ID

VAR-201512-0531


CVE

CVE-2015-5312


TITLE

libxml2 of parser.c of xmlStringLenDecodeEntities Service disruption in functions (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-006431

DESCRIPTION

The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660. libxml2 is prone to a denial-of-service vulnerability. Successful exploits may allow an attacker to cause an affected application to consume excessive amounts of CPU, resulting in a denial-of-service condition. libxml2 2.9.2 is vulnerable; other versions may also be affected. It supports multiple encoding formats, XPath analysis, Well-formed and valid verification, etc. The vulnerability is caused by the program not properly restricting entity expansion. Alternatively, you may manually check for software updates by selecting "Settings -> System -> Software Update -> Update Software.". To check the current version of software, select "Settings -> General -> About". -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-03-21-2 watchOS 2.2 watchOS 2.2 is now available and addresses the following: Disk Images Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling. CVE-ID CVE-2016-1717 : Frank Graziano of Yahoo! Pentest Team FontParser Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1740 : HappilyCoded (ant4g0nist and r3dsm0k3) working with Trend Micro's Zero Day Initiative (ZDI) HTTPProtocol Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A remote attacker may be able to execute arbitrary code Description: Multiple vulnerabilities existed in nghttp2 versions prior to 1.6.0, the most serious of which may have led to remote code execution. These were addressed by updating nghttp2 to version 1.6.0. CVE-ID CVE-2015-8659 IOHIDFamily Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1719 : Ian Beer of Google Project Zero IOHIDFamily Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: An application may be able to determine kernel memory layout Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1748 : Brandon Azad Kernel Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1720 : Ian Beer of Google Project Zero CVE-2016-1721 : Ian Beer of Google Project Zero and Ju Zhu of Trend Micro CVE-2016-1754 : Lufeng Li of Qihoo 360 Vulcan Team CVE-2016-1755 : Ian Beer of Google Project Zero Kernel Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed through improved memory management. CVE-ID CVE-2016-1750 : CESG Kernel Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple integer overflows were addressed through improved input validation. CVE-ID CVE-2016-1753 : Juwei Lin Trend Micro working with Trend Micro's Zero Day Initiative (ZDI) Kernel Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: An application may be able to bypass code signing Description: A permissions issue existed in which execute permission was incorrectly granted. This issue was addressed through improved permission validation. CVE-ID CVE-2016-1751 : Eric Monti of Square Mobile Security Kernel Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: An application may be able to cause a denial of service Description: A denial of service issue was addressed through improved validation. CVE-ID CVE-2016-1752 : CESG libxml2 Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2015-1819 CVE-2015-5312 : David Drysdale of Google CVE-2015-7499 CVE-2015-7500 : Kostya Serebryany of Google CVE-2015-7942 : Kostya Serebryany of Google CVE-2015-8035 : gustavo.grieco CVE-2015-8242 : Hugh Davenport CVE-2016-1761 : wol0xff working with Trend Micro's Zero Day Initiative (ZDI) CVE-2016-1762 libxslt Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution Description: A type confusion issue was addressed through improved memory handling. CVE-ID CVE-2015-7995 : puzzor Messages Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: An attacker who is able to bypass Apple's certificate pinning, intercept TLS connections, inject messages, and record encrypted attachment-type messages may be able to read attachments Description: A cryptographic issue was addressed by rejecting duplicate messages on the client. CVE-ID CVE-2016-1788 : Christina Garman, Matthew Green, Gabriel Kaptchuk, Ian Miers, and Michael Rushanan of Johns Hopkins University Security Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution Description: A memory corruption issue existed in the ASN.1 decoder. This issue was addressed through improved input validation. CVE-ID CVE-2016-1950 : Francis Gabriel of Quarkslab syslog Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1722 : Joshua J. Drake and Nikias Bassen of Zimperium zLabs TrueTypeScaler Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2016-1775 : 0x1byte working with Trend Micro's Zero Day Initiative (ZDI) WebKit Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1723 : Apple CVE-2016-1724 : Apple CVE-2016-1725 : Apple CVE-2016-1726 : Apple CVE-2016-1727 : Apple Wi-Fi Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: An attacker with a privileged network position may be able to execute arbitrary code Description: A frame validation and memory corruption issue existed for a given ethertype. This issue was addressed through additional ethertype validation and improved memory handling. For the oldstable distribution (wheezy), these problems have been fixed in version 2.8.0+dfsg1-7+wheezy5. For the stable distribution (jessie), these problems have been fixed in version 2.9.1+dfsg1-5+deb8u1. For the testing distribution (stretch), these problems have been fixed in version 2.9.3+dfsg1-1 or earlier versions. For the unstable distribution (sid), these problems have been fixed in version 2.9.3+dfsg1-1 or earlier versions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: libxml2 security update Advisory ID: RHSA-2015:2550-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-2550.html Issue date: 2015-12-07 CVE Names: CVE-2015-1819 CVE-2015-5312 CVE-2015-7497 CVE-2015-7498 CVE-2015-7499 CVE-2015-7500 CVE-2015-7941 CVE-2015-7942 CVE-2015-8241 CVE-2015-8242 CVE-2015-8317 ===================================================================== 1. Summary: Updated libxml2 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The libxml2 library is a development toolbox providing the implementation of various XML standards. Several denial of service flaws were found in libxml2, a library providing support for reading, modifying, and writing XML and HTML files. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to use an excessive amount of CPU, leak potentially sensitive information, or in certain cases crash the application. (CVE-2015-1819, CVE-2015-5312, CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500 CVE-2015-7941, CVE-2015-7942, CVE-2015-8241, CVE-2015-8242, CVE-2015-8317, BZ#1213957, BZ#1281955) Red Hat would like to thank the GNOME project for reporting CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500, CVE-2015-8241, CVE-2015-8242, and CVE-2015-8317. Upstream acknowledges Kostya Serebryany of Google as the original reporter of CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, and CVE-2015-7500; Hugh Davenport as the original reporter of CVE-2015-8241 and CVE-2015-8242; and Hanno Boeck as the original reporter of CVE-2015-8317. The CVE-2015-1819 issue was discovered by Florian Weimer of Red Hat Product Security. All libxml2 users are advised to upgrade to these updated packages, which contain a backported patch to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1211278 - CVE-2015-1819 libxml2: denial of service processing a crafted XML document 1213957 - libxml2: out-of-bounds memory access when parsing an unclosed HTML comment 1274222 - CVE-2015-7941 libxml2: Out-of-bounds memory access 1276297 - CVE-2015-7942 libxml2: heap-based buffer overflow in xmlParseConditionalSections() 1276693 - CVE-2015-5312 libxml2: CPU exhaustion when processing specially crafted XML input 1281862 - CVE-2015-7497 libxml2: Heap-based buffer overflow in xmlDictComputeFastQKey 1281879 - CVE-2015-7498 libxml2: Heap-based buffer overflow in xmlParseXmlDecl 1281925 - CVE-2015-7499 libxml2: Heap-based buffer overflow in xmlGROW 1281930 - CVE-2015-8317 libxml2: Out-of-bounds heap read when parsing file with unfinished xml declaration 1281936 - CVE-2015-8241 libxml2: Buffer overread with XML parser in xmlNextChar 1281943 - CVE-2015-7500 libxml2: Heap buffer overflow in xmlParseMisc 1281950 - CVE-2015-8242 libxml2: Buffer overread with HTML parser in push mode in xmlSAX2TextNode 1281955 - libxml2: Multiple out-of-bounds reads in xmlDictComputeFastKey.isra.2 and xmlDictAddString.isra.O 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: libxml2-2.9.1-6.el7_2.2.src.rpm x86_64: libxml2-2.9.1-6.el7_2.2.i686.rpm libxml2-2.9.1-6.el7_2.2.x86_64.rpm libxml2-debuginfo-2.9.1-6.el7_2.2.i686.rpm libxml2-debuginfo-2.9.1-6.el7_2.2.x86_64.rpm libxml2-python-2.9.1-6.el7_2.2.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: libxml2-debuginfo-2.9.1-6.el7_2.2.i686.rpm libxml2-debuginfo-2.9.1-6.el7_2.2.x86_64.rpm libxml2-devel-2.9.1-6.el7_2.2.i686.rpm libxml2-devel-2.9.1-6.el7_2.2.x86_64.rpm libxml2-static-2.9.1-6.el7_2.2.i686.rpm libxml2-static-2.9.1-6.el7_2.2.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: libxml2-2.9.1-6.el7_2.2.src.rpm x86_64: libxml2-2.9.1-6.el7_2.2.i686.rpm libxml2-2.9.1-6.el7_2.2.x86_64.rpm libxml2-debuginfo-2.9.1-6.el7_2.2.i686.rpm libxml2-debuginfo-2.9.1-6.el7_2.2.x86_64.rpm libxml2-python-2.9.1-6.el7_2.2.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: libxml2-debuginfo-2.9.1-6.el7_2.2.i686.rpm libxml2-debuginfo-2.9.1-6.el7_2.2.x86_64.rpm libxml2-devel-2.9.1-6.el7_2.2.i686.rpm libxml2-devel-2.9.1-6.el7_2.2.x86_64.rpm libxml2-static-2.9.1-6.el7_2.2.i686.rpm libxml2-static-2.9.1-6.el7_2.2.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: libxml2-2.9.1-6.el7_2.2.src.rpm aarch64: libxml2-2.9.1-6.el7_2.2.aarch64.rpm libxml2-debuginfo-2.9.1-6.el7_2.2.aarch64.rpm libxml2-devel-2.9.1-6.el7_2.2.aarch64.rpm libxml2-python-2.9.1-6.el7_2.2.aarch64.rpm ppc64: libxml2-2.9.1-6.el7_2.2.ppc.rpm libxml2-2.9.1-6.el7_2.2.ppc64.rpm libxml2-debuginfo-2.9.1-6.el7_2.2.ppc.rpm libxml2-debuginfo-2.9.1-6.el7_2.2.ppc64.rpm libxml2-devel-2.9.1-6.el7_2.2.ppc.rpm libxml2-devel-2.9.1-6.el7_2.2.ppc64.rpm libxml2-python-2.9.1-6.el7_2.2.ppc64.rpm ppc64le: libxml2-2.9.1-6.el7_2.2.ppc64le.rpm libxml2-debuginfo-2.9.1-6.el7_2.2.ppc64le.rpm libxml2-devel-2.9.1-6.el7_2.2.ppc64le.rpm libxml2-python-2.9.1-6.el7_2.2.ppc64le.rpm s390x: libxml2-2.9.1-6.el7_2.2.s390.rpm libxml2-2.9.1-6.el7_2.2.s390x.rpm libxml2-debuginfo-2.9.1-6.el7_2.2.s390.rpm libxml2-debuginfo-2.9.1-6.el7_2.2.s390x.rpm libxml2-devel-2.9.1-6.el7_2.2.s390.rpm libxml2-devel-2.9.1-6.el7_2.2.s390x.rpm libxml2-python-2.9.1-6.el7_2.2.s390x.rpm x86_64: libxml2-2.9.1-6.el7_2.2.i686.rpm libxml2-2.9.1-6.el7_2.2.x86_64.rpm libxml2-debuginfo-2.9.1-6.el7_2.2.i686.rpm libxml2-debuginfo-2.9.1-6.el7_2.2.x86_64.rpm libxml2-devel-2.9.1-6.el7_2.2.i686.rpm libxml2-devel-2.9.1-6.el7_2.2.x86_64.rpm libxml2-python-2.9.1-6.el7_2.2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): aarch64: libxml2-debuginfo-2.9.1-6.el7_2.2.aarch64.rpm libxml2-static-2.9.1-6.el7_2.2.aarch64.rpm ppc64: libxml2-debuginfo-2.9.1-6.el7_2.2.ppc.rpm libxml2-debuginfo-2.9.1-6.el7_2.2.ppc64.rpm libxml2-static-2.9.1-6.el7_2.2.ppc.rpm libxml2-static-2.9.1-6.el7_2.2.ppc64.rpm ppc64le: libxml2-debuginfo-2.9.1-6.el7_2.2.ppc64le.rpm libxml2-static-2.9.1-6.el7_2.2.ppc64le.rpm s390x: libxml2-debuginfo-2.9.1-6.el7_2.2.s390.rpm libxml2-debuginfo-2.9.1-6.el7_2.2.s390x.rpm libxml2-static-2.9.1-6.el7_2.2.s390.rpm libxml2-static-2.9.1-6.el7_2.2.s390x.rpm x86_64: libxml2-debuginfo-2.9.1-6.el7_2.2.i686.rpm libxml2-debuginfo-2.9.1-6.el7_2.2.x86_64.rpm libxml2-static-2.9.1-6.el7_2.2.i686.rpm libxml2-static-2.9.1-6.el7_2.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: libxml2-2.9.1-6.el7_2.2.src.rpm x86_64: libxml2-2.9.1-6.el7_2.2.i686.rpm libxml2-2.9.1-6.el7_2.2.x86_64.rpm libxml2-debuginfo-2.9.1-6.el7_2.2.i686.rpm libxml2-debuginfo-2.9.1-6.el7_2.2.x86_64.rpm libxml2-devel-2.9.1-6.el7_2.2.i686.rpm libxml2-devel-2.9.1-6.el7_2.2.x86_64.rpm libxml2-python-2.9.1-6.el7_2.2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: libxml2-debuginfo-2.9.1-6.el7_2.2.i686.rpm libxml2-debuginfo-2.9.1-6.el7_2.2.x86_64.rpm libxml2-static-2.9.1-6.el7_2.2.i686.rpm libxml2-static-2.9.1-6.el7_2.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-1819 https://access.redhat.com/security/cve/CVE-2015-5312 https://access.redhat.com/security/cve/CVE-2015-7497 https://access.redhat.com/security/cve/CVE-2015-7498 https://access.redhat.com/security/cve/CVE-2015-7499 https://access.redhat.com/security/cve/CVE-2015-7500 https://access.redhat.com/security/cve/CVE-2015-7941 https://access.redhat.com/security/cve/CVE-2015-7942 https://access.redhat.com/security/cve/CVE-2015-8241 https://access.redhat.com/security/cve/CVE-2015-8242 https://access.redhat.com/security/cve/CVE-2015-8317 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWZZK6XlSAg2UNWIIRAlx5AKCfIxP9TLM+V/vmQq6MVeUpjiGltgCgnOgZ IOmptwborGrgz5fLqra3STg= =bVgd -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 6) - i386, x86_64 3. ============================================================================ Ubuntu Security Notice USN-2834-1 December 14, 2015 libxml2 vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 15.10 - Ubuntu 15.04 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: libxml2 could be made to crash if it opened a specially crafted file. (CVE-2015-5312, CVE-2015-7497, CVE-2015-7498, CVE-2015-7499,CVE-2015-7500) Hugh Davenport discovered that libxml2 incorrectly handled certain malformed documents. (CVE-2015-8241, CVE-2015-8242) Hanno Boeck discovered that libxml2 incorrectly handled certain malformed documents. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-8317) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 15.10: libxml2 2.9.2+zdfsg1-4ubuntu0.2 Ubuntu 15.04: libxml2 2.9.2+dfsg1-3ubuntu0.2 Ubuntu 14.04 LTS: libxml2 2.9.1+dfsg1-3ubuntu4.6 Ubuntu 12.04 LTS: libxml2 2.7.8.dfsg-5.1ubuntu4.13 After a standard system update you need to reboot your computer to make all the necessary changes

Trust: 2.61

sources: NVD: CVE-2015-5312 // JVNDB: JVNDB-2015-006431 // BID: 79536 // VULHUB: VHN-83273 // VULMON: CVE-2015-5312 // PACKETSTORM: 136344 // PACKETSTORM: 136343 // PACKETSTORM: 135045 // PACKETSTORM: 134655 // PACKETSTORM: 134651 // PACKETSTORM: 134787

AFFECTED PRODUCTS

vendor:hpmodel:icewall federation agentscope:eqversion:3.0

Trust: 1.9

vendor:hpmodel:icewall file managerscope:eqversion:3.0

Trust: 1.9

vendor:applemodel:watchosscope:lteversion:2.1

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:12.04

Trust: 1.0

vendor:redhatmodel:enterprise linux desktopscope:eqversion:6.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:14.04

Trust: 1.0

vendor:redhatmodel:enterprise linux serverscope:eqversion:6.0

Trust: 1.0

vendor:redhatmodel:enterprise linux workstationscope:eqversion:6.0

Trust: 1.0

vendor:redhatmodel:enterprise linux hpc nodescope:eqversion:6.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:8.0

Trust: 1.0

vendor:applemodel:mac os xscope:lteversion:10.11.3

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:15.04

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:15.10

Trust: 1.0

vendor:applemodel:tvosscope:lteversion:9.1

Trust: 1.0

vendor:xmlsoftmodel:libxml2scope:lteversion:2.9.2

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:7.0

Trust: 1.0

vendor:applemodel:iphone osscope:lteversion:9.2.1

Trust: 1.0

vendor:canonicalmodel:ubuntuscope:eqversion:12.04 lts

Trust: 0.8

vendor:canonicalmodel:ubuntuscope:eqversion:14.04 lts

Trust: 0.8

vendor:canonicalmodel:ubuntuscope:eqversion:15.04

Trust: 0.8

vendor:canonicalmodel:ubuntuscope:eqversion:15.10

Trust: 0.8

vendor:xmlsoftmodel:libxml2scope:ltversion:2.9.3

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.10.5

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.11 to 10.11.3

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.9.5

Trust: 0.8

vendor:applemodel:iosscope:ltversion:9.3 (ipad 2 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:9.3 (iphone 4s or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:9.3 (ipod touch first 5 after generation )

Trust: 0.8

vendor:applemodel:tvosscope:ltversion:9.2 (apple tv first 4 generation )

Trust: 0.8

vendor:applemodel:watchosscope:ltversion:2.2 (apple watch edition)

Trust: 0.8

vendor:applemodel:watchosscope:ltversion:2.2 (apple watch hermes)

Trust: 0.8

vendor:applemodel:watchosscope:ltversion:2.2 (apple watch sport)

Trust: 0.8

vendor:applemodel:watchosscope:ltversion:2.2 (apple watch)

Trust: 0.8

vendor:red hatmodel:enterprise linux desktopscope:eqversion:(v. 6)

Trust: 0.8

vendor:red hatmodel:enterprise linux desktopscope:eqversion:(v. 7)

Trust: 0.8

vendor:red hatmodel:enterprise linux hpc nodescope:eqversion:(v. 6)

Trust: 0.8

vendor:red hatmodel:enterprise linux hpc nodescope:eqversion:(v. 7)

Trust: 0.8

vendor:red hatmodel:enterprise linux serverscope:eqversion:(v. 6)

Trust: 0.8

vendor:red hatmodel:enterprise linux serverscope:eqversion:(v. 7)

Trust: 0.8

vendor:red hatmodel:enterprise linux server eusscope:eqversion:(v. 6.7.z)

Trust: 0.8

vendor:red hatmodel:enterprise linux workstationscope:eqversion:(v. 6)

Trust: 0.8

vendor:red hatmodel:enterprise linux workstationscope:eqversion:(v. 7)

Trust: 0.8

vendor:applemodel:iosscope:eqversion:30

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7

Trust: 0.3

vendor:ibmmodel:informix generoscope:eqversion:2.32

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.2.0.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4

Trust: 0.3

vendor:applemodel:watchscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.2.09

Trust: 0.3

vendor:debianmodel:linux armscope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.211

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.11.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3

Trust: 0.3

vendor:debianmodel:linux ia-64scope:eqversion:6.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.0.1

Trust: 0.3

vendor:ibmmodel:powerkvmscope:eqversion:2.1

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:2.3.0

Trust: 0.3

vendor:ibmmodel:connections docs ifixscope:neversion:1.0.5002

Trust: 0.3

vendor:redhatmodel:enterprise linux serverscope:eqversion:6

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.2.0.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.2.08

Trust: 0.3

vendor:ibmmodel:informix generoscope:eqversion:2.41

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:2.0

Trust: 0.3

vendor:ibmmodel:rational systems testerscope:eqversion:3.3.0.4

Trust: 0.3

vendor:redhatmodel:enterprise linux serverscope:eqversion:7

Trust: 0.3

vendor:ibmmodel:connections docsscope:eqversion:1.0.2

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.214

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:2.4.0.4

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:neversion:2.9.3

Trust: 0.3

vendor:ibmmodel:connections docsscope:eqversion:1.0.5.1

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.2.0.1

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:5.3.1

Trust: 0.3

vendor:ibmmodel:smartcloud entry fpscope:eqversion:3.19

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:3.1.0.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.1

Trust: 0.3

vendor:redhatmodel:enterprise linux workstationscope:eqversion:6

Trust: 0.3

vendor:ibmmodel:powerkvmscope:eqversion:3.1

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.1.0.410

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.1.08

Trust: 0.3

vendor:ibmmodel:rational systems testerscope:eqversion:3.3.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1.2

Trust: 0.3

vendor:applemodel:ios betascope:eqversion:8.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.4

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:eqversion:2.24

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:2.4.0.3

Trust: 0.3

vendor:redhatmodel:enterprise linux workstationscope:eqversion:7

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fixpacscope:eqversion:3.2

Trust: 0.3

vendor:redhatmodel:enterprise linux desktopscope:eqversion:7

Trust: 0.3

vendor:ibmmodel:rational systems testerscope:eqversion:3.3.0.7

Trust: 0.3

vendor:ibmmodel:rational systems testerscope:eqversion:3.3.0.5

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.2.0.5

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.213

Trust: 0.3

vendor:applemodel:ios betascope:eqversion:64

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.1

Trust: 0.3

vendor:ibmmodel:cognos business intelligencescope:eqversion:10.1.1

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.219

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:2.0.1

Trust: 0.3

vendor:ibmmodel:powerkvm sp3scope:eqversion:2.1.1

Trust: 0.3

vendor:ibmmodel:powerkvm buildscope:eqversion:2.1.165.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.113

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.10

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.1

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fiscope:eqversion:2.2.0.4

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:2.3.0.4

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:9.1.1

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:eqversion:3.11

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.1.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.0

Trust: 0.3

vendor:ibmmodel:powerkvm buildscope:neversion:2.1.165.6

Trust: 0.3

vendor:debianmodel:linux sparcscope:eqversion:6.0

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:0

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.9.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:40

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.3

Trust: 0.3

vendor:ibmmodel:rational systems tester interim fixscope:neversion:3.3.0.7

Trust: 0.3

vendor:ibmmodel:cognos business intelligencescope:eqversion:10.2.2

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.2.010

Trust: 0.3

vendor:ibmmodel:informix generoscope:eqversion:2.40

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:2.22

Trust: 0.3

vendor:ibmmodel:flex system managerscope:eqversion:1.3.4.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1.3

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.110

Trust: 0.3

vendor:ibmmodel:smartcloud entry fixpackscope:eqversion:3.2.0.413

Trust: 0.3

vendor:applemodel:iosscope:neversion:9.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.1

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fixpacscope:eqversion:3.1

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.1.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.1.1

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.2.0.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.5

Trust: 0.3

vendor:ibmmodel:powerkvm buildscope:eqversion:2.1.165.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.1

Trust: 0.3

vendor:ibmmodel:connections docs ifixscope:neversion:1.0.7006

Trust: 0.3

vendor:ibmmodel:bigfix security compliance analyticsscope:neversion:1.8

Trust: 0.3

vendor:ibmmodel:smartcloud entry fpscope:eqversion:3.110

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.1.0.3

Trust: 0.3

vendor:oraclemodel:solarisscope:eqversion:11.3

Trust: 0.3

vendor:ubuntumodel:linuxscope:eqversion:15.10

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:eqversion:3.21

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.0.2

Trust: 0.3

vendor:ibmmodel:connections docsscope:eqversion:1.0.6

Trust: 0.3

vendor:ibmmodel:informix generoscope:eqversion:2.50

Trust: 0.3

vendor:ibmmodel:powerkvm buildscope:eqversion:2.1.157

Trust: 0.3

vendor:ibmmodel:connections docsscope:eqversion:1.0.7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.4.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.1

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.2.0.4

Trust: 0.3

vendor:ibmmodel:rational systems tester interim fixscope:eqversion:3.3.0.7

Trust: 0.3

vendor:applemodel:tvscope:eqversion:0

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:1.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:50

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.1.2

Trust: 0.3

vendor:ibmmodel:powerkvm buildscope:eqversion:3.12

Trust: 0.3

vendor:ibmmodel:connections docsscope:eqversion:2.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.2

Trust: 0.3

vendor:ubuntumodel:linux ltsscope:eqversion:14.04

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1.4

Trust: 0.3

vendor:ibmmodel:cognos business intelligencescope:eqversion:10.2.1

Trust: 0.3

vendor:applemodel:mac os security updatescope:neversion:x2016-0020

Trust: 0.3

vendor:ibmmodel:powerkvm buildscope:eqversion:2.1.165.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.2.1

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:neversion:7.2.0.6

Trust: 0.3

vendor:redhatmodel:enterprise linux hpc nodescope:eqversion:6

Trust: 0.3

vendor:debianmodel:linux amd64scope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:2.32

Trust: 0.3

vendor:ibmmodel:bigfix security compliance analyticsscope:eqversion:1.7

Trust: 0.3

vendor:applemodel:ios betascope:eqversion:4.2

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:eqversion:2.44

Trust: 0.3

vendor:ibmmodel:connections docsscope:eqversion:1.0.3

Trust: 0.3

vendor:ibmmodel:security guardiumscope:eqversion:10.0

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:9.1

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:2.3.0.3

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.2.0.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11.1

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.1.0.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.2.0.4

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.9.2

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:0

Trust: 0.3

vendor:applemodel:watchosscope:neversion:2.2

Trust: 0.3

vendor:ibmmodel:smartcloud entry fixpackscope:eqversion:3.2.0.415

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:2.4.0

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:eqversion:2.34

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:2.2.0.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.6

Trust: 0.3

vendor:ibmmodel:smartcloud entry fixpackscope:eqversion:3.1.0.415

Trust: 0.3

vendor:ibmmodel:cognos business intelligencescope:eqversion:8.4.1

Trust: 0.3

vendor:debianmodel:linux ia-32scope:eqversion:6.0

Trust: 0.3

vendor:oraclemodel:solaris sruscope:neversion:11.35.6

Trust: 0.3

vendor:debianmodel:linux mipsscope:eqversion:6.0

Trust: 0.3

vendor:ubuntumodel:linux ltsscope:eqversion:12.04

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1.1

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.2.0.0

Trust: 0.3

vendor:ibmmodel:smartcloud entry fixpackscope:eqversion:3.1.0.412

Trust: 0.3

vendor:ibmmodel:sametime media serverscope:neversion:9.0.1

Trust: 0.3

vendor:ibmmodel:informix generoscope:eqversion:2.30

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.2.0.0

Trust: 0.3

vendor:ibmmodel:cognos business intelligencescope:eqversion:10.2.1.1

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:1.0

Trust: 0.3

vendor:applemodel:tvosscope:neversion:9.2

Trust: 0.3

vendor:ibmmodel:cognos business intelligencescope:eqversion:10.1

Trust: 0.3

vendor:ibmmodel:sametime media serverscope:eqversion:9.0

Trust: 0.3

vendor:applemodel:ios for developerscope:eqversion:6

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.7

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fiscope:eqversion:2.4.0.4

Trust: 0.3

vendor:oraclemodel:linuxscope:eqversion:0

Trust: 0.3

vendor:redhatmodel:enterprise linux server eus 6.7.zscope: - version: -

Trust: 0.3

vendor:ibmmodel:flex system managerscope:eqversion:1.3.3.0

Trust: 0.3

vendor:ibmmodel:cognos business intelligencescope:eqversion:10.2

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:2.2

Trust: 0.3

vendor:ibmmodel:powerkvm buildscope:neversion:3.13

Trust: 0.3

vendor:ibmmodel:connections docsscope:eqversion:1.0.5

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:2.21

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.1.09

Trust: 0.3

vendor:debianmodel:linux s/390scope:eqversion:6.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.2

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.2.0.2

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:3.2.0.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.2

Trust: 0.3

vendor:ibmmodel:connections docsscope:eqversion:1.0.4

Trust: 0.3

vendor:debianmodel:linux powerpcscope:eqversion:6.0

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:2.1

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:5.3.2

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:2.31

Trust: 0.3

vendor:ibmmodel:connections docs ifixscope:neversion:1.0.6003

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.218

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.1.0.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:2.42

Trust: 0.3

vendor:redhatmodel:enterprise linux hpc nodescope:eqversion:7

Trust: 0.3

vendor:ibmmodel:rational systems testerscope:eqversion:3.3.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.1

Trust: 0.3

vendor:ibmmodel:flex system managerscope:eqversion:1.3.20

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.4

Trust: 0.3

vendor:ibmmodel:connections docs ifixscope:neversion:2.0002

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.1

Trust: 0.3

vendor:ibmmodel:rational systems testerscope:eqversion:3.3.0.3

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fiscope:eqversion:2.3.0.4

Trust: 0.3

vendor:redhatmodel:enterprise linux desktopscope:eqversion:6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.2

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.2.0.411

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.3

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:2.2.0.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2

Trust: 0.3

vendor:ubuntumodel:linuxscope:eqversion:15.04

Trust: 0.3

vendor:ibmmodel:powerkvm buildscope:eqversion:2.1.158

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:2.4.0.5

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:2.4.01

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:9.0

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.10.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.1

Trust: 0.3

sources: BID: 79536 // JVNDB: JVNDB-2015-006431 // CNNVD: CNNVD-201512-443 // NVD: CVE-2015-5312

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-5312
value: HIGH

Trust: 1.0

NVD: CVE-2015-5312
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201512-443
value: MEDIUM

Trust: 0.6

VULHUB: VHN-83273
value: HIGH

Trust: 0.1

VULMON: CVE-2015-5312
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-5312
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-83273
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-83273 // VULMON: CVE-2015-5312 // JVNDB: JVNDB-2015-006431 // CNNVD: CNNVD-201512-443 // NVD: CVE-2015-5312

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

sources: VULHUB: VHN-83273 // JVNDB: JVNDB-2015-006431 // NVD: CVE-2015-5312

THREAT TYPE

remote

Trust: 0.9

sources: PACKETSTORM: 135045 // PACKETSTORM: 134655 // PACKETSTORM: 134651 // CNNVD: CNNVD-201512-443

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201512-443

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-006431

PATCH

title:APPLE-SA-2016-03-21-1 iOS 9.3url:http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html

Trust: 0.8

title:APPLE-SA-2016-03-21-2 watchOS 2.2url:http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html

Trust: 0.8

title:APPLE-SA-2016-03-21-3 tvOS 9.2url:http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html

Trust: 0.8

title:APPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update 2016-002url:http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html

Trust: 0.8

title:HT206169url:https://support.apple.com/en-us/HT206169

Trust: 0.8

title:HT206166url:https://support.apple.com/en-us/HT206166

Trust: 0.8

title:HT206167url:https://support.apple.com/en-us/HT206167

Trust: 0.8

title:HT206168url:https://support.apple.com/en-us/HT206168

Trust: 0.8

title:HT206166url:https://support.apple.com/ja-jp/HT206166

Trust: 0.8

title:HT206167url:https://support.apple.com/ja-jp/HT206167

Trust: 0.8

title:HT206168url:https://support.apple.com/ja-jp/HT206168

Trust: 0.8

title:HT206169url:https://support.apple.com/ja-jp/HT206169

Trust: 0.8

title:CVE-2015-5312 Another entity expansion issueurl:https://git.gnome.org/browse/libxml2/commit/?id=69030714cde66d525a8884bda01b9e8f0abf8e1e

Trust: 0.8

title:Bug 1276693url:https://bugzilla.redhat.com/show_bug.cgi?id=1276693

Trust: 0.8

title:RHSA-2015:2549url:https://rhn.redhat.com/errata/RHSA-2015-2549.html

Trust: 0.8

title:RHSA-2015:2550url:https://rhn.redhat.com/errata/RHSA-2015-2550.html

Trust: 0.8

title:TLSA-2016-3url:http://www.turbolinux.co.jp/security/2016/TLSA-2016-3j.html

Trust: 0.8

title:USN-2834-1url:http://www.ubuntu.com/usn/USN-2834-1/

Trust: 0.8

title:v2.9.3: Nov 20 2015url:http://xmlsoft.org/news.html

Trust: 0.8

title:libxml2'xmlStringLenDecodeEntities' Fixes for function resource management error vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=59232

Trust: 0.6

title:Red Hat: Moderate: libxml2 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20152549 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: libxml2 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20152550 - Security Advisory

Trust: 0.1

title:Red Hat: CVE-2015-5312url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2015-5312

Trust: 0.1

title:Ubuntu Security Notice: libxml2 vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-2834-1

Trust: 0.1

title:Apple: tvOS 9.2url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=ce338ecd7a3c82e55bcf20e44e532eea

Trust: 0.1

title:Debian CVElist Bug Report Logs: CVE-2015-8035: DoS with XZ compression support loopurl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=a019ec3e62995ba6fccfa99991a69e8e

Trust: 0.1

title:Debian CVElist Bug Report Logs: libxml2: CVE-2015-8241: Buffer overread with XML parser in xmlNextCharurl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=922e5d3f7941ba5ce004a1df5d62804d

Trust: 0.1

title:Debian CVElist Bug Report Logs: libxml2: CVE-2015-7942: heap-buffer-overflow in xmlParseConditionalSectionsurl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=b43558695a2829b2e8d380a917f49836

Trust: 0.1

title:Debian CVElist Bug Report Logs: libxml2: CVE-2015-1819: denial of service processing a crafted XML documenturl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=d4df89c444b497f8334824cafc13f268

Trust: 0.1

title:Debian CVElist Bug Report Logs: libxml2: out-of-bounds readurl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=7cf75e4a67dc759cf112b117265731c9

Trust: 0.1

title:Debian CVElist Bug Report Logs: libxml2: parsing an unclosed comment can result in `Conditional jump or move depends on uninitialised value(s)` and unsafe memory accessurl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=2e6915a419592c0eb35235af4b02c926

Trust: 0.1

title:Apple: watchOS 2.2url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=0cbe3084baf2e465ecd2cc68ad686a9a

Trust: 0.1

title:Debian Security Advisories: DSA-3430-1 libxml2 -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=b5464377ed0e849a889195e29c21e27c

Trust: 0.1

title:Apple: iOS 9.3url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=3ae8bd7fcbbf51e9c7fe356687ecd0cf

Trust: 0.1

title:Amazon Linux AMI: ALAS-2015-628url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2015-628

Trust: 0.1

title:Apple: OS X El Capitan v10.11.4 and Security Update 2016-002url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=ef054ba76412200e34091eb91c38c281

Trust: 0.1

title:Amazon Linux 2: ALAS2-2019-1220url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2019-1220

Trust: 0.1

title:Oracle Linux Bulletins: Oracle Linux Bulletin - October 2015url:https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins&qid=435ed9abc2fb1e74ce2a69605a01e326

Trust: 0.1

title:Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2016url:https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=eb439566c9130adc92d21bc093204cf8

Trust: 0.1

sources: VULMON: CVE-2015-5312 // JVNDB: JVNDB-2015-006431 // CNNVD: CNNVD-201512-443

EXTERNAL IDS

db:NVDid:CVE-2015-5312

Trust: 3.5

db:BIDid:79536

Trust: 2.1

db:SECTRACKid:1034243

Trust: 1.8

db:JVNid:JVNVU97668313

Trust: 0.8

db:JVNDBid:JVNDB-2015-006431

Trust: 0.8

db:CNNVDid:CNNVD-201512-443

Trust: 0.7

db:AUSCERTid:ESB-2023.3732

Trust: 0.6

db:PACKETSTORMid:134787

Trust: 0.2

db:PACKETSTORMid:134651

Trust: 0.2

db:PACKETSTORMid:135395

Trust: 0.1

db:VULHUBid:VHN-83273

Trust: 0.1

db:VULMONid:CVE-2015-5312

Trust: 0.1

db:PACKETSTORMid:136344

Trust: 0.1

db:PACKETSTORMid:136343

Trust: 0.1

db:PACKETSTORMid:135045

Trust: 0.1

db:PACKETSTORMid:134655

Trust: 0.1

sources: VULHUB: VHN-83273 // VULMON: CVE-2015-5312 // BID: 79536 // JVNDB: JVNDB-2015-006431 // PACKETSTORM: 136344 // PACKETSTORM: 136343 // PACKETSTORM: 135045 // PACKETSTORM: 134655 // PACKETSTORM: 134651 // PACKETSTORM: 134787 // CNNVD: CNNVD-201512-443 // NVD: CVE-2015-5312

REFERENCES

url:http://rhn.redhat.com/errata/rhsa-2015-2549.html

Trust: 2.2

url:http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html

Trust: 2.1

url:http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

Trust: 2.1

url:http://xmlsoft.org/news.html

Trust: 2.1

url:https://git.gnome.org/browse/libxml2/commit/?id=69030714cde66d525a8884bda01b9e8f0abf8e1e

Trust: 2.1

url:http://rhn.redhat.com/errata/rhsa-2015-2550.html

Trust: 1.9

url:http://www.ubuntu.com/usn/usn-2834-1

Trust: 1.9

url:http://www.securitytracker.com/id/1034243

Trust: 1.8

url:http://www.securityfocus.com/bid/79536

Trust: 1.8

url:http://lists.apple.com/archives/security-announce/2016/mar/msg00000.html

Trust: 1.8

url:http://lists.apple.com/archives/security-announce/2016/mar/msg00001.html

Trust: 1.8

url:http://lists.apple.com/archives/security-announce/2016/mar/msg00002.html

Trust: 1.8

url:http://lists.apple.com/archives/security-announce/2016/mar/msg00004.html

Trust: 1.8

url:http://www.debian.org/security/2015/dsa-3430

Trust: 1.8

url:https://security.gentoo.org/glsa/201701-37

Trust: 1.8

url:http://rhn.redhat.com/errata/rhsa-2016-1089.html

Trust: 1.8

url:https://bugzilla.redhat.com/show_bug.cgi?id=1276693

Trust: 1.8

url:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04944172

Trust: 1.8

url:https://support.apple.com/ht206166

Trust: 1.8

url:https://support.apple.com/ht206167

Trust: 1.8

url:https://support.apple.com/ht206168

Trust: 1.8

url:https://support.apple.com/ht206169

Trust: 1.8

url:http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html

Trust: 1.8

url:http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html

Trust: 1.8

url:http://marc.info/?l=bugtraq&m=145382616617563&w=2

Trust: 1.7

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5312

Trust: 0.8

url:http://jvn.jp/vu/jvnvu97668313/index.html

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5312

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2015-7499

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2015-5312

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2015-7500

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.3732

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2015-8242

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2015-7942

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2015-1819

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2015-7497

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2015-8241

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2015-8317

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2015-7498

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2015-5312

Trust: 0.3

url:http://www.pcre.org/

Trust: 0.3

url:https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04944172

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=isg3t1023350

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=isg3t1023873

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=isg3t1023983

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21981747

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21972720

Trust: 0.3

url:https://www-304.ibm.com/support/docview.wss?rs=630&uid=swg21973201

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21975225

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21975975

Trust: 0.3

url:swg21979513

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21979767

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21982607

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21985337

Trust: 0.3

url:http://www.ubuntu.com/usn/usn-2834-1/

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2015-8035

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2015-7941

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2016-1751

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2015-8659

Trust: 0.2

url:https://gpgtools.org

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-1753

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-1750

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-0801

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-1740

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-1752

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-1754

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-0802

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-1748

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2015-7941

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2015-8241

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2015-7942

Trust: 0.2

url:https://access.redhat.com/articles/11258

Trust: 0.2

url:https://access.redhat.com/security/team/contact/

Trust: 0.2

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2015-7500

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2015-7499

Trust: 0.2

url:https://bugzilla.redhat.com/):

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2015-7497

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2015-8242

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2015-8317

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2015-7498

Trust: 0.2

url:https://access.redhat.com/security/team/key/

Trust: 0.2

url:http://marc.info/?l=bugtraq&amp;m=145382616617563&amp;w=2

Trust: 0.1

url:https://cwe.mitre.org/data/definitions/399.html

Trust: 0.1

url:http://tools.cisco.com/security/center/viewalert.x?alertid=42279

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://usn.ubuntu.com/2834-1/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1755

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1784

Trust: 0.1

url:https://www.apple.com/support/security/pgp/

Trust: 0.1

url:https://support.apple.com/kb/ht1222

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1950

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1762

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1775

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1783

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7995

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1725

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1727

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1720

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1726

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1724

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1721

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1723

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1722

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1717

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1719

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-1819

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/libxml2/2.9.2+dfsg1-3ubuntu0.2

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/libxml2/2.9.1+dfsg1-3ubuntu4.6

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/libxml2/2.7.8.dfsg-5.1ubuntu4.13

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/libxml2/2.9.2+zdfsg1-4ubuntu0.2

Trust: 0.1

sources: VULHUB: VHN-83273 // VULMON: CVE-2015-5312 // BID: 79536 // JVNDB: JVNDB-2015-006431 // PACKETSTORM: 136344 // PACKETSTORM: 136343 // PACKETSTORM: 135045 // PACKETSTORM: 134655 // PACKETSTORM: 134651 // PACKETSTORM: 134787 // CNNVD: CNNVD-201512-443 // NVD: CVE-2015-5312

CREDITS

Kostya Serebryany of Google.

Trust: 0.3

sources: BID: 79536

SOURCES

db:VULHUBid:VHN-83273
db:VULMONid:CVE-2015-5312
db:BIDid:79536
db:JVNDBid:JVNDB-2015-006431
db:PACKETSTORMid:136344
db:PACKETSTORMid:136343
db:PACKETSTORMid:135045
db:PACKETSTORMid:134655
db:PACKETSTORMid:134651
db:PACKETSTORMid:134787
db:CNNVDid:CNNVD-201512-443
db:NVDid:CVE-2015-5312

LAST UPDATE DATE

2025-04-01T20:38:44.962000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-83273date:2019-03-08T00:00:00
db:VULMONid:CVE-2015-5312date:2019-03-08T00:00:00
db:BIDid:79536date:2016-07-22T17:00:00
db:JVNDBid:JVNDB-2015-006431date:2016-03-29T00:00:00
db:CNNVDid:CNNVD-201512-443date:2023-06-30T00:00:00
db:NVDid:CVE-2015-5312date:2024-11-21T02:32:46.387

SOURCES RELEASE DATE

db:VULHUBid:VHN-83273date:2015-12-15T00:00:00
db:VULMONid:CVE-2015-5312date:2015-12-15T00:00:00
db:BIDid:79536date:2015-12-17T00:00:00
db:JVNDBid:JVNDB-2015-006431date:2015-12-18T00:00:00
db:PACKETSTORMid:136344date:2016-03-22T15:12:44
db:PACKETSTORMid:136343date:2016-03-22T15:09:54
db:PACKETSTORMid:135045date:2015-12-24T17:31:30
db:PACKETSTORMid:134655date:2015-12-07T16:37:21
db:PACKETSTORMid:134651date:2015-12-07T16:36:51
db:PACKETSTORMid:134787date:2015-12-14T16:40:43
db:CNNVDid:CNNVD-201512-443date:2015-12-16T00:00:00
db:NVDid:CVE-2015-5312date:2015-12-15T21:59:00.113