ID

VAR-201605-0494


CVE

CVE-2016-1836


TITLE

Apple iOS , watchOS , OS X El Capitan with tvOS libxml2 Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-201605-482

DESCRIPTION

Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service via a crafted XML document. Apple Mac OS X, watchOS, iOS, and tvOS are prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code and bypass security restrictions. Failed exploit attempts may result in a denial-of-service condition. Versions prior to iOS 9.3.2, watchOS 2.2.1, Mac OS X 10.11.5, and tvOS 9.2.1 are vulnerable. in the United States. Apple iOS is an operating system developed for mobile devices; watchOS is a smart watch operating system; OS X El Capitan is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system. It supports multiple encoding formats, XPath analysis, Well-formed and valid verification, etc. This was addressed by enabling HTTPS for shared links. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201701-37 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: libxml2: Multiple vulnerabilities Date: January 16, 2017 Bugs: #564776, #566374, #572878, #573820, #577998, #582538, #582540, #583888, #589816, #597112, #597114, #597116 ID: 201701-37 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in libxml2, the worst of which could lead to the execution of arbitrary code. Background ========== libxml2 is the XML (eXtended Markup Language) C parser and toolkit initially developed for the Gnome project. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/libxml2 < 2.9.4-r1 >= 2.9.4-r1 Description =========== Multiple vulnerabilities have been discovered in libxml2. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All libxml2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.9.4-r1" References ========== [ 1 ] CVE-2015-1819 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1819 [ 2 ] CVE-2015-5312 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5312 [ 3 ] CVE-2015-7497 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7497 [ 4 ] CVE-2015-7498 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7498 [ 5 ] CVE-2015-7499 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7499 [ 6 ] CVE-2015-7500 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7500 [ 7 ] CVE-2015-7941 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7941 [ 8 ] CVE-2015-7942 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7942 [ 9 ] CVE-2015-8035 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8035 [ 10 ] CVE-2015-8242 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8242 [ 11 ] CVE-2015-8806 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8806 [ 12 ] CVE-2016-1836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1836 [ 13 ] CVE-2016-1838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1838 [ 14 ] CVE-2016-1839 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1839 [ 15 ] CVE-2016-1840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1840 [ 16 ] CVE-2016-2073 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2073 [ 17 ] CVE-2016-3627 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3627 [ 18 ] CVE-2016-3705 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3705 [ 19 ] CVE-2016-4483 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4483 [ 20 ] CVE-2016-4658 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4658 [ 21 ] CVE-2016-5131 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5131 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201701-37 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. License ======= Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . From: Marc Deslauriers <marc.deslauriers@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: ubuntu-security-announce@lists.ubuntu.com Message-ID: <5755B7E3.5040103@canonical.com> Subject: [USN-2994-1] libxml2 vulnerabilities ============================================================================ Ubuntu Security Notice USN-2994-1 June 06, 2016 libxml2 vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS - Ubuntu 15.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: Several security issues were fixed in libxml2. Software Description: - libxml2: GNOME XML library Details: It was discovered that libxml2 incorrectly handled certain malformed documents. (CVE-2015-8806, CVE-2016-2073, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447) It was discovered that libxml2 incorrectly handled certain malformed documents. (CVE-2016-1762, CVE-2016-1834) Mateusz Jurczyk discovered that libxml2 incorrectly handled certain malformed documents. (CVE-2016-1833, CVE-2016-1838, CVE-2016-1839) Wei Lei and Liu Yang discovered that libxml2 incorrectly handled certain malformed documents. (CVE-2016-1835, CVE-2016-1837) Wei Lei and Liu Yang discovered that libxml2 incorrectly handled certain malformed documents. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 15.10 and Ubuntu 16.04 LTS. (CVE-2016-1836) Kostya Serebryany discovered that libxml2 incorrectly handled certain malformed documents. (CVE-2016-1840) It was discovered that libxml2 would load certain XML external entities. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly obtain access to arbitrary files or cause resource consumption. (CVE-2016-4449) Gustavo Grieco discovered that libxml2 incorrectly handled certain malformed documents. (CVE-2016-4483) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: libxml2 2.9.3+dfsg1-1ubuntu0.1 Ubuntu 15.10: libxml2 2.9.2+zdfsg1-4ubuntu0.4 Ubuntu 14.04 LTS: libxml2 2.9.1+dfsg1-3ubuntu4.8 Ubuntu 12.04 LTS: libxml2 2.7.8.dfsg-5.1ubuntu4.15 After a standard system update you need to reboot your computer to make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-07-18-2 iOS 9.3.3 iOS 9.3.3 is now available and addresses the following: Calendar Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A maliciously crafted calendar invite may cause a device to unexpectedly restart Description: A null pointer dereference was addressed through improved memory handling. CVE-2016-4592 : Mikhail WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website may disclose image data from another website Description: A timing issue existed in the processing of SVG. CVE-2016-4587 : Apple WebKit JavaScript Bindings Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to script execution in the context of a non-HTTP service Description: A cross-protocol cross-site scripting (XPXSS) issue existed in Safari when submitting forms to non-HTTP services compatible with HTTP/0.9. This issue was addressed by disabling scripts and plugins on resources loaded over HTTP/0.9. CVE-2016-4651 : Obscure WebKit Page Loading Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious website may exfiltrate data cross-origin Description: A cross-site scripting issue existed in Safari URL redirection. CVE-2016-4585 : Takeshi Terada of Mitsui Bussan Secure Directions, Inc. CVE-2016-4584 : Chris Vienneau Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update 2016-004 OS X El Capitan v10.11.6 and Security Update 2016-004 is now available and addresses the following: apache_mod_php Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple issues existed in PHP versions prior to 5.5.36. These were addressed by updating PHP to version 5.5.36. CVE-2016-4650 Audio Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4647 : Juwei Lin (@fuzzerDOTcn) of Trend Micro Audio Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to determine kernel memory layout Description: An out-of-bounds read was addressed through improved input validation. CVE-2016-4648 : Juwei Lin(@fuzzerDOTcn) of Trend Micro Audio Available for: OS X El Capitan v10.11 and later Impact: Parsing a maliciously crafted audio file may lead to the disclosure of user information Description: An out-of-bounds read was addressed through improved bounds checking. CVE-2016-4646 : Steven Seeley of Source Incite working with Trend Micro's Zero Day Initiative Audio Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to cause a system denial of service Description: A null pointer dereference was addressed through improved input validation. CVE-2016-4649 : Juwei Lin(@fuzzerDOTcn) of Trend Micro bsdiff Available for: OS X El Capitan v10.11 and later Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: An integer overflow existed in bspatch. This issue was addressed through improved bounds checking. CVE-2014-9862 : an anonymous researcher CFNetwork Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to view sensitive user information Description: A permissions issue existed in the handling of web browser cookies. This issue was addressed through improved restrictions. CVE-2016-4645 : Abhinav Bansal of Zscaler Inc. CoreGraphics Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports) CoreGraphics Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to elevate privileges Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation. CVE-2016-4652 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative FaceTime Available for: OS X El Capitan v10.11 and later Impact: An attacker in a privileged network position may be able to cause a relayed call to continue transmitting audio while appearing as if the call terminated Description: User interface inconsistencies existed in the handling of relayed calls. These issues were addressed through improved FaceTime display logic. CVE-2016-4635 : Martin Vigo Graphics Drivers Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4634 : Stefan Esser of SektionEins ImageIO Available for: OS X El Capitan v10.11 and later Impact: A remote attacker may be able to cause a denial of service Description: A memory consumption issue was addressed through improved memory handling. CVE-2016-4632 : Evgeny Sidorov of Yandex ImageIO Available for: OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4631 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports) ImageIO Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4629 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports) CVE-2016-4630 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports) Intel Graphics Driver Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4633 : an anonymous researcher IOHIDFamily Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved input validation. CVE-2016-4626 : Stefan Esser of SektionEins IOSurface Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A use-after-free was addressed through improved memory management. CVE-2016-4625 : Ian Beer of Google Project Zero Kernel Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1863 : Ian Beer of Google Project Zero CVE-2016-1864 : Ju Zhu of Trend Micro CVE-2016-4582 : Shrek_wzw and Proteas of Qihoo 360 Nirvan Team Kernel Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to cause a system denial of service Description: A null pointer dereference was addressed through improved input validation. CVE-2016-1865 : CESG, Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent libc++abi Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with root privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4621 : an anonymous researcher libexpat Available for: OS X El Capitan v10.11 and later Impact: Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-0718 : Gustavo Grieco LibreSSL Available for: OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple issues existed in LibreSSL before 2.2.7. These were addressed by updating LibreSSL to version 2.2.7. CVE-2016-2108 : Huzaifa Sidhpurwala (Red Hat), Hanno Boeck, David Benjamin (Google) Mark Brand, Ian Beer of Google Project Zero CVE-2016-2109 : Brian Carpenter libxml2 Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information Description: An access issue existed in the parsing of maliciously crafted XML files. This issue was addressed through improved input validation. CVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-4448 : Apple CVE-2016-4483 : Gustavo Grieco CVE-2016-4614 : Nick Wellnhofe CVE-2016-4615 : Nick Wellnhofer CVE-2016-4616 : Michael Paddon CVE-2016-4619 : Hanno Boeck libxslt Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Multiple vulnerabilities in libxslt Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1684 : Nicolas GrA(c)goire CVE-2016-4607 : Nick Wellnhofer CVE-2016-4608 : Nicolas GrA(c)goire CVE-2016-4609 : Nick Wellnhofer CVE-2016-4610 : Nick Wellnhofer CVE-2016-4612 : Nicolas GrA(c)goire Login Window Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to execute arbitrary code leading to compromise of user information Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4640 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative Login Window Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to execute arbitrary code leading to the compromise of user information Description: A type confusion issue was addressed through improved memory handling. CVE-2016-4641 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative Login Window Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to cause a denial of service Description: A memory initialization issue was addressed through improved memory handling. CVE-2016-4639 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative Login Window Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to gain root privileges Description: A type confusion issue was addressed through improved memory handling. CVE-2016-4638 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative OpenSSL Available for: OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple issues existed in OpenSSL. These issues were resolved by backporting the fixes from OpenSSL 1.0.2h/1.0.1 to OpenSSL 0.9.8. CVE-2016-2105 : Guido Vranken CVE-2016-2106 : Guido Vranken CVE-2016-2107 : Juraj Somorovsky CVE-2016-2108 : Huzaifa Sidhpurwala (Red Hat), Hanno Boeck, David Benjamin (Google), Mark Brand and Ian Beer of Google Project Zero CVE-2016-2109 : Brian Carpenter CVE-2016-2176 : Guido Vranken QuickTime Available for: OS X El Capitan v10.11 and later Impact: Processing a maliciously crafted FlashPix Bitmap Image may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4596 : Ke Liu of Tencent's Xuanwu Lab CVE-2016-4597 : Ke Liu of Tencent's Xuanwu Lab CVE-2016-4600 : Ke Liu of Tencent's Xuanwu Lab CVE-2016-4602 : Ke Liu of Tencent's Xuanwu Lab QuickTime Available for: OS X El Capitan v10.11 and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4598 : Ke Liu of Tencent's Xuanwu Lab QuickTime Available for: OS X El Capitan v10.11 and later Impact: Processing a maliciously crafted SGI file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4601 : Ke Liu of Tencent's Xuanwu Lab QuickTime Available for: OS X El Capitan v10.11 and later Impact: Processing a maliciously crafted Photoshop document may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4599 : Ke Liu of Tencent's Xuanwu Lab Safari Login AutoFill Available for: OS X El Capitan v10.11 and later Impact: A user's password may be visible on screen Description: An issue existed in Safari's password auto-fill. This issue was addressed through improved matching of form fields. CVE-2016-4595 : Jonathan Lewis from DeARX Services (PTY) LTD Sandbox Profiles Available for: OS X El Capitan v10.11 and later Impact: A local application may be able to access the process list Description: An access issue existed with privileged API calls. This issue was addressed through additional restrictions. CVE-2016-4594 : Stefan Esser of SektionEins Note: OS X El Capitan 10.11.6 includes the security content of Safari 9.1.2. For further details see https://support.apple.com/kb/HT206900 OS X El Capitan v10.11.6 and Security Update 2016-004 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJXjXAvAAoJEIOj74w0bLRG/5EP/2v9SJTrO+/4b3A1gqC1ch8y +cJ04tXRsO7rvjKT5nCylo30U0Sanz/bUbDx4559YS7/P/IyeyZVheaTJwK8wzEy pSOPpy35hUuVIw0/p4YsuHDThSBPFMmDljTxH7elkfuBV1lPSrCkyDXc0re2HxWV xj68zAxtM0jkkhgcxb2ApZSZVXhrjUZtbY0xEVOoWKKFwbMvKfx+4xSqunwQeS1u wevs1EbxfvsZbc3pG+xYcOonbegBzOy9aCvNO1Yv1zG+AYXC5ERMq1vk3PsWOTQN ZVY1I7mvCaEfvmjq2isRw8XYapAIKISDLwMKBSYrZDQFwPQLRi1VXxQZ67Kq1M3k ah04/lr0RIcoosIcBqxD2+1UAFjUzEUNFkYivjhuaeegN2QdL7Ujegf1QjdAt8lk mmKduxYUDOaRX50Kw7n14ZveJqzE1D5I6QSItaZ9M1vR60a7u91DSj9D87vbt1YC JM/Rvf/4vonp1NjwA2JQwCiZfYliBDdn9iiCl8mzxdsSRD/wXcZCs05nnKmKsCfc 55ET7IwdG3622lVheOJGQZuucwJiTn36zC11XVzZysQd/hLD5rUKUQNX1WOgZdzs xPsslXF5MWx9jcdyWVSWxDrN0sFk+GpQFQDuVozP60xuxqR3qQ0TXir2NP39uIF5 YozOGPQFmX0OviWCQsX6 =ng+m -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Core Services Apache HTTP 2.4.23 Release Advisory ID: RHSA-2016:2957-01 Product: Red Hat JBoss Core Services Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2957.html Issue date: 2016-12-15 CVE Names: CVE-2012-1148 CVE-2014-3523 CVE-2014-8176 CVE-2015-0209 CVE-2015-0286 CVE-2015-3185 CVE-2015-3194 CVE-2015-3195 CVE-2015-3196 CVE-2015-3216 CVE-2016-0702 CVE-2016-0705 CVE-2016-0797 CVE-2016-0799 CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 CVE-2016-1835 CVE-2016-1836 CVE-2016-1837 CVE-2016-1838 CVE-2016-1839 CVE-2016-1840 CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2108 CVE-2016-2109 CVE-2016-2177 CVE-2016-2178 CVE-2016-2842 CVE-2016-3627 CVE-2016-3705 CVE-2016-4447 CVE-2016-4448 CVE-2016-4449 CVE-2016-4459 CVE-2016-4483 CVE-2016-5419 CVE-2016-5420 CVE-2016-6808 CVE-2016-7141 CVE-2016-8612 ===================================================================== 1. Summary: Red Hat JBoss Core Services httpd 2.4.23 is now available from the Red Hat Customer Portal for Solaris and Microsoft Windows systems. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: This release of Red Hat JBoss Core Services httpd 2.4.23 serves as a replacement for JBoss Core Services Apache HTTP Server 2.4.6. (CVE-2014-8176, CVE-2015-0209, CVE-2015-0286, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, CVE-2015-3216, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0799, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2177, CVE-2016-2178, CVE-2016-2842) * This update fixes several flaws in libxml2. (CVE-2016-1762, CVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449, CVE-2016-4483) * This update fixes three flaws in curl. (CVE-2016-5419, CVE-2016-5420, CVE-2016-7141) * This update fixes two flaws in httpd. (CVE-2016-4459, CVE-2016-8612) * A buffer overflow flaw when concatenating virtual host names and URIs was fixed in mod_jk. (CVE-2016-6808) * A memory leak flaw was fixed in expat. (CVE-2012-1148) Red Hat would like to thank the OpenSSL project for reporting CVE-2014-8176, CVE-2015-0286, CVE-2016-2108, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0799, and CVE-2016-2842. The CVE-2016-4459 issue was discovered by Robert Bost (Red Hat). Upstream acknowledges Stephen Henson (OpenSSL development team) as the original reporter of CVE-2015-0286; Huzaifa Sidhpurwala (Red Hat), Hanno BAPck, and David Benjamin (Google) as the original reporters of CVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2105, CVE-2016-2106, CVE-2016-0797, CVE-2016-0799, and CVE-2016-2842; Juraj Somorovsky as the original reporter of CVE-2016-2107; Yuval Yarom (University of Adelaide and NICTA), Daniel Genkin (Technion and Tel Aviv University), and Nadia Heninger (University of Pennsylvania) as the original reporters of CVE-2016-0702; and Adam Langley (Google/BoringSSL) as the original reporter of CVE-2016-0705. See the corresponding CVE pages linked to in the References section for more information about each of the flaws listed in this advisory. 3. Solution: The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files). After installing the updated packages, the httpd daemon will be restarted automatically. 4. Bugs fixed (https://bugzilla.redhat.com/): 801648 - CVE-2012-1148 expat: Memory leak in poolGrow 1121519 - CVE-2014-3523 httpd: WinNT MPM denial of service 1196737 - CVE-2015-0209 openssl: use-after-free on invalid EC private key import 1202366 - CVE-2015-0286 openssl: invalid pointer use in ASN1_TYPE_cmp() 1227574 - CVE-2015-3216 openssl: Crash in ssleay_rand_bytes due to locking regression 1228611 - CVE-2014-8176 OpenSSL: Invalid free in DTLS 1243888 - CVE-2015-3185 httpd: ap_some_auth_required() does not properly indicate authenticated request in 2.4 1288320 - CVE-2015-3194 OpenSSL: Certificate verify crash with missing PSS parameter 1288322 - CVE-2015-3195 OpenSSL: X509_ATTRIBUTE memory leak 1288326 - CVE-2015-3196 OpenSSL: Race condition handling PSK identify hint 1310596 - CVE-2016-0705 OpenSSL: Double-free in DSA code 1310599 - CVE-2016-0702 OpenSSL: Side channel attack on modular exponentiation 1311880 - CVE-2016-0797 OpenSSL: BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption 1312219 - CVE-2016-0799 OpenSSL: Fix memory issues in BIO_*printf functions 1314757 - CVE-2016-2842 openssl: doapr_outch function does not verify that certain memory allocation succeeds 1319829 - CVE-2016-3627 libxml2: stack exhaustion while parsing xml files in recovery mode 1330101 - CVE-2016-2109 openssl: ASN.1 BIO handling of large amounts of data 1331402 - CVE-2016-2108 openssl: Memory corruption in the ASN.1 encoder 1331426 - CVE-2016-2107 openssl: Padding oracle in AES-NI CBC MAC check 1331441 - CVE-2016-2105 openssl: EVP_EncodeUpdate overflow 1331536 - CVE-2016-2106 openssl: EVP_EncryptUpdate overflow 1332443 - CVE-2016-3705 libxml2: stack overflow before detecting invalid XML file 1332820 - CVE-2016-4483 libxml2: out-of-bounds read 1338682 - CVE-2016-1833 libxml2: Heap-based buffer overread in htmlCurrentChar 1338686 - CVE-2016-4447 libxml2: Heap-based buffer underreads due to xmlParseName 1338691 - CVE-2016-1835 libxml2: Heap use-after-free in xmlSAX2AttributeNs 1338696 - CVE-2016-1837 libxml2: Heap use-after-free in htmlPArsePubidLiteral and htmlParseSystemiteral 1338700 - CVE-2016-4448 libxml2: Format string vulnerability 1338701 - CVE-2016-4449 libxml2: Inappropriate fetch of entities content 1338702 - CVE-2016-1836 libxml2: Heap use-after-free in xmlDictComputeFastKey 1338703 - CVE-2016-1839 libxml2: Heap-based buffer overread in xmlDictAddString 1338705 - CVE-2016-1838 libxml2: Heap-based buffer overread in xmlPArserPrintFileContextInternal 1338706 - CVE-2016-1840 libxml2: Heap-buffer-overflow in xmlFAParserPosCharGroup 1338708 - CVE-2016-1834 libxml2: Heap-buffer-overflow in xmlStrncat 1338711 - CVE-2016-1762 libxml2: Heap-based buffer-overread in xmlNextChar 1341583 - CVE-2016-4459 mod_cluster: Buffer overflow in mod_manager when sending request with long JVMRoute 1341705 - CVE-2016-2177 openssl: Possible integer overflow vulnerabilities in codebase 1343400 - CVE-2016-2178 openssl: Non-constant time codepath followed for certain operations in DSA implementation 1362183 - CVE-2016-5419 curl: TLS session resumption client cert bypass 1362190 - CVE-2016-5420 curl: Re-using connection with wrong client cert 1373229 - CVE-2016-7141 curl: Incorrect reuse of client certificates 1382352 - CVE-2016-6808 mod_jk: Buffer overflow when concatenating virtual host name and URI 1387605 - CVE-2016-8612 JBCS mod_cluster: Protocol parsing logic error 5. JIRA issues fixed (https://issues.jboss.org/): JBCS-50 - CVE-2012-1148 CVE-2012-0876 expat: various flaws [jbews-3.0.0] JBCS-95 - CVE-2014-3523 httpd: WinNT MPM denial of service 6. References: https://access.redhat.com/security/cve/CVE-2012-1148 https://access.redhat.com/security/cve/CVE-2014-3523 https://access.redhat.com/security/cve/CVE-2014-8176 https://access.redhat.com/security/cve/CVE-2015-0209 https://access.redhat.com/security/cve/CVE-2015-0286 https://access.redhat.com/security/cve/CVE-2015-3185 https://access.redhat.com/security/cve/CVE-2015-3194 https://access.redhat.com/security/cve/CVE-2015-3195 https://access.redhat.com/security/cve/CVE-2015-3196 https://access.redhat.com/security/cve/CVE-2015-3216 https://access.redhat.com/security/cve/CVE-2016-0702 https://access.redhat.com/security/cve/CVE-2016-0705 https://access.redhat.com/security/cve/CVE-2016-0797 https://access.redhat.com/security/cve/CVE-2016-0799 https://access.redhat.com/security/cve/CVE-2016-1762 https://access.redhat.com/security/cve/CVE-2016-1833 https://access.redhat.com/security/cve/CVE-2016-1834 https://access.redhat.com/security/cve/CVE-2016-1835 https://access.redhat.com/security/cve/CVE-2016-1836 https://access.redhat.com/security/cve/CVE-2016-1837 https://access.redhat.com/security/cve/CVE-2016-1838 https://access.redhat.com/security/cve/CVE-2016-1839 https://access.redhat.com/security/cve/CVE-2016-1840 https://access.redhat.com/security/cve/CVE-2016-2105 https://access.redhat.com/security/cve/CVE-2016-2106 https://access.redhat.com/security/cve/CVE-2016-2107 https://access.redhat.com/security/cve/CVE-2016-2108 https://access.redhat.com/security/cve/CVE-2016-2109 https://access.redhat.com/security/cve/CVE-2016-2177 https://access.redhat.com/security/cve/CVE-2016-2178 https://access.redhat.com/security/cve/CVE-2016-2842 https://access.redhat.com/security/cve/CVE-2016-3627 https://access.redhat.com/security/cve/CVE-2016-3705 https://access.redhat.com/security/cve/CVE-2016-4447 https://access.redhat.com/security/cve/CVE-2016-4448 https://access.redhat.com/security/cve/CVE-2016-4449 https://access.redhat.com/security/cve/CVE-2016-4459 https://access.redhat.com/security/cve/CVE-2016-4483 https://access.redhat.com/security/cve/CVE-2016-5419 https://access.redhat.com/security/cve/CVE-2016-5420 https://access.redhat.com/security/cve/CVE-2016-6808 https://access.redhat.com/security/cve/CVE-2016-7141 https://access.redhat.com/security/cve/CVE-2016-8612 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.apachehttp&downloadType=distributions&version=2.4.23 https://access.redhat.com/documentation/en/red-hat-jboss-core-services-apache-http-server/version-2.4.23/apache-http-server-2423-release-notes/ 7. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYUxXtXlSAg2UNWIIRAm8yAKCDdIPhumydPcD3R7BVWXFnyHP/ZwCeJtAh OqjNSGx5/peirmVPrdVKUYE= =TZLU -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . CVE-2016-4594 : Stefan Esser of SektionEins Installation note: Instructions on how to update your Apple Watch software are available at https://support.apple.com/en-us/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About"

Trust: 2.07

sources: NVD: CVE-2016-1836 // BID: 90691 // VULHUB: VHN-90655 // VULMON: CVE-2016-1836 // PACKETSTORM: 137076 // PACKETSTORM: 140533 // PACKETSTORM: 137335 // PACKETSTORM: 137075 // PACKETSTORM: 137959 // PACKETSTORM: 137958 // PACKETSTORM: 140182 // PACKETSTORM: 137960

AFFECTED PRODUCTS

vendor:canonicalmodel:ubuntu linuxscope:eqversion:14.04

Trust: 1.6

vendor:canonicalmodel:ubuntu linuxscope:eqversion:16.04

Trust: 1.6

vendor:canonicalmodel:ubuntu linuxscope:eqversion:15.10

Trust: 1.6

vendor:canonicalmodel:ubuntu linuxscope:eqversion:12.04

Trust: 1.6

vendor:redhatmodel:enterprise linux server eusscope:eqversion:7.5

Trust: 1.0

vendor:redhatmodel:enterprise linux workstationscope:eqversion:6.0

Trust: 1.0

vendor:redhatmodel:enterprise linux serverscope:eqversion:6.0

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:9.3.2

Trust: 1.0

vendor:redhatmodel:enterprise linux server tusscope:eqversion:7.2

Trust: 1.0

vendor:redhatmodel:enterprise linux server eusscope:eqversion:7.3

Trust: 1.0

vendor:redhatmodel:enterprise linux server tusscope:eqversion:7.6

Trust: 1.0

vendor:redhatmodel:enterprise linux workstationscope:eqversion:7.0

Trust: 1.0

vendor:redhatmodel:enterprise linux serverscope:eqversion:7.0

Trust: 1.0

vendor:xmlsoftmodel:libxml2scope:ltversion:2.9.4

Trust: 1.0

vendor:applemodel:watchosscope:ltversion:2.2.1

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:7.2

Trust: 1.0

vendor:applemodel:tvosscope:ltversion:9.2.1

Trust: 1.0

vendor:redhatmodel:enterprise linux desktopscope:eqversion:6.0

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:7.4

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:7.6

Trust: 1.0

vendor:redhatmodel:enterprise linux server tusscope:eqversion:7.3

Trust: 1.0

vendor:mcafeemodel:web gatewayscope:lteversion:7.5.2.10

Trust: 1.0

vendor:mcafeemodel:web gatewayscope:gteversion:7.5.0.0

Trust: 1.0

vendor:mcafeemodel:web gatewayscope:lteversion:7.6.2.3

Trust: 1.0

vendor:redhatmodel:enterprise linux desktopscope:eqversion:7.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:8.0

Trust: 1.0

vendor:redhatmodel:enterprise linux server eusscope:eqversion:7.4

Trust: 1.0

vendor:redhatmodel:enterprise linux server eusscope:eqversion:7.2

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:7.3

Trust: 1.0

vendor:redhatmodel:enterprise linux server eusscope:eqversion:7.6

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.11.5

Trust: 1.0

vendor:mcafeemodel:web gatewayscope:gteversion:7.6.0.0

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:8.0

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.211

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.0.1

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6

Trust: 0.3

vendor:oraclemodel:linuxscope:eqversion:7

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11

Trust: 0.3

vendor:mcafeemodel:web gatewayscope:eqversion:7.6.2.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.0.1

Trust: 0.3

vendor:mcafeemodel:web gatewayscope:eqversion:7.6.2.0

Trust: 0.3

vendor:ibmmodel:security network protectionscope:neversion:5.3.2.4

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:11.1.3

Trust: 0.3

vendor:bluecoatmodel:advanced secure gatewayscope:eqversion:6.6

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.1.1.4

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.2.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.1

Trust: 0.3

vendor:ibmmodel:powerkvmscope:eqversion:3.1

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.1.0.410

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.4

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:eqversion:2.24

Trust: 0.3

vendor:mcafeemodel:web gatewayscope:neversion:7.7

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:8.2

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:5.3.1.7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.3

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.219

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:2.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.10

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fiscope:eqversion:2.2.0.4

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.1.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.3.1

Trust: 0.3

vendor:junipermodel:junos space 15.1f2scope: - version: -

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.2

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:2.22

Trust: 0.3

vendor:oraclemodel:solarisscope:eqversion:10

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.1.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11.2

Trust: 0.3

vendor:mcafeemodel:web gatewayscope:eqversion:7.6.2.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.1

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:eqversion:2.36

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.6.3

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:5.3.1.5

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.2.0.4

Trust: 0.3

vendor:mcafeemodel:web gatewayscope:eqversion:7.5.2.10

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:1.0.1

Trust: 0.3

vendor:junipermodel:junos space 15.1r2.11scope: - version: -

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.2.2.12

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.2.1

Trust: 0.3

vendor:bluecoatmodel:authconnectorscope:eqversion:2.5

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:eqversion:2.44

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.2.1

Trust: 0.3

vendor:mcafeemodel:email gateway 7.6.2h968406scope: - version: -

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:eqversion:2.46

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11.3

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:eqversion:2.26

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.405

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:11.1.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:11.0.3

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:11.0.0.163

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:7.3.2

Trust: 0.3

vendor:oraclemodel:vm server forscope:eqversion:x863.3

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:4.2.72

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1.1

Trust: 0.3

vendor:junipermodel:junos spacescope:eqversion:12.3

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:2.42

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.6

Trust: 0.3

vendor:applemodel:iosscope:neversion:9.3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:30

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8

Trust: 0.3

vendor:junipermodel:junos space 15.2r1scope: - version: -

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:8.0.2.20

Trust: 0.3

vendor:oraclemodel:linuxscope:eqversion:6

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.4.1.10

Trust: 0.3

vendor:applemodel:watchscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:powerkvmscope:eqversion:2.1

Trust: 0.3

vendor:mcafeemodel:web gatewayscope:eqversion:7.5.2.8

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:11.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.2.08

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:2.4.0.4

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:5.3.1

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:5.3.1.1

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.1.08

Trust: 0.3

vendor:bluecoatmodel:security analytics platformscope:eqversion:7.0

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:2.4.0.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.1

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.213

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11.4

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:6.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.0

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:eqversion:3.22

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.5.2

Trust: 0.3

vendor:bluecoatmodel:industrial control system protectionscope:eqversion:5.3

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.404

Trust: 0.3

vendor:ibmmodel:smartcloud entry fixpackscope:eqversion:3.2.0.413

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.1

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fixpacscope:eqversion:3.1

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.1.0.1

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.2.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.4

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:7.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.5

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.11.6

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:4.7.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:11.0.5

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.1.0.3

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.401

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:5.3.1.8

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.4.1

Trust: 0.3

vendor:oraclemodel:solarisscope:eqversion:11.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.0.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.1

Trust: 0.3

vendor:mcafeemodel:email gateway 7.6.405h1165239scope: - version: -

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:50

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.5.1.42

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:12.0.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.3

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:2.32

Trust: 0.3

vendor:mcafeemodel:web gatewayscope:neversion:7.5.2.11

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:5.3.2.3

Trust: 0.3

vendor:bluecoatmodel:norman network protectionscope:eqversion:5.3

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:2.4.0

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:eqversion:2.34

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6

Trust: 0.3

vendor:junipermodel:junos spacescope:eqversion:13.3

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.2.0.0

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.3.2

Trust: 0.3

vendor:ibmmodel:smartcloud entry fixpackscope:eqversion:3.1.0.412

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:11.0.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.5.1

Trust: 0.3

vendor:applemodel:watchosscope:neversion:2.2.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.0.1

Trust: 0.3

vendor:junipermodel:junos space 15.2r2scope: - version: -

Trust: 0.3

vendor:mcafeemodel:web gatewayscope:eqversion:7.6.2.3

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:2.21

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:6.0.1

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.1

Trust: 0.3

vendor:ibmmodel:smartcloud entry jre updatescope:eqversion:2.3.0.35

Trust: 0.3

vendor:ibmmodel:smartcloud entry fixpackscope:eqversion:2.3.0.33

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:2.1

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:5.3.2

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:2.31

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.218

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.1

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.0

Trust: 0.3

vendor:applemodel:iosscope:neversion:9.3.3

Trust: 0.3

vendor:ibmmodel:security network protectionscope:neversion:5.3.1.10

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.2.0.411

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.2.0.3

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:7.0.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.0.1.8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:2.3.0

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:12.3.2

Trust: 0.3

vendor:junipermodel:junos space 14.1r1.9scope: - version: -

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.214

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:5.3.2.1

Trust: 0.3

vendor:ibmmodel:smartcloud entry fpscope:eqversion:3.19

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:3.1.0.4

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.3.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:12.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:5.0

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.2.2

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fixpacscope:eqversion:3.2

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.403

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:6.0.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.113

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.1

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:2.3.0.4

Trust: 0.3

vendor:esignalmodel:esignalscope:eqversion:6.0.2

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:9.1.1

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:eqversion:3.11

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:11.1.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.3

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:7.3

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:5.3.2.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1.3

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.110

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:4.5

Trust: 0.3

vendor:junipermodel:junos space 16.1r1scope:neversion: -

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:11.2

Trust: 0.3

vendor:ibmmodel:smartcloud entry fpscope:eqversion:3.110

Trust: 0.3

vendor:bluecoatmodel:proxysgscope:eqversion:6.5

Trust: 0.3

vendor:ibmmodel:mq appliance m2001scope: - version: -

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.5.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:11.1.2

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:eqversion:3.21

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:8.1

Trust: 0.3

vendor:applemodel:tvscope:eqversion:0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5

Trust: 0.3

vendor:bluecoatmodel:security analytics platformscope:eqversion:6.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.1.2

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:5.3.1.6

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.4

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:2.3.0.3

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.1.0.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1

Trust: 0.3

vendor:ibmmodel:mq appliance m2000scope: - version: -

Trust: 0.3

vendor:oraclemodel:solaris sru11.6scope:neversion:11.3

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:11.0.1

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:2.2.0.4

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.7

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:12.4

Trust: 0.3

vendor:junipermodel:junos spacescope:eqversion:12.1

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.5

Trust: 0.3

vendor:ibmmodel:smartcloud entry fixpackscope:eqversion:3.1.0.415

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1.1

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:11.1

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fiscope:eqversion:2.4.0.4

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:11.1.1

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.1.09

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:3.2.0.4

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:2.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.2

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:5.3.1.4

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:11.0.4

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1.6

Trust: 0.3

vendor:ibmmodel:security identity governance and intelligencescope:eqversion:5.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.3

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:2.2.0.3

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.0.1

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:eqversion:3.12

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:2.4.0.5

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:2.4.01

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.10.5

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.4

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.4.0.80

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:4.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.8

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.2.09

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:11.0

Trust: 0.3

vendor:applemodel:mac os security updatescope:neversion:x2016-0030

Trust: 0.3

vendor:oraclemodel:vm server forscope:eqversion:x863.4

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.1.1

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:2.0

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.6.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.1.2

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.11.5

Trust: 0.3

vendor:ibmmodel:smartcloud entry jre updatescope:eqversion:2.3.0.34

Trust: 0.3

vendor:junipermodel:junos space 14.1r1scope: - version: -

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.3

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:0

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.9.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:40

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.3

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.2.010

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:5.3.1.2

Trust: 0.3

vendor:applemodel:itunesscope:neversion:12.4.2

Trust: 0.3

vendor:ibmmodel:smartcloud entry jre updatescope:eqversion:2.4.0.55

Trust: 0.3

vendor:bluecoatmodel:directorscope:eqversion:6.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:12.3

Trust: 0.3

vendor:applemodel:tvosscope:neversion:9.2.1

Trust: 0.3

vendor:mcafeemodel:web gatewayscope:neversion:7.6.2.4

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:6.0.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.4.1

Trust: 0.3

vendor:applemodel:mac os security updatescope:neversion:x2016

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.0

Trust: 0.3

vendor:mcafeemodel:web gatewayscope:eqversion:7.5.2.9

Trust: 0.3

vendor:applemodel:watchosscope:neversion:2.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1.4

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.1

Trust: 0.3

vendor:bluecoatmodel:industrial control systems network scannerscope:eqversion:5.3

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.2

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:9.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10

Trust: 0.3

vendor:ibmmodel:smartcloud entry fixpackscope:eqversion:2.4.0.55

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.400

Trust: 0.3

vendor:junipermodel:junos spacescope:eqversion:1.3

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:6.0.5

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:0

Trust: 0.3

vendor:ibmmodel:smartcloud entry fixpackscope:eqversion:3.2.0.415

Trust: 0.3

vendor:bluecoatmodel:proxysgscope:eqversion:6.6

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.0.3

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:9.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:4.8

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:1.0

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:5.3.1.9

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:5.3.1.3

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:2.2

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:neversion:7.6.406-3402.103

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:12.3.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:4.7

Trust: 0.3

vendor:junipermodel:junos spacescope:eqversion:11.2

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.1.0.4

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.6.1.7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1

Trust: 0.3

vendor:mcafeemodel:email gateway 7.6.405h1157986scope: - version: -

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fiscope:eqversion:2.3.0.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.2

Trust: 0.3

vendor:bluecoatmodel:security analytics platformscope:eqversion:7.1

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.402

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:9.0

Trust: 0.3

sources: BID: 90691 // CNNVD: CNNVD-201605-482 // NVD: CVE-2016-1836

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-1836
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-201605-482
value: MEDIUM

Trust: 0.6

VULHUB: VHN-90655
value: MEDIUM

Trust: 0.1

VULMON: CVE-2016-1836
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-1836
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-90655
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-1836
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-90655 // VULMON: CVE-2016-1836 // CNNVD: CNNVD-201605-482 // NVD: CVE-2016-1836

PROBLEMTYPE DATA

problemtype:CWE-416

Trust: 1.1

problemtype:CWE-119

Trust: 0.1

sources: VULHUB: VHN-90655 // NVD: CVE-2016-1836

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201605-482

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201605-482

PATCH

title:Apple iOS , watchOS , OS X El Capitan and tvOS libxml2 Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=61796

Trust: 0.6

title:Apple: iTunes 12.4.2 for Windowsurl:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=339c5983ed5d4c0416124ae9d69fd04c

Trust: 0.1

title:Apple: iCloud for Windows 5.2.1url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=51a96564f5e244335eb2e803eca179c4

Trust: 0.1

title:Apple: watchOS 2.2.1url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=ee2628a4bdc6cee776cdd4b03ea8fc3f

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Core Services Apache HTTP 2.4.23 Releaseurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20162957 - Security Advisory

Trust: 0.1

title:Apple: watchOS 2.2.2url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=fc1eeaa401404fa32e6565c94a51a370

Trust: 0.1

title:Apple: tvOS 9.2.2url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=9cb2b3a54d5cecfa5af6c947e8d6031c

Trust: 0.1

title:Ubuntu Security Notice: libxml2 vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-2994-1

Trust: 0.1

title:Apple: tvOS 9.2.1url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=22a8333fe6ca4f25dfb12984728f42d0

Trust: 0.1

title:Apple: iOS 9.3.2url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=d85657e8623d63e2afdb2287247cdad6

Trust: 0.1

title:Debian CVElist Bug Report Logs: libxml2: CVE-2016-2073: out-of-bounds read in htmlParseNameComplex()url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=e21c0505f8306f0416606e1a2ec5e18e

Trust: 0.1

title:Debian CVElist Bug Report Logs: libxml2: CVE-2016-3705: stack overflow before detecting invalid XML fileurl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=ed475d816a8279c18b15a9aac8146ada

Trust: 0.1

title:Debian CVElist Bug Report Logs: libxml2: Heap-buffer overread in libxml2/dict.curl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=1b5e8a6bfa7b3b48920376b728b6bbe2

Trust: 0.1

title:Debian CVElist Bug Report Logs: libxml2: CVE-2016-3627: stack exhaustion in libxml2 parsing xml files in recover modeurl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=7ad6e7048d3904deff82dbbe81adf528

Trust: 0.1

title:Debian CVElist Bug Report Logs: libxml2: CVE-2016-4483url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=17d0780fd9f0deb51d01d88ca9e90fe3

Trust: 0.1

title:Amazon Linux AMI: ALAS-2016-719url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2016-719

Trust: 0.1

title:Apple: OS X El Capitan v10.11.6 and Security Update 2016-004url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=0d15a2e676b3d7c13f2468e8bb26534c

Trust: 0.1

title:Apple: iOS 9.3.3url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=d61ee6bed9ca45acb3a9ebce2f29da36

Trust: 0.1

title:Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2016url:https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=ac5af5dd99788925425f5747ec672707

Trust: 0.1

title:Apple: OS X El Capitan v10.11.5 and Security Update 2016-003url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=3c550201b398ce302f3a9adf27215fda

Trust: 0.1

title:Symantec Security Advisories: SA129 : Multiple libxml2 Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories&qid=4306b2beef409e7d3306d20a4621babf

Trust: 0.1

title:Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - July 2016url:https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins&qid=6c15273f6bf4a785175f27073b98a1ce

Trust: 0.1

title:Oracle Linux Bulletins: Oracle Linux Bulletin - July 2016url:https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins&qid=0bd8c924b56aac98dda0f5b45f425f38

Trust: 0.1

title:Tenable Security Advisories: [R7] LCE 4.8.1 Fixes Multiple Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2016-18

Trust: 0.1

sources: VULMON: CVE-2016-1836 // CNNVD: CNNVD-201605-482

EXTERNAL IDS

db:NVDid:CVE-2016-1836

Trust: 2.9

db:MCAFEEid:SB10170

Trust: 2.1

db:BIDid:90691

Trust: 2.1

db:SECTRACKid:1035890

Trust: 1.8

db:TENABLEid:TNS-2016-18

Trust: 1.8

db:CNNVDid:CNNVD-201605-482

Trust: 0.7

db:AUSCERTid:ESB-2023.3732

Trust: 0.6

db:AUSCERTid:ESB-2020.2340

Trust: 0.6

db:JUNIPERid:JSA10770

Trust: 0.3

db:VULHUBid:VHN-90655

Trust: 0.1

db:VULMONid:CVE-2016-1836

Trust: 0.1

db:PACKETSTORMid:137076

Trust: 0.1

db:PACKETSTORMid:140533

Trust: 0.1

db:PACKETSTORMid:137335

Trust: 0.1

db:PACKETSTORMid:137075

Trust: 0.1

db:PACKETSTORMid:137959

Trust: 0.1

db:PACKETSTORMid:137958

Trust: 0.1

db:PACKETSTORMid:140182

Trust: 0.1

db:PACKETSTORMid:137960

Trust: 0.1

sources: VULHUB: VHN-90655 // VULMON: CVE-2016-1836 // BID: 90691 // PACKETSTORM: 137076 // PACKETSTORM: 140533 // PACKETSTORM: 137335 // PACKETSTORM: 137075 // PACKETSTORM: 137959 // PACKETSTORM: 137958 // PACKETSTORM: 140182 // PACKETSTORM: 137960 // CNNVD: CNNVD-201605-482 // NVD: CVE-2016-1836

REFERENCES

url:http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html

Trust: 2.1

url:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html

Trust: 2.1

url:http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

Trust: 2.1

url:https://kc.mcafee.com/corporate/index?page=content&id=sb10170

Trust: 2.0

url:https://security.gentoo.org/glsa/201701-37

Trust: 1.9

url:http://rhn.redhat.com/errata/rhsa-2016-2957.html

Trust: 1.9

url:http://www.ubuntu.com/usn/usn-2994-1

Trust: 1.9

url:http://lists.apple.com/archives/security-announce/2016/may/msg00001.html

Trust: 1.8

url:http://lists.apple.com/archives/security-announce/2016/may/msg00002.html

Trust: 1.8

url:http://lists.apple.com/archives/security-announce/2016/may/msg00003.html

Trust: 1.8

url:http://lists.apple.com/archives/security-announce/2016/may/msg00004.html

Trust: 1.8

url:http://lists.apple.com/archives/security-announce/2016/jul/msg00000.html

Trust: 1.8

url:http://lists.apple.com/archives/security-announce/2016/jul/msg00001.html

Trust: 1.8

url:http://lists.apple.com/archives/security-announce/2016/jul/msg00002.html

Trust: 1.8

url:http://lists.apple.com/archives/security-announce/2016/jul/msg00003.html

Trust: 1.8

url:http://lists.apple.com/archives/security-announce/2016/jul/msg00005.html

Trust: 1.8

url:http://www.securityfocus.com/bid/90691

Trust: 1.8

url:http://xmlsoft.org/news.html

Trust: 1.8

url:https://bugzilla.gnome.org/show_bug.cgi?id=759398

Trust: 1.8

url:https://git.gnome.org/browse/libxml2/commit/?id=45752d2c334b50016666d8f0ec3691e2d680f0a0

Trust: 1.8

url:https://support.apple.com/ht206564

Trust: 1.8

url:https://support.apple.com/ht206566

Trust: 1.8

url:https://support.apple.com/ht206567

Trust: 1.8

url:https://support.apple.com/ht206568

Trust: 1.8

url:https://support.apple.com/ht206899

Trust: 1.8

url:https://support.apple.com/ht206901

Trust: 1.8

url:https://support.apple.com/ht206902

Trust: 1.8

url:https://support.apple.com/ht206903

Trust: 1.8

url:https://support.apple.com/ht206904

Trust: 1.8

url:https://support.apple.com/ht206905

Trust: 1.8

url:https://www.tenable.com/security/tns-2016-18

Trust: 1.8

url:https://www.debian.org/security/2016/dsa-3593

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2016:1292

Trust: 1.8

url:http://www.securitytracker.com/id/1035890

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2016-1836

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2020.2340/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.3732

Trust: 0.6

url:https://support.apple.com/kb/ht201222

Trust: 0.5

url:https://gpgtools.org

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2016-1839

Trust: 0.5

url:https://www.apple.com/support/security/pgp/

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2016-1838

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2016-1840

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2016-4483

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2016-1837

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2016-1833

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2016-1834

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2016-4449

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2016-4447

Trust: 0.4

url:http://www.apple.com/ios/

Trust: 0.3

url:http://www.apple.com/accessibility/tvos/

Trust: 0.3

url:http://www.apple.com/watchos-2/

Trust: 0.3

url:http://www.apple.com/ipad/

Trust: 0.3

url:http://www.apple.com/iphone/

Trust: 0.3

url:http://www.apple.com/ipodtouch/

Trust: 0.3

url:http://www.apple.com/macosx/

Trust: 0.3

url:https://kb.juniper.net/infocenter/index?page=content&id=jsa10770&actp=rss

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=isg3t1024088

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=isg3t1024194

Trust: 0.3

url:https://kc.mcafee.com/resources/sites/mcafee/content/live/product_documentation/27000/pd27128/en_us/meg_7_6_406_3402_103_release_notes_en_us.pdf

Trust: 0.3

url:https://bto.bluecoat.com/security-advisory/sa129

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21986974

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21989043

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21990750

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2016-1835

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2016-1865

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2016-1863

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2016-4582

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2016-1864

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2016-4607

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2016-4448

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2016-1684

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2016-4594

Trust: 0.3

url:https://www.apple.com/itunes/

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-1823

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-1814

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-1829

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-1817

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-1819

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-1803

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-1827

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-1808

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-1830

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-1813

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-1811

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-1828

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-1807

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-1801

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-1818

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-1802

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-1824

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-1832

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-3705

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2015-8806

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-2073

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-3627

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-1762

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-4609

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-4612

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-4610

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-4608

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-2107

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-2109

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-2106

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-2108

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-2105

Trust: 0.2

url:https://kc.mcafee.com/corporate/index?page=content&amp;id=sb10170

Trust: 0.1

url:https://cwe.mitre.org/data/definitions/416.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://support.apple.com/kb/ht206901

Trust: 0.1

url:https://usn.ubuntu.com/2994-1/

Trust: 0.1

url:https://www.linkedin.com/in/rshupak)

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1831

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1790

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5131

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3705

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1840

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-8035

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1838

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3627

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4483

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-1819

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7942

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7499

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1839

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2073

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7499

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1836

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-8242

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-5312

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8806

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7498

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7941

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7942

Trust: 0.1

url:http://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8035

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7500

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-5131

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-5312

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7498

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7500

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7941

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1819

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7497

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4658

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8242

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4658

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7497

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/libxml2/2.9.2+zdfsg1-4ubuntu0.4

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/libxml2/2.9.3+dfsg1-1ubuntu0.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/libxml2/2.9.1+dfsg1-3ubuntu4.8

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/libxml2/2.7.8.dfsg-5.1ubuntu4.15

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1847

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1854

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1841

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4605

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4591

Trust: 0.1

url:https://www.tencent.com)

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4589

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4585

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4587

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4603

Trust: 0.1

url:https://www.mbsd.jp)

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4604

Trust: 0.1

url:https://www.tencent.com),

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4593

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4583

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4590

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4592

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4584

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-0718

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4599

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4601

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4600

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4597

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4596

Trust: 0.1

url:http://www.apple.com/support/downloads/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4595

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-9862

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4598

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4602

Trust: 0.1

url:https://support.apple.com/kb/ht206900

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-2176

Trust: 0.1

url:https://issues.jboss.org/):

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-0705

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-3196

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4448

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3216

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-2106

Trust: 0.1

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-0702

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-0797

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2014-8176

Trust: 0.1

url:https://bugzilla.redhat.com/):

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-6808

Trust: 0.1

url:https://access.redhat.com/documentation/en/red-hat-jboss-core-services-apache-http-server/version-2.4.23/apache-http-server-2423-release-notes/

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-3705

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-1838

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-2107

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-0799

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3196

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-1839

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3523

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-2177

Trust: 0.1

url:https://access.redhat.com/security/team/contact/

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4483

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2014-3523

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-2842

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-8612

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-1148

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-0797

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3185

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-0705

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-3185

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-3194

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-1833

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.apachehttp&downloadtype=distributions&version=2.4.23

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-2105

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-8176

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-1840

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-1836

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-1762

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-1835

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4449

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-0286

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-5420

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-2178

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3194

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-2108

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0286

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-3627

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2012-1148

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-1837

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-2109

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-1834

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3195

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0209

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-5419

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4459

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-0209

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-3195

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-0702

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-3216

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4447

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-7141

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-0799

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4637

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4616

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4626

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4627

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4619

Trust: 0.1

url:https://support.apple.com/en-us/ht204641

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4615

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4628

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4632

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4614

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4631

Trust: 0.1

sources: VULHUB: VHN-90655 // VULMON: CVE-2016-1836 // BID: 90691 // PACKETSTORM: 137076 // PACKETSTORM: 140533 // PACKETSTORM: 137335 // PACKETSTORM: 137075 // PACKETSTORM: 137959 // PACKETSTORM: 137958 // PACKETSTORM: 140182 // PACKETSTORM: 137960 // CNNVD: CNNVD-201605-482 // NVD: CVE-2016-1836

CREDITS

Apple

Trust: 0.5

sources: PACKETSTORM: 137076 // PACKETSTORM: 137075 // PACKETSTORM: 137959 // PACKETSTORM: 137958 // PACKETSTORM: 137960

SOURCES

db:VULHUBid:VHN-90655
db:VULMONid:CVE-2016-1836
db:BIDid:90691
db:PACKETSTORMid:137076
db:PACKETSTORMid:140533
db:PACKETSTORMid:137335
db:PACKETSTORMid:137075
db:PACKETSTORMid:137959
db:PACKETSTORMid:137958
db:PACKETSTORMid:140182
db:PACKETSTORMid:137960
db:CNNVDid:CNNVD-201605-482
db:NVDid:CVE-2016-1836

LAST UPDATE DATE

2024-12-21T20:51:09.181000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-90655date:2019-03-25T00:00:00
db:VULMONid:CVE-2016-1836date:2019-03-25T00:00:00
db:BIDid:90691date:2017-12-19T22:37:00
db:CNNVDid:CNNVD-201605-482date:2023-06-30T00:00:00
db:NVDid:CVE-2016-1836date:2024-11-21T02:47:11.130

SOURCES RELEASE DATE

db:VULHUBid:VHN-90655date:2016-05-20T00:00:00
db:VULMONid:CVE-2016-1836date:2016-05-20T00:00:00
db:BIDid:90691date:2016-05-16T00:00:00
db:PACKETSTORMid:137076date:2016-05-17T15:50:52
db:PACKETSTORMid:140533date:2017-01-17T02:26:10
db:PACKETSTORMid:137335date:2016-06-07T07:41:54
db:PACKETSTORMid:137075date:2016-05-17T15:48:27
db:PACKETSTORMid:137959date:2016-07-19T19:47:55
db:PACKETSTORMid:137958date:2016-07-19T19:45:20
db:PACKETSTORMid:140182date:2016-12-16T16:34:49
db:PACKETSTORMid:137960date:2016-07-19T20:00:50
db:CNNVDid:CNNVD-201605-482date:2016-05-20T00:00:00
db:NVDid:CVE-2016-1836date:2016-05-20T10:59:50.017