ID

VAR-201609-0225


CVE

CVE-2016-4658


TITLE

plural Apple Product libxml2 Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2016-004928

DESCRIPTION

xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document. Apple iOS, OS X, tvOS, and watchOS are all products of the American company Apple (Apple). Apple iOS is an operating system developed for mobile devices; Apple OS X is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system; watchOS is a smart watch operating system. A memory corruption vulnerability exists in Libxml2 in several Apple products. The following versions are affected: versions prior to Apple iOS 10, versions prior to tvOS 10, versions prior to OS X 10.12, versions prior to watchOS 3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: libxml2 security update Advisory ID: RHSA-2021:3810-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:3810 Issue date: 2021-10-12 CVE Names: CVE-2016-4658 ===================================================================== 1. Summary: An update for libxml2 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix(es): * libxml2: Use after free via namespace node in XPointer ranges (CVE-2016-4658) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The desktop must be restarted (log out, then log back in) for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1384424 - CVE-2016-4658 libxml2: Use after free via namespace node in XPointer ranges 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: libxml2-2.9.1-6.el7_9.6.src.rpm x86_64: libxml2-2.9.1-6.el7_9.6.i686.rpm libxml2-2.9.1-6.el7_9.6.x86_64.rpm libxml2-debuginfo-2.9.1-6.el7_9.6.i686.rpm libxml2-debuginfo-2.9.1-6.el7_9.6.x86_64.rpm libxml2-python-2.9.1-6.el7_9.6.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: libxml2-debuginfo-2.9.1-6.el7_9.6.i686.rpm libxml2-debuginfo-2.9.1-6.el7_9.6.x86_64.rpm libxml2-devel-2.9.1-6.el7_9.6.i686.rpm libxml2-devel-2.9.1-6.el7_9.6.x86_64.rpm libxml2-static-2.9.1-6.el7_9.6.i686.rpm libxml2-static-2.9.1-6.el7_9.6.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: libxml2-2.9.1-6.el7_9.6.src.rpm x86_64: libxml2-2.9.1-6.el7_9.6.i686.rpm libxml2-2.9.1-6.el7_9.6.x86_64.rpm libxml2-debuginfo-2.9.1-6.el7_9.6.i686.rpm libxml2-debuginfo-2.9.1-6.el7_9.6.x86_64.rpm libxml2-python-2.9.1-6.el7_9.6.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: libxml2-debuginfo-2.9.1-6.el7_9.6.i686.rpm libxml2-debuginfo-2.9.1-6.el7_9.6.x86_64.rpm libxml2-devel-2.9.1-6.el7_9.6.i686.rpm libxml2-devel-2.9.1-6.el7_9.6.x86_64.rpm libxml2-static-2.9.1-6.el7_9.6.i686.rpm libxml2-static-2.9.1-6.el7_9.6.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: libxml2-2.9.1-6.el7_9.6.src.rpm ppc64: libxml2-2.9.1-6.el7_9.6.ppc.rpm libxml2-2.9.1-6.el7_9.6.ppc64.rpm libxml2-debuginfo-2.9.1-6.el7_9.6.ppc.rpm libxml2-debuginfo-2.9.1-6.el7_9.6.ppc64.rpm libxml2-devel-2.9.1-6.el7_9.6.ppc.rpm libxml2-devel-2.9.1-6.el7_9.6.ppc64.rpm libxml2-python-2.9.1-6.el7_9.6.ppc64.rpm ppc64le: libxml2-2.9.1-6.el7_9.6.ppc64le.rpm libxml2-debuginfo-2.9.1-6.el7_9.6.ppc64le.rpm libxml2-devel-2.9.1-6.el7_9.6.ppc64le.rpm libxml2-python-2.9.1-6.el7_9.6.ppc64le.rpm s390x: libxml2-2.9.1-6.el7_9.6.s390.rpm libxml2-2.9.1-6.el7_9.6.s390x.rpm libxml2-debuginfo-2.9.1-6.el7_9.6.s390.rpm libxml2-debuginfo-2.9.1-6.el7_9.6.s390x.rpm libxml2-devel-2.9.1-6.el7_9.6.s390.rpm libxml2-devel-2.9.1-6.el7_9.6.s390x.rpm libxml2-python-2.9.1-6.el7_9.6.s390x.rpm x86_64: libxml2-2.9.1-6.el7_9.6.i686.rpm libxml2-2.9.1-6.el7_9.6.x86_64.rpm libxml2-debuginfo-2.9.1-6.el7_9.6.i686.rpm libxml2-debuginfo-2.9.1-6.el7_9.6.x86_64.rpm libxml2-devel-2.9.1-6.el7_9.6.i686.rpm libxml2-devel-2.9.1-6.el7_9.6.x86_64.rpm libxml2-python-2.9.1-6.el7_9.6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: libxml2-debuginfo-2.9.1-6.el7_9.6.ppc.rpm libxml2-debuginfo-2.9.1-6.el7_9.6.ppc64.rpm libxml2-static-2.9.1-6.el7_9.6.ppc.rpm libxml2-static-2.9.1-6.el7_9.6.ppc64.rpm ppc64le: libxml2-debuginfo-2.9.1-6.el7_9.6.ppc64le.rpm libxml2-static-2.9.1-6.el7_9.6.ppc64le.rpm s390x: libxml2-debuginfo-2.9.1-6.el7_9.6.s390.rpm libxml2-debuginfo-2.9.1-6.el7_9.6.s390x.rpm libxml2-static-2.9.1-6.el7_9.6.s390.rpm libxml2-static-2.9.1-6.el7_9.6.s390x.rpm x86_64: libxml2-debuginfo-2.9.1-6.el7_9.6.i686.rpm libxml2-debuginfo-2.9.1-6.el7_9.6.x86_64.rpm libxml2-static-2.9.1-6.el7_9.6.i686.rpm libxml2-static-2.9.1-6.el7_9.6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: libxml2-2.9.1-6.el7_9.6.src.rpm x86_64: libxml2-2.9.1-6.el7_9.6.i686.rpm libxml2-2.9.1-6.el7_9.6.x86_64.rpm libxml2-debuginfo-2.9.1-6.el7_9.6.i686.rpm libxml2-debuginfo-2.9.1-6.el7_9.6.x86_64.rpm libxml2-devel-2.9.1-6.el7_9.6.i686.rpm libxml2-devel-2.9.1-6.el7_9.6.x86_64.rpm libxml2-python-2.9.1-6.el7_9.6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: libxml2-debuginfo-2.9.1-6.el7_9.6.i686.rpm libxml2-debuginfo-2.9.1-6.el7_9.6.x86_64.rpm libxml2-static-2.9.1-6.el7_9.6.i686.rpm libxml2-static-2.9.1-6.el7_9.6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-4658 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYWWqlNzjgjWX9erEAQglcQ//SUNNJGppCVp7noool8BcQdiZYbHQYIZc Ip2xZN+MskEdApJVdj+miteXwKbQlzOBC2O7NxxTagWuQd/ZTeojWIBbpN3wDWK4 iEHxXnJxSCc5Mnz98gW5uiiuOZ7YYNenqpf0CwiR8TTaCfzRZviHA5nt6uRCsOoF XnNRQBkGevmh4VE1J8Mn2aD1fZrvxa1K5SywrF01ZI8ySjqEvm0lajuQD/4evvi8 gcjJlkCx8l/IOD4LowDCXrdxG/eiTYGpLYOdE6ZSOAX+pW4MtJm8R+gusQ+jwyJ+ pe5ITvZw2lycRboQEdr0bg/PiMJfguKA0tbf2Ra096ka1VThIFMZO7SDxhAjtohr v/M3Q+4uLIMei1KapYHo09RO7QwAzViT2p3ycsU+9mEVRNJZcCAeVY3naRkaMEnQ SuM57XSYJXJN7w8tQGzFTnzrZZYKv0XkrMG+sIiVgBAQKgPAppomE1PIeORIJqbb PeASp+08mO37T0Aw5e4SUuzd+MiE7LtGE9RzNzFTWMqT2qQptezmJx/+x0FRu3fv UcfEicz2xh0aV4wptaY4wnqvd4juAOO+AgY5QabO4KZPdvvpcMyQ6twt+sdehQjl 03ChiCTvXyZmWO+IhdEYqGWeh9i6eWoK3QF3cZOXOQSLfNKKvGPJMfHYxch18nU/ aV/GyGATRM8= =M6KE -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Summary: The Migration Toolkit for Containers (MTC) 1.6.3 is now available. Description: The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Bugs fixed (https://bugzilla.redhat.com/): 2019088 - "MigrationController" CR displays syntax error when unquiescing applications 2021666 - Route name longer than 63 characters causes direct volume migration to fail 2021668 - "MigrationController" CR ignores the "cluster_subdomain" value for direct volume migration routes 2022017 - CVE-2021-3948 mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC) 2024966 - Manifests not used by Operator Lifecycle Manager must be removed from the MTC 1.6 Operator image 2027196 - "migration-controller" pod goes into "CrashLoopBackoff" state if an invalid registry route is entered on the "Clusters" page of the web console 2027382 - "Copy oc describe/oc logs" window does not close automatically after timeout 2028841 - "rsync-client" container fails during direct volume migration with "Address family not supported by protocol" error 2031793 - "migration-controller" pod goes into "CrashLoopBackOff" state if "MigPlan" CR contains an invalid "includedResources" resource 2039852 - "migration-controller" pod goes into "CrashLoopBackOff" state if "MigPlan" CR contains an invalid "destMigClusterRef" or "srcMigClusterRef" 5. =========================================================================== Ubuntu Security Notice USN-3235-1 March 16, 2017 libxml2 vulnerabilities =========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.10 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: Several security issues were fixed in libxml2. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS, and Ubuntu 16.04 LTS. (CVE-2016-4448) It was discovered that libxml2 incorrectly handled certain malformed documents. (CVE-2016-4658) Nick Wellnhofer discovered that libxml2 incorrectly handled certain malformed documents. (CVE-2016-5131) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.10: libxml2 2.9.4+dfsg1-2ubuntu0.1 Ubuntu 16.04 LTS: libxml2 2.9.3+dfsg1-1ubuntu0.2 Ubuntu 14.04 LTS: libxml2 2.9.1+dfsg1-3ubuntu4.9 Ubuntu 12.04 LTS: libxml2 2.7.8.dfsg-5.1ubuntu4.17 After a standard system update you need to reboot your computer to make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-09-20-5 watchOS 3 The watchOS 3 advisory has been updated to include additional entries as noted below. Audio Available for: All Apple Watch models Impact: A remote attacker may be able to execute arbitrary code Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4702: YoungJin Yoon, MinSik Shin, HoJae Han, Sunghyun Park, and Taekyoung Kwon of Information Security Lab, Yonsei University Entry added September 20, 2016 CFNetwork Available for: All Apple Watch models Impact: Processing maliciously crafted web content may compromise user information Description: An input validation issue existed in the parsing of the set-cookie header. This issue was addressed through improved validation checking. CVE-2016-4708: Dawid Czagan of Silesia Security Lab Entry added September 20, 2016 CoreCrypto Available for: All Apple Watch models Impact: An application may be able to execute arbitrary code Description: An out-of-bounds write issue was addressed by removing the vulnerable code. CVE-2016-4712: Gergo Koteles Entry added September 20, 2016 FontParser Available for: All Apple Watch models Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: A buffer overflow existed in the handling of font files. This issue was addressed through improved bounds checking. CVE-2016-4718: Apple Entry added September 20, 2016 GeoServices Available for: All Apple Watch models Impact: An application may be able to read sensitive location information Description: A permissions issue existed in PlaceData. This issue was addressed through improved permission validation. CVE-2016-4719: Razvan Deaconescu, Mihai Chiroiu (University POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi (TU Darmstadt) IOAcceleratorFamily Available for: All Apple Watch models Impact: Processing maliciously crafted web content may result in the disclosure of process memory Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4725: Rodger Combs of Plex, Inc. Entry added September 20, 2016 IOAcceleratorFamily Available for: All Apple Watch models Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4726: An anonymous researcher Entry added September 20, 2016 Kernel Available for: All Apple Watch models Impact: A remote attacker may be able to cause a denial of service Description: A lock handling issue was addressed through improved lock handling. CVE-2016-4772: Marc Heuse of mh-sec Entry added September 20, 2016 Kernel Available for: All Apple Watch models Impact: An application may be able to determine kernel memory layout Description: Multiple out-of-bounds read issues existed that led to the disclosure of kernel memory. These were addressed through improved input validation. CVE-2016-4773: Brandon Azad CVE-2016-4774: Brandon Azad CVE-2016-4776: Brandon Azad Entry added September 20, 2016 Kernel Available for: All Apple Watch models Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4775: Brandon Azad Entry added September 20, 2016 Kernel Available for: All Apple Watch models Impact: An application may be able to execute arbitrary code with kernel privileges Description: An untrusted pointer dereference was addressed by removing the affected code. CVE-2016-4777: Lufeng Li of Qihoo 360 Vulcan Team Entry added September 20, 2016 Kernel Available for: All Apple Watch models Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4778: CESG Entry added September 20, 2016 libxml2 Available for: All Apple Watch models Impact: Multiple issues in libxml2, the most significant of which may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4658: Nick Wellnhofer CVE-2016-5131: Nick Wellnhofer Entry added September 20, 2016 libxslt Available for: All Apple Watch models Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4738: Nick Wellnhofer Entry added September 20, 2016 Security Available for: All Apple Watch models Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in signed disk images. This issue was addressed through improved size validation. CVE-2016-4753: Mark Mentovai of Google Inc. Entry added September 20, 2016 WebKit Available for: All Apple Watch models Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4737: Apple Entry added September 20, 2016 Installation note: Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJX4YPQAAoJEIOj74w0bLRG8S0QAIkepFBcosbmZLpY04hlt+Ah yHXnqKyghV5Ribkl64KUQRkyPHDOGaEaErYEiscMtUqbFP/rnSM8ScFF65Oxxg/P 3NCGpKkedA0J4cMtb58x4nvWJe3GW8aV8iP4H7t65jCprdIAxZuniLjhGMtM0r7G a/A6cmpqhwL055RMr1c7ksC1oCk43BP5rZOlndqE9Ns6lw1F5RNmATbZgjHdPHkC xuml7fEdhRbt/lswdDMq7epIZFqDX7jlZig349oesZhsUVczQnRZtsdUQ695OZcd XSZisclix5b0t4Ett5HiarbYLYbalnz5ftU511Va9pf5VOGaZcl942cmns8CRbQy GT+qCk9TCMhtf6nqBTrX8MwSP481fa1OssLHE1rYGibBFpr0xqqXw70zzpl77w9I OT31mBtdrPor7luR7haXOMuwaD7Fbmj6sd3ph0p6wQQG0GZ/zsLRJtBJfFU2Qx1X fesFDPTyNrby4nMHaF6MGY04hME2zHApq0KHOtGfg3WaaIJWGbWY+xPAUW5kDLIf Q6u+8BVjCT1qvfK3oi93wA5FOqfqlud4LuMGdTehJL1PBTh93JnabQwZDuNjufg0 4p4j7jFIenYxdYgjbbCKrXu6PYTUB7yqMRDYAQN7hk4bKabwHacyqKmQbH5MCYXt yHVD9Vuo3lqcs8fMnUow =yYuL -----END PGP SIGNATURE----- . Description: Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/): 2050826 - CVE-2022-24348 gitops: Path traversal and dereference of symlinks when passing Helm value files 5. For the stable distribution (jessie), these problems have been fixed in version 2.9.1+dfsg1-5+deb8u4. For the testing distribution (stretch), these problems have been fixed in version 2.9.4+dfsg1-2.1. For the unstable distribution (sid), these problems have been fixed in version 2.9.4+dfsg1-2.1. We recommend that you upgrade your libxml2 packages. Summary: Red Hat Advanced Cluster Management for Kubernetes 2.1.12 General Availability release images, which provide security fixes and update the container images. Description: Red Hat Advanced Cluster Management for Kubernetes 2.1.12 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains updates to one or more container images for Red Hat Advanced Cluster Management for Kubernetes. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana gement_for_kubernetes/2.1/html/release_notes/ Security fixes: * redis: Lua scripts can overflow the heap-based Lua stack (CVE-2021-32626) * redis: Integer overflow issue with Streams (CVE-2021-32627) * redis: Integer overflow bug in the ziplist data structure (CVE-2021-32628) * redis: Integer overflow issue with intsets (CVE-2021-32687) * redis: Integer overflow issue with strings (CVE-2021-41099) * redis: Denial of service via Redis Standard Protocol (RESP) request (CVE-2021-32675) * redis: Out of bounds read in lua debugger protocol parser (CVE-2021-32672) For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Container updates: * RHACM 2.1.12 images (BZ# 2007489) 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To apply this upgrade, you must upgrade your OpenShift Container Platform version to 4.6, or later. Bugs fixed (https://bugzilla.redhat.com/): 2007489 - RHACM 2.1.12 images 2010991 - CVE-2021-32687 redis: Integer overflow issue with intsets 2011000 - CVE-2021-32675 redis: Denial of service via Redis Standard Protocol (RESP) request 2011001 - CVE-2021-32672 redis: Out of bounds read in lua debugger protocol parser 2011004 - CVE-2021-32628 redis: Integer overflow bug in the ziplist data structure 2011010 - CVE-2021-32627 redis: Integer overflow issue with Streams 2011017 - CVE-2021-32626 redis: Lua scripts can overflow the heap-based Lua stack 2011020 - CVE-2021-41099 redis: Integer overflow issue with strings 5

Trust: 2.52

sources: NVD: CVE-2016-4658 // JVNDB: JVNDB-2016-004928 // VULHUB: VHN-93477 // VULMON: CVE-2016-4658 // PACKETSTORM: 164562 // PACKETSTORM: 164491 // PACKETSTORM: 165631 // PACKETSTORM: 141667 // PACKETSTORM: 138795 // PACKETSTORM: 166051 // PACKETSTORM: 140266 // PACKETSTORM: 164583

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.11.6

Trust: 1.4

vendor:applemodel:iphone osscope:ltversion:10.0

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.12

Trust: 1.0

vendor:xmlsoftmodel:libxml2scope:ltversion:2.9.5

Trust: 1.0

vendor:applemodel:tvosscope:ltversion:10.0

Trust: 1.0

vendor:applemodel:watchosscope:ltversion:3.0

Trust: 1.0

vendor:applemodel:iosscope:ltversion:10 (ipad first 4 after generation )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:10 (iphone 5 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:10 (ipod touch first 6 after generation )

Trust: 0.8

vendor:applemodel:tvosscope:ltversion:10 (apple tv first 4 generation )

Trust: 0.8

vendor:applemodel:watchosscope:ltversion:3 (apple watch all models )

Trust: 0.8

vendor:applemodel:tvscope:eqversion:9.2.2

Trust: 0.6

vendor:applemodel:watchosscope:eqversion:2.2.2

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:9.3.5

Trust: 0.6

sources: JVNDB: JVNDB-2016-004928 // CNNVD: CNNVD-201609-485 // NVD: CVE-2016-4658

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-4658
value: CRITICAL

Trust: 1.0

NVD: CVE-2016-4658
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201609-485
value: CRITICAL

Trust: 0.6

VULHUB: VHN-93477
value: HIGH

Trust: 0.1

VULMON: CVE-2016-4658
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-4658
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-93477
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-4658
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-93477 // VULMON: CVE-2016-4658 // JVNDB: JVNDB-2016-004928 // CNNVD: CNNVD-201609-485 // NVD: CVE-2016-4658

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-93477 // JVNDB: JVNDB-2016-004928 // NVD: CVE-2016-4658

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 140266 // CNNVD: CNNVD-201609-485

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201609-485

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-004928

PATCH

title:Apple security updatesurl:https://support.apple.com/en-us/HT201222

Trust: 0.8

title:APPLE-SA-2016-09-20-3 iOS 10url:http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html

Trust: 0.8

title:APPLE-SA-2016-09-20-5 watchOS 3url:http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html

Trust: 0.8

title:APPLE-SA-2016-09-20-6 tvOS 10url:http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html

Trust: 0.8

title:APPLE-SA-2016-09-20 macOS Sierra 10.12url:http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html

Trust: 0.8

title:HT207142url:https://support.apple.com/en-us/HT207142

Trust: 0.8

title:HT207143url:https://support.apple.com/en-us/HT207143

Trust: 0.8

title:HT207170url:https://support.apple.com/en-us/HT207170

Trust: 0.8

title:HT207141url:https://support.apple.com/en-us/HT207141

Trust: 0.8

title:HT207141url:https://support.apple.com/ja-jp/HT207141

Trust: 0.8

title:HT207142url:https://support.apple.com/ja-jp/HT207142

Trust: 0.8

title:HT207143url:https://support.apple.com/ja-jp/HT207143

Trust: 0.8

title:HT207170url:https://support.apple.com/ja-jp/HT207170

Trust: 0.8

title:Multiple Apple product libxml2 Repair measures for memory corruption vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=64351

Trust: 0.6

title:Ubuntu Security Notice: libxml2 vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3235-1

Trust: 0.1

title:Debian CVElist Bug Report Logs: libxml2: CVE-2016-4658url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=875827e87aed79825801cf0c7dbfb4a3

Trust: 0.1

title:Debian CVElist Bug Report Logs: libxml2: CVE-2016-5131url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=9f32dd31cb36cd4b73309a01754e5056

Trust: 0.1

title:Arch Linux Advisories: [ASA-201611-2] libxml2: arbitrary code executionurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201611-2

Trust: 0.1

title:Arch Linux Issues: url:https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2016-4658

Trust: 0.1

title:Amazon Linux 2: ALAS2-2019-1301url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2019-1301

Trust: 0.1

title:Apple: watchOS 3url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=22c38e80657dfabed50745bf066b5d7e

Trust: 0.1

title:Apple: tvOS 10url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=2eacf5c3d1f3eca6b4d1466fef2589d7

Trust: 0.1

title:Apple: iOS 10url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=49cfe8e7b5abb7b955623b596efe5873

Trust: 0.1

title:Apple: macOS Sierra 10.12url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=56fe8957a503c1b7b6f00fbd6d759042

Trust: 0.1

title:Android Security Bulletins: Android Security Bulletin—June 2017url:https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=f9fbdf3aea1fd17035e18f77d6530ab1

Trust: 0.1

title:nagios-check-bundle-auditurl:https://github.com/tommarshall/nagios-check-bundle-audit

Trust: 0.1

title:afl-cveurl:https://github.com/mrash/afl-cve

Trust: 0.1

sources: VULMON: CVE-2016-4658 // JVNDB: JVNDB-2016-004928 // CNNVD: CNNVD-201609-485

EXTERNAL IDS

db:NVDid:CVE-2016-4658

Trust: 3.4

db:SECTRACKid:1038623

Trust: 1.8

db:SECTRACKid:1036858

Trust: 1.8

db:BIDid:93054

Trust: 1.8

db:PACKETSTORMid:165631

Trust: 0.8

db:PACKETSTORMid:164583

Trust: 0.8

db:PACKETSTORMid:166051

Trust: 0.8

db:JVNid:JVNVU90950877

Trust: 0.8

db:JVNid:JVNVU93841436

Trust: 0.8

db:JVNDBid:JVNDB-2016-004928

Trust: 0.8

db:CNNVDid:CNNVD-201609-485

Trust: 0.7

db:PACKETSTORMid:164562

Trust: 0.7

db:PACKETSTORMid:164491

Trust: 0.7

db:AUSCERTid:ESB-2022.0716

Trust: 0.6

db:AUSCERTid:ESB-2022.5666

Trust: 0.6

db:AUSCERTid:ESB-2021.3374

Trust: 0.6

db:AUSCERTid:ESB-2023.3732

Trust: 0.6

db:AUSCERTid:ESB-2022.0245

Trust: 0.6

db:AUSCERTid:ESB-2021.3499

Trust: 0.6

db:AUSCERTid:ESB-2021.3485

Trust: 0.6

db:CS-HELPid:SB2021101345

Trust: 0.6

db:CS-HELPid:SB2021111734

Trust: 0.6

db:PACKETSTORMid:138795

Trust: 0.2

db:PACKETSTORMid:140266

Trust: 0.2

db:VULHUBid:VHN-93477

Trust: 0.1

db:VULMONid:CVE-2016-4658

Trust: 0.1

db:PACKETSTORMid:141667

Trust: 0.1

sources: VULHUB: VHN-93477 // VULMON: CVE-2016-4658 // JVNDB: JVNDB-2016-004928 // PACKETSTORM: 164562 // PACKETSTORM: 164491 // PACKETSTORM: 165631 // PACKETSTORM: 141667 // PACKETSTORM: 138795 // PACKETSTORM: 166051 // PACKETSTORM: 140266 // PACKETSTORM: 164583 // CNNVD: CNNVD-201609-485 // NVD: CVE-2016-4658

REFERENCES

url:http://www.securityfocus.com/bid/93054

Trust: 1.9

url:http://lists.apple.com/archives/security-announce/2016/sep/msg00006.html

Trust: 1.8

url:http://lists.apple.com/archives/security-announce/2016/sep/msg00008.html

Trust: 1.8

url:http://lists.apple.com/archives/security-announce/2016/sep/msg00010.html

Trust: 1.8

url:http://lists.apple.com/archives/security-announce/2016/sep/msg00011.html

Trust: 1.8

url:https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b

Trust: 1.8

url:https://support.apple.com/ht207141

Trust: 1.8

url:https://support.apple.com/ht207142

Trust: 1.8

url:https://support.apple.com/ht207143

Trust: 1.8

url:https://support.apple.com/ht207170

Trust: 1.8

url:https://security.gentoo.org/glsa/201701-37

Trust: 1.8

url:http://www.securitytracker.com/id/1036858

Trust: 1.8

url:http://www.securitytracker.com/id/1038623

Trust: 1.8

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4658

Trust: 0.8

url:http://jvn.jp/vu/jvnvu93841436/index.html

Trust: 0.8

url:http://jvn.jp/vu/jvnvu90950877/index.html

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4658

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2016-4658

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2022.0245

Trust: 0.6

url:https://packetstormsecurity.com/files/164583/red-hat-security-advisory-2021-3949-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.3732

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021111734

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3485

Trust: 0.6

url:https://packetstormsecurity.com/files/166051/red-hat-security-advisory-2022-0580-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3374

Trust: 0.6

url:https://packetstormsecurity.com/files/165631/red-hat-security-advisory-2022-0202-04.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3499

Trust: 0.6

url:https://packetstormsecurity.com/files/164562/red-hat-security-advisory-2021-3925-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0716

Trust: 0.6

url:https://packetstormsecurity.com/files/164491/red-hat-security-advisory-2021-3810-01.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021101345

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.5666

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2016-4658

Trust: 0.5

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.5

url:https://access.redhat.com/security/team/contact/

Trust: 0.5

url:https://bugzilla.redhat.com/):

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2021-37750

Trust: 0.4

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2016-5131

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-22922

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-36222

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-32626

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-32687

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-22543

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-32626

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-41099

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-23840

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-22923

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-32675

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3656

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-3653

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-3656

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-22543

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-22924

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-37750

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-22922

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-22924

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-32675

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-41099

Trust: 0.2

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3653

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-32627

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-32687

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-37576

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-32628

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-32672

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-36222

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-23841

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-32627

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-32672

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-22923

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-23841

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-23840

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-32628

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-37576

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.2

url:https://access.redhat.com/articles/11258

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-16135

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3200

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-5827

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-27645

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-33574

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-13435

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-5827

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-24370

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-43527

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-14145

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-13751

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-19603

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-14145

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-35942

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-17594

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3572

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-12762

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-36086

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-13750

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-13751

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-22898

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-12762

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-16135

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-36084

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3800

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-17594

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-36087

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3712

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3445

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-13435

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-19603

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-22925

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-18218

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-20232

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-20838

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-22876

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-20231

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-14155

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-20838

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-20271

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-36085

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-33560

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-17595

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-42574

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-14155

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-28153

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-13750

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3426

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-18218

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3580

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-17595

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/119.html

Trust: 0.1

url:https://github.com/tommarshall/nagios-check-bundle-audit

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:http://tools.cisco.com/security/center/viewalert.x?alertid=48972

Trust: 0.1

url:https://usn.ubuntu.com/3235-1/

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21670

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-25648

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-21670

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-25741

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-23017

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25648

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-21671

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:3925

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-32690

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21671

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-32690

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23017

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-25741

Trust: 0.1

url:https://access.redhat.com/security/team/key/

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:3810

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-25013

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-25012

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27823

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-35522

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3733

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-1870

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-35524

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3575

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30758

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-25013

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-13558

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-15389

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-25009

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33938

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-5727

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33929

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-5785

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-41617

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30665

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-12973

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30689

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-20847

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30682

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33928

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-10001

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-25014

Trust: 0.1

url:https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22946

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-25012

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-35521

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-18032

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-1801

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3778

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33930

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-1765

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-20845

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-26927

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-20847

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-17541

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27918

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36331

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30749

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30795

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-5785

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-1788

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-31535

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-5727

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30744

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21775

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21806

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27814

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36330

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36241

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30797

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13558

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20266

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20321

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27842

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36332

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-1799

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-25010

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21779

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10001

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-29623

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3948

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22947

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-25014

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27828

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-12973

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-20845

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-1844

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3481

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-25009

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-1871

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-25010

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-29338

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30734

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-35523

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-26926

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30720

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-28650

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27843

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-24870

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3796

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27845

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-1789

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30663

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30799

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3272

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:0202

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-15389

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27824

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/libxml2/2.7.8.dfsg-5.1ubuntu4.17

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/libxml2/2.9.1+dfsg1-3ubuntu4.9

Trust: 0.1

url:http://www.ubuntu.com/usn/usn-3235-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/libxml2/2.9.3+dfsg1-1ubuntu0.2

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4448

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/libxml2/2.9.4+dfsg1-2ubuntu0.1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4708

Trust: 0.1

url:https://support.apple.com/kb/ht204641

Trust: 0.1

url:https://support.apple.com/kb/ht201222

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4773

Trust: 0.1

url:https://gpgtools.org

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4775

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4726

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4778

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4702

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4777

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4776

Trust: 0.1

url:https://www.apple.com/support/security/pgp/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4712

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4774

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4725

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4772

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4737

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4738

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4753

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4719

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4718

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:0580

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22876

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-33574

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-33560

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-40346

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-27645

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-20231

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-24370

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22925

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-39241

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22898

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-28153

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-24348

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3200

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-20271

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-44790

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-20232

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3521

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:3949

Trust: 0.1

sources: VULHUB: VHN-93477 // VULMON: CVE-2016-4658 // JVNDB: JVNDB-2016-004928 // PACKETSTORM: 164562 // PACKETSTORM: 164491 // PACKETSTORM: 165631 // PACKETSTORM: 141667 // PACKETSTORM: 138795 // PACKETSTORM: 166051 // PACKETSTORM: 140266 // PACKETSTORM: 164583 // CNNVD: CNNVD-201609-485 // NVD: CVE-2016-4658

CREDITS

MinSik Shin,YoungJin Yoon, Gergo Koteles, Sunghyun Park, Inc,and Taekyoung Kwon of Information Security Lab, Lufeng Li of Qihoo, Dawid Czagan of Silesia Security Lab, Rodger Combs of Plex, Brandon Azad, HoJae Han, Yonsei University, Marc Heuse of mh-sec

Trust: 0.6

sources: CNNVD: CNNVD-201609-485

SOURCES

db:VULHUBid:VHN-93477
db:VULMONid:CVE-2016-4658
db:JVNDBid:JVNDB-2016-004928
db:PACKETSTORMid:164562
db:PACKETSTORMid:164491
db:PACKETSTORMid:165631
db:PACKETSTORMid:141667
db:PACKETSTORMid:138795
db:PACKETSTORMid:166051
db:PACKETSTORMid:140266
db:PACKETSTORMid:164583
db:CNNVDid:CNNVD-201609-485
db:NVDid:CVE-2016-4658

LAST UPDATE DATE

2024-11-20T20:39:44.757000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-93477date:2019-03-13T00:00:00
db:VULMONid:CVE-2016-4658date:2019-03-13T00:00:00
db:JVNDBid:JVNDB-2016-004928date:2016-09-29T00:00:00
db:CNNVDid:CNNVD-201609-485date:2023-06-30T00:00:00
db:NVDid:CVE-2016-4658date:2019-03-13T14:05:10.147

SOURCES RELEASE DATE

db:VULHUBid:VHN-93477date:2016-09-25T00:00:00
db:VULMONid:CVE-2016-4658date:2016-09-25T00:00:00
db:JVNDBid:JVNDB-2016-004928date:2016-09-29T00:00:00
db:PACKETSTORMid:164562date:2021-10-20T15:45:47
db:PACKETSTORMid:164491date:2021-10-13T14:51:26
db:PACKETSTORMid:165631date:2022-01-20T17:48:29
db:PACKETSTORMid:141667date:2017-03-16T23:37:18
db:PACKETSTORMid:138795date:2016-09-20T17:02:22
db:PACKETSTORMid:166051date:2022-02-18T16:37:39
db:PACKETSTORMid:140266date:2016-12-24T17:05:07
db:PACKETSTORMid:164583date:2021-10-21T15:31:47
db:CNNVDid:CNNVD-201609-485date:2016-09-26T00:00:00
db:NVDid:CVE-2016-4658date:2016-09-25T10:59:02.343