVE-2016-2073", "CVE-2016-4447", "CVE-2016-4448", "CVE-2016-4449", "CVE-2016-4483"], "modified": "2016-07-26T21:59:16", "id": "MGASA-2016-0263", "href": "https://advisories.mageia.org/MGASA-2016-0263.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cloudfoundry": [{"lastseen": "2021-08-11T17:51:24", "description": "USN-2994-1 libxml2 vulnerabilities\n\n# \n\nMedium\n\n# Vendor\n\nGNOME XML library, Canonical Ubuntu\n\n# Versions Affected\n\n * Canonical Ubuntu 14.04 LTS \n\n# Description\n\nMultiple researchers discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service. ([CVE-2015-8806](<http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8806.html>), [CVE-2016-2073](<http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-2073.html>), [CVE-2016-3627](<http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-3627.html>), [CVE-2016-3705](<http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-3705.html>), [CVE-2016-4447](<http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4447.html>), [CVE-2016-1762](<http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1762.html>), [CVE-2016-1834](<http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1834.html>), [CVE-2016-1833](<http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1833.html>), [CVE-2016-1838](<http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1838.html>), [CVE-2016-1839](<http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1839.html>), [CVE-2016-1835](<http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1835.html>), [CVE-2016-1837](<http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1837.html>), [CVE-2016-1836](<http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1836.html>), [CVE-2016-1840](<http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1840.html>), [CVE-2016-4483](<http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4483.html>))\n\nIt was discovered that libxml2 would load certain XML external entities. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly obtain access to arbitrary files or cause resource consumption. ([CVE-2016-4449](<http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4449.html>))\n\n# Affected Products and Versions\n\n_Severity is medium unless otherwise noted._\n\n * All versions of Cloud Foundry cflinuxfs2 prior to v.1.66.0 \n\n# Mitigation\n\nUsers of affected versions should apply the following mitigation:\n\n * The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 v.1.66.0 or later versions \n\n# Credit\n\nGustavo Grieco, Mateusz Jurczyk, Wei Lei, Liu Yang\n\n# References\n\n * <http://www.ubuntu.com/usn/usn-2994-1/>\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-06-13T00:00:00", "type": "cloudfoundry", "title": "USN-2994-1 libxml2 vulnerabilities | Cloud Foundry", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8806", "CVE-2016-1762", "CVE-2016-1833", "CVE-2016-1834", "CVE-2016-1835", "CVE-2016-1836", "CVE-2016-1837", "CVE-2016-1838", "CVE-2016-1839", "CVE-2016-1840", "CVE-2016-2073", "CVE-2016-3627", "CVE-2016-3705", "CVE-2016-4447", "CVE-2016-4449", "CVE-2016-4483"], "modified": "2016-06-13T00:00:00", "id": "CFOUNDRY:DCC31D4961650B41BAF732BB0B28B011", "href": "https://www.cloudfoundry.org/blog/usn-2994-1/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "symantec": [{"lastseen": "2022-01-12T03:30:21", "description": "### SUMMARY \n\nBlue Coat products that include a vulnerable version of the libxml2 library are susceptible to multiple vulnerabilities. A remote attacker can exploit these vulnerabilities to execute arbitrary code and cause denial of service through memory corruption. \n \n\n\n### AFFECTED PRODUCTS \n\nThe following products are vulnerable:\n\n**Advanced Secure Gateway (ASG)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-4483 | 6.7, 7.2, 7.3 | Not available at this time \n6.6, 7.1 | Upgrade to later release with fixes. \nAll CVEs except CVE-2016-4483 | 6.7 and later | Not vulnerable, fixed in 6.7.2.1. \n6.6 | Upgrade to 6.6.5.2. \n \n \n\n**AuthConnector** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nAll CVEs | 2.5 | Fixed in 2.5.5500 \n \n \n\n**Content Analysis System (CAS)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-4483 | 2.3 and later | Not vulnerable, fixed in 2.3.1.1 \n2.1, 2.2 | Upgrade to later release with fixes. \n1.3 (not vulnerable to known vectors of attack) | Upgrade to later release with fixes. \nAll CVEs except CVE-2016-4483 | 2.1 and later | Not vulnerable, fixed in 2.1.1.1. \n1.3 (not vulnerable to known vectors of attack) | Upgrade to 1.3.7.3. \n \n \n\n**Director** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nAll CVEs | 6.1 | Upgrade to a version of MC with the fixes. \n \n \n\n**Malware Analysis Appliance (MAA)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-4448 | 4.2 | Upgrade to 4.2.12. \nCVE-2016-4449 | 4.2 | Upgrade to 4.2.11. \nAll CVEs except CVE-2016-4448 and CVE-2016-4449 | 4.2 (not vulnerable to known vectors of attack) | Upgrade to 4.2.11. \n \n \n\n**Norman Shark Industrial Control System Protection (ICSP)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nAll CVEs | 5.4 | Not vulnerable, fixed in 5.4.1 \n5.3 | Upgrade to later release with fixes. \n \n \n\n**Norman Shark Network Protection (NNP)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nAll CVEs | 5.3 | A fix will not be provided. \n \n \n\n**Norman Shark SCADA Protection (NSP)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nAll CVEs | 5.3 | A fix will not be provided. Customers who use NSP for USB cleaning can switch to a version of ICSP with fixes. \n \n \n\n**ProxySG** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nAll CVEs | 6.7 and later | Not vulnerable, fixed in 6.7.1.1 \n6.6 | Upgrade to 6.6.5.2. \n6.5 | Upgrade to 6.5.9.12. \n \n \n\n**Security Analytics (SA)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-4483 | 8.1, 8.2 | Not available at this time \n7.3 starting with 7.3.2, 8.0 | Upgrade to later release with fixes. \n7.3.1 | Not vulnerable, fixed \n7.2 | Upgrade to 7.3.2. \n6.6, 7.0, 7.1 | Upgrade to later release with fixes. \nAll CVEs except CVE-2016-4483 | 7.3 and later | Not vulnerable, fixed in 7.3.1 \n7.2 | Upgrade to 7.2.2. \n6.6, 7.0, 7.1 | Upgrade to later release with fixes. \n \n \n\n**X-Series XOS** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nAll CVEs | 9.7, 10.0, 11.0 | A fix will not be provided. \n \n \n\nThe following products contain vulnerable versions of the libxml2 library, but are not vulnerable to known vectors of attack:\n\n**Mail Threat Defense (MTD)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nAll CVEs | 1.1 | Upgrade to a version of CAS and SMG with the fixes. \n \n \n\n**Management Center (MC)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-4483 \n | 2.0 and later | Not vulnerable, fixed in 2.0.1.1 \n1.5 - 1.11 | Upgrade to later release with fixes. \nAll CVEs except CVE-2016-4483 | 1.8 and later | Not vulnerable, fixed in 1.8.1.1 \n1.7 | Upgrade to 1.7.2.1. \n1.6 | Upgrade to later release with fixes. \n1.5 | Upgrade to later release with fixes. \n \n \n\n**PacketShaper (PS) S-Series** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-4483 | 11.2 and later | Allot Secure Services Gateway (SSG) is a replacement product for PacketShaper S-Series. Switch to a version of SSG with the vulnerability fixes. \nAll CVEs except CVE-2016-4483 | 11.7 and later | Upgrade to 11.7.1.1. \n11.6 | Upgrade to 11.6.1.3. \n11.2 - 11.5 | Upgrade to later release with fixes. \n \n \n\n**PolicyCenter (PC) S-Series** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-4483 | 1.1 | Allot NetXplorer is a replacement product for PolicyShaper S-Series. Switch to a version of NetXplorer with the vulnerability fixes. \nAll CVEs except CVE-2016-4483 | 1.1 | Upgrade to 1.1.3.1. \n \n \n\n**Reporter** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-4483 | 10.5 and later | Not vulnerable, fixed in 10.5.1.1 \n10.1, 10.2, 10.3, 10.4 (not vulnerable to known vectors of attack) | Upgrade to later release with fixes. \nAll CVEs except CVE-2016-4483 | 10.2 and later | Not vulnerable, fixed in 10.2.1.1. \n10.1 (not vulnerable to known vectors of attack) | Upgrade to 10.1.5.1. \nAll CVEs | 9.5 | Not vulnerable \n9.4 | Not vulnerable \n \n \n\n**SSL Visibility (SSLV)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-4483 | 4.5 | Not available at this time \n4.3, 4.4 | Not vulnerable, fixed in 4.3.1.1. \n4.0, 4.1, 4.2, 5.0 | Upgrade to later release with fixes. \nAll CVEs except CVE-2016-4483 | 4.0 | Not vulnerable, fixed in 4.0.2.1. \nCVE-2016-4448 | 3.12 | Not vulnerable, fixed in 3.12.1.1. \n3.11 | Upgrade to 3.11.4.1. \n3.10 | Upgrade to 3.10.4.1. \n3.8.4FC, 3.9 | Upgrade to later release with fixes. \nAll CVEs except CVE-2016-4448 | 3.10 and later 3.x | Not vulnerable, fixed in 3.10.1.1. \n3.9 | Upgrade to 3.9.4.1. \n3.8.4FC | Upgrade to later release with fixes. \n \n \n\n### ADDITIONAL PRODUCT INFORMATION\n\nSome Blue Coat products do not accept XML data from untrusted sources. The products listed below include vulnerable versions of the libxml2 library, but are not known to be vulnerable to the CVEs below. However, fixes for these CVEs will be included in the patches that are provided.\n\n * **ASG:** all CVEs\n * **CAS:** all CVEs\n * **MTD:** all CVEs\n * **MAA:** all CVEs except CVE-2016-4448 and CVE-2016-4449\n * **MC:** all CVEs\n * **PacketShaper S-Series:** all CVEs\n * **PolicyCenter S-Series:** all CVEs\n * **Reporter 10.x:** all CVEs\n * **SSLV:** all CVEs except CVE-2016-4448 and CVE-2016-4449\n\nThe following products are not vulnerable: \n**Android Mobile Agent \nBCAAA \nBlue Coat HSM Agent for the Luna SP \nCacheFlow \nClient Connector \nCloud Data Protection for Salesforce \nCloud Data Protection for Salesforce Analytics \nCloud Data Protection for ServiceNow \nCloud Data Protection for Oracle CRM On Demand \nCloud Data Protection for Oracle Field Service Cloud \nCloud Data Protection for Oracle Sales Cloud \nCloud Data Protection Integration Server \nCloud Data Protection Communication Server \nCloud Data Protection Policy Builder \nGeneral Auth Connector Login Application \nIntelligenceCenter \nIntelligenceCenter Data Collector \nK9 \nPacketShaper \nPolicyCenter \nProxyAV \nProxyAV ConLog and ConLogXP \nProxyClient \nUnified Agent \nWeb Isolation \nWSS Agent**\n\nBlue Coat no longer provides vulnerability information for the following products:\n\n**DLP**\n\nPlease, contact Digital Guardian technical support regarding vulnerability information for DLP. \n \n\n\n### ISSUES\n\n**CVE-2016-1762** \n--- \n**Severity / CVSSv2** | High / 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n**References** | SecurityFocus: [BID 85059](<https://www.securityfocus.com/bid/85059>) / NVD: [CVE-2016-1762](<https://nvd.nist.gov/vuln/detail/CVE-2016-1762>) \n**Impact** | Denial of service, code execution \n**Description** | A flaw in the XML parser allows a remote attacker to cause a heap-based buffer overread via crafted XML data, resulting in arbitrary code execution or denial of service through memory corruption. \n \n \n\n**CVE-2016-1833** \n--- \n**Severity / CVSSv2** | Medium / 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) \n**References** | SecurityFocus: [BID 90691](<https://www.securityfocus.com/bid/90691>) / NVD: [CVE-2016-1833](<https://nvd.nist.gov/vuln/detail/CVE-2016-1833>) \n**Impact** | Denial of service, code execution \n**Description** | A flaw in the XML parser allows a remote attacker to cause a heap-based buffer overread via crafted XML data, resulting in arbitrary code execution or denial of service through memory corruption. \n \n \n\n**CVE-2016-1834** \n--- \n**Severity / CVSSv2** | Medium / 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) \n**References** | SecurityFocus: [BID 90691](<https://www.securityfocus.com/bid/90691>) / NVD: [CVE-2016-1834](<https://nvd.nist.gov/vuln/detail/CVE-2016-1834>) \n**Impact** | Denial of service, code execution \n**Description** | A flaw in string handling allows a remote attacker to cause a heap-based buffer overflow via crafted XML data, resulting in arbitrary code execution or denial of service through memory corruption. \n \n \n\n**CVE-2016-1835** \n--- \n**Severity / CVSSv2** | Medium / 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) \n**References** | SecurityFocus: [BID 90696](<https://www.securityfocus.com/bid/90696>) / NVD: [CVE-2016-1835](<https://nvd.nist.gov/vuln/detail/CVE-2016-1835>) \n**Impact** | Denial of service, code execution \n**Description** | A flaw in the XML parser allows a remote attacker to cause a use-after-free via crafted XML data, resulting in arbitrary code execution or denial of service through memory corruption. \n \n \n\n**CVE-2016-1836** \n--- \n**Severity / CVSSv2** | Medium / 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) \n**References** | SecurityFocus: [BID 90691](<https://www.securityfocus.com/bid/90691>) / NVD: [CVE-2016-1836](<https://nvd.nist.gov/vuln/detail/CVE-2016-1836>) \n**Impact** | Denial of service, code execution \n**Description** | A flaw in the XML parser allows a remote attacker to cause a use-after-free via crafted XML data, resulting in arbitrary code execution or denial of service through memory corruption. \n \n \n\n**CVE-2016-1837** \n--- \n**Severity / CVSSv2** | Medium / 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) \n**References** | SecurityFocus: [BID 90691](<https://www.securityfocus.com/bid/90691>) / NVD: [CVE-2016-1837](<https://nvd.nist.gov/vuln/detail/CVE-2016-1837>) \n**Impact** | Denial of service, code execution \n**Description** | A flaw in the HTML parser allows a remote attacker to cause a use-after-free via crafted HTML data, resulting in arbitrary code execution or denial of service through memory corruption. \n \n \n\n**CVE-2016-1838** \n--- \n**Severity / CVSSv2** | Medium / 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) \n**References** | SecurityFocus: [BID 90691](<https://www.securityfocus.com/bid/90691>) / NVD: [CVE-2016-1838](<https://nvd.nist.gov/vuln/detail/CVE-2016-1838>) \n**Impact** | Denial of service, code execution \n**Description** | A flaw in the XML parser allows a remote attacker to cause a heap-based buffer overread via crafted XML data, resulting in arbitrary code execution or denial of service through memory corruption. \n \n \n\n**CVE-2016-1839** \n--- \n**Severity / CVSSv2** | Medium / 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) \n**References** | SecurityFocus: [BID 90691](<https://www.securityfocus.com/bid/90691>) / NVD: [CVE-2016-1839](<https://nvd.nist.gov/vuln/detail/CVE-2016-1839>) \n**Impact** | Denial of service, code execution \n**Description** | A flaw in the XML/HTML parser allows a remote attacker to cause a heap-based buffer overread via crafted XML/HTML data, resulting in arbitrary code execution or denial of service through memory corruption. \n \n \n\n**CVE-2016-1840** \n--- \n**Severity / CVSSv2** | Medium / 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) \n**References** | SecurityFocus: [BID 90691](<https://www.securityfocus.com/bid/90691>) / NVD: [CVE-2016-1840](<https://nvd.nist.gov/vuln/detail/CVE-2016-1840>) \n**Impact** | Denial of service, code execution \n**Description** | A flaw allows a remote attacker to cause a heap-based buffer overread via crafted XML data, resulting in arbitrary code execution or denial of service through memory corruption. \n \n \n\n**CVE-2016-3627** \n--- \n**Severity / CVSSv2** | Medium / 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n**References** | SecurityFocus: [BID 84992](<https://www.securityfocus.com/bid/84992>) / NVD: [CVE-2016-3627](<https://nvd.nist.gov/vuln/detail/CVE-2016-3627>) \n**Impact** | Denial of service \n**Description** | A flaw in the XML parser allows a remote attacker to cause infinite recursion or stack depletion via crafted XML data, resulting in application crashes and denial of service. \n \n \n\n**CVE-2016-3705** \n--- \n**Severity / CVSSv2** | Medium / 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n**References** | SecurityFocus: [BID 89854](<https://www.securityfocus.com/bid/89854>) / NVD: [CVE-2016-3705](<https://nvd.nist.gov/vuln/detail/CVE-2016-3705>) \n**Impact** | Denial of service \n**Description** | A flaw in the XML parser allows a remote attacker to cause stack depletion via crafted XML data, resulting in application crashes and denial of service. \n \n \n\n**CVE-2016-4447** \n--- \n**Severity / CVSSv2** | Medium / 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n**References** | SecurityFocus: [BID 90864](<https://www.securityfocus.com/bid/90864>) / NVD: [CVE-2016-4447](<https://nvd.nist.gov/vuln/detail/CVE-2016-4447>) \n**Impact** | Denial of service \n**Description** | A flaw in the XML parser allows a remote attacker to cause a heap-based buffer underread via crafted XML data, resulting in application crashes and denial of service. \n \n \n\n**CVE-2016-4448** \n--- \n**Severity / CVSSv2** | High / 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n**References** | SecurityFocus: [BID 90856](<https://www.securityfocus.com/bid/90856>) / NVD: [CVE-2016-4448](<https://nvd.nist.gov/vuln/detail/CVE-2016-4448>) \n**Impact** | Unspecified \n**Description** | A flaw in format string handling allows an attacker to have unspecified impact via unspecified attack vectors. \n \n \n\n**CVE-2016-4449** \n--- \n**Severity / CVSSv2** | Medium / 5.8 (AV:N/AC:M/Au:N/C:P/I:N/A:P) \n**References** | SecurityFocus: [BID 90865](<https://www.securityfocus.com/bid/90865>) / NVD: [CVE-2016-4449](<https://nvd.nist.gov/vuln/detail/CVE-2016-4449>) \n**Impact** | Informationd disclosure, denial of service \n**Description** | A flaw in the XML parser allows a remote attacker to read arbitrary files or cause denial of service through resource consumption. \n \n \n\n**CVE-2016-4483** \n--- \n**Severity / CVSSv2** | Medium / 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n**References** | SecurityFocus: [BID 76510](<https://www.securityfocus.com/bid/76510>) / NVD: [CVE-2016-4483](<https://nvd.nist.gov/vuln/detail/CVE-2015-4483>) \n**Impact** | Denial of service, code execution \n**Description** | A flaw in the XML parser in recovery mode allows a remote attacker to cause a buffer overread via crafted XML data, resulting in arbitrary code execution or denial of service through memory corruption. \n \n \n\n### MITIGATION\n\nBlue Coat's ProxySG appliance running SGOS 6.6.4 or a later release can protect customer networks against attacks using all CVEs, except CVE-2016-1834, CVE-2016-1840, CVE-2016-3627, and CVE-2016-4448. ProxySG deployed as a reverse proxy can protect network hosts behind it by blocking the malformed XML payload used in these attacks. Customers can use the following CPL syntax introduced in SGOS 6.6.4:\n \n \n <proxy>\n http.request.detection.xml.invalid(block)\n\n \n\n### REVISION\n\n2021-08-27 WSS Agent is not vulnerable. \n2021-06-07 A fix for SSLV 5.0 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2020-12-10 A fix for ASG 7.1 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2020-11-17 A fix for MTD 1.1 will not be provided. Please upgrade to a version of CAS and SMG with the vulnerability fixes. A fix for SA 7.3 and 8.0 will not be provided. Please upgrade to a later version with the vulnerability fixes. A fix for XOS 9.7, 10.0, and 11.0 will not be provided. A fix for Director 6.1 will not be provided. Please upgrade to a version of MC with the vulnerability fixes. \n2020-04-27 Security Analytics 8.1 is vulnerable to CVE-2016-4483. SSL Visibility (SSLV) 4.5 has a vulnerable version of libxml2, but is not vulnerable to known vectors of attack. Reporter 10.5 is not vulnerable because a fix is available in 10.5.1.1. Fixes will not be provided for Industrical Control System Protection (ICSP) 5.3, Reporter 10.3, Reporter 10.4, and SSL Visibility (SSLV) 3.9. Please upgrade to later versions with the vulnerability fixes. \n2020-04-03 A fix will not be provided for CVE-2016-4483 in PacketShaper S-Series. Allot Secure Services Gateway (SSG) is a replacement product for PacketShaper S-Series. Please switch to a version of SSG with the vulnerability fixes. A fix will not be provided for CVE-2016-4483 in PolicyCenter S-Series. Allow NetXplorer is a replacement product for PolicyCenter S-Series. Please switch to a version of NetXplorer with the vulnerability fixes. \n2019-10-03 Web Isolation is not vulnerable. \n2019-08-30 Reporter 10.4 has a vulnerable version of libxml2, but is not vulnerable to known vectors of attack. \n2019-08-07 A fix for ASG 6.6 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2019-08-06 A fix for Reporter 10.1 and 10.2 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2019-02-04 A fix for CA 1.3 and 2.2 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2019-01-29 ICSP 5.4 is not vulnerable because a fix is available in 5.4.1. \n2019-01-21 SA 7.3 starting with 7.3.2 and 8.0 are vulnerable to CVE-2016-4483. \n2019-01-18 SSLV 4.4 is not vulnerable. SSLV 5.0 has a vulnerable version of libxml2, but is not vulnerable to known vectors of attack. \n2019-01-14 A fix for CVE-2016-4483 in MC 1.11 will not be provided. Please upgrade to a later version with the vulnerability fixes. Reporter 10.3 has a vulnerable version in libxml2, but is not vulnerable to known vectors of attack \n2019-01-11 A fix for CVE-2016-4483 in CA 2.1 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2018-08-03 Customers who use NSP for USB cleaning can switch to a version of Industrial Control System Protection (ICSP) with fixes. \n2018-07-27 A fix for CVE-2016-4448 in MA 4.2 is available in 4.2.12. \n2018-07-24 MC 2.0 is not vulnerable because a fix for CVE-2016-4483 is available in 2.0.1.1. \n2018-07-02 A fix for CVE 2016-4483 in SSLV 4.1 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2018-06-30 A fix for SSLV 4.3 is available in 4.3.1.1. \n2018-06-29 A fix for Norman Shark Network Protection (NNP) 5.3 and Norman Shark SCADA Protection (NSP) 5.3 will not be provided. \n2018-06-26 A fix for AuthConnector is available in 2.5.5500. \n2018-04-25 A fix for XOS 9.7 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2018-04-22 CAS 2.3 is not vulnerable because a fix is available in 2.3.1.1. PacketShaper S-Series 11.10 and Reporter 10.2 have a vulnerable version of libxml2, but are not vulnerable to known vectors of attack. \n2018-04-06 A fix for all CVEs except CVE-2016-4448 in SSLV 3.9 is available in 3.9.4.1. A fix for all CVEs except CVE-2016-4448 is available in Packetshaper S-Series 11.7 and 11.8. \n2018-02-22 A fix for CVE-2016-4448 in SSLV 3.10 is available in 3.10.4.1. \n2017-11-16 A fix for PS S-Series 11.5, 11.7, and 11.8 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2017-11-16 A fix for SSLV 3.9 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2017-11-15 SSLV 3.12 is not vulnerable because a fix is available in 3.12.1.1. \n2017-11-15 SSLV 4.2 has a vulnerable version of libxml2, but is not vulnerable to known vectors of attack. A fix is not available at this time. \n2017-11-08 CAS 2.2 is vulnerable to CVE-2016-4483. \n2017-11-07 MC 1.11 has vulnerable versions of a vulnerable version of libxml2, but is not vulnerable to known vectors of attack. A fix for MC 1.10 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2017-11-06 ASG 6.6 starting with 6.6.5.2 has a vulnerable version of libxml2 for all CVEs, but is not vulnerable to known vectors of attack. ASG 6.7 is vulnerable to CVE-2016-4483. \n2017-08-03 SSLV 4.1 has a vulnerable version of libxml2, but is not vulnerable to known vectors of attack. A fix is not available at this time. \n2017-07-25 PS S-Series 11.9 has a vulnerable version of libxml2, but is not vulnerable to known vectors of attack. A fix is not available at this time. \n2017-07-21 MC 1.10 has vulnerable versions of a vulnerable version of libxml2, but is not vulnerable to known vectors of attack. A fix for MC 1.9 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2017-07-10 A fix for CVE-2016-4448 in SSLV 3.11 is available in 3.11.4.1. \n2017-06-22 Security Analytics 7.3 is not vulnerable. \n2017-06-05 PS S-Series 11.7 and 11.8 have a vulnerable version of libxml2. PS S-Series is not vulnerable to known vectors of attack. \n2017-05-18 CAS 2.1 is vulnerable to CVE-2016-4483. \n2017-03-30 MC 1.9 has a vulnerable version of libxml2 for CVE-2016-4483, but is not vulnerable to known vectors of attack. \n2017-03-08 A fix for all CVEs except CVE-2016-4483 in PolicyCenter S-Series 1.1 is available in 1.1.3.1. \n2017-03-08 MC 1.8 and SSLV 4.0 have a vulnerable version of libxml2, but are not vulnerable to known vectors of attack. ProxySG 6.7 is not vulnerable. Previously, it was reported that a fix for all CVEs in PacketShaper S-Series 11.6 is available in 11.6.1.3. Further investigation has shows that all versions of PS S-Series still have a vulnerable version of libxml2 for CVE-2016-4483. PS S-Series is not vulnerable to known vectors of attack. \n2017-01-25 A fix for SA 7.2 is available in 7.2.2. \n2017-01-24 A fix for all CVEs except CVE-2016-4483 in CAS 1.3 is available in 1.3.7.3. \n2017-01-10 A fix for all CVEs except CVE-2015-4483 in Reporter 10.1 is available in 10.1.5.1. \n2016-12-19 A fix for all CVEs except CVE-2016-4448 is available in MAA 4.2.11. \n2016-12-02 SSLV 3.11 is vulnerable to CVE-2016-4448. A fix is not available at this time. \n2016-11-17 Cloud Data Protection for Oracle Field Service Cloud is not vulnerable. \n2016-11-14 MC 1.6 and 1.7 have a vulnerable version of libxml2. A fix for all CVEs except CVE-2015-4483 is available in 1.7.2.1. \n2016-11-11 SSLV 3.10 is vulnerable to CVE-2016-4448. A fix is not available at this time. \n2016-10-24 Clarified that Security Analytics 7.2 is vulnerable. A fix is available through a patch RPM from Blue Coat Support. \n2016-10-24 A fix for ASG is available in 6.6.5.2. \n2016-10-24 A fix for ProxySG 6.6 is available in 6.6.5.2. \n2016-10-18 A fix for ProxySG 6.5 is available in 6.5.9.12. \n2016-09-14 Fixes for Security Analytics 6.6, 7.1, and 7.2 are available through patch RPMs from Blue Coat Support. \n2016-09-14 A fix for PacketShaper S-Series 11.6 is available in 11.6.1.3. \n2016-09-14 Clarified wording in Workarounds sections. \n2016-09-01 initial public release\n\n \n\n \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2016-09-01T08:00:00", "type": "symantec", "title": "SA129 : Multiple libxml2 Vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-4483", "CVE-2016-1762", "CVE-2016-1833", "CVE-2016-1834", "CVE-2016-1835", "CVE-2016-1836", "CVE-2016-1837", "CVE-2016-1838", "CVE-2016-1839", "CVE-2016-1840", "CVE-2016-3627", "CVE-2016-3705", "CVE-2016-4447", "CVE-2016-4448", "CVE-2016-4449", "CVE-2016-4483"], "modified": "2022-01-10T19:50:02", "id": "SMNTC-1377", "href": "", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2022-01-04T12:26:53", "description": "It was discovered that libxml2 incorrectly handled certain malformed \ndocuments. If a user or automated system were tricked into opening a \nspecially crafted document, an attacker could possibly cause libxml2 to \ncrash, resulting in a denial of service. (CVE-2015-8806, CVE-2016-2073, \nCVE-2016-3627, CVE-2016-3705, CVE-2016-4447)\n\nIt was discovered that libxml2 incorrectly handled certain malformed \ndocuments. If a user or automated system were tricked into opening a \nspecially crafted document, an attacker could cause libxml2 to crash, \nresulting in a denial of service, or possibly execute arbitrary code. \n(CVE-2016-1762, CVE-2016-1834)\n\nMateusz Jurczyk discovered that libxml2 incorrectly handled certain \nmalformed documents. If a user or automated system were tricked into \nopening a specially crafted document, an attacker could cause libxml2 to \ncrash, resulting in a denial of service, or possibly execute arbitrary \ncode. (CVE-2016-1833, CVE-2016-1838, CVE-2016-1839)\n\nWei Lei and Liu Yang discovered that libxml2 incorrectly handled certain \nmalformed documents. If a user or automated system were tricked into \nopening a specially crafted document, an attacker could cause libxml2 to \ncrash, resulting in a denial of service, or possibly execute arbitrary \ncode. (CVE-2016-1835, CVE-2016-1837)\n\nWei Lei and Liu Yang discovered that libxml2 incorrectly handled certain \nmalformed documents. If a user or automated system were tricked into \nopening a specially crafted document, an attacker could cause libxml2 to \ncrash, resulting in a denial of service, or possibly execute arbitrary \ncode. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 15.10 and \nUbuntu 16.04 LTS. (CVE-2016-1836)\n\nKostya Serebryany discovered that libxml2 incorrectly handled certain \nmalformed documents. If a user or automated system were tricked into \nopening a specially crafted document, an attacker could cause libxml2 to \ncrash, resulting in a denial of service, or possibly execute arbitrary \ncode. (CVE-2016-1840)\n\nIt was discovered that libxml2 would load certain XML external entities. If \na user or automated system were tricked into opening a specially crafted \ndocument, an attacker could possibly obtain access to arbitrary files or \ncause resource consumption. (CVE-2016-4449)\n\nGustavo Grieco discovered that libxml2 incorrectly handled certain \nmalformed documents. If a user or automated system were tricked into \nopening a specially crafted document, an attacker could possibly cause \nlibxml2 to crash, resulting in a denial of service. (CVE-2016-4483)\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-06-06T00:00:00", "type": "ubuntu", "title": "libxml2 vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1836", "CVE-2015-8806", "CVE-2016-1838", "CVE-2016-4447", "CVE-2016-4483", "CVE-2016-1762", "CVE-2016-4449", "CVE-2016-1837", "CVE-2016-1839", "CVE-2016-1835", "CVE-2016-1833", "CVE-2016-3705", "CVE-2016-1840", "CVE-2016-1834", "CVE-2016-2073", "CVE-2016-3627"], "modified": "2016-06-06T00:00:00", "id": "USN-2994-1", "href": "https://ubuntu.com/security/notices/USN-2994-1", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "apple": [{"lastseen": "2020-12-24T20:42:06", "description": "For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the [Apple Product Security](<https://www.apple.com/support/security/>) website.\n\nFor information about the Apple Product Security PGP Key, see [How to use the Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nWhere possible, [CVE IDs](<http://cve.mitre.org/about/>) are used to reference the vulnerabilities for further information.\n\nTo learn about other security updates, see [Apple security updates](<https://support.apple.com/kb/HT201222>).\n\n## watchOS 2.2.1\n\n * **CommonCrypto**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: A malicious application may be able to leak sensitive user information\n\nDescription: An issue existed in the handling of return values in CCCrypt. This issue was addressed through improved key length management.\n\nCVE-ID\n\nCVE-2016-1802 : Klaus Rodewig\n\n * **CoreCapture**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A null pointer dereference was addressed through improved validation.\n\nCVE-ID\n\nCVE-2016-1803 : Ian Beer of Google Project Zero, daybreaker working with Trend Micro\u2019s Zero Day Initiative\n\n * **Disk Images**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: A local attacker may be able to read kernel memory\n\nDescription: A race condition was addressed through improved locking.\n\nCVE-ID\n\nCVE-2016-1807 : Ian Beer of Google Project Zero\n\n * **Disk Images**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1808 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro\n\n * **ImageIO**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: Processing a maliciously crafted image may lead to a denial of service\n\nDescription: A null pointer dereference was addressed through improved validation.\n\nCVE-ID\n\nCVE-2016-1811 : Lander Brandt (@landaire)\n\n * **IOAcceleratorFamily**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1817 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro working with Trend Micro's Zero Day Initiative\n\nCVE-2016-1818: Juwei Lin of TrendMicro, sweetchip@GRAYHASH working with Trend Micro\u2019s Zero Day Initiative\n\nEntry updated December 13, 2016\n\n * **IOAcceleratorFamily**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption vulnerability was addressed through improved locking.\n\nCVE-ID\n\nCVE-2016-1819 : Ian Beer of Google Project Zero\n\n * **IOAcceleratorFamily**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A null pointer dereference was addressed through improved validation.\n\nCVE-ID\n\nCVE-2016-1813 : Ian Beer of Google Project Zero\n\n * **IOHIDFamily**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1823 : Ian Beer of Google Project Zero\n\nCVE-2016-1824 : Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent\n\n * **Kernel**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1827 : Brandon Azad\n\nCVE-2016-1828 : Brandon Azad\n\nCVE-2016-1829 : CESG\n\nCVE-2016-1830 : Brandon Azad\n\n * **libc**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: A local attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-ID\n\nCVE-2016-1832 : Karl Williamson\n\n * **libxml2**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1833 : Mateusz Jurczyk\n\nCVE-2016-1834 : Apple\n\nCVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University\n\nCVE-2016-1837 : Wei Lei and Liu Yang of Nanyang Technological University\n\nCVE-2016-1838 : Mateusz Jurczyk\n\nCVE-2016-1839 : Mateusz Jurczyk\n\nCVE-2016-1840 : Kostya Serebryany\n\n * **libxslt**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1841 : Sebastian Apelt\n\n * **MapKit**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: An attacker in a privileged network position may be able to leak sensitive user information\n\nDescription: Shared links were sent with HTTP rather than HTTPS. This was addressed by enabling HTTPS for shared links.\n\nCVE-ID\n\nCVE-2016-1842 : Richard Shupak (https://www.linkedin.com/in/rshupak)\n\n * **OpenGL**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1847 : Tongbo Luo and Bo Qu of Palo Alto Networks\n", "edition": 3, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-01-23T03:54:39", "title": "About the security content of watchOS 2.2.1 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1841", "CVE-2016-1830", "CVE-2016-1840", "CVE-2016-1824", "CVE-2016-1836", "CVE-2016-1808", "CVE-2016-1807", "CVE-2016-1834", "CVE-2016-1847", "CVE-2016-1828", "CVE-2016-1842", "CVE-2016-1802", "CVE-2016-1837", "CVE-2016-1838", "CVE-2016-1823", "CVE-2016-1832", "CVE-2016-1819", "CVE-2016-1839", "CVE-2016-1803", "CVE-2016-1817", "CVE-2016-1813", "CVE-2016-1827", "CVE-2016-1833", "CVE-2016-1818", "CVE-2016-1811", "CVE-2016-1829"], "modified": "2017-01-23T03:54:39", "id": "APPLE:HT206566", "href": "https://support.apple.com/kb/HT206566", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-11-10T17:01:10", "description": "# About the security content of watchOS 2.2.1\n\nThis document describes the security content of watchOS 2.2.1.\n\nFor the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the [Apple Product Security](<https://www.apple.com/support/security/>) website.\n\nFor information about the Apple Product Security PGP Key, see [How to use the Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nWhere possible, [CVE IDs](<http://cve.mitre.org/about/>) are used to reference the vulnerabilities for further information.\n\nTo learn about other security updates, see [Apple security updates](<https://support.apple.com/kb/HT201222>).\n\n## watchOS 2.2.1\n\n * **CommonCrypto**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: A malicious application may be able to leak sensitive user information\n\nDescription: An issue existed in the handling of return values in CCCrypt. This issue was addressed through improved key length management.\n\nCVE-ID\n\nCVE-2016-1802 : Klaus Rodewig\n\n * **CoreCapture**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A null pointer dereference was addressed through improved validation.\n\nCVE-ID\n\nCVE-2016-1803 : Ian Beer of Google Project Zero, daybreaker working with Trend Micro\u2019s Zero Day Initiative\n\n * **Disk Images**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: A local attacker may be able to read kernel memory\n\nDescription: A race condition was addressed through improved locking.\n\nCVE-ID\n\nCVE-2016-1807 : Ian Beer of Google Project Zero\n\n * **Disk Images**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1808 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro\n\n * **ImageIO**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: Processing a maliciously crafted image may lead to a denial of service\n\nDescription: A null pointer dereference was addressed through improved validation.\n\nCVE-ID\n\nCVE-2016-1811 : Lander Brandt (@landaire)\n\n * **IOAcceleratorFamily**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1817 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro working with Trend Micro's Zero Day Initiative\n\nCVE-2016-1818: Juwei Lin of TrendMicro, sweetchip@GRAYHASH working with Trend Micro\u2019s Zero Day Initiative\n\nEntry updated December 13, 2016\n\n * **IOAcceleratorFamily**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption vulnerability was addressed through improved locking.\n\nCVE-ID\n\nCVE-2016-1819 : Ian Beer of Google Project Zero\n\n * **IOAcceleratorFamily**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A null pointer dereference was addressed through improved validation.\n\nCVE-ID\n\nCVE-2016-1813 : Ian Beer of Google Project Zero\n\n * **IOHIDFamily**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1823 : Ian Beer of Google Project Zero\n\nCVE-2016-1824 : Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent\n\n * **Kernel**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1827 : Brandon Azad\n\nCVE-2016-1828 : Brandon Azad\n\nCVE-2016-1829 : CESG\n\nCVE-2016-1830 : Brandon Azad\n\n * **libc**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: A local attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-ID\n\nCVE-2016-1832 : Karl Williamson\n\n * **libxml2**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1833 : Mateusz Jurczyk\n\nCVE-2016-1834 : Apple\n\nCVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University\n\nCVE-2016-1837 : Wei Lei and Liu Yang of Nanyang Technological University\n\nCVE-2016-1838 : Mateusz Jurczyk\n\nCVE-2016-1839 : Mateusz Jurczyk\n\nCVE-2016-1840 : Kostya Serebryany\n\n * **libxslt**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1841 : Sebastian Apelt\n\n * **MapKit**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: An attacker in a privileged network position may be able to leak sensitive user information\n\nDescription: Shared links were sent with HTTP rather than HTTPS. This was addressed by enabling HTTPS for shared links.\n\nCVE-ID\n\nCVE-2016-1842 : Richard Shupak (https://www.linkedin.com/in/rshupak)\n\n * **OpenGL**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1847 : Tongbo Luo and Bo Qu of Palo Alto Networks\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: January 23, 2017\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-05-16T00:00:00", "type": "apple", "title": "About the security content of watchOS 2.2.1", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1802", "CVE-2016-1803", "CVE-2016-1807", "CVE-2016-1808", "CVE-2016-1811", "CVE-2016-1813", "CVE-2016-1817", "CVE-2016-1818", "CVE-2016-1819", "CVE-2016-1823", "CVE-2016-1824", "CVE-2016-1827", "CVE-2016-1828", "CVE-2016-1829", "CVE-2016-1830", "CVE-2016-1832", "CVE-2016-1833", "CVE-2016-1834", "CVE-2016-1836", "CVE-2016-1837", "CVE-2016-1838", "CVE-2016-1839", "CVE-2016-1840", "CVE-2016-1841", "CVE-2016-1842", "CVE-2016-1847"], "modified": "2016-05-16T00:00:00", "id": "APPLE:888E607C6699469D7890D958FC8D36F7", "href": "https://support.apple.com/kb/HT206566", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-11-10T17:01:11", "description": "# About the security content of tvOS 9.2.1\n\nThis document describes the security content of tvOS 9.2.1.\n\nFor the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the [Apple Product Security](<https://www.apple.com/support/security/>) website.\n\nFor information about the Apple Product Security PGP Key, see [How to use the Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nWhere possible, [CVE IDs](<http://cve.mitre.org/about/>) are used to reference the vulnerabilities for further information.\n\nTo learn about other security updates, see [Apple security updates](<https://support.apple.com/kb/HT201222>).\n\n## tvOS 9.2.1\n\n * **CFNetwork Proxies**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An attacker in a privileged network position may be able to leak sensitive user information\n\nDescription: An information leak existed in the handling of HTTP and HTTPS requests. This issue was addressed through improved URL handling.\n\nCVE-ID\n\nCVE-2016-1801 : Alex Chapman and Paul Stone of Context Information Security\n\n * **CommonCrypto**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A malicious application may be able to leak sensitive user information\n\nDescription: An issue existed in the handling of return values in CCCrypt. This issue was addressed through improved key length management.\n\nCVE-ID\n\nCVE-2016-1802 : Klaus Rodewig\n\n * **CoreCapture**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A null pointer dereference was addressed through improved validation.\n\nCVE-ID\n\nCVE-2016-1803 : Ian Beer of Google Project Zero, daybreaker working with Trend Micro\u2019s Zero Day Initiative\n\n * **Disk Images**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to read kernel memory\n\nDescription: A race condition was addressed through improved locking.\n\nCVE-ID\n\nCVE-2016-1807 : Ian Beer of Google Project Zero\n\n * **Disk Images**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1808 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro\n\n * **ImageIO**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted image may lead to a denial of service\n\nDescription: A null pointer dereference was addressed through improved validation.\n\nCVE-ID\n\nCVE-2016-1811 : Lander Brandt (@landaire)\n\n * **IOAcceleratorFamily**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1817 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro working with Trend Micro's Zero Day Initiative\n\nCVE-2016-1818: Juwei Lin of TrendMicro, sweetchip@GRAYHASH working with Trend Micro\u2019s Zero Day Initiative\n\nEntry updated December 13, 2016\n\n * **IOAcceleratorFamily**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to cause a denial of service\n\nDescription: A null pointer dereference was addressed through improved locking.\n\nCVE-ID\n\nCVE-2016-1814 : Juwei Lin of TrendMicro\n\n * **IOAcceleratorFamily**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption vulnerability was addressed through improved locking.\n\nCVE-ID\n\nCVE-2016-1819 : Ian Beer of Google Project Zero\n\n * **IOAcceleratorFamily**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A null pointer dereference was addressed through improved validation.\n\nCVE-ID\n\nCVE-2016-1813 : Ian Beer of Google Project Zero\n\n * **IOHIDFamily**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1823 : Ian Beer of Google Project Zero\n\nCVE-2016-1824 : Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent\n\nCVE-2016-4650 : Peter Pi of Trend Micro working with HPs Zero Day Initiative\n\n * **Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1827 : Brandon Azad\n\nCVE-2016-1828 : Brandon Azad\n\nCVE-2016-1829 : CESG\n\nCVE-2016-1830 : Brandon Azad\n\n * **libc**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-ID\n\nCVE-2016-1832 : Karl Williamson\n\n * **libxml2**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1833 : Mateusz Jurczyk\n\nCVE-2016-1834 : Apple\n\nCVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University\n\nCVE-2016-1837 : Wei Lei and Liu Yang of Nanyang Technological University\n\nCVE-2016-1838 : Mateusz Jurczyk\n\nCVE-2016-1839 : Mateusz Jurczyk\n\nCVE-2016-1840 : Kostya Serebryany\n\n * **libxslt**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1841 : Sebastian Apelt\n\n * **OpenGL**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1847 : Tongbo Luo and Bo Qu of Palo Alto Networks\n\n * **WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may disclose data from another website\n\nDescription: An insufficient taint tracking issue in the parsing of svg images was addressed through improved taint tracking.\n\nCVE-ID\n\nCVE-2016-1858 : an anonymous researcher\n\n * **WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1854 : Anonymous working with Trend Micro's Zero Day Initiative\n\nCVE-2016-1855 : Tongbo Luo and Bo Qu of Palo Alto Networks\n\nCVE-2016-1856 : lokihardt working with Trend Micro's Zero Day Initiative\n\nCVE-2016-1857 : Jeonghoon Shin@A.D.D, Liang Chen, Zhen Feng, wushi of KeenLab, Tencent working with Trend Micro's Zero Day Initiative\n\n * **WebKit Canvas**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1859 : Liang Chen, wushi of KeenLab, Tencent working with Trend Micro's Zero Day Initiative\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: January 23, 2017\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-05-16T00:00:00", "type": "apple", "title": "About the security content of tvOS 9.2.1", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1801", "CVE-2016-1802", "CVE-2016-1803", "CVE-2016-1807", "CVE-2016-1808", "CVE-2016-1811", "CVE-2016-1813", "CVE-2016-1814", "CVE-2016-1817", "CVE-2016-1818", "CVE-2016-1819", "CVE-2016-1823", "CVE-2016-1824", "CVE-2016-1827", "CVE-2016-1828", "CVE-2016-1829", "CVE-2016-1830", "CVE-2016-1832", "CVE-2016-1833", "CVE-2016-1834", "CVE-2016-1836", "CVE-2016-1837", "CVE-2016-1838", "CVE-2016-1839", "CVE-2016-1840", "CVE-2016-1841", "CVE-2016-1847", "CVE-2016-1854", "CVE-2016-1855", "CVE-2016-1856", "CVE-2016-1857", "CVE-2016-1858", "CVE-2016-1859", "CVE-2016-4650"], "modified": "2016-05-16T00:00:00", "id": "APPLE:D2896F9EF4E86DBA2ADA7F8FB613BAEF", "href": "https://support.apple.com/kb/HT206564", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:41:24", "description": "For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the [Apple Product Security](<https://www.apple.com/support/security/>) website.\n\nFor information about the Apple Product Security PGP Key, see [How to use the Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nWhere possible, [CVE IDs](<http://cve.mitre.org/about/>) are used to reference the vulnerabilities for further information.\n\nTo learn about other security updates, see [Apple security updates](<https://support.apple.com/kb/HT201222>).\n\n## tvOS 9.2.1\n\n * **CFNetwork Proxies**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An attacker in a privileged network position may be able to leak sensitive user information\n\nDescription: An information leak existed in the handling of HTTP and HTTPS requests. This issue was addressed through improved URL handling.\n\nCVE-ID\n\nCVE-2016-1801 : Alex Chapman and Paul Stone of Context Information Security\n\n * **CommonCrypto**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A malicious application may be able to leak sensitive user information\n\nDescription: An issue existed in the handling of return values in CCCrypt. This issue was addressed through improved key length management.\n\nCVE-ID\n\nCVE-2016-1802 : Klaus Rodewig\n\n * **CoreCapture**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A null pointer dereference was addressed through improved validation.\n\nCVE-ID\n\nCVE-2016-1803 : Ian Beer of Google Project Zero, daybreaker working with Trend Micro\u2019s Zero Day Initiative\n\n * **Disk Images**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to read kernel memory\n\nDescription: A race condition was addressed through improved locking.\n\nCVE-ID\n\nCVE-2016-1807 : Ian Beer of Google Project Zero\n\n * **Disk Images**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1808 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro\n\n * **ImageIO**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted image may lead to a denial of service\n\nDescription: A null pointer dereference was addressed through improved validation.\n\nCVE-ID\n\nCVE-2016-1811 : Lander Brandt (@landaire)\n\n * **IOAcceleratorFamily**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1817 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro working with Trend Micro's Zero Day Initiative\n\nCVE-2016-1818: Juwei Lin of TrendMicro, sweetchip@GRAYHASH working with Trend Micro\u2019s Zero Day Initiative\n\nEntry updated December 13, 2016\n\n * **IOAcceleratorFamily**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to cause a denial of service\n\nDescription: A null pointer dereference was addressed through improved locking.\n\nCVE-ID\n\nCVE-2016-1814 : Juwei Lin of TrendMicro\n\n * **IOAcceleratorFamily**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption vulnerability was addressed through improved locking.\n\nCVE-ID\n\nCVE-2016-1819 : Ian Beer of Google Project Zero\n\n * **IOAcceleratorFamily**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A null pointer dereference was addressed through improved validation.\n\nCVE-ID\n\nCVE-2016-1813 : Ian Beer of Google Project Zero\n\n * **IOHIDFamily**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1823 : Ian Beer of Google Project Zero\n\nCVE-2016-1824 : Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent\n\nCVE-2016-4650 : Peter Pi of Trend Micro working with HPs Zero Day Initiative\n\n * **Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1827 : Brandon Azad\n\nCVE-2016-1828 : Brandon Azad\n\nCVE-2016-1829 : CESG\n\nCVE-2016-1830 : Brandon Azad\n\n * **libc**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-ID\n\nCVE-2016-1832 : Karl Williamson\n\n * **libxml2**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1833 : Mateusz Jurczyk\n\nCVE-2016-1834 : Apple\n\nCVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University\n\nCVE-2016-1837 : Wei Lei and Liu Yang of Nanyang Technological University\n\nCVE-2016-1838 : Mateusz Jurczyk\n\nCVE-2016-1839 : Mateusz Jurczyk\n\nCVE-2016-1840 : Kostya Serebryany\n\n * **libxslt**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1841 : Sebastian Apelt\n\n * **OpenGL**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1847 : Tongbo Luo and Bo Qu of Palo Alto Networks\n\n * **WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may disclose data from another website\n\nDescription: An insufficient taint tracking issue in the parsing of svg images was addressed through improved taint tracking.\n\nCVE-ID\n\nCVE-2016-1858 : an anonymous researcher\n\n * **WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1854 : Anonymous working with Trend Micro's Zero Day Initiative\n\nCVE-2016-1855 : Tongbo Luo and Bo Qu of Palo Alto Networks\n\nCVE-2016-1856 : lokihardt working with Trend Micro's Zero Day Initiative\n\nCVE-2016-1857 : Jeonghoon Shin@A.D.D, Liang Chen, Zhen Feng, wushi of KeenLab, Tencent working with Trend Micro's Zero Day Initiative\n\n * **WebKit Canvas**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1859 : Liang Chen, wushi of KeenLab, Tencent working with Trend Micro's Zero Day Initiative\n", "edition": 3, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-01-23T03:54:40", "title": "About the security content of tvOS 9.2.1 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1841", "CVE-2016-1830", "CVE-2016-1840", "CVE-2016-1858", "CVE-2016-1824", "CVE-2016-1836", "CVE-2016-1808", "CVE-2016-1807", "CVE-2016-1855", "CVE-2016-1834", "CVE-2016-1847", "CVE-2016-1856", "CVE-2016-1857", "CVE-2016-1828", "CVE-2016-1802", "CVE-2016-1837", "CVE-2016-1859", "CVE-2016-1838", "CVE-2016-1823", "CVE-2016-1832", "CVE-2016-1819", "CVE-2016-1839", "CVE-2016-1814", "CVE-2016-4650", "CVE-2016-1854", "CVE-2016-1803", "CVE-2016-1817", "CVE-2016-1813", "CVE-2016-1801", "CVE-2016-1827", "CVE-2016-1833", "CVE-2016-1818", "CVE-2016-1811", "CVE-2016-1829"], "modified": "2017-01-23T03:54:40", "id": "APPLE:HT206564", "href": "https://support.apple.com/kb/HT206564", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:41:30", "description": "For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the [Apple Product Security](<https://www.apple.com/support/security/>) website.\n\nFor information about the Apple Product Security PGP Key, see [How to use the Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nWhere possible, [CVE IDs](<http://cve.mitre.org/about/>) are used to reference the vulnerabilities for further information.\n\nTo learn about other security updates, see [Apple security updates](<https://support.apple.com/kb/HT201222>).\n\n## iOS 9.3.2\n\n * **Accessibility**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: A malicious application may be able to leak sensitive user information\n\nDescription: An out-of-bounds read issue was addressed through improved input validation.\n\nCVE-ID\n\nCVE-2016-1790 : Rapelly Akhil\n\n * **CFNetwork Proxies**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: An attacker in a privileged network position may be able to leak sensitive user information\n\nDescription: An information leak existed in the handling of HTTP and HTTPS requests. This issue was addressed through improved URL handling.\n\nCVE-ID\n\nCVE-2016-1801 : Alex Chapman and Paul Stone of Context Information Security\n\n * **CommonCrypto**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: A malicious application may be able to leak sensitive user information\n\nDescription: An issue existed in the handling of return values in CCCrypt. This issue was addressed through improved key length management.\n\nCVE-ID\n\nCVE-2016-1802 : Klaus Rodewig\n\n * **CoreCapture**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A null pointer dereference was addressed through improved validation.\n\nCVE-ID\n\nCVE-2016-1803 : Ian Beer of Google Project Zero, daybreaker working with Trend Micro\u2019s Zero Day Initiative\n\n * **Disk Images**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: A local attacker may be able to read kernel memory\n\nDescription: A race condition was addressed through improved locking.\n\nCVE-ID\n\nCVE-2016-1807 : Ian Beer of Google Project Zero\n\n * **Disk Images**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1808 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro\n\n * **ImageIO**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: Processing a maliciously crafted image may lead to a denial of service\n\nDescription: A null pointer dereference was addressed through improved validation.\n\nCVE-ID\n\nCVE-2016-1811 : Lander Brandt (@landaire)\n\n * **IOAcceleratorFamily**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1817 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro working with Trend Micro's Zero Day Initiative\n\nCVE-2016-1818: Juwei Lin of TrendMicro, sweetchip@GRAYHASH working with Trend Micro\u2019s Zero Day Initiative\n\nCVE-2016-1819 : Ian Beer of Google Project Zero\n\nEntry updated December 13, 2016\n\n * **IOAcceleratorFamily**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: An application may be able to cause a denial of service\n\nDescription: A null pointer dereference was addressed through improved locking.\n\nCVE-ID\n\nCVE-2016-1814 : Juwei Lin of TrendMicro\n\n * **IOAcceleratorFamily**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A null pointer dereference was addressed through improved validation.\n\nCVE-ID\n\nCVE-2016-1813 : Ian Beer of Google Project Zero\n\n * **IOHIDFamily**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1823 : Ian Beer of Google Project Zero\n\nCVE-2016-1824 : Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent\n\nCVE-2016-4650 : Peter Pi of Trend Micro working with HPs Zero Day Initiative\n\n * **Kernel**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1827 : Brandon Azad\n\nCVE-2016-1828 : Brandon Azad\n\nCVE-2016-1829 : CESG\n\nCVE-2016-1830 : Brandon Azad\n\nCVE-2016-1831 : Brandon Azad\n\n * **libc**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: A local attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-ID\n\nCVE-2016-1832 : Karl Williamson\n\n * **libxml2**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1833 : Mateusz Jurczyk\n\nCVE-2016-1834 : Apple\n\nCVE-2016-1835 : Wei Lei and Liu Yang of Nanyang Technological University\n\nCVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University\n\nCVE-2016-1837 : Wei Lei and Liu Yang of Nanyang Technological University\n\nCVE-2016-1838 : Mateusz Jurczyk\n\nCVE-2016-1839 : Mateusz Jurczyk\n\nCVE-2016-1840 : Kostya Serebryany\n\n * **libxslt**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: Visiting a maliciously crafted website may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1841 : Sebastian Apelt\n\n * **MapKit**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: An attacker in a privileged network position may be able to leak sensitive user information\n\nDescription: Shared links were sent with HTTP rather than HTTPS. This was addressed by enabling HTTPS for shared links.\n\nCVE-ID\n\nCVE-2016-1842 : Richard Shupak (https://www.linkedin.com/in/rshupak)\n\n * **OpenGL**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1847 : Tongbo Luo and Bo Qu of Palo Alto Networks\n\n * **Safari**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: A user may be unable to fully delete browsing history\n\nDescription: \"Clear History and Website Data\" did not clear the history. The issue was addressed through improved data deletion.\n\nCVE-ID\n\nCVE-2016-1849 : an anonymous researcher\n\n * **Siri**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: A person with physical access to an iOS device may be able to use Siri to access contacts and photos from the the lock screen\n\nDescription: A state management issue existed when accessing Siri results on the lock screen. This issue was addressed by disabling data detectors in Twitter results when the device is locked.\n\nCVE-ID\n\nCVE-2016-1852 : videosdebarraquito\n\n * **WebKit**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: Visiting a malicious website may disclose data from another website\n\nDescription: An insufficient taint tracking issue in the parsing of svg images was addressed through improved taint tracking.\n\nCVE-ID\n\nCVE-2016-1858 : an anonymous researcher\n\n * **WebKit**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: Visiting a maliciously crafted website may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1854 : Anonymous working with Trend Micro's Zero Day Initiative\n\nCVE-2016-1855 : Tongbo Luo and Bo Qu of Palo Alto Networks\n\nCVE-2016-1856 : lokihardt working with Trend Micro's Zero Day Initiative\n\nCVE-2016-1857 : Jeonghoon Shin@A.D.D and Liang Chen, Zhen Feng, wushi of KeenLab, Tencent working with Trend Micro's Zero Day Initiative\n\n * **WebKit Canvas**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: Visiting a maliciously crafted website may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1859 : Liang Chen, wushi of KeenLab, Tencent working with Trend Micro's Zero Day Initiative\n", "edition": 3, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-01-23T03:54:39", "title": "About the security content of iOS 9.3.2 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1841", "CVE-2016-1831", "CVE-2016-1830", "CVE-2016-1840", "CVE-2016-1858", "CVE-2016-1824", "CVE-2016-1836", "CVE-2016-1808", "CVE-2016-1807", "CVE-2016-1855", "CVE-2016-1834", "CVE-2016-1847", "CVE-2016-1856", "CVE-2016-1857", "CVE-2016-1828", "CVE-2016-1849", "CVE-2016-1835", "CVE-2016-1842", "CVE-2016-1802", "CVE-2016-1790", "CVE-2016-1837", "CVE-2016-1859", "CVE-2016-1838", "CVE-2016-1823", "CVE-2016-1832", "CVE-2016-1819", "CVE-2016-1839", "CVE-2016-1814", "CVE-2016-4650", "CVE-2016-1854", "CVE-2016-1803", "CVE-2016-1817", "CVE-2016-1813", "CVE-2016-1801", "CVE-2016-1852", "CVE-2016-1827", "CVE-2016-1833", "CVE-2016-1818", "CVE-2016-1811", "CVE-2016-1829"], "modified": "2017-01-23T03:54:39", "id": "APPLE:HT206568", "href": "https://support.apple.com/kb/HT206568", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-11-10T17:01:10", "description": "# About the security content of iOS 9.3.2\n\nThis document describes the security content of iOS 9.3.2.\n\nFor the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the [Apple Product Security](<https://www.apple.com/support/security/>) website.\n\nFor information about the Apple Product Security PGP Key, see [How to use the Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nWhere possible, [CVE IDs](<http://cve.mitre.org/about/>) are used to reference the vulnerabilities for further information.\n\nTo learn about other security updates, see [Apple security updates](<https://support.apple.com/kb/HT201222>).\n\n## iOS 9.3.2\n\n * **Accessibility**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: A malicious application may be able to leak sensitive user information\n\nDescription: An out-of-bounds read issue was addressed through improved input validation.\n\nCVE-ID\n\nCVE-2016-1790 : Rapelly Akhil\n\n * **CFNetwork Proxies**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: An attacker in a privileged network position may be able to leak sensitive user information\n\nDescription: An information leak existed in the handling of HTTP and HTTPS requests. This issue was addressed through improved URL handling.\n\nCVE-ID\n\nCVE-2016-1801 : Alex Chapman and Paul Stone of Context Information Security\n\n * **CommonCrypto**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: A malicious application may be able to leak sensitive user information\n\nDescription: An issue existed in the handling of return values in CCCrypt. This issue was addressed through improved key length management.\n\nCVE-ID\n\nCVE-2016-1802 : Klaus Rodewig\n\n * **CoreCapture**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A null pointer dereference was addressed through improved validation.\n\nCVE-ID\n\nCVE-2016-1803 : Ian Beer of Google Project Zero, daybreaker working with Trend Micro\u2019s Zero Day Initiative\n\n * **Disk Images**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: A local attacker may be able to read kernel memory\n\nDescription: A race condition was addressed through improved locking.\n\nCVE-ID\n\nCVE-2016-1807 : Ian Beer of Google Project Zero\n\n * **Disk Images**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1808 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro\n\n * **ImageIO**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: Processing a maliciously crafted image may lead to a denial of service\n\nDescription: A null pointer dereference was addressed through improved validation.\n\nCVE-ID\n\nCVE-2016-1811 : Lander Brandt (@landaire)\n\n * **IOAcceleratorFamily**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1817 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro working with Trend Micro's Zero Day Initiative\n\nCVE-2016-1818: Juwei Lin of TrendMicro, sweetchip@GRAYHASH working with Trend Micro\u2019s Zero Day Initiative\n\nCVE-2016-1819 : Ian Beer of Google Project Zero\n\nEntry updated December 13, 2016\n\n * **IOAcceleratorFamily**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: An application may be able to cause a denial of service\n\nDescription: A null pointer dereference was addressed through improved locking.\n\nCVE-ID\n\nCVE-2016-1814 : Juwei Lin of TrendMicro\n\n * **IOAcceleratorFamily**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A null pointer dereference was addressed through improved validation.\n\nCVE-ID\n\nCVE-2016-1813 : Ian Beer of Google Project Zero\n\n * **IOHIDFamily**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1823 : Ian Beer of Google Project Zero\n\nCVE-2016-1824 : Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent\n\nCVE-2016-4650 : Peter Pi of Trend Micro working with HPs Zero Day Initiative\n\n * **Kernel**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1827 : Brandon Azad\n\nCVE-2016-1828 : Brandon Azad\n\nCVE-2016-1829 : CESG\n\nCVE-2016-1830 : Brandon Azad\n\nCVE-2016-1831 : Brandon Azad\n\n * **libc**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: A local attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-ID\n\nCVE-2016-1832 : Karl Williamson\n\n * **libxml2**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1833 : Mateusz Jurczyk\n\nCVE-2016-1834 : Apple\n\nCVE-2016-1835 : Wei Lei and Liu Yang of Nanyang Technological University\n\nCVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University\n\nCVE-2016-1837 : Wei Lei and Liu Yang of Nanyang Technological University\n\nCVE-2016-1838 : Mateusz Jurczyk\n\nCVE-2016-1839 : Mateusz Jurczyk\n\nCVE-2016-1840 : Kostya Serebryany\n\n * **libxslt**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: Visiting a maliciously crafted website may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1841 : Sebastian Apelt\n\n * **MapKit**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: An attacker in a privileged network position may be able to leak sensitive user information\n\nDescription: Shared links were sent with HTTP rather than HTTPS. This was addressed by enabling HTTPS for shared links.\n\nCVE-ID\n\nCVE-2016-1842 : Richard Shupak (https://www.linkedin.com/in/rshupak)\n\n * **OpenGL**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1847 : Tongbo Luo and Bo Qu of Palo Alto Networks\n\n * **Safari**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: A user may be unable to fully delete browsing history\n\nDescription: \"Clear History and Website Data\" did not clear the history. The issue was addressed through improved data deletion.\n\nCVE-ID\n\nCVE-2016-1849 : an anonymous researcher\n\n * **Siri**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: A person with physical access to an iOS device may be able to use Siri to access contacts and photos from the the lock screen\n\nDescription: A state management issue existed when accessing Siri results on the lock screen. This issue was addressed by disabling data detectors in Twitter results when the device is locked.\n\nCVE-ID\n\nCVE-2016-1852 : videosdebarraquito\n\n * **WebKit**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: Visiting a malicious website may disclose data from another website\n\nDescription: An insufficient taint tracking issue in the parsing of svg images was addressed through improved taint tracking.\n\nCVE-ID\n\nCVE-2016-1858 : an anonymous researcher\n\n * **WebKit**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: Visiting a maliciously crafted website may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1854 : Anonymous working with Trend Micro's Zero Day Initiative\n\nCVE-2016-1855 : Tongbo Luo and Bo Qu of Palo Alto Networks\n\nCVE-2016-1856 : lokihardt working with Trend Micro's Zero Day Initiative\n\nCVE-2016-1857 : Jeonghoon Shin@A.D.D and Liang Chen, Zhen Feng, wushi of KeenLab, Tencent working with Trend Micro's Zero Day Initiative\n\n * **WebKit Canvas**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: Visiting a maliciously crafted website may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1859 : Liang Chen, wushi of KeenLab, Tencent working with Trend Micro's Zero Day Initiative\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: January 23, 2017\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-05-16T00:00:00", "type": "apple", "title": "About the security content of iOS 9.3.2", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1790", "CVE-2016-1801", "CVE-2016-1802", "CVE-2016-1803", "CVE-2016-1807", "CVE-2016-1808", "CVE-2016-1811", "CVE-2016-1813", "CVE-2016-1814", "CVE-2016-1817", "CVE-2016-1818", "CVE-2016-1819", "CVE-2016-1823", "CVE-2016-1824", "CVE-2016-1827", "CVE-2016-1828", "CVE-2016-1829", "CVE-2016-1830", "CVE-2016-1831", "CVE-2016-1832", "CVE-2016-1833", "CVE-2016-1834", "CVE-2016-1835", "CVE-2016-1836", "CVE-2016-1837", "CVE-2016-1838", "CVE-2016-1839", "CVE-2016-1840", "CVE-2016-1841", "CVE-2016-1842", "CVE-2016-1847", "CVE-2016-1849", "CVE-2016-1852", "CVE-2016-1854", "CVE-2016-1855", "CVE-2016-1856", "CVE-2016-1857", "CVE-2016-1858", "CVE-2016-1859", "CVE-2016-4650"], "modified": "2016-05-16T00:00:00", "id": "APPLE:3299E9EFA9B676AE490ABAACC350C359", "href": "https://support.apple.com/kb/HT206568", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:44:21", "description": "For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the [Apple Product Security](<https://www.apple.com/support/security/>) website.\n\nFor information about the Apple Product Security PGP Key, see [How to use the Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nWhere possible, [CVE IDs](<http://cve.mitre.org/about/>) are used to reference the vulnerabilities for further information.\n\nTo learn about other security updates, see [Apple security updates](<https://support.apple.com/kb/HT201222>).\n\n## OS X El Capitan v10.11.5 and Security Update 2016-003\n\n * **AMD**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1792 : beist and ABH of BoB\n\n * **AMD**\n\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later\n\nImpact: An application may be able to determine kernel memory layout\n\nDescription: An issue existed that led to the disclosure of kernel memory content. This issue was addressed through improved bounds checking.\n\nCVE-ID\n\nCVE-2016-1791 : daybreaker of Minionz\n\n * **apache_mod_php**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: Multiple vulnerabilities in PHP\n\nDescription: Multiple vulnerabilities existed in PHP versions prior to 5.5.34. These were addressed by updating PHP to version 5.5.34.\n\nCVE-ID\n\nCVE-2015-8865\n\nCVE-2016-3141\n\nCVE-2016-3142\n\nCVE-2016-4070\n\nCVE-2016-4071\n\nCVE-2016-4072\n\nCVE-2016-4073\n\n * **AppleGraphicsControl**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A null pointer dereference was addressed through improved validation.\n\nCVE-ID\n\nCVE-2016-1793 : Ian Beer of Google Project Zero\n\nCVE-2016-1794 : Ian Beer of Google Project Zero\n\n * **AppleGraphicsPowerManagement**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1795 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro\n\n * **ATS**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A local user may be able to leak sensitive user information\n\nDescription: An out of bounds memory access issue was addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1796 : lokihardt working with Trend Micro's Zero Day Initiative\n\n * **ATS**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: An issue existed in the sandbox policy. This was addressed by sandboxing FontValidator.\n\nCVE-ID\n\nCVE-2016-1797 : lokihardt working with Trend Micro's Zero Day Initiative\n\n * **Audio**\n\nAvailable for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later\n\nImpact: An application may be able to cause a denial of service\n\nDescription: A null pointer dereference was addressed through improved validation.\n\nCVE-ID\n\nCVE-2016-1798 : Juwei Lin of TrendMicro\n\n * **Audio**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-ID\n\nCVE-2016-1799 : Juwei Lin of TrendMicro\n\n * **Captive Network Assistant**\n\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later\n\nImpact: An attacker in a privileged network position may be able to execute arbitrary code with user assistance\n\nDescription: A custom URL scheme handling issue was addressed through improved input validation.\n\nCVE-ID\n\nCVE-2016-1800 : Apple\n\n * **CFNetwork Proxies**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: An attacker in a privileged network position may be able to leak sensitive user information\n\nDescription: An information leak existed in the handling of HTTP and HTTPS requests. This issue was addressed through improved URL handling.\n\nCVE-ID\n\nCVE-2016-1801 : Alex Chapman and Paul Stone of Context Information Security\n\n * **CommonCrypto**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A malicious application may be able to leak sensitive user information\n\nDescription: An issue existed in the handling of return values in CCCrypt. This issue was addressed through improved key length management.\n\nCVE-ID\n\nCVE-2016-1802 : Klaus Rodewig\n\n * **CoreCapture**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A null pointer dereference was addressed through improved validation.\n\nCVE-ID\n\nCVE-2016-1803 : Ian Beer of Google Project Zero, daybreaker working with Trend Micro\u2019s Zero Day Initiative\n\n * **CoreStorage**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A configuration issue was addressed through additional restrictions.\n\nCVE-ID\n\nCVE-2016-1805 : Stefan Esser\n\n * **Crash Reporter**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: An application may be able to execute arbitrary code with root privileges\n\nDescription: A configuration issue was addressed through additional restrictions.\n\nCVE-ID\n\nCVE-2016-1806 : lokihardt working with Trend Micro's Zero Day Initiative\n\n * **Disk Images**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A local attacker may be able to read kernel memory\n\nDescription: A race condition was addressed through improved locking.\n\nCVE-ID\n\nCVE-2016-1807 : Ian Beer of Google Project Zero\n\n * **Disk Images**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1808 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro\n\n * **Disk Utility**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: Disk Utility failed to compress and encrypt disk images\n\nDescription: Incorrect keys were being used to encrypt disk images. This issue was addressed by updating the encryption keys.\n\nCVE-ID\n\nCVE-2016-1809 : Ast A. Moore (@astamoore) and David Foster of TechSmartKids\n\n * **Graphics Drivers**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1810 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro\n\n * **ImageIO**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: Processing a maliciously crafted image may lead to a denial of service\n\nDescription: A null pointer dereference was addressed through improved validation.\n\nCVE-ID\n\nCVE-2016-1811 : Lander Brandt (@landaire)\n\n * **Intel Graphics Driver**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A buffer overflow was addressed through improved bounds checking.\n\nCVE-ID\n\nCVE-2016-1812 : Juwei Lin of TrendMicro\n\n * **Intel Graphics Driver**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: An application may be able to determine kernel memory layout\n\nDescription: Multiple access issues were addressed through additional restrictions.\n\nCVE-ID\n\nCVE-2016-1860 : Brandon Azad and Qidan He (@flanker_hqd) from KeenLab, Tencent\n\nCVE-2016-1862 : Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent\n\n * **IOAcceleratorFamily**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: An application may be able to cause a denial of service\n\nDescription: A null pointer dereference was addressed through improved locking.\n\nCVE-ID\n\nCVE-2016-1814 : Juwei Lin of TrendMicro\n\n * **IOAcceleratorFamily**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1815 : Liang Chen, Qidan He of KeenLab, Tencent working with Trend Micro's Zero Day Initiative\n\nCVE-2016-1817 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro working with Trend Micro's Zero Day Initiative\n\nCVE-2016-1818: Juwei Lin of TrendMicro, sweetchip@GRAYHASH working with Trend Micro\u2019s Zero Day Initiative\n\nCVE-2016-1819 : Ian Beer of Google Project Zero\n\nEntry updated December 13, 2016\n\n * **IOAcceleratorFamily**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A null pointer dereference was addressed through improved validation.\n\nCVE-ID\n\nCVE-2016-1813 : Ian Beer of Google Project Zero\n\nCVE-2016-1816 : Peter Pi (@heisecode) of Trend Micro and Juwei Lin of Trend Micro\n\n * **IOAudioFamily**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A buffer overflow was addressed with improved bounds checking.\n\nCVE-ID\n\nCVE-2016-1820 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro working with Trend Micro\u2019s Zero Day Initiative\n\n * **IOAudioFamily**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A null pointer dereference was addressed through improved validation.\n\nCVE-ID\n\nCVE-2016-1821 : Ian Beer of Google Project Zero\n\n * **IOFireWireFamily**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1822 : CESG\n\n * **IOHIDFamily**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1823 : Ian Beer of Google Project Zero\n\nCVE-2016-1824 : Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent\n\nCVE-2016-4650 : Peter Pi of Trend Micro working with HPs Zero Day Initiative\n\n * **IOHIDFamily**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1825 : Brandon Azad\n\n * **Kernel**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1827 : Brandon Azad\n\nCVE-2016-1828 : Brandon Azad\n\nCVE-2016-1829 : CESG\n\nCVE-2016-1830 : Brandon Azad\n\nCVE-2016-1831 : Brandon Azad\n\n * **Kernel**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An integer overflow existed in dtrace. This issue was addressed through improved bounds checking.\n\nCVE-ID\n\nCVE-2016-1826 : Ben Murphy working with Trend Micro\u2019s Zero Day Initiative\n\n * **libc**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A local attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-ID\n\nCVE-2016-1832 : Karl Williamson\n\n * **libxml2**\n\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1833 : Mateusz Jurczyk\n\nCVE-2016-1834 : Apple\n\nCVE-2016-1835 : Wei Lei and Liu Yang of Nanyang Technological University\n\nCVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University\n\nCVE-2016-1837 : Wei Lei and Liu Yang of Nanyang Technological University\n\nCVE-2016-1838 : Mateusz Jurczyk\n\nCVE-2016-1839 : Mateusz Jurczyk\n\nCVE-2016-1840 : Kostya Serebryany\n\n * **libxslt**\n\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later\n\nImpact: Visiting a maliciously crafted website may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1841 : Sebastian Apelt\n\n * **MapKit**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: An attacker in a privileged network position may be able to leak sensitive user information\n\nDescription: Shared links were sent with HTTP rather than HTTPS. This was addressed by enabling HTTPS for shared links.\n\nCVE-ID\n\nCVE-2016-1842 : Richard Shupak (https://www.linkedin.com/in/rshupak)\n\n * **Messages**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A malicious server or user may be able to modify another user's contact list\n\nDescription: A validation issue existed in roster changes. This issue was addressed through improved validation of roster sets.\n\nCVE-ID\n\nCVE-2016-1844 : Thijs Alkemade of Computest\n\n * **Messages**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A remote attacker may be able to leak sensitive user information\n\nDescription: An encoding issue existed in filename parsing. This issue was addressed through improved filename encoding.\n\nCVE-ID\n\nCVE-2016-1843 : Heige (a.k.a. SuperHei) of Knownsec 404 Security Team [http://www.knownsec.com]\n\n * **Multi-Touch**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1804 : Liang Chen, Yubin Fu, Marco Grassi of KeenLab, Tencent of Trend Micro's Zero Day Initiative\n\n * **NVIDIA Graphics Drivers**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1846 : Ian Beer of Google Project Zero\n\nCVE-2016-1861 : Ian Beer of Google Project Zero\n\n * **OpenGL**\n\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1847 : Tongbo Luo and Bo Qu of Palo Alto Networks\n\n * **QuickTime**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1848 : Francis Provencher from COSIG\n\n * **SceneKit**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1850 : Tyler Bohan of Cisco Talos\n\n * **Screen Lock**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A person with physical access to a computer may be able to reset an expired password from the lock screen\n\nDescription: An issue existed in the management of password profiles. This issue was addressed through improved password reset handling.\n\nCVE-ID\n\nCVE-2016-1851 : an anonymous researcher\n\n * **Tcl**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: An attacker in a privileged network position may be able to leak sensitive user information\n\nDescription: A protocol security issue was addressed by disabling SSLv2.\n\nCVE-ID\n\nCVE-2016-1853 : researchers at Tel Aviv University, M\u00fcnster University of Applied Sciences, Ruhr University Bochum, the University of Pennsylvania, the Hashcat project, the University of Michigan, Two Sigma, Google, and the OpenSSL project: Nimrod Aviram, Sebastian Schinzel, Juraj Somorovsky, Nadia Heninger, Maik Dankel, Jens Steube, Luke Valenta, David Adrian, J. Alex Halderman, Viktor Dukhovni, Emilia K\u00e4sper, Shaanan Cohney, Susanne Engels, Christof Paar, and Yuval Shavitt\n\nOS X El Capitan v10.11.5 includes the security content of [Safari 9.1.1](<https://support.apple.com/kb/HT206565>).\n", "edition": 3, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-01-23T03:54:39", "title": "About the security content of OS X El Capitan v10.11.5 and Security Update 2016-003 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1809", "CVE-2016-1841", "CVE-2016-1831", "CVE-2016-1830", "CVE-2016-1820", "CVE-2016-1840", "CVE-2016-1824", "CVE-2016-1836", "CVE-2016-1851", "CVE-2016-1853", "CVE-2016-1808", "CVE-2016-1807", "CVE-2016-1843", "CVE-2016-1844", "CVE-2016-1815", "CVE-2016-1834", "CVE-2016-1847", "CVE-2016-1791", "CVE-2016-1822", "CVE-2016-1795", "CVE-2015-8865", "CVE-2016-1792", "CVE-2016-1794", "CVE-2016-1828", "CVE-2016-1793", "CVE-2016-1835", "CVE-2016-1842", "CVE-2016-1800", "CVE-2016-1802", "CVE-2016-1860", "CVE-2016-1826", "CVE-2016-1837", "CVE-2016-1838", "CVE-2016-4070", "CVE-2016-1823", "CVE-2016-1832", "CVE-2016-1819", "CVE-2016-1862", "CVE-2016-1796", "CVE-2016-1846", "CVE-2016-1839", "CVE-2016-1805", "CVE-2016-1814", "CVE-2016-4650", "CVE-2016-1799", "CVE-2016-4073", "CVE-2016-1803", "CVE-2016-1816", "CVE-2016-1797", "CVE-2016-1806", "CVE-2016-1861", "CVE-2016-1825", "CVE-2016-3141", "CVE-2016-1817", "CVE-2016-1813", "CVE-2016-1810", "CVE-2016-4072", "CVE-2016-1801", "CVE-2016-1804", "CVE-2016-1850", "CVE-2016-1848", "CVE-2016-1798", "CVE-2016-1812", "CVE-2016-1827", "CVE-2016-1833", "CVE-2016-4071", "CVE-2016-3142", "CVE-2016-1818", "CVE-2016-1811", "CVE-2016-1829", "CVE-2016-1821"], "modified": "2017-01-23T03:54:39", "id": "APPLE:HT206567", "href": "https://support.apple.com/kb/HT206567", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-11-10T17:01:10", "description": "# About the security content of OS X El Capitan v10.11.5 and Security Update 2016-003\n\nThis document describes the security content of OS X El Capitan v10.11.5 and Security Update 2016-003.\n\nFor the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the [Apple Product Security](<https://www.apple.com/support/security/>) website.\n\nFor information about the Apple Product Security PGP Key, see [How to use the Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nWhere possible, [CVE IDs](<http://cve.mitre.org/about/>) are used to reference the vulnerabilities for further information.\n\nTo learn about other security updates, see [Apple security updates](<https://support.apple.com/kb/HT201222>).\n\n## OS X El Capitan v10.11.5 and Security Update 2016-003\n\n * **AMD**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1792 : beist and ABH of BoB\n\n * **AMD**\n\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later\n\nImpact: An application may be able to determine kernel memory layout\n\nDescription: An issue existed that led to the disclosure of kernel memory content. This issue was addressed through improved bounds checking.\n\nCVE-ID\n\nCVE-2016-1791 : daybreaker of Minionz\n\n * **apache_mod_php**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: Multiple vulnerabilities in PHP\n\nDescription: Multiple vulnerabilities existed in PHP versions prior to 5.5.34. These were addressed by updating PHP to version 5.5.34.\n\nCVE-ID\n\nCVE-2015-8865\n\nCVE-2016-3141\n\nCVE-2016-3142\n\nCVE-2016-4070\n\nCVE-2016-4071\n\nCVE-2016-4072\n\nCVE-2016-4073\n\n * **AppleGraphicsControl**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A null pointer dereference was addressed through improved validation.\n\nCVE-ID\n\nCVE-2016-1793 : Ian Beer of Google Project Zero\n\nCVE-2016-1794 : Ian Beer of Google Project Zero\n\n * **AppleGraphicsPowerManagement**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1795 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro\n\n * **ATS**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A local user may be able to leak sensitive user information\n\nDescription: An out of bounds memory access issue was addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1796 : lokihardt working with Trend Micro's Zero Day Initiative\n\n * **ATS**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: An issue existed in the sandbox policy. This was addressed by sandboxing FontValidator.\n\nCVE-ID\n\nCVE-2016-1797 : lokihardt working with Trend Micro's Zero Day Initiative\n\n * **Audio**\n\nAvailable for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later\n\nImpact: An application may be able to cause a denial of service\n\nDescription: A null pointer dereference was addressed through improved validation.\n\nCVE-ID\n\nCVE-2016-1798 : Juwei Lin of TrendMicro\n\n * **Audio**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-ID\n\nCVE-2016-1799 : Juwei Lin of TrendMicro\n\n * **Captive Network Assistant**\n\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later\n\nImpact: An attacker in a privileged network position may be able to execute arbitrary code with user assistance\n\nDescription: A custom URL scheme handling issue was addressed through improved input validation.\n\nCVE-ID\n\nCVE-2016-1800 : Apple\n\n * **CFNetwork Proxies**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: An attacker in a privileged network position may be able to leak sensitive user information\n\nDescription: An information leak existed in the handling of HTTP and HTTPS requests. This issue was addressed through improved URL handling.\n\nCVE-ID\n\nCVE-2016-1801 : Alex Chapman and Paul Stone of Context Information Security\n\n * **CommonCrypto**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A malicious application may be able to leak sensitive user information\n\nDescription: An issue existed in the handling of return values in CCCrypt. This issue was addressed through improved key length management.\n\nCVE-ID\n\nCVE-2016-1802 : Klaus Rodewig\n\n * **CoreCapture**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A null pointer dereference was addressed through improved validation.\n\nCVE-ID\n\nCVE-2016-1803 : Ian Beer of Google Project Zero, daybreaker working with Trend Micro\u2019s Zero Day Initiative\n\n * **CoreStorage**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A configuration issue was addressed through additional restrictions.\n\nCVE-ID\n\nCVE-2016-1805 : Stefan Esser\n\n * **Crash Reporter**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: An application may be able to execute arbitrary code with root privileges\n\nDescription: A configuration issue was addressed through additional restrictions.\n\nCVE-ID\n\nCVE-2016-1806 : lokihardt working with Trend Micro's Zero Day Initiative\n\n * **Disk Images**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A local attacker may be able to read kernel memory\n\nDescription: A race condition was addressed through improved locking.\n\nCVE-ID\n\nCVE-2016-1807 : Ian Beer of Google Project Zero\n\n * **Disk Images**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1808 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro\n\n * **Disk Utility**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: Disk Utility failed to compress and encrypt disk images\n\nDescription: Incorrect keys were being used to encrypt disk images. This issue was addressed by updating the encryption keys.\n\nCVE-ID\n\nCVE-2016-1809 : Ast A. Moore (@astamoore) and David Foster of TechSmartKids\n\n * **Graphics Drivers**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1810 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro\n\n * **ImageIO**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: Processing a maliciously crafted image may lead to a denial of service\n\nDescription: A null pointer dereference was addressed through improved validation.\n\nCVE-ID\n\nCVE-2016-1811 : Lander Brandt (@landaire)\n\n * **Intel Graphics Driver**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A buffer overflow was addressed through improved bounds checking.\n\nCVE-ID\n\nCVE-2016-1812 : Juwei Lin of TrendMicro\n\n * **Intel Graphics Driver**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: An application may be able to determine kernel memory layout\n\nDescription: Multiple access issues were addressed through additional restrictions.\n\nCVE-ID\n\nCVE-2016-1860 : Brandon Azad and Qidan He (@flanker_hqd) from KeenLab, Tencent\n\nCVE-2016-1862 : Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent\n\n * **IOAcceleratorFamily**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: An application may be able to cause a denial of service\n\nDescription: A null pointer dereference was addressed through improved locking.\n\nCVE-ID\n\nCVE-2016-1814 : Juwei Lin of TrendMicro\n\n * **IOAcceleratorFamily**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1815 : Liang Chen, Qidan He of KeenLab, Tencent working with Trend Micro's Zero Day Initiative\n\nCVE-2016-1817 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro working with Trend Micro's Zero Day Initiative\n\nCVE-2016-1818: Juwei Lin of TrendMicro, sweetchip@GRAYHASH working with Trend Micro\u2019s Zero Day Initiative\n\nCVE-2016-1819 : Ian Beer of Google Project Zero\n\nEntry updated December 13, 2016\n\n * **IOAcceleratorFamily**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A null pointer dereference was addressed through improved validation.\n\nCVE-ID\n\nCVE-2016-1813 : Ian Beer of Google Project Zero\n\nCVE-2016-1816 : Peter Pi (@heisecode) of Trend Micro and Juwei Lin of Trend Micro\n\n * **IOAudioFamily**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A buffer overflow was addressed with improved bounds checking.\n\nCVE-ID\n\nCVE-2016-1820 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro working with Trend Micro\u2019s Zero Day Initiative\n\n * **IOAudioFamily**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A null pointer dereference was addressed through improved validation.\n\nCVE-ID\n\nCVE-2016-1821 : Ian Beer of Google Project Zero\n\n * **IOFireWireFamily**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1822 : CESG\n\n * **IOHIDFamily**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1823 : Ian Beer of Google Project Zero\n\nCVE-2016-1824 : Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent\n\nCVE-2016-4650 : Peter Pi of Trend Micro working with HPs Zero Day Initiative\n\n * **IOHIDFamily**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1825 : Brandon Azad\n\n * **Kernel**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1827 : Brandon Azad\n\nCVE-2016-1828 : Brandon Azad\n\nCVE-2016-1829 : CESG\n\nCVE-2016-1830 : Brandon Azad\n\nCVE-2016-1831 : Brandon Azad\n\n * **Kernel**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An integer overflow existed in dtrace. This issue was addressed through improved bounds checking.\n\nCVE-ID\n\nCVE-2016-1826 : Ben Murphy working with Trend Micro\u2019s Zero Day Initiative\n\n * **libc**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A local attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-ID\n\nCVE-2016-1832 : Karl Williamson\n\n * **libxml2**\n\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1833 : Mateusz Jurczyk\n\nCVE-2016-1834 : Apple\n\nCVE-2016-1835 : Wei Lei and Liu Yang of Nanyang Technological University\n\nCVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University\n\nCVE-2016-1837 : Wei Lei and Liu Yang of Nanyang Technological University\n\nCVE-2016-1838 : Mateusz Jurczyk\n\nCVE-2016-1839 : Mateusz Jurczyk\n\nCVE-2016-1840 : Kostya Serebryany\n\n * **libxslt**\n\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later\n\nImpact: Visiting a maliciously crafted website may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1841 : Sebastian Apelt\n\n * **MapKit**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: An attacker in a privileged network position may be able to leak sensitive user information\n\nDescription: Shared links were sent with HTTP rather than HTTPS. This was addressed by enabling HTTPS for shared links.\n\nCVE-ID\n\nCVE-2016-1842 : Richard Shupak (https://www.linkedin.com/in/rshupak)\n\n * **Messages**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A malicious server or user may be able to modify another user's contact list\n\nDescription: A validation issue existed in roster changes. This issue was addressed through improved validation of roster sets.\n\nCVE-ID\n\nCVE-2016-1844 : Thijs Alkemade of Computest\n\n * **Messages**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A remote attacker may be able to leak sensitive user information\n\nDescription: An encoding issue existed in filename parsing. This issue was addressed through improved filename encoding.\n\nCVE-ID\n\nCVE-2016-1843 : Heige (a.k.a. SuperHei) of Knownsec 404 Security Team [http://www.knownsec.com]\n\n * **Multi-Touch**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1804 : Liang Chen, Yubin Fu, Marco Grassi of KeenLab, Tencent of Trend Micro's Zero Day Initiative\n\n * **NVIDIA Graphics Drivers**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1846 : Ian Beer of Google Project Zero\n\nCVE-2016-1861 : Ian Beer of Google Project Zero\n\n * **OpenGL**\n\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1847 : Tongbo Luo and Bo Qu of Palo Alto Networks\n\n * **QuickTime**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1848 : Francis Provencher from COSIG\n\n * **SceneKit**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1850 : Tyler Bohan of Cisco Talos\n\n * **Screen Lock**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: A person with physical access to a computer may be able to reset an expired password from the lock screen\n\nDescription: An issue existed in the management of password profiles. This issue was addressed through improved password reset handling.\n\nCVE-ID\n\nCVE-2016-1851 : an anonymous researcher\n\n * **Tcl**\n\nAvailable for: OS X El Capitan v10.11 and later\n\nImpact: An attacker in a privileged network position may be able to leak sensitive user information\n\nDescription: A protocol security issue was addressed by disabling SSLv2.\n\nCVE-ID\n\nCVE-2016-1853 : researchers at Tel Aviv University, M\u00fcnster University of Applied Sciences, Ruhr University Bochum, the University of Pennsylvania, the Hashcat project, the University of Michigan, Two Sigma, Google, and the OpenSSL project: Nimrod Aviram, Sebastian Schinzel, Juraj Somorovsky, Nadia Heninger, Maik Dankel, Jens Steube, Luke Valenta, David Adrian, J. Alex Halderman, Viktor Dukhovni, Emilia K\u00e4sper, Shaanan Cohney, Susanne Engels, Christof Paar, and Yuval Shavitt\n\nOS X El Capitan v10.11.5 includes the security content of [Safari 9.1.1](<https://support.apple.com/kb/HT206565>).\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: January 23, 2017\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-05-16T00:00:00", "type": "apple", "title": "About the security content of OS X El Capitan v10.11.5 and Security Update 2016-003", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8865", "CVE-2016-1791", "CVE-2016-1792", "CVE-2016-1793", "CVE-2016-1794", "CVE-2016-1795", "CVE-2016-1796", "CVE-2016-1797", "CVE-2016-1798", "CVE-2016-1799", "CVE-2016-1800", "CVE-2016-1801", "CVE-2016-1802", "CVE-2016-1803", "CVE-2016-1804", "CVE-2016-1805", "CVE-2016-1806", "CVE-2016-1807", "CVE-2016-1808", "CVE-2016-1809", "CVE-2016-1810", "CVE-2016-1811", "CVE-2016-1812", "CVE-2016-1813", "CVE-2016-1814", "CVE-2016-1815", "CVE-2016-1816", "CVE-2016-1817", "CVE-2016-1818", "CVE-2016-1819", "CVE-2016-1820", "CVE-2016-1821", "CVE-2016-1822", "CVE-2016-1823", "CVE-2016-1824", "CVE-2016-1825", "CVE-2016-1826", "CVE-2016-1827", "CVE-2016-1828", "CVE-2016-1829", "CVE-2016-1830", "CVE-2016-1831", "CVE-2016-1832", "CVE-2016-1833", "CVE-2016-1834", "CVE-2016-1835", "CVE-2016-1836", "CVE-2016-1837", "CVE-2016-1838", "CVE-2016-1839", "CVE-2016-1840", "CVE-2016-1841", "CVE-2016-1842", "CVE-2016-1843", "CVE-2016-1844", "CVE-2016-1846", "CVE-2016-1847", "CVE-2016-1848", "CVE-2016-1850", "CVE-2016-1851", "CVE-2016-1853", "CVE-2016-1860", "CVE-2016-1861", "CVE-2016-1862", "CVE-2016-3141", "CVE-2016-3142", "CVE-2016-4070", "CVE-2016-4071", "CVE-2016-4072", "CVE-2016-4073", "CVE-2016-4650"], "modified": "2016-05-16T00:00:00", "id": "APPLE:004B37C869B56A0F993458CA68A5A5C1", "href": "https://support.apple.com/kb/HT206567", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}