ID

VAR-201205-0195


CVE

CVE-2011-3102


TITLE

Google Chrome ‘ libxml2 ’ Security hole

Trust: 0.6

sources: CNNVD: CNNVD-201205-257

DESCRIPTION

Off-by-one error in libxml2, as used in Google Chrome before 19.0.1084.46 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors. Google Chrome is prone to multiple vulnerabilities. Attackers can exploit these issues to execute arbitrary code in the context of the browser, bypass security restrictions or cause denial-of-service conditions; other attacks may also be possible. Versions prior to Chrome 19 are vulnerable. For the stable distribution (squeeze), this problem has been fixed in version 2.7.8.dfsg-2+squeeze4. For the unstable distribution (sid), this problem has been fixed in version 2.7.8.dfsg-9.1. We recommend that you upgrade your libxml2 packages. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . An attacker with a privileged network position may inject arbitrary contents. This issue was addressed by using an encrypted HTTPS connection to retrieve tutorials. The verification of md5 checksums and GPG signatures is performed automatically for you. Summary: Updated mingw32-libxml2 packages that fix several security issues are now available for Red Hat Enterprise Linux 6. This advisory also contains information about future updates for the mingw32 packages, as well as the deprecation of the packages with the release of Red Hat Enterprise Linux 6.4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Optional (v. 6) - noarch Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch Red Hat Enterprise Linux Server Optional (v. 6) - noarch Red Hat Enterprise Linux Workstation Optional (v. 6) - noarch 3. Description: These packages provide the libxml2 library, a development toolbox providing the implementation of various XML standards, for users of MinGW (Minimalist GNU for Windows). IMPORTANT NOTE: The mingw32 packages in Red Hat Enterprise Linux 6 will no longer be updated proactively and will be deprecated with the release of Red Hat Enterprise Linux 6.4. These packages were provided to support other capabilities in Red Hat Enterprise Linux and were not intended for direct customer use. Customers are advised to not use these packages with immediate effect. Future updates to these packages will be at Red Hat's discretion and these packages may be removed in a future minor release. A heap-based buffer overflow flaw was found in the way libxml2 decoded entity references with long names. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3919) A heap-based buffer underflow flaw was found in the way libxml2 decoded certain entities. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-5134) It was found that the hashing routine used by libxml2 arrays was susceptible to predictable hash collisions. Sending a specially-crafted message to an XML service could result in longer processing time, which could lead to a denial of service. To mitigate this issue, randomization has been added to the hashing function to reduce the chance of an attacker successfully causing intentional collisions. (CVE-2012-0841) Multiple flaws were found in the way libxml2 parsed certain XPath (XML Path Language) expressions. If an attacker were able to supply a specially-crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash. (CVE-2010-4008, CVE-2010-4494, CVE-2011-2821, CVE-2011-2834) Two heap-based buffer overflow flaws were found in the way libxml2 decoded certain XML files. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-0216, CVE-2011-3102) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XPath expressions. If an attacker were able to supply a specially-crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash or, possibly, execute arbitrary code. (CVE-2011-1944) An out-of-bounds memory read flaw was found in libxml2. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash. Upstream acknowledges Bui Quang Minh from Bkis as the original reporter of CVE-2010-4008. All users of mingw32-libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 645341 - CVE-2010-4008 libxml2: Crash (stack frame overflow or NULL pointer dereference) by traversal of XPath axis 665963 - CVE-2010-4494 libxml2: double-free in XPath processing code 709747 - CVE-2011-1944 libxml, libxml2: Heap-based buffer overflow by adding new namespace node to an existing nodeset or merging nodesets 724906 - CVE-2011-0216 libxml2: Off-by-one error leading to heap-based buffer overflow in encoding 735712 - CVE-2011-2821 libxml2: double free caused by malformed XPath expression in XSLT 735751 - CVE-2011-2834 libxml2: double-free caused by malformed XPath expression in XSLT 767387 - CVE-2011-3905 libxml2 out of bounds read 771896 - CVE-2011-3919 libxml2: Heap-based buffer overflow when decoding an entity reference with a long name 787067 - CVE-2012-0841 libxml2: hash table collisions CPU usage DoS 822109 - CVE-2011-3102 libxml: An off-by-one out-of-bounds write by XPointer part evaluation 880466 - CVE-2012-5134 libxml2: Heap-buffer-underflow in xmlParseAttValueComplex 6. Package List: Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/mingw32-libxml2-2.7.6-6.el6_3.src.rpm noarch: mingw32-libxml2-2.7.6-6.el6_3.noarch.rpm mingw32-libxml2-debuginfo-2.7.6-6.el6_3.noarch.rpm mingw32-libxml2-static-2.7.6-6.el6_3.noarch.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/mingw32-libxml2-2.7.6-6.el6_3.src.rpm noarch: mingw32-libxml2-2.7.6-6.el6_3.noarch.rpm mingw32-libxml2-debuginfo-2.7.6-6.el6_3.noarch.rpm mingw32-libxml2-static-2.7.6-6.el6_3.noarch.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/mingw32-libxml2-2.7.6-6.el6_3.src.rpm noarch: mingw32-libxml2-2.7.6-6.el6_3.noarch.rpm mingw32-libxml2-debuginfo-2.7.6-6.el6_3.noarch.rpm mingw32-libxml2-static-2.7.6-6.el6_3.noarch.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/mingw32-libxml2-2.7.6-6.el6_3.src.rpm noarch: mingw32-libxml2-2.7.6-6.el6_3.noarch.rpm mingw32-libxml2-debuginfo-2.7.6-6.el6_3.noarch.rpm mingw32-libxml2-static-2.7.6-6.el6_3.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-4008.html https://www.redhat.com/security/data/cve/CVE-2010-4494.html https://www.redhat.com/security/data/cve/CVE-2011-0216.html https://www.redhat.com/security/data/cve/CVE-2011-1944.html https://www.redhat.com/security/data/cve/CVE-2011-2821.html https://www.redhat.com/security/data/cve/CVE-2011-2834.html https://www.redhat.com/security/data/cve/CVE-2011-3102.html https://www.redhat.com/security/data/cve/CVE-2011-3905.html https://www.redhat.com/security/data/cve/CVE-2011-3919.html https://www.redhat.com/security/data/cve/CVE-2012-0841.html https://www.redhat.com/security/data/cve/CVE-2012-5134.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. ============================================================================ Ubuntu Security Notice USN-1447-1 May 21, 2012 libxml2 vulnerability ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.04 LTS - Ubuntu 8.04 LTS Summary: Applications using libxml2 could be made to crash or run programs as your login if they opened a specially crafted file. Software Description: - libxml2: GNOME XML library Details: Juri Aedla discovered that libxml2 contained an off by one error in its XPointer functionality. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: libxml2 2.7.8.dfsg-5.1ubuntu4.1 Ubuntu 11.10: libxml2 2.7.8.dfsg-4ubuntu0.3 Ubuntu 11.04: libxml2 2.7.8.dfsg-2ubuntu0.4 Ubuntu 10.04 LTS: libxml2 2.7.6.dfsg-1ubuntu1.5 Ubuntu 8.04 LTS: libxml2 2.6.31.dfsg-2ubuntu1.9 After a standard system update you need to reboot your computer to make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-09-18-2 iOS 7 iOS 7 is now available and addresses the following: Certificate Trust Policy Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Root certificates have been updated Description: Several certificates were added to or removed from the list of system roots. CoreGraphics Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of JBIG2 encoded data in PDF files. This issue was addressed through additional bounds checking. CVE-ID CVE-2013-1025 : Felix Groebert of the Google Security Team CoreMedia Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of Sorenson encoded movie files. This issue was addressed through improved bounds checking. CVE-ID CVE-2013-1019 : Tom Gallagher (Microsoft) & Paul Bates (Microsoft) working with HP's Zero Day Initiative Data Protection Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Apps could bypass passcode-attempt restrictions Description: A privilege separation issue existed in Data Protection. An app within the third-party sandbox could repeatedly attempt to determine the user's passcode regardless of the user's "Erase Data" setting. This issue was addressed by requiring additional entitlement checks. CVE-ID CVE-2013-0957 : Jin Han of the Institute for Infocomm Research working with Qiang Yan and Su Mon Kywe of Singapore Management University Data Security Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information Description: TrustWave, a trusted root CA, has issued, and subsequently revoked, a sub-CA certificate from one of its trusted anchors. This sub-CA facilitated the interception of communications secured by Transport Layer Security (TLS). This update added the involved sub-CA certificate to OS X's list of untrusted certificates. CVE-ID CVE-2013-5134 dyld Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker who has arbitrary code execution on a device may be able to persist code execution across reboots Description: Multiple buffer overflows existed in dyld's openSharedCacheFile() function. These issues were addressed through improved bounds checking. CVE-ID CVE-2013-3950 : Stefan Esser File Systems Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker who can mount a non-HFS filesystem may be able to cause an unexpected system termination or arbitrary code execution with kernel privileges Description: A memory corruption issue existed in the handling of AppleDouble files. This issue was addressed by removing support for AppleDouble files. CVE-ID CVE-2013-3955 : Stefan Esser ImageIO Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of JPEG2000 encoded data in PDF files. This issue was addressed through additional bounds checking. CVE-ID CVE-2013-1026 : Felix Groebert of the Google Security Team IOKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Background applications could inject user interface events into the foreground app Description: It was possible for background applications to inject user interface events into the foreground application using the task completion or VoIP APIs. This issue was addressed by enforcing access controls on foreground and background processes that handle interface events. CVE-ID CVE-2013-5137 : Mackenzie Straight at Mobile Labs IOKitUser Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious local application could cause an unexpected system termination Description: A null pointer dereference existed in IOCatalogue. The issue was addressed through additional type checking. CVE-ID CVE-2013-5138 : Will Estes IOSerialFamily Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Executing a malicious application may result in arbitrary code execution within the kernel Description: An out of bounds array access existed in the IOSerialFamily driver. This issue was addressed through additional bounds checking. CVE-ID CVE-2013-5139 : @dent1zt IPSec Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker may intercept data protected with IPSec Hybrid Auth Description: The DNS name of an IPSec Hybrid Auth server was not being matched against the certificate, allowing an attacker with a certificate for any server to impersonate any other. This issue was addressed by improved certificate checking. CVE-ID CVE-2013-1028 : Alexander Traud of www.traud.de Kernel Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A remote attacker can cause a device to unexpectedly restart Description: Sending an invalid packet fragment to a device can cause a kernel assert to trigger, leading to a device restart. The issue was addressed through additional validation of packet fragments. CVE-ID CVE-2013-5140 : Joonas Kuorilehto of Codenomicon, an anonymous researcher working with CERT-FI, Antti LevomAki and Lauri Virtanen of Vulnerability Analysis Group, Stonesoft Kernel Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious local application could cause device hang Description: An integer truncation vulnerability in the kernel socket interface could be leveraged to force the CPU into an infinite loop. The issue was addressed by using a larger sized variable. CVE-ID CVE-2013-5141 : CESG Kernel Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker on a local network can cause a denial of service Description: An attacker on a local network can send specially crafted IPv6 ICMP packets and cause high CPU load. The issue was addressed by rate limiting ICMP packets before verifying their checksum. CVE-ID CVE-2011-2391 : Marc Heuse Kernel Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Kernel stack memory may be disclosed to local users Description: An information disclosure issue existed in the msgctl and segctl APIs. This issue was addressed by initializing data structures returned from the kernel. CVE-ID CVE-2013-5142 : Kenzley Alphonse of Kenx Technology, Inc Kernel Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Unprivileged processes could get access to the contents of kernel memory which could lead to privilege escalation Description: An information disclosure issue existed in the mach_port_space_info API. This issue was addressed by initializing the iin_collision field in structures returned from the kernel. CVE-ID CVE-2013-3953 : Stefan Esser Kernel Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Unprivileged processes may be able to cause an unexpected system termination or arbitrary code execution in the kernel Description: A memory corruption issue existed in the handling of arguments to the posix_spawn API. This issue was addressed through additional bounds checking. CVE-ID CVE-2013-3954 : Stefan Esser Kext Management Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An unauthorized process may modify the set of loaded kernel extensions Description: An issue existed in kextd's handling of IPC messages from unauthenticated senders. This issue was addressed by adding additional authorization checks. CVE-ID CVE-2013-5145 : "Rainbow PRISM" libxml Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in libxml. These issues were addressed by updating libxml to version 2.9.0. CVE-ID CVE-2011-3102 : Juri Aedla CVE-2012-0841 CVE-2012-2807 : Juri Aedla CVE-2012-5134 : Google Chrome Security Team (Juri Aedla) libxslt Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in libxslt. These issues were addressed by updating libxslt to version 1.1.28. CVE-ID CVE-2012-2825 : Nicolas Gregoire CVE-2012-2870 : Nicolas Gregoire CVE-2012-2871 : Kai Lu of Fortinet's FortiGuard Labs, Nicolas Gregoire Passcode Lock Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to the device may be able to bypass the screen lock Description: A race condition issue existed in the handling of phone calls and SIM card ejection at the lock screen. This issue was addressed through improved lock state management. CVE-ID CVE-2013-5147 : videosdebarraquito Personal Hotspot Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker may be able to join a Personal Hotspot network Description: An issue existed in the generation of Personal Hotspot passwords, resulting in passwords that could be predicted by an attacker to join a user's Personal Hotspot. The issue was addressed by generating passwords with higher entropy. CVE-ID CVE-2013-4616 : Andreas Kurtz of NESO Security Labs and Daniel Metz of University Erlangen-Nuremberg Push Notifications Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: The push notification token may be disclosed to an app contrary to the user's decision Description: An information disclosure issue existed in push notification registration. Apps requesting access to the push notification access received the token before the user approved the app's use of push notifications. This issue was addressed by withholding access to the token until the user has approved access. CVE-ID CVE-2013-5149 : Jack Flintermann of Grouper, Inc. Safari Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of XML files. This issue was addressed through additional bounds checking. CVE-ID CVE-2013-1036 : Kai Lu of Fortinet's FortiGuard Labs Safari Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: History of pages recently visited in an open tab may remain after clearing of history Description: Clearing Safari's history did not clear the back/forward history for open tabs. This issue was addressed by clearing the back/forward history. CVE-ID CVE-2013-5150 Safari Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Viewing files on a website may lead to script execution even when the server sends a 'Content-Type: text/plain' header Description: Mobile Safari sometimes treated files as HTML files even when the server sent a 'Content-Type: text/plain' header. This may lead to cross-site scripting on sites that allow users to upload files. This issue was addressed through improved handling of files when 'Content-Type: text/plain' is set. CVE-ID CVE-2013-5151 : Ben Toews of Github Safari Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website may allow an arbitrary URL to be displayed Description: A URL bar spoofing issue existed in Mobile Safari. This issue was addressed through improved URL tracking. CVE-ID CVE-2013-5152 : Keita Haga of keitahaga.com, Lukasz Pilorz of RBS Sandbox Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Applications that are scripts were not sandboxed Description: Third-party applications which used the #! syntax to run a script were sandboxed based on the identity of the script interpreter, not the script. The interpreter may not have a sandbox defined, leading to the application being run unsandboxed. This issue was addressed by creating the sandbox based on the identity of the script. CVE-ID CVE-2013-5154 : evad3rs Sandbox Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Applications can cause a system hang Description: Malicious third-party applications that wrote specific values to the /dev/random device could force the CPU to enter an infinite loop. This issue was addressed by preventing third-party applications from writing to /dev/random. CVE-ID CVE-2013-5155 : CESG Social Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Users recent Twitter activity could be disclosed on devices with no passcode. Description: An issue existed where it was possible to determine what Twitter accounts a user had recently interacted with. This issue was resolved by restricting access to the Twitter icon cache. CVE-ID CVE-2013-5158 : Jonathan Zdziarski Springboard Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to a device in Lost Mode may be able to view notifications Description: An issue existed in the handling of notifications when a device is in Lost Mode. This update addresses the issue with improved lock state management. CVE-ID CVE-2013-5153 : Daniel Stangroom Telephony Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Malicious apps could interfere with or control telephony functionality Description: An access control issue existed in the telephony subsystem. Bypassing supported APIs, sandboxed apps could make requests directly to a system daemon interfering with or controlling telephony functionality. This issue was addressed by enforcing access controls on interfaces exposed by the telephony daemon. CVE-ID CVE-2013-5156 : Jin Han of the Institute for Infocomm Research working with Qiang Yan and Su Mon Kywe of Singapore Management University; Tielei Wang, Kangjie Lu, Long Lu, Simon Chung, and Wenke Lee from the Georgia Institute of Technology Twitter Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Sandboxed apps could send tweets without user interaction or permission Description: An access control issue existed in the Twitter subsystem. Bypassing supported APIs, sandboxed apps could make requests directly to a system daemon interfering with or controlling Twitter functionality. This issue was addressed by enforcing access controls on interfaces exposed by the Twitter daemon. CVE-ID CVE-2013-5157 : Jin Han of the Institute for Infocomm Research working with Qiang Yan and Su Mon Kywe of Singapore Management University; Tielei Wang, Kangjie Lu, Long Lu, Simon Chung, and Wenke Lee from the Georgia Institute of Technology WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2013-0879 : Atte Kettunen of OUSPG CVE-2013-0991 : Jay Civelli of the Chromium development community CVE-2013-0992 : Google Chrome Security Team (Martin Barbella) CVE-2013-0993 : Google Chrome Security Team (Inferno) CVE-2013-0994 : David German of Google CVE-2013-0995 : Google Chrome Security Team (Inferno) CVE-2013-0996 : Google Chrome Security Team (Inferno) CVE-2013-0997 : Vitaliy Toropov working with HP's Zero Day Initiative CVE-2013-0998 : pa_kt working with HP's Zero Day Initiative CVE-2013-0999 : pa_kt working with HP's Zero Day Initiative CVE-2013-1000 : Fermin J. Serna of the Google Security Team CVE-2013-1001 : Ryan Humenick CVE-2013-1002 : Sergey Glazunov CVE-2013-1003 : Google Chrome Security Team (Inferno) CVE-2013-1004 : Google Chrome Security Team (Martin Barbella) CVE-2013-1005 : Google Chrome Security Team (Martin Barbella) CVE-2013-1006 : Google Chrome Security Team (Martin Barbella) CVE-2013-1007 : Google Chrome Security Team (Inferno) CVE-2013-1008 : Sergey Glazunov CVE-2013-1010 : miaubiz CVE-2013-1037 : Google Chrome Security Team CVE-2013-1038 : Google Chrome Security Team CVE-2013-1039 : own-hero Research working with iDefense VCP CVE-2013-1040 : Google Chrome Security Team CVE-2013-1041 : Google Chrome Security Team CVE-2013-1042 : Google Chrome Security Team CVE-2013-1043 : Google Chrome Security Team CVE-2013-1044 : Apple CVE-2013-1045 : Google Chrome Security Team CVE-2013-1046 : Google Chrome Security Team CVE-2013-1047 : miaubiz CVE-2013-2842 : Cyril Cattiaux CVE-2013-5125 : Google Chrome Security Team CVE-2013-5126 : Apple CVE-2013-5127 : Google Chrome Security Team CVE-2013-5128 : Apple WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website may lead to information disclosure Description: An information disclosure issue existed in the handling of the window.webkitRequestAnimationFrame() API. A maliciously crafted website could use an iframe to determine if another site used window.webkitRequestAnimationFrame(). This issue was addressed through improved handling of window.webkitRequestAnimationFrame(). CVE-ID CVE-2013-5159 WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Copying and pasting a malicious HTML snippet may lead to a cross-site scripting attack Description: A cross-site scripting issue existed in the handling of copied and pasted data in HTML documents. This issue was addressed through additional validation of pasted content. CVE-ID CVE-2013-0926 : Aditya Gupta, Subho Halder, and Dev Kar of xys3c (xysec.com) WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to a cross- site scripting attack Description: A cross-site scripting issue existed in the handling of iframes. This issue was addressed through improved origin tracking. CVE-ID CVE-2013-1012 : Subodh Iyengar and Erling Ellingsen of Facebook WebKit Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an information disclosure Description: An information disclosure issue existed in XSSAuditor. This issue was addressed through improved handling of URLs. CVE-ID CVE-2013-2848 : Egor Homakov WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Dragging or pasting a selection may lead to a cross-site scripting attack Description: Dragging or pasting a selection from one site to another may allow scripts contained in the selection to be executed in the context of the new site. This issue is addressed through additional validation of content before a paste or a drag and drop operation. CVE-ID CVE-2013-5129 : Mario Heiderich WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to a cross- site scripting attack Description: A cross-site scripting issue existed in the handling of URLs. This issue was addressed through improved origin tracking. CVE-ID CVE-2013-5131 : Erling A Ellingsen Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "7.0". Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJSOe4/AAoJEPefwLHPlZEwToUP/jUGETRBdUjwN/gMmQAtl6zN 0VUMbnsNH51Lhsr15p9EHYJUL97pajT0N1gdd8Q2l+2NHkQzQLJziXgsO6VFOX7e GoLNvlbyfoE0Ac9dSm9w7yi2lVf8bjGZKmEH0DAXzZD5s0ThiqPZCjTo8rCODMH2 TyQgkYtcXtrAHYaFe0dceWe3Q0ORu24cuFg0xeqX+7QvzK9mSeJWiN8OtimMzDni 5Dvgn7emHiuI6f3huQ25bEXK4gjN+CGwXg2RhQ7fwm9IeBdLnH1qKrFrrMHIhbrK ibvud5jLS0ltUH+XnfBkoCkBntOO11vYllti8oIGCgaa5NkVkEOKbHy9uh6riGHT KXYU/LfM8tt8Ax6iknn4mYC2QYbv7OIyzSfu/scWbeawsJb4OMx71oJrROTArgQG QthFQvFk7NSe5kQlNz+xQHI5LP/ZSHTKdwT69zPIzjWQBOdcZ+4GQvmMsbKIeZeY I2oIull2C7XYav8B0o+l4WlyEewNCOHQ8znapZnjCRKT/FF/ueG/WO0J4SEWUbQz Kf24sZtFtm51QekPS3vc1XHacqJLELD8ugtgYC3hh9vUqkLV3UxpLKvI8uoOPUDt SCV3qSpaxgBQtJWUZPq0MWVTDJKzX4MEB8e1p4jZAggEzfx9AdT0s7XyGm9H/UsR GowSVGG+cJtvrngVhy3E =dNVy -----END PGP SIGNATURE-----

Trust: 2.07

sources: NVD: CVE-2011-3102 // BID: 53540 // VULHUB: VHN-51047 // VULMON: CVE-2011-3102 // PACKETSTORM: 112989 // PACKETSTORM: 124932 // PACKETSTORM: 121130 // PACKETSTORM: 119960 // PACKETSTORM: 112910 // PACKETSTORM: 114014 // PACKETSTORM: 123307 // PACKETSTORM: 123339

AFFECTED PRODUCTS

vendor:applemodel:iphone osscope:eqversion:5.1

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:6.0

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:6.1.2

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:5.1.1

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:5.0

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:6.1

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:6.0.1

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:6.0.2

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:6.1.3

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:1.1.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.0.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.1.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.0.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.1.5

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.1.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.0.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.0.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.3.5

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.2.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.3.3

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.1.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.2.5

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.0.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.2.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.1.3

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:5.0.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.0.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.2.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.2.8

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.1.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.0.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.3.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.2

Trust: 1.0

vendor:googlemodel:chromescope:lteversion:19.0.1084.45

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.1.3

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.0.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.3.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.3.2

Trust: 1.0

vendor:applemodel:iphone osscope:lteversion:6.1.4

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.0.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.1.4

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.2.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:6.1.4

Trust: 0.6

vendor:googlemodel:chromescope:eqversion:12.0.742.100

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:5.2.1

Trust: 0.3

vendor:avayamodel:aura communication manager sp5scope:eqversion:5.2.1

Trust: 0.3

vendor:redhatmodel:enterprise linux serverscope:eqversion:6

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:16.0.912.75

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:17.0.963.60

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:6.1

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:11.10

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.2.1

Trust: 0.3

vendor:avayamodel:meeting exchange sp1scope:eqversion:5.1

Trust: 0.3

vendor:avayamodel:aura presence servicesscope:eqversion:5.2

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:10.04

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.4

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:1.1

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:10.0.648.127

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:10.04

Trust: 0.3

vendor:avayamodel:aura communication managerscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura system managerscope:eqversion:6.1.3

Trust: 0.3

vendor:debianmodel:linux sparcscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura system managerscope:eqversion:6.2.3

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:17.0.96379

Trust: 0.3

vendor:avayamodel:aura system platform sp2scope:eqversion:6.0

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.2

Trust: 0.3

vendor:avayamodel:aura session manager sp1scope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:aura communication managerscope:eqversion:5.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.6.3

Trust: 0.3

vendor:mandrivamodel:business serverscope:eqversion:1

Trust: 0.3

vendor:ubuntumodel:linux sparcscope:eqversion:10.04

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2010.1

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:5.1.2

Trust: 0.3

vendor:avayamodel:meeting exchange sp2scope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:aura application server sip corescope:eqversion:53002.0

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.5

Trust: 0.3

vendor:vmwaremodel:esx serverscope:eqversion:3.5

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:5.0

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:15.0.874.120

Trust: 0.3

vendor:avayamodel:aura communication managerscope:eqversion:6.2

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:11.0.696.77

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:6.0.3.0.3

Trust: 0.3

vendor:avayamodel:one-x client enablement servicescope:eqversion:6.1

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:6.2

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:17.0.96365

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2.4

Trust: 0.3

vendor:vmwaremodel:esxscope:eqversion:3.5

Trust: 0.3

vendor:avayamodel:aura messagingscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.1.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.1.1

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:15.0.874.121

Trust: 0.3

vendor:avayamodel:aura system managerscope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.0

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:16.0.912.77

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:13.0.782.112

Trust: 0.3

vendor:avayamodel:aura system managerscope:eqversion:6.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1.1

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:13.0.782.215

Trust: 0.3

vendor:redhatmodel:enterprise linux desktopscope:eqversion:6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.0.2

Trust: 0.3

vendor:xeroxmodel:freeflow print server 73.c0.41scope: - version: -

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.4

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:14.0.835.202

Trust: 0.3

vendor:avayamodel:meeting exchange sp1scope:eqversion:5.0

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:11.0.696.57

Trust: 0.3

vendor:avayamodel:conferencing standard editionscope:eqversion:6.0

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.1

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:18.0.1025.168

Trust: 0.3

vendor:debianmodel:linux ia-64scope:eqversion:6.0

Trust: 0.3

vendor:applemodel:tvscope:eqversion:5.0

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:6.2

Trust: 0.3

vendor:avayamodel:voice portal sp1scope:eqversion:5.0

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.5

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:5.1

Trust: 0.3

vendor:susemodel:linux enterprise server sp3 ltssscope:eqversion:10

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.1.4

Trust: 0.3

vendor:avayamodel:voice portal sp2scope:eqversion:5.0

Trust: 0.3

vendor:applemodel:safari for windowsscope:neversion:6.0

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2011

Trust: 0.3

vendor:redhatmodel:enterprise linux workstationscope:eqversion:6

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.1.5

Trust: 0.3

vendor:avayamodel:meeting exchange sp2scope:eqversion:5.2

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop clientscope:eqversion:5

Trust: 0.3

vendor:avayamodel:aura messagingscope:eqversion:6.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.1

Trust: 0.3

vendor:avayamodel:aura session manager sp1scope:eqversion:6.1

Trust: 0.3

vendor:avayamodel:iqscope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.0.1

Trust: 0.3

vendor:s u s emodel:opensusescope:eqversion:11.4

Trust: 0.3

vendor:avayamodel:aura presence servicesscope:eqversion:6.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.0

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0

Trust: 0.3

vendor:ubuntumodel:linux lts sparcscope:eqversion:8.04

Trust: 0.3

vendor:avayamodel:aura presence servicesscope:eqversion:6.1.2

Trust: 0.3

vendor:avayamodel:aura system managerscope:eqversion:6.1.5

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:8.04

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.5

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:16.0.91275

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:6.1.2

Trust: 0.3

vendor:googlemodel:chromescope:neversion:19

Trust: 0.3

vendor:xeroxmodel:freeflow print server 73.b3.61scope: - version: -

Trust: 0.3

vendor:avayamodel:conferencing standard editionscope:eqversion:6.0.1

Trust: 0.3

vendor:avayamodel:meeting exchangescope:eqversion:5.0

Trust: 0.3

vendor:applemodel:tvscope:eqversion:5.1

Trust: 0.3

vendor:sunmodel:solaris 10 sparcscope: - version: -

Trust: 0.3

vendor:avayamodel:voice portal sp1scope:eqversion:5.1

Trust: 0.3

vendor:avayamodel:aura communication manager sp2scope:eqversion:5.2.1

Trust: 0.3

vendor:debianmodel:linux amd64scope:eqversion:6.0

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:13.0.782.107

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:14

Trust: 0.3

vendor:avayamodel:meeting exchange sp1scope:eqversion:5.2

Trust: 0.3

vendor:ubuntumodel:linux armscope:eqversion:10.04

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:11.04

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.1.7

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:12.04

Trust: 0.3

vendor:oraclemodel:solarisscope:eqversion:11

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6

Trust: 0.3

vendor:debianmodel:linux mipsscope:eqversion:6.0

Trust: 0.3

vendor:applemodel:tvscope:eqversion:5.2

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:11.0.696.68

Trust: 0.3

vendor:applemodel:ios for developerscope:eqversion:6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.0.1

Trust: 0.3

vendor:vmwaremodel:esx serverscope:eqversion:4.0

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:6.2

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:18.0.1025.151

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.1.4

Trust: 0.3

vendor:avayamodel:aura system managerscope:eqversion:6.1

Trust: 0.3

vendor:avayamodel:aura system manager sp2scope:eqversion:6.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.0.1

Trust: 0.3

vendor:vmwaremodel:esxscope:eqversion:4.0

Trust: 0.3

vendor:mandrakesoftmodel:enterprise server x86 64scope:eqversion:5

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:14.0.835.186

Trust: 0.3

vendor:avayamodel:aura communication managerscope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.1.3

Trust: 0.3

vendor:avayamodel:aura session manager sp2scope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:ip office server editionscope:eqversion:8.1

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:16.0.912.63

Trust: 0.3

vendor:s u s emodel:opensusescope:eqversion:12.1

Trust: 0.3

vendor:applemodel:tvscope:neversion:6.0

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2010.1

Trust: 0.3

vendor:avayamodel:meeting exchangescope:eqversion:5.1

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:1.0

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.6

Trust: 0.3

vendor:redhatmodel:enterprise linux hpc node optionalscope:eqversion:6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4

Trust: 0.3

vendor:xeroxmodel:freeflow print server 73.c5.11scope: - version: -

Trust: 0.3

vendor:avayamodel:voice portal sp3scope:eqversion:5.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:6.0.3.8.3

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:1.1.1

Trust: 0.3

vendor:vmwaremodel:esx serverscope:eqversion:4.1

Trust: 0.3

vendor:avayamodel:iqscope:eqversion:5.1.1

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2.3

Trust: 0.3

vendor:mandrakesoftmodel:enterprise serverscope:eqversion:5

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:6.0.3.9.3

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:13

Trust: 0.3

vendor:applemodel:tvscope:eqversion:5.2.1

Trust: 0.3

vendor:avayamodel:meeting exchangescope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:aura communication manager utility servicesscope:eqversion:6.1

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:10.0.648.204

Trust: 0.3

vendor:vmwaremodel:esxscope:eqversion:4.1

Trust: 0.3

vendor:mandrivamodel:business serverscope:eqversion:1x8664

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:10.0.648.128

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.2.2

Trust: 0.3

vendor:applemodel:ios betascope:eqversion:64

Trust: 0.3

vendor:avayamodel:communication server 1000mscope:eqversion:6.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.1

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.6

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:11.04

Trust: 0.3

vendor:redhatmodel:enterprise linux workstation optionalscope:eqversion:6

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.2

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:11.0.696.65

Trust: 0.3

vendor:avayamodel:communication server 1000m signaling serverscope:eqversion:6.0

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.1.7

Trust: 0.3

vendor:sunmodel:solarisscope:eqversion:9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1.3

Trust: 0.3

vendor:avayamodel:aura messagingscope:eqversion:6.1.1

Trust: 0.3

vendor:avayamodel:communication server 1000escope:eqversion:6.0

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:11.04

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.2

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:12.0.742.112

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.1.1

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:6.2.1

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:6

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.1

Trust: 0.3

vendor:applemodel:tvscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5

Trust: 0.3

vendor:avayamodel:aura application server sip core pb26scope:eqversion:53002.0

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:12.04

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2011

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:16

Trust: 0.3

vendor:ubuntumodel:linux lts lpiascope:eqversion:8.04

Trust: 0.3

vendor:avayamodel:aura presence servicesscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura presence services sp2scope:eqversion:6.1

Trust: 0.3

vendor:avayamodel:aura presence services sp1scope:eqversion:6.1

Trust: 0.3

vendor:avayamodel:aura system manager sp1scope:eqversion:6.0

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:11.1

Trust: 0.3

vendor:susemodel:linux enterprise server sp4 ltssscope:eqversion:10

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:11.1.1

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:12

Trust: 0.3

vendor:avayamodel:aura system manager sp1scope:eqversion:6.1

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:iosscope:neversion:7

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:6.0.2

Trust: 0.3

vendor:applemodel:itunesscope:neversion:11.1.4

Trust: 0.3

vendor:debianmodel:linux s/390scope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:communication server 1000m signaling serverscope:eqversion:7.0

Trust: 0.3

vendor:avayamodel:aura experience portalscope:eqversion:6.0

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:0

Trust: 0.3

vendor:avayamodel:communication server 1000escope:eqversion:7.0

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:15.0.874102

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:10.0.648.133

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.2.2

Trust: 0.3

vendor:avayamodel:aura session manager sp1scope:eqversion:6.0

Trust: 0.3

vendor:srwaremodel:ironscope:eqversion:15.0.900.1

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:17.0.963.46

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.1.5

Trust: 0.3

vendor:srwaremodel:ironscope:eqversion:18.0.1050.0

Trust: 0.3

vendor:avayamodel:conferencing standard edition sp1scope:eqversion:6.0

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:17.0.963.83

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:11.10

Trust: 0.3

vendor:avayamodel:aura session manager sp2scope:eqversion:6.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.4.0.80

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.1

Trust: 0.3

vendor:debianmodel:linux armscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura presence servicesscope:eqversion:6.1.1

Trust: 0.3

vendor:avayamodel:proactive contactscope:eqversion:5.0

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:11.0.696.43

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.5

Trust: 0.3

vendor:redhatmodel:enterprise linux server optionalscope:eqversion:6

Trust: 0.3

vendor:avayamodel:aura system managerscope:eqversion:6.1.2

Trust: 0.3

vendor:applemodel:safariscope:neversion:6.0

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:6.1.1

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:8.04

Trust: 0.3

vendor:avayamodel:aura system managerscope:eqversion:6.0

Trust: 0.3

vendor:ubuntumodel:linux lts powerpcscope:eqversion:8.04

Trust: 0.3

vendor:applemodel:itunesscope:neversion:11.1.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.6

Trust: 0.3

vendor:avayamodel:aura application server sip corescope:eqversion:53003.0

Trust: 0.3

vendor:avayamodel:aura application server sip core pb25scope:eqversion:53002.0

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:5.1.1

Trust: 0.3

vendor:avayamodel:aura experience portalscope:eqversion:6.0.1

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:0

Trust: 0.3

vendor:avayamodel:communication server 1000e signaling serverscope:eqversion:6.0

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:18.0.1025.142

Trust: 0.3

vendor:avayamodel:aura messagingscope:eqversion:6.1

Trust: 0.3

vendor:avayamodel:aura system platform sp3scope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.1

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2.2

Trust: 0.3

vendor:avayamodel:aura conferencingscope:eqversion:7.0

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:11.0.696.71

Trust: 0.3

vendor:applemodel:itunesscope:neversion:10.7

Trust: 0.3

vendor:avayamodel:aura system managerscope:eqversion:6.2

Trust: 0.3

vendor:avayamodel:aura system platform sp1scope:eqversion:6.2

Trust: 0.3

vendor:centosmodel:centosscope:eqversion:6

Trust: 0.3

vendor:redhatmodel:enterprise linux optional productivity application serverscope:eqversion:5

Trust: 0.3

vendor:avayamodel:ip office server editionscope:eqversion:8.0

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2.1

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop optionalscope:eqversion:6

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:12.0.742.91

Trust: 0.3

vendor:avayamodel:aura communication manager utility servicesscope:eqversion:6.0

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:17.0.963.78

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.0

Trust: 0.3

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:10.04

Trust: 0.3

vendor:redhatmodel:enterprise linux hpc nodescope:eqversion:6

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:17.0.963.56

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.1

Trust: 0.3

vendor:avayamodel:aura communication managerscope:eqversion:6.0.1

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:5.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.2

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:6.0.1

Trust: 0.3

vendor:avayamodel:communication server 1000e signaling serverscope:eqversion:7.5

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:0

Trust: 0.3

vendor:redhatmodel:enterprise linux serverscope:eqversion:5

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:5.1.3

Trust: 0.3

vendor:srwaremodel:ironscope:neversion:19.0.1100.0

Trust: 0.3

vendor:avayamodel:aura application server sip core pb16scope:eqversion:53002.0

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:1.0

Trust: 0.3

vendor:debianmodel:linux ia-32scope:eqversion:6.0

Trust: 0.3

vendor:ubuntumodel:linux armscope:eqversion:11.04

Trust: 0.3

vendor:applemodel:iosscope:neversion:6

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:11.0.672.2

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:14.0.835.163

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:10

Trust: 0.3

vendor:avayamodel:communication server 1000mscope:eqversion:7.5

Trust: 0.3

vendor:sunmodel:solaris 10 x86scope: - version: -

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:11

Trust: 0.3

vendor:avayamodel:communication server 1000e signaling serverscope:eqversion:7.0

Trust: 0.3

vendor:avayamodel:aura communication manager utility servicesscope:eqversion:6.2

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop workstation clientscope:eqversion:5

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.3

Trust: 0.3

vendor:debianmodel:linux powerpcscope:eqversion:6.0

Trust: 0.3

vendor:srwaremodel:ironscope:eqversion:15

Trust: 0.3

vendor:avayamodel:iqscope:eqversion:5.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.6.1.7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1

Trust: 0.3

vendor:avayamodel:communication server 1000m signaling serverscope:eqversion:7.5

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:10.0.648.205

Trust: 0.3

vendor:avayamodel:aura application server sip corescope:eqversion:53002.1

Trust: 0.3

vendor:avayamodel:communication server 1000escope:eqversion:7.5

Trust: 0.3

vendor:avayamodel:communication server 1000mscope:eqversion:7.0

Trust: 0.3

sources: BID: 53540 // CNNVD: CNNVD-201205-257 // NVD: CVE-2011-3102

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-3102
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-201205-257
value: MEDIUM

Trust: 0.6

VULHUB: VHN-51047
value: MEDIUM

Trust: 0.1

VULMON: CVE-2011-3102
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2011-3102
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-51047
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-51047 // VULMON: CVE-2011-3102 // CNNVD: CNNVD-201205-257 // NVD: CVE-2011-3102

PROBLEMTYPE DATA

problemtype:CWE-189

Trust: 1.1

sources: VULHUB: VHN-51047 // NVD: CVE-2011-3102

THREAT TYPE

remote

Trust: 0.8

sources: PACKETSTORM: 121130 // PACKETSTORM: 114014 // CNNVD: CNNVD-201205-257

TYPE

digital error

Trust: 0.6

sources: CNNVD: CNNVD-201205-257

PATCH

title:Red Hat: Moderate: libxml2 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20121288 - Security Advisory

Trust: 0.1

title:Ubuntu Security Notice: libxml2 vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-1447-1

Trust: 0.1

title:Debian CVElist Bug Report Logs: CVE-2011-3102url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=95f6eb00690ae8404917a41a2d6e121e

Trust: 0.1

title:Debian Security Advisories: DSA-2479-1 libxml2 -- off-by-oneurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=316dc5145bb3d45f6fb1f8c911c8a33f

Trust: 0.1

title:Amazon Linux AMI: ALAS-2012-134url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2012-134

Trust: 0.1

title:VMware Security Advisories: VMware vSphere security updates for the authentication service and third party librariesurl:https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories&qid=4b5e3f2420b6e62eeeabf7f83f5bb496

Trust: 0.1

sources: VULMON: CVE-2011-3102

EXTERNAL IDS

db:NVDid:CVE-2011-3102

Trust: 2.9

db:BIDid:53540

Trust: 1.5

db:SECUNIAid:49243

Trust: 1.2

db:SECUNIAid:54886

Trust: 1.2

db:SECUNIAid:50658

Trust: 1.2

db:SECUNIAid:55568

Trust: 1.2

db:SECTRACKid:1027067

Trust: 1.1

db:CNNVDid:CNNVD-201205-257

Trust: 0.7

db:NSFOCUSid:19635

Trust: 0.6

db:PACKETSTORMid:112910

Trust: 0.2

db:PACKETSTORMid:112989

Trust: 0.2

db:PACKETSTORMid:114014

Trust: 0.2

db:PACKETSTORMid:124932

Trust: 0.2

db:PACKETSTORMid:116647

Trust: 0.1

db:PACKETSTORMid:114580

Trust: 0.1

db:VULHUBid:VHN-51047

Trust: 0.1

db:VULMONid:CVE-2011-3102

Trust: 0.1

db:PACKETSTORMid:121130

Trust: 0.1

db:PACKETSTORMid:119960

Trust: 0.1

db:PACKETSTORMid:123307

Trust: 0.1

db:PACKETSTORMid:123339

Trust: 0.1

sources: VULHUB: VHN-51047 // VULMON: CVE-2011-3102 // BID: 53540 // PACKETSTORM: 112989 // PACKETSTORM: 124932 // PACKETSTORM: 121130 // PACKETSTORM: 119960 // PACKETSTORM: 112910 // PACKETSTORM: 114014 // PACKETSTORM: 123307 // PACKETSTORM: 123339 // CNNVD: CNNVD-201205-257 // NVD: CVE-2011-3102

REFERENCES

url:http://googlechromereleases.blogspot.com/2012/05/stable-channel-update.html

Trust: 2.1

url:http://code.google.com/p/chromium/issues/detail?id=125462

Trust: 1.8

url:http://lists.apple.com/archives/security-announce/2013/sep/msg00006.html

Trust: 1.5

url:http://support.apple.com/kb/ht6001

Trust: 1.5

url:http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_xrx13-003_v1.0.pdf

Trust: 1.5

url:http://rhn.redhat.com/errata/rhsa-2013-0217.html

Trust: 1.3

url:http://lists.apple.com/archives/security-announce/2013/oct/msg00009.html

Trust: 1.2

url:http://www.securityfocus.com/bid/53540

Trust: 1.2

url:http://support.apple.com/kb/ht5934

Trust: 1.2

url:http://www.debian.org/security/2012/dsa-2479

Trust: 1.2

url:http://www.mandriva.com/security/advisories?name=mdvsa-2012:098

Trust: 1.2

url:http://www.mandriva.com/security/advisories?name=mdvsa-2013:056

Trust: 1.2

url:http://www.securitytracker.com/id?1027067

Trust: 1.2

url:http://secunia.com/advisories/49243

Trust: 1.2

url:http://secunia.com/advisories/50658

Trust: 1.2

url:http://secunia.com/advisories/54886

Trust: 1.2

url:http://secunia.com/advisories/55568

Trust: 1.2

url:http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html

Trust: 1.2

url:http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00017.html

Trust: 1.2

url:https://lists.opensuse.org/opensuse-updates/2012-06/msg00011.html

Trust: 1.2

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/75607

Trust: 1.2

url:https://nvd.nist.gov/vuln/detail/cve-2011-3102

Trust: 0.8

url:http://www.nsfocus.net/vulndb/19635

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2012-5134

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2012-0841

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2012-2807

Trust: 0.4

url:https://blogs.oracle.com/sunsecurity/entry/cve_2011_3102_numeric_errors

Trust: 0.3

url:http://support.apple.com/kb/ht5935

Trust: 0.3

url:http://www.google.com/chrome

Trust: 0.3

url:http://www.srware.net/forum/viewtopic.php?f=18&t=3729

Trust: 0.3

url:http://www.xerox.com/download/security/security-bulletin/1683f-4d960e4b16bb2/cert_xrx13-004_v1.01.pdf

Trust: 0.3

url:http://prod.lists.apple.com/archives/security-announce/2012/sep/msg00001.html

Trust: 0.3

url:https://downloads.avaya.com/css/p8/documents/100167711

Trust: 0.3

url:http://www.vmware.com/security/advisories/vmsa-2013-0001.html

Trust: 0.3

url:http://support.apple.com/kb/ht1222

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2012-2825

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2012-2871

Trust: 0.3

url:https://www.apple.com/support/security/pgp/

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2012-2870

Trust: 0.3

url:http://gpgtools.org

Trust: 0.3

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3102

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2013-0997

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2013-0996

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2013-0879

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2013-1000

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2013-1001

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2013-0992

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2013-0995

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2013-1003

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2013-1005

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2011-2391

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2013-1002

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2013-0993

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2013-1004

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2013-0991

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2013-0999

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2013-0994

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2013-1007

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2013-0998

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2013-1006

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/189.html

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2012:1288

Trust: 0.1

url:https://usn.ubuntu.com/1447-1/

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:http://tools.cisco.com/security/center/viewalert.x?alertid=26947

Trust: 0.1

url:http://secunia.com/

Trust: 0.1

url:http://www.debian.org/security/faq

Trust: 0.1

url:http://www.debian.org/security/

Trust: 0.1

url:http://lists.grok.org.uk/full-disclosure-charter.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-1039

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-1045

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-1024

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-5125

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-1043

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-1041

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-1040

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-1038

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-5126

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-1044

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-1042

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-1046

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-1047

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-5127

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-2842

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-1242

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-5128

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-1037

Trust: 0.1

url:http://www.apple.com/itunes/download/

Trust: 0.1

url:https://bugzilla.redhat.com/show_bug.cgi?id=912400

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0338

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-0338

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2807

Trust: 0.1

url:http://www.mandriva.com/en/support/security/

Trust: 0.1

url:http://www.mandriva.com/en/support/security/advisories/

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-5134

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2011-2834.html

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2012-5134.html

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2834

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2010-4494.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3919

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3905

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-4008

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1944

Trust: 0.1

url:https://access.redhat.com/security/team/contact/

Trust: 0.1

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2011-3102.html

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2011-1944.html

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2011-3919.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-4494

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2011-2821.html

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2011-3905.html

Trust: 0.1

url:https://access.redhat.com/knowledge/articles/11258

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0216

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2821

Trust: 0.1

url:https://access.redhat.com/security/team/key/#package

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2012-0841.html

Trust: 0.1

url:http://bugzilla.redhat.com/):

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2011-0216.html

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2010-4008.html

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/libxml2/2.7.8.dfsg-4ubuntu0.3

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/libxml2/2.6.31.dfsg-2ubuntu1.9

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/libxml2/2.7.8.dfsg-2ubuntu0.4

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/libxml2/2.7.6.dfsg-1ubuntu1.5

Trust: 0.1

url:http://www.ubuntu.com/usn/usn-1447-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/libxml2/2.7.8.dfsg-5.1ubuntu4.1

Trust: 0.1

url:http://www.mandriva.com/security/advisories

Trust: 0.1

url:http://www.mandriva.com/security/

Trust: 0.1

url:https://www.apple.com/itunes/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-0957

Trust: 0.1

url:https://www.traud.de

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-0926

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-1010

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-1008

Trust: 0.1

sources: VULHUB: VHN-51047 // VULMON: CVE-2011-3102 // BID: 53540 // PACKETSTORM: 112989 // PACKETSTORM: 124932 // PACKETSTORM: 121130 // PACKETSTORM: 119960 // PACKETSTORM: 112910 // PACKETSTORM: 114014 // PACKETSTORM: 123307 // PACKETSTORM: 123339 // CNNVD: CNNVD-201205-257 // NVD: CVE-2011-3102

CREDITS

Aki Helin of OUSPG, Brett Wilson and Charlie Reis of the Chromium development community, &amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;ldquo;psaldorn&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp

Trust: 0.3

sources: BID: 53540

SOURCES

db:VULHUBid:VHN-51047
db:VULMONid:CVE-2011-3102
db:BIDid:53540
db:PACKETSTORMid:112989
db:PACKETSTORMid:124932
db:PACKETSTORMid:121130
db:PACKETSTORMid:119960
db:PACKETSTORMid:112910
db:PACKETSTORMid:114014
db:PACKETSTORMid:123307
db:PACKETSTORMid:123339
db:CNNVDid:CNNVD-201205-257
db:NVDid:CVE-2011-3102

LAST UPDATE DATE

2024-11-24T19:41:05.947000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-51047date:2017-12-29T00:00:00
db:VULMONid:CVE-2011-3102date:2017-12-29T00:00:00
db:BIDid:53540date:2015-04-13T22:06:00
db:CNNVDid:CNNVD-201205-257date:2012-05-16T00:00:00
db:NVDid:CVE-2011-3102date:2024-11-21T01:29:44.210

SOURCES RELEASE DATE

db:VULHUBid:VHN-51047date:2012-05-16T00:00:00
db:VULMONid:CVE-2011-3102date:2012-05-16T00:00:00
db:BIDid:53540date:2012-05-15T00:00:00
db:PACKETSTORMid:112989date:2012-05-24T02:22:30
db:PACKETSTORMid:124932date:2014-01-24T01:33:33
db:PACKETSTORMid:121130date:2013-04-08T20:28:39
db:PACKETSTORMid:119960date:2013-02-01T03:30:19
db:PACKETSTORMid:112910date:2012-05-22T00:25:14
db:PACKETSTORMid:114014date:2012-06-21T15:34:44
db:PACKETSTORMid:123307date:2013-09-19T01:58:16
db:PACKETSTORMid:123339date:2013-09-20T20:54:13
db:CNNVDid:CNNVD-201205-257date:2012-05-16T00:00:00
db:NVDid:CVE-2011-3102date:2012-05-16T00:55:03.683