Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2017-2471
Vulnerability from cvelistv5
Published
2017-04-02 01:36
Modified
2024-08-05 13:55
Severity ?
EPSS score ?
Summary
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. watchOS before 3.2 is affected. The issue involves the "WebKit" component. A use-after-free vulnerability allows remote attackers to execute arbitrary code via a crafted web site.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T13:55:05.833Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1038137", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1038137", }, { name: "GLSA-201706-15", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201706-15", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/HT207602", }, { name: "97133", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/97133", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/HT207600", }, { name: "41813", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/41813/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1105", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/HT207617", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-03-28T00:00:00", descriptions: [ { lang: "en", value: "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. watchOS before 3.2 is affected. The issue involves the \"WebKit\" component. A use-after-free vulnerability allows remote attackers to execute arbitrary code via a crafted web site.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-15T09:57:01", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { name: "1038137", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1038137", }, { name: "GLSA-201706-15", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201706-15", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/HT207602", }, { name: "97133", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/97133", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/HT207600", }, { name: "41813", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/41813/", }, { tags: [ "x_refsource_MISC", ], url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1105", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/HT207617", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "product-security@apple.com", ID: "CVE-2017-2471", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. watchOS before 3.2 is affected. The issue involves the \"WebKit\" component. A use-after-free vulnerability allows remote attackers to execute arbitrary code via a crafted web site.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1038137", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1038137", }, { name: "GLSA-201706-15", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201706-15", }, { name: "https://support.apple.com/HT207602", refsource: "CONFIRM", url: "https://support.apple.com/HT207602", }, { name: "97133", refsource: "BID", url: "http://www.securityfocus.com/bid/97133", }, { name: "https://support.apple.com/HT207600", refsource: "CONFIRM", url: "https://support.apple.com/HT207600", }, { name: "41813", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/41813/", }, { name: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1105", refsource: "MISC", url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1105", }, { name: "https://support.apple.com/HT207617", refsource: "CONFIRM", url: "https://support.apple.com/HT207617", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2017-2471", datePublished: "2017-04-02T01:36:00", dateReserved: "2016-12-01T00:00:00", dateUpdated: "2024-08-05T13:55:05.833Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-2017-2471\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2017-04-02T01:59:03.403\",\"lastModified\":\"2024-11-21T03:23:35.593\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. watchOS before 3.2 is affected. The issue involves the \\\"WebKit\\\" component. A use-after-free vulnerability allows remote attackers to execute arbitrary code via a crafted web site.\"},{\"lang\":\"es\",\"value\":\"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.3 está afectado. Safari en versiones anteriores a 10.1 está afectado. watchOS en versiones anteriores a 3.2 está afectado. El problema involucra al componente \\\"WebKit\\\". Una vulnerabilidad de uso después de liberación permite a atacantes remotos ejecutar código arbitrario a través de un sitio web manipulado.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:10.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"300DD2AC-7126-491C-8B9F-9A218A6B2059\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:10.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6306F624-5FEE-4DF7-B420-B2FEC67E718B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:watchos:3.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5E0B97F-6D9F-4181-A661-4B0AFE162414\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/97133\",\"source\":\"product-security@apple.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1038137\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://bugs.chromium.org/p/project-zero/issues/detail?id=1105\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://security.gentoo.org/glsa/201706-15\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://support.apple.com/HT207600\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT207602\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT207617\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/41813/\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://www.securityfocus.com/bid/97133\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1038137\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugs.chromium.org/p/project-zero/issues/detail?id=1105\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/201706-15\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.apple.com/HT207600\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT207602\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT207617\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/41813/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}", }, }
fkie_cve-2017-2471
Vulnerability from fkie_nvd
Published
2017-04-02 01:59
Modified
2024-11-21 03:23
Severity ?
Summary
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. watchOS before 3.2 is affected. The issue involves the "WebKit" component. A use-after-free vulnerability allows remote attackers to execute arbitrary code via a crafted web site.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apple:safari:10.0.3:*:*:*:*:*:*:*", matchCriteriaId: "300DD2AC-7126-491C-8B9F-9A218A6B2059", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:10.2.1:*:*:*:*:*:*:*", matchCriteriaId: "6306F624-5FEE-4DF7-B420-B2FEC67E718B", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:3.1.3:*:*:*:*:*:*:*", matchCriteriaId: "C5E0B97F-6D9F-4181-A661-4B0AFE162414", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. watchOS before 3.2 is affected. The issue involves the \"WebKit\" component. A use-after-free vulnerability allows remote attackers to execute arbitrary code via a crafted web site.", }, { lang: "es", value: "Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.3 está afectado. Safari en versiones anteriores a 10.1 está afectado. watchOS en versiones anteriores a 3.2 está afectado. El problema involucra al componente \"WebKit\". Una vulnerabilidad de uso después de liberación permite a atacantes remotos ejecutar código arbitrario a través de un sitio web manipulado.", }, ], id: "CVE-2017-2471", lastModified: "2024-11-21T03:23:35.593", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-04-02T01:59:03.403", references: [ { source: "product-security@apple.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/97133", }, { source: "product-security@apple.com", url: "http://www.securitytracker.com/id/1038137", }, { source: "product-security@apple.com", url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1105", }, { source: "product-security@apple.com", url: "https://security.gentoo.org/glsa/201706-15", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/HT207600", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/HT207602", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/HT207617", }, { source: "product-security@apple.com", url: "https://www.exploit-db.com/exploits/41813/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/97133", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1038137", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1105", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/201706-15", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/HT207600", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/HT207602", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/HT207617", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.exploit-db.com/exploits/41813/", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-416", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
ghsa-73fg-98hg-p7mj
Vulnerability from github
Published
2022-05-17 02:12
Modified
2022-05-17 02:12
Severity ?
Details
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. watchOS before 3.2 is affected. The issue involves the "WebKit" component. A use-after-free vulnerability allows remote attackers to execute arbitrary code via a crafted web site.
{ affected: [], aliases: [ "CVE-2017-2471", ], database_specific: { cwe_ids: [ "CWE-416", ], github_reviewed: false, github_reviewed_at: null, nvd_published_at: "2017-04-02T01:59:00Z", severity: "HIGH", }, details: "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. watchOS before 3.2 is affected. The issue involves the \"WebKit\" component. A use-after-free vulnerability allows remote attackers to execute arbitrary code via a crafted web site.", id: "GHSA-73fg-98hg-p7mj", modified: "2022-05-17T02:12:43Z", published: "2022-05-17T02:12:43Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-2471", }, { type: "WEB", url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1105", }, { type: "WEB", url: "https://security.gentoo.org/glsa/201706-15", }, { type: "WEB", url: "https://support.apple.com/HT207600", }, { type: "WEB", url: "https://support.apple.com/HT207602", }, { type: "WEB", url: "https://support.apple.com/HT207617", }, { type: "WEB", url: "https://www.exploit-db.com/exploits/41813", }, { type: "WEB", url: "http://www.securityfocus.com/bid/97133", }, { type: "WEB", url: "http://www.securitytracker.com/id/1038137", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", type: "CVSS_V3", }, ], }
var-201704-0845
Vulnerability from variot
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. watchOS before 3.2 is affected. The issue involves the "WebKit" component. A use-after-free vulnerability allows remote attackers to execute arbitrary code via a crafted web site. Apple iOS , Safari ,and watchOS Used in etc. WebKit is prone to a remote code-execution vulnerability. Failed exploit attempts will likely cause denial-of-service conditions. watchOS is a smart watch operating system. Safari is a web browser that is the default browser included with the Mac OS X and iOS operating systems. iOS is an operating system developed for mobile devices. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. The following products and versions are affected: Apple watchOS prior to 3.2; Safari prior to 10.1; iOS prior to 10.3.
Gentoo Linux Security Advisory GLSA 201706-15
https://security.gentoo.org/
Severity: Normal Title: WebKitGTK+: Multiple vulnerabilities Date: June 07, 2017 Bugs: #543650, #573656, #577068, #608958, #614876, #619788 ID: 201706-15
Synopsis
Multiple vulnerabilities have been found in WebKitGTK+, the worst of which allows remote attackers to execute arbitrary code.
Background
WebKitGTK+ is a full-featured port of the WebKit rendering engine.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.16.3 >= 2.16.3
Description
Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All WebKitGTK+ users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.16.3:4"
References
[ 1 ] CVE-2015-2330 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2330 [ 2 ] CVE-2015-7096 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7096 [ 3 ] CVE-2015-7098 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7098 [ 4 ] CVE-2016-1723 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1723 [ 5 ] CVE-2016-1724 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1724 [ 6 ] CVE-2016-1725 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1725 [ 7 ] CVE-2016-1726 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1726 [ 8 ] CVE-2016-1727 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1727 [ 9 ] CVE-2016-1728 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1728 [ 10 ] CVE-2016-4692 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4692 [ 11 ] CVE-2016-4743 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4743 [ 12 ] CVE-2016-7586 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7586 [ 13 ] CVE-2016-7587 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7587 [ 14 ] CVE-2016-7589 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7589 [ 15 ] CVE-2016-7592 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7592 [ 16 ] CVE-2016-7598 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7598 [ 17 ] CVE-2016-7599 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7599 [ 18 ] CVE-2016-7610 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7610 [ 19 ] CVE-2016-7611 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7611 [ 20 ] CVE-2016-7623 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7623 [ 21 ] CVE-2016-7632 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7632 [ 22 ] CVE-2016-7635 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7635 [ 23 ] CVE-2016-7639 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7639 [ 24 ] CVE-2016-7640 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7640 [ 25 ] CVE-2016-7641 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7641 [ 26 ] CVE-2016-7642 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7642 [ 27 ] CVE-2016-7645 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7645 [ 28 ] CVE-2016-7646 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7646 [ 29 ] CVE-2016-7648 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7648 [ 30 ] CVE-2016-7649 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7649 [ 31 ] CVE-2016-7652 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7652 [ 32 ] CVE-2016-7654 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7654 [ 33 ] CVE-2016-7656 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7656 [ 34 ] CVE-2016-9642 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9642 [ 35 ] CVE-2016-9643 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9643 [ 36 ] CVE-2017-2350 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2350 [ 37 ] CVE-2017-2354 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2354 [ 38 ] CVE-2017-2355 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2355 [ 39 ] CVE-2017-2356 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2356 [ 40 ] CVE-2017-2362 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2362 [ 41 ] CVE-2017-2363 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2363 [ 42 ] CVE-2017-2364 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2364 [ 43 ] CVE-2017-2365 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2365 [ 44 ] CVE-2017-2366 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2366 [ 45 ] CVE-2017-2367 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2367 [ 46 ] CVE-2017-2369 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2369 [ 47 ] CVE-2017-2371 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2371 [ 48 ] CVE-2017-2373 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2373 [ 49 ] CVE-2017-2376 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2376 [ 50 ] CVE-2017-2377 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2377 [ 51 ] CVE-2017-2386 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2386 [ 52 ] CVE-2017-2392 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2392 [ 53 ] CVE-2017-2394 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2394 [ 54 ] CVE-2017-2395 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2395 [ 55 ] CVE-2017-2396 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2396 [ 56 ] CVE-2017-2405 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2405 [ 57 ] CVE-2017-2415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2415 [ 58 ] CVE-2017-2419 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2419 [ 59 ] CVE-2017-2433 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2433 [ 60 ] CVE-2017-2442 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2442 [ 61 ] CVE-2017-2445 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2445 [ 62 ] CVE-2017-2446 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2446 [ 63 ] CVE-2017-2447 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2447 [ 64 ] CVE-2017-2454 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2454 [ 65 ] CVE-2017-2455 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2455 [ 66 ] CVE-2017-2457 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2457 [ 67 ] CVE-2017-2459 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2459 [ 68 ] CVE-2017-2460 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2460 [ 69 ] CVE-2017-2464 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2464 [ 70 ] CVE-2017-2465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2465 [ 71 ] CVE-2017-2466 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2466 [ 72 ] CVE-2017-2468 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2468 [ 73 ] CVE-2017-2469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2469 [ 74 ] CVE-2017-2470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2470 [ 75 ] CVE-2017-2471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2471 [ 76 ] CVE-2017-2475 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2475 [ 77 ] CVE-2017-2476 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2476 [ 78 ] CVE-2017-2481 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2481 [ 79 ] CVE-2017-2496 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2496 [ 80 ] CVE-2017-2504 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2504 [ 81 ] CVE-2017-2505 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2505 [ 82 ] CVE-2017-2506 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2506 [ 83 ] CVE-2017-2508 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2508 [ 84 ] CVE-2017-2510 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2510 [ 85 ] CVE-2017-2514 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2514 [ 86 ] CVE-2017-2515 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2515 [ 87 ] CVE-2017-2521 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2521 [ 88 ] CVE-2017-2525 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2525 [ 89 ] CVE-2017-2526 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2526 [ 90 ] CVE-2017-2528 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2528 [ 91 ] CVE-2017-2530 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2530 [ 92 ] CVE-2017-2531 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2531 [ 93 ] CVE-2017-2536 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2536 [ 94 ] CVE-2017-2539 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2539 [ 95 ] CVE-2017-2544 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2544 [ 96 ] CVE-2017-2547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2547 [ 97 ] CVE-2017-2549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2549 [ 98 ] CVE-2017-6980 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6980 [ 99 ] CVE-2017-6984 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6984
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201706-15
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
--NcNxMnppmhackEL27c23XhPLDAAQ7GQcq--
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
APPLE-SA-2017-03-27-5 watchOS 3.2
watchOS 3.2 is now available and addresses the following:
Audio Available for: All Apple Watch models Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2017-2430: an anonymous researcher working with Trend Microas Zero Day Initiative CVE-2017-2462: an anonymous researcher working with Trend Microas Zero Day Initiative
Carbon Available for: All Apple Watch models Impact: Processing a maliciously crafted .dfont file may lead to arbitrary code execution Description: A buffer overflow existed in the handling of font files. This issue was addressed through improved bounds checking. CVE-2017-2379: John Villamil, Doyensec, riusksk (ae3aY=) of Tencent Security Platform Department
CoreGraphics Available for: All Apple Watch models Impact: Processing a maliciously crafted image may lead to a denial of service Description: An infinite recursion was addressed through improved state management. CVE-2017-2417: riusksk (ae3aY=) of Tencent Security Platform Department
CoreGraphics Available for: All Apple Watch models Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved input validation. CVE-2017-2444: Mei Wang of 360 GearTeam
CoreText Available for: All Apple Watch models Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2017-2435: John Villamil, Doyensec
CoreText Available for: All Apple Watch models Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: An out-of-bounds read was addressed through improved input validation. CVE-2017-2450: John Villamil, Doyensec
CoreText Available for: All Apple Watch models Impact: Processing a maliciously crafted text message may lead to application denial of service Description: A resource exhaustion issue was addressed through improved input validation. CVE-2017-2461: Isaac Archambault of IDAoADI, an anonymous researcher
FontParser Available for: All Apple Watch models Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved input validation. CVE-2017-2406: riusksk (ae3aY=) of Tencent Security Platform Department CVE-2017-2487: riusksk (ae3aY=) of Tencent Security Platform Department
FontParser Available for: All Apple Watch models Impact: Parsing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved input validation. CVE-2017-2407: riusksk (ae3aY=) of Tencent Security Platform Department
FontParser Available for: All Apple Watch models Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: An out-of-bounds read was addressed through improved input validation. CVE-2017-2439: John Villamil, Doyensec
HTTPProtocol Available for: All Apple Watch models Impact: A malicious HTTP/2 server may be able to cause undefined behavior Description: Multiple issues existed in nghttp2 before 1.17.0. These were addressed by updating LibreSSL to version 1.17.0. CVE-2017-2428
ImageIO Available for: All Apple Watch models Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2017-2416: Qidan He (a1/2ae*a,1, @flanker_hqd) of KeenLab, Tencent
ImageIO Available for: All Apple Watch models Impact: Viewing a maliciously crafted JPEG file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2017-2432: an anonymous researcher working with Trend Micro's Zero Day Initiative
ImageIO Available for: All Apple Watch models Impact: Processing a maliciously crafted file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2017-2467
ImageIO Available for: All Apple Watch models Impact: Processing a maliciously crafted image may lead to unexpected application termination Description: An out-of-bound read existed in LibTIFF versions before 4.0.7. This was addressed by updating LibTIFF in ImageIO to version 4.0.7. CVE-2016-3619
Kernel Available for: All Apple Watch models Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-2017-2401: Lufeng Li of Qihoo 360 Vulcan Team
Kernel Available for: All Apple Watch models Impact: An application may be able to execute arbitrary code with kernel privileges Description: An integer overflow was addressed through improved input validation. CVE-2017-2440: an anonymous researcher
Kernel Available for: All Apple Watch models Impact: A malicious application may be able to execute arbitrary code with root privileges Description: A race condition was addressed through improved memory handling. CVE-2017-2456: lokihardt of Google Project Zero
Kernel Available for: All Apple Watch models Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed through improved memory management. CVE-2017-2472: Ian Beer of Google Project Zero
Kernel Available for: All Apple Watch models Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-2017-2473: Ian Beer of Google Project Zero
Kernel Available for: All Apple Watch models Impact: An application may be able to execute arbitrary code with kernel privileges Description: An off-by-one issue was addressed through improved bounds checking. CVE-2017-2474: Ian Beer of Google Project Zero
Kernel Available for: All Apple Watch models Impact: An application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed through improved locking. CVE-2017-2478: Ian Beer of Google Project Zero
Kernel Available for: All Apple Watch models Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow issue was addressed through improved memory handling. CVE-2017-2482: Ian Beer of Google Project Zero CVE-2017-2483: Ian Beer of Google Project Zero
Keyboards Available for: All Apple Watch models Impact: An application may be able to execute arbitrary code Description: A buffer overflow was addressed through improved bounds checking. CVE-2017-2458: Shashank (@cyberboyIndia)
libarchive Available for: All Apple Watch models Impact: A local attacker may be able to change file system permissions on arbitrary directories Description: A validation issue existed in the handling of symlinks. This issue was addressed through improved validation of symlinks. CVE-2017-2390: Omer Medan of enSilo Ltd
libc++abi Available for: All Apple Watch models Impact: Demangling a malicious C++ application may lead to arbitrary code execution Description: A use after free issue was addressed through improved memory management. CVE-2017-2441
Security Available for: All Apple Watch models Impact: An application may be able to execute arbitrary code with root privileges Description: A buffer overflow was addressed through improved bounds checking. CVE-2017-2451: Alex Radocea of Longterm Security, Inc.
Security Available for: All Apple Watch models Impact: Processing a maliciously crafted x509 certificate may lead to arbitrary code execution Description: A memory corruption issue existed in the parsing of certificates. This issue was addressed through improved input validation. CVE-2017-2485: Aleksandar Nikolic of Cisco Talos
WebKit Available for: All Apple Watch models Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed through improved memory handling. CVE-2017-2415: Kai Kang of Tencent's Xuanwu Lab (tentcent.com)
WebKit Available for: All Apple Watch models Impact: Processing maliciously crafted web content may lead to high memory consumption Description: An uncontrolled resource consumption issue was addressed through improved regex processing. CVE-2017-2471: Ivan Fratric of Google Project Zero
Installation note:
Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641
To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About".
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org
iQIcBAEBCgAGBQJY2Yo7AAoJEIOj74w0bLRGnz8P/2pCIIMej7VvKEMeeOblPHII ZwaSR8nzRIlL5IsPgPcq/e2vkZoyPs3ee5dQGX4yJTgzEY0FuD1S/NxeFntxFlzm 8Ei+PQJco8xdZtlL1HXjg+UlY0HAm1TJGYyriDPjbJiqCBRktv3ta/uzJY+yvXK8 3KtO0PXmEGFod9eyQZIRqFZ6GLxNdeFIxabp1SkOoiGk29jC3E9YjgR5qldMAjfN AuYWiBBhMOmal8dbnamtcJh93ElzuXX77cCUlw7wQMz6NaqNS3FWaGEUHsxn6y/4 P8XIfwYAaoWhaCJpEari+GkxmmuXmtbuKyMTDQqCWQyG3ThkYDk6kKQNcQMDbxnh pcyEB7WI9sRQ7CoFH7rmyl8BqQr4Ys0uGPtRDvCVO91kNUMYXeBiNC+StyqWt6Wd 3p/QUxYnM+kG8Zd0lMEaF3LNolr1w54APxMYD3sW3/tOmf8C7d6+qGTGlrumizkD Z0zr/xRNNpd0m4PVmlNt7YJMjN6s1xJwpEUC1n4FyRifdQktqsKMrumq7VGplHYO VNKToB3BuHHjTi2HOocvUXfj55htqrCxETEyHD7NhKVpLEf15vDgyXKFGgF95/HR gomW+ApttZNiz/vOOoI9DL2ZSOnwzo5uO8W4GYSpDpQ36YaYQj/jei2MgtVqqKo+ bNi/H1Oquz40IhKoGR/B =4Uvv -----END PGP SIGNATURE-----
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201704-0845", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "watchos", scope: "eq", trust: 1.9, vendor: "apple", version: "3.1.3", }, { model: "safari", scope: "eq", trust: 1.9, vendor: "apple", version: "10.0.3", }, { model: "iphone os", scope: "eq", trust: 1.6, vendor: "apple", version: "10.2.1", }, { model: "ios", scope: "lt", trust: 0.8, vendor: "apple", version: "10.3 (ipad first 4 after generation )", }, { model: "ios", scope: "lt", trust: 0.8, vendor: "apple", version: "10.3 (iphone 5 or later )", }, { model: "ios", scope: "lt", trust: 0.8, vendor: "apple", version: "10.3 (ipod touch first 6 after generation )", }, { model: "safari", scope: "lt", trust: 0.8, vendor: "apple", version: "10.1 (macos sierra 10.12.4)", }, { model: "safari", scope: "lt", trust: 0.8, vendor: "apple", version: "10.1 (os x el capitan v10.11.6)", }, { model: "safari", scope: "lt", trust: 0.8, vendor: "apple", version: "10.1 (os x yosemite v10.10.5)", }, { model: "watchos", scope: "lt", trust: 0.8, vendor: "apple", version: "3.2 (apple watch all models )", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "30", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "8", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "5.1.2", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "7", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "5.0.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.2.8", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "8.0.4", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "8.0.7", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.3", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "5.0.5", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "4.0.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "9.0.1", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "6.1.2", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "4.1.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.0.2", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "4.31", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.2", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "5.1.3", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "7.0.2", }, { model: "watchos", scope: "eq", trust: 0.3, vendor: "apple", version: "2.0", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "6.0", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "4.1", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "7.0.3", }, { model: "watchos", scope: "eq", trust: 0.3, vendor: "apple", version: "3.0", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "7.1.4", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "8.2", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.0.1", }, { model: "safari", scope: "ne", trust: 0.3, vendor: "apple", version: "10.1", }, { model: "open source project webkit", scope: "eq", trust: 0.3, vendor: "webkit", version: "0", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "8.0.2", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "8.4", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "8.1.2", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "4.1.2", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "3.1.2", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.1", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "10.0.2", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "8.1.3", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "7.0.3", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "6.2.6", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "6.1.3", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "9.1.3", }, { model: "watchos", scope: "eq", trust: 0.3, vendor: "apple", version: "2.0.1", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "8.0.5", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "9", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "5.0.6", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.2.10", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "2.1", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "3.1", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "7.1.1", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "7.0.4", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "5.0", }, { model: "ios", scope: "ne", trust: 0.3, vendor: "apple", version: "10.3", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "6.0.3", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "3.0", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "9.1.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "9.3.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "40", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.3.3", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "9.3", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "9.0.2", }, { model: "watchos", scope: "ne", trust: 0.3, vendor: "apple", version: "3.2", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "6.0.4", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "10.2.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "6.1.3", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "9.1", }, { model: "linux", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "16.10", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "3.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "7.1.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "7.0.4", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "7.0.6", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.3.5", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "9", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "7.1", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "7.1.2", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "8.1", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "2.0.2", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "10", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "9.0.2", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "6.2.5", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "6.0.5", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "8.4.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "9.1", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "9.0.3", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "5.1", }, { model: "watchos", scope: "eq", trust: 0.3, vendor: "apple", version: "1.0.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "6.3.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "7.0.6", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "50", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "5", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.2.9", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "10.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "2.0", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "7.1.2", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "7.2", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "10.2", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "6.1.4", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "7.0.5", }, { model: "linux", scope: null, trust: 0.3, vendor: "gentoo", version: null, }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "8.0.1", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "7.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "9.2.1", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "2.0.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "10", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "2.0.4", }, { model: "watchos", scope: "eq", trust: 0.3, vendor: "apple", version: "3", }, { model: "iphone", scope: "eq", trust: 0.3, vendor: "apple", version: "0", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "9.3.4", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "4.28", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.2.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "7.0.5", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "9.3.5", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "7.1.5", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "6", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "8.1.1", }, { model: "watchos", scope: "eq", trust: 0.3, vendor: "apple", version: "2.2.1", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "2.0.3", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.2.7", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "6.1", }, { model: "linux lts", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "16.04", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "7.1.3", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "6.1.1", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "6.2.7", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "10.0.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.3.2", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "6.0.2", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "5.1.4", }, { model: "watchos", scope: "eq", trust: 0.3, vendor: "apple", version: "2.2", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "6.2.8", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "4.0", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "9.2", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "4.30", }, { model: "ipad", scope: "eq", trust: 0.3, vendor: "apple", version: "0", }, { model: "watchos", scope: "eq", trust: 0.3, vendor: "apple", version: "2.1", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "3.2", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "7.0.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "5.1.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "9.3.3", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "6.1", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "8.0", }, { model: "watchos", scope: "eq", trust: 0.3, vendor: "apple", version: "10.1.1", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "8.0.6", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "6.1.6", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "3.2.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.3.4", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "9.1.2", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "10.0.1", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "4", }, { model: "watchos", scope: "eq", trust: 0.3, vendor: "apple", version: "2.2.2", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "3", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "6.0.2", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "8.0.3", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "3.2.2", }, { model: "watchos", scope: "eq", trust: 0.3, vendor: "apple", version: "3.1.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "9.3.2", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "9.0.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.3.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.2.5", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "8.3", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "7.0.2", }, { model: "watchos", scope: "eq", trust: 0.3, vendor: "apple", version: "3.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "3.2", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.2.6", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "4.0.2", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "7.0.1", }, ], sources: [ { db: "BID", id: "97133", }, { db: "JVNDB", id: "JVNDB-2017-002430", }, { db: "CNNVD", id: "CNNVD-201703-1276", }, { db: "NVD", id: "CVE-2017-2471", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:apple:iphone_os", vulnerable: true, }, { cpe22Uri: "cpe:/a:apple:safari", vulnerable: true, }, { cpe22Uri: "cpe:/o:apple:watchos", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2017-002430", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Ivan Fratric of Google Project Zero", sources: [ { db: "BID", id: "97133", }, { db: "CNNVD", id: "CNNVD-201703-1276", }, ], trust: 0.9, }, cve: "CVE-2017-2471", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", exploitabilityScore: 8.6, id: "CVE-2017-2471", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1.9, vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", exploitabilityScore: 8.6, id: "VHN-110674", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.1, vectorString: "AV:N/AC:M/AU:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, id: "CVE-2017-2471", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1.8, userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2017-2471", trust: 1, value: "HIGH", }, { author: "NVD", id: "CVE-2017-2471", trust: 0.8, value: "High", }, { author: "CNNVD", id: "CNNVD-201703-1276", trust: 0.6, value: "MEDIUM", }, { author: "VULHUB", id: "VHN-110674", trust: 0.1, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2017-2471", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULHUB", id: "VHN-110674", }, { db: "VULMON", id: "CVE-2017-2471", }, { db: "JVNDB", id: "JVNDB-2017-002430", }, { db: "CNNVD", id: "CNNVD-201703-1276", }, { db: "NVD", id: "CVE-2017-2471", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. watchOS before 3.2 is affected. The issue involves the \"WebKit\" component. A use-after-free vulnerability allows remote attackers to execute arbitrary code via a crafted web site. Apple iOS , Safari ,and watchOS Used in etc. WebKit is prone to a remote code-execution vulnerability. Failed exploit attempts will likely cause denial-of-service conditions. watchOS is a smart watch operating system. Safari is a web browser that is the default browser included with the Mac OS X and iOS operating systems. iOS is an operating system developed for mobile devices. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. The following products and versions are affected: Apple watchOS prior to 3.2; Safari prior to 10.1; iOS prior to 10.3. \n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201706-15\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: WebKitGTK+: Multiple vulnerabilities\n Date: June 07, 2017\n Bugs: #543650, #573656, #577068, #608958, #614876, #619788\n ID: 201706-15\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in WebKitGTK+, the worst of\nwhich allows remote attackers to execute arbitrary code. \n\nBackground\n==========\n\nWebKitGTK+ is a full-featured port of the WebKit rendering engine. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-libs/webkit-gtk < 2.16.3 >= 2.16.3\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in WebKitGTK+. Please\nreview the CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll WebKitGTK+ users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-libs/webkit-gtk-2.16.3:4\"\n\nReferences\n==========\n\n[ 1 ] CVE-2015-2330\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2330\n[ 2 ] CVE-2015-7096\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7096\n[ 3 ] CVE-2015-7098\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7098\n[ 4 ] CVE-2016-1723\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1723\n[ 5 ] CVE-2016-1724\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1724\n[ 6 ] CVE-2016-1725\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1725\n[ 7 ] CVE-2016-1726\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1726\n[ 8 ] CVE-2016-1727\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1727\n[ 9 ] CVE-2016-1728\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1728\n[ 10 ] CVE-2016-4692\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4692\n[ 11 ] CVE-2016-4743\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4743\n[ 12 ] CVE-2016-7586\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7586\n[ 13 ] CVE-2016-7587\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7587\n[ 14 ] CVE-2016-7589\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7589\n[ 15 ] CVE-2016-7592\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7592\n[ 16 ] CVE-2016-7598\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7598\n[ 17 ] CVE-2016-7599\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7599\n[ 18 ] CVE-2016-7610\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7610\n[ 19 ] CVE-2016-7611\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7611\n[ 20 ] CVE-2016-7623\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7623\n[ 21 ] CVE-2016-7632\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7632\n[ 22 ] CVE-2016-7635\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7635\n[ 23 ] CVE-2016-7639\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7639\n[ 24 ] CVE-2016-7640\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7640\n[ 25 ] CVE-2016-7641\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7641\n[ 26 ] CVE-2016-7642\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7642\n[ 27 ] CVE-2016-7645\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7645\n[ 28 ] CVE-2016-7646\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7646\n[ 29 ] CVE-2016-7648\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7648\n[ 30 ] CVE-2016-7649\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7649\n[ 31 ] CVE-2016-7652\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7652\n[ 32 ] CVE-2016-7654\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7654\n[ 33 ] CVE-2016-7656\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7656\n[ 34 ] CVE-2016-9642\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9642\n[ 35 ] CVE-2016-9643\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9643\n[ 36 ] CVE-2017-2350\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2350\n[ 37 ] CVE-2017-2354\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2354\n[ 38 ] CVE-2017-2355\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2355\n[ 39 ] CVE-2017-2356\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2356\n[ 40 ] CVE-2017-2362\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2362\n[ 41 ] CVE-2017-2363\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2363\n[ 42 ] CVE-2017-2364\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2364\n[ 43 ] CVE-2017-2365\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2365\n[ 44 ] CVE-2017-2366\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2366\n[ 45 ] CVE-2017-2367\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2367\n[ 46 ] CVE-2017-2369\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2369\n[ 47 ] CVE-2017-2371\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2371\n[ 48 ] CVE-2017-2373\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2373\n[ 49 ] CVE-2017-2376\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2376\n[ 50 ] CVE-2017-2377\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2377\n[ 51 ] CVE-2017-2386\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2386\n[ 52 ] CVE-2017-2392\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2392\n[ 53 ] CVE-2017-2394\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2394\n[ 54 ] CVE-2017-2395\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2395\n[ 55 ] CVE-2017-2396\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2396\n[ 56 ] CVE-2017-2405\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2405\n[ 57 ] CVE-2017-2415\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2415\n[ 58 ] CVE-2017-2419\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2419\n[ 59 ] CVE-2017-2433\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2433\n[ 60 ] CVE-2017-2442\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2442\n[ 61 ] CVE-2017-2445\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2445\n[ 62 ] CVE-2017-2446\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2446\n[ 63 ] CVE-2017-2447\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2447\n[ 64 ] CVE-2017-2454\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2454\n[ 65 ] CVE-2017-2455\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2455\n[ 66 ] CVE-2017-2457\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2457\n[ 67 ] CVE-2017-2459\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2459\n[ 68 ] CVE-2017-2460\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2460\n[ 69 ] CVE-2017-2464\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2464\n[ 70 ] CVE-2017-2465\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2465\n[ 71 ] CVE-2017-2466\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2466\n[ 72 ] CVE-2017-2468\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2468\n[ 73 ] CVE-2017-2469\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2469\n[ 74 ] CVE-2017-2470\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2470\n[ 75 ] CVE-2017-2471\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2471\n[ 76 ] CVE-2017-2475\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2475\n[ 77 ] CVE-2017-2476\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2476\n[ 78 ] CVE-2017-2481\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2481\n[ 79 ] CVE-2017-2496\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2496\n[ 80 ] CVE-2017-2504\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2504\n[ 81 ] CVE-2017-2505\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2505\n[ 82 ] CVE-2017-2506\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2506\n[ 83 ] CVE-2017-2508\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2508\n[ 84 ] CVE-2017-2510\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2510\n[ 85 ] CVE-2017-2514\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2514\n[ 86 ] CVE-2017-2515\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2515\n[ 87 ] CVE-2017-2521\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2521\n[ 88 ] CVE-2017-2525\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2525\n[ 89 ] CVE-2017-2526\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2526\n[ 90 ] CVE-2017-2528\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2528\n[ 91 ] CVE-2017-2530\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2530\n[ 92 ] CVE-2017-2531\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2531\n[ 93 ] CVE-2017-2536\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2536\n[ 94 ] CVE-2017-2539\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2539\n[ 95 ] CVE-2017-2544\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2544\n[ 96 ] CVE-2017-2547\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2547\n[ 97 ] CVE-2017-2549\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2549\n[ 98 ] CVE-2017-6980\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6980\n[ 99 ] CVE-2017-6984\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6984\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201706-15\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users' machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2017 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n--NcNxMnppmhackEL27c23XhPLDAAQ7GQcq--\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2017-03-27-5 watchOS 3.2\n\nwatchOS 3.2 is now available and addresses the following:\n\nAudio\nAvailable for: All Apple Watch models\nImpact: Processing a maliciously crafted audio file may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed through improved\ninput validation. \nCVE-2017-2430: an anonymous researcher working with Trend Microas\nZero Day Initiative\nCVE-2017-2462: an anonymous researcher working with Trend Microas\nZero Day Initiative\n\nCarbon\nAvailable for: All Apple Watch models\nImpact: Processing a maliciously crafted .dfont file may lead to\narbitrary code execution\nDescription: A buffer overflow existed in the handling of font files. \nThis issue was addressed through improved bounds checking. \nCVE-2017-2379: John Villamil, Doyensec, riusksk (ae3aY=) of Tencent\nSecurity Platform Department\n\nCoreGraphics\nAvailable for: All Apple Watch models\nImpact: Processing a maliciously crafted image may lead to a denial\nof service\nDescription: An infinite recursion was addressed through improved\nstate management. \nCVE-2017-2417: riusksk (ae3aY=) of Tencent Security Platform\nDepartment\n\nCoreGraphics\nAvailable for: All Apple Watch models\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues were addressed through\nimproved input validation. \nCVE-2017-2444: Mei Wang of 360 GearTeam\n\nCoreText\nAvailable for: All Apple Watch models\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed through improved\ninput validation. \nCVE-2017-2435: John Villamil, Doyensec\n\nCoreText\nAvailable for: All Apple Watch models\nImpact: Processing a maliciously crafted font may result in the\ndisclosure of process memory\nDescription: An out-of-bounds read was addressed through improved\ninput validation. \nCVE-2017-2450: John Villamil, Doyensec\n\nCoreText\nAvailable for: All Apple Watch models\nImpact: Processing a maliciously crafted text message may lead to\napplication denial of service\nDescription: A resource exhaustion issue was addressed through\nimproved input validation. \nCVE-2017-2461: Isaac Archambault of IDAoADI, an anonymous researcher\n\nFontParser\nAvailable for: All Apple Watch models\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues were addressed through\nimproved input validation. \nCVE-2017-2406: riusksk (ae3aY=) of Tencent Security Platform\nDepartment\nCVE-2017-2487: riusksk (ae3aY=) of Tencent Security Platform\nDepartment\n\nFontParser\nAvailable for: All Apple Watch models\nImpact: Parsing a maliciously crafted font file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: Multiple memory corruption issues were addressed through\nimproved input validation. \nCVE-2017-2407: riusksk (ae3aY=) of Tencent Security Platform\nDepartment\n\nFontParser\nAvailable for: All Apple Watch models\nImpact: Processing a maliciously crafted font may result in the\ndisclosure of process memory\nDescription: An out-of-bounds read was addressed through improved\ninput validation. \nCVE-2017-2439: John Villamil, Doyensec\n\nHTTPProtocol\nAvailable for: All Apple Watch models\nImpact: A malicious HTTP/2 server may be able to cause undefined\nbehavior\nDescription: Multiple issues existed in nghttp2 before 1.17.0. These\nwere addressed by updating LibreSSL to version 1.17.0. \nCVE-2017-2428\n\nImageIO\nAvailable for: All Apple Watch models\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory corruption issue was addressed through improved\ninput validation. \nCVE-2017-2416: Qidan He (a1/2ae*a,1, @flanker_hqd) of KeenLab, Tencent\n\nImageIO\nAvailable for: All Apple Watch models\nImpact: Viewing a maliciously crafted JPEG file may lead to arbitrary\ncode execution\nDescription: A memory corruption issue was addressed through improved\ninput validation. \nCVE-2017-2432: an anonymous researcher working with Trend Micro's\nZero Day Initiative\n\nImageIO\nAvailable for: All Apple Watch models\nImpact: Processing a maliciously crafted file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue was addressed through improved\ninput validation. \nCVE-2017-2467\n\nImageIO\nAvailable for: All Apple Watch models\nImpact: Processing a maliciously crafted image may lead to unexpected\napplication termination\nDescription: An out-of-bound read existed in LibTIFF versions before\n4.0.7. This was addressed by updating LibTIFF in ImageIO to version\n4.0.7. \nCVE-2016-3619\n\nKernel\nAvailable for: All Apple Watch models\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed through improved\ninput validation. \nCVE-2017-2401: Lufeng Li of Qihoo 360 Vulcan Team\n\nKernel\nAvailable for: All Apple Watch models\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: An integer overflow was addressed through improved input\nvalidation. \nCVE-2017-2440: an anonymous researcher\n\nKernel\nAvailable for: All Apple Watch models\nImpact: A malicious application may be able to execute arbitrary code\nwith root privileges\nDescription: A race condition was addressed through improved memory\nhandling. \nCVE-2017-2456: lokihardt of Google Project Zero\n\nKernel\nAvailable for: All Apple Watch models\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed through improved\nmemory management. \nCVE-2017-2472: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: All Apple Watch models\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed through improved\ninput validation. \nCVE-2017-2473: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: All Apple Watch models\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: An off-by-one issue was addressed through improved\nbounds checking. \nCVE-2017-2474: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: All Apple Watch models\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A race condition was addressed through improved locking. \nCVE-2017-2478: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: All Apple Watch models\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A buffer overflow issue was addressed through improved\nmemory handling. \nCVE-2017-2482: Ian Beer of Google Project Zero\nCVE-2017-2483: Ian Beer of Google Project Zero\n\nKeyboards\nAvailable for: All Apple Watch models\nImpact: An application may be able to execute arbitrary code\nDescription: A buffer overflow was addressed through improved bounds\nchecking. \nCVE-2017-2458: Shashank (@cyberboyIndia)\n\nlibarchive\nAvailable for: All Apple Watch models\nImpact: A local attacker may be able to change file system\npermissions on arbitrary directories\nDescription: A validation issue existed in the handling of symlinks. \nThis issue was addressed through improved validation of symlinks. \nCVE-2017-2390: Omer Medan of enSilo Ltd\n\nlibc++abi\nAvailable for: All Apple Watch models\nImpact: Demangling a malicious C++ application may lead to arbitrary\ncode execution\nDescription: A use after free issue was addressed through improved\nmemory management. \nCVE-2017-2441\n\nSecurity\nAvailable for: All Apple Watch models\nImpact: An application may be able to execute arbitrary code with\nroot privileges\nDescription: A buffer overflow was addressed through improved bounds\nchecking. \nCVE-2017-2451: Alex Radocea of Longterm Security, Inc. \n\nSecurity\nAvailable for: All Apple Watch models\nImpact: Processing a maliciously crafted x509 certificate may lead to\narbitrary code execution\nDescription: A memory corruption issue existed in the parsing of\ncertificates. This issue was addressed through improved input\nvalidation. \nCVE-2017-2485: Aleksandar Nikolic of Cisco Talos\n\nWebKit\nAvailable for: All Apple Watch models\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A type confusion issue was addressed through improved\nmemory handling. \nCVE-2017-2415: Kai Kang of Tencent's Xuanwu Lab (tentcent.com)\n\nWebKit\nAvailable for: All Apple Watch models\nImpact: Processing maliciously crafted web content may lead to high\nmemory consumption\nDescription: An uncontrolled resource consumption issue was addressed\nthrough improved regex processing. \nCVE-2017-2471: Ivan Fratric of Google Project Zero\n\nInstallation note:\n\nInstructions on how to update your Apple Watch software are\navailable at https://support.apple.com/kb/HT204641\n\nTo check the version on your Apple Watch, open the Apple Watch app\non your iPhone and select \"My Watch > General > About\". \n\nAlternatively, on your watch, select \"My Watch > General > About\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple's Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBCgAGBQJY2Yo7AAoJEIOj74w0bLRGnz8P/2pCIIMej7VvKEMeeOblPHII\nZwaSR8nzRIlL5IsPgPcq/e2vkZoyPs3ee5dQGX4yJTgzEY0FuD1S/NxeFntxFlzm\n8Ei+PQJco8xdZtlL1HXjg+UlY0HAm1TJGYyriDPjbJiqCBRktv3ta/uzJY+yvXK8\n3KtO0PXmEGFod9eyQZIRqFZ6GLxNdeFIxabp1SkOoiGk29jC3E9YjgR5qldMAjfN\nAuYWiBBhMOmal8dbnamtcJh93ElzuXX77cCUlw7wQMz6NaqNS3FWaGEUHsxn6y/4\nP8XIfwYAaoWhaCJpEari+GkxmmuXmtbuKyMTDQqCWQyG3ThkYDk6kKQNcQMDbxnh\npcyEB7WI9sRQ7CoFH7rmyl8BqQr4Ys0uGPtRDvCVO91kNUMYXeBiNC+StyqWt6Wd\n3p/QUxYnM+kG8Zd0lMEaF3LNolr1w54APxMYD3sW3/tOmf8C7d6+qGTGlrumizkD\nZ0zr/xRNNpd0m4PVmlNt7YJMjN6s1xJwpEUC1n4FyRifdQktqsKMrumq7VGplHYO\nVNKToB3BuHHjTi2HOocvUXfj55htqrCxETEyHD7NhKVpLEf15vDgyXKFGgF95/HR\ngomW+ApttZNiz/vOOoI9DL2ZSOnwzo5uO8W4GYSpDpQ36YaYQj/jei2MgtVqqKo+\nbNi/H1Oquz40IhKoGR/B\n=4Uvv\n-----END PGP SIGNATURE-----\n\n\n\n", sources: [ { db: "NVD", id: "CVE-2017-2471", }, { db: "JVNDB", id: "JVNDB-2017-002430", }, { db: "BID", id: "97133", }, { db: "VULHUB", id: "VHN-110674", }, { db: "VULMON", id: "CVE-2017-2471", }, { db: "PACKETSTORM", id: "142825", }, { db: "PACKETSTORM", id: "141933", }, ], trust: 2.25, }, exploit_availability: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { reference: "https://www.scap.org.cn/vuln/vhn-110674", trust: 0.1, type: "unknown", }, { reference: "https://vulmon.com/exploitdetails?qidtp=exploitdb&qid=41813", trust: 0.1, type: "exploit", }, ], sources: [ { db: "VULHUB", id: "VHN-110674", }, { db: "VULMON", id: "CVE-2017-2471", }, ], }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2017-2471", trust: 3.1, }, { db: "BID", id: "97133", trust: 2.1, }, { db: "EXPLOIT-DB", id: "41813", trust: 1.2, }, { db: "SECTRACK", id: "1038137", trust: 1.2, }, { db: "JVN", id: "JVNVU90482935", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2017-002430", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201703-1276", trust: 0.7, }, { db: "PACKETSTORM", id: "141974", trust: 0.1, }, { db: "SEEBUG", id: "SSVID-92905", trust: 0.1, }, { db: "VULHUB", id: "VHN-110674", trust: 0.1, }, { db: "VULMON", id: "CVE-2017-2471", trust: 0.1, }, { db: "PACKETSTORM", id: "142825", trust: 0.1, }, { db: "PACKETSTORM", id: "141933", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-110674", }, { db: "VULMON", id: "CVE-2017-2471", }, { db: "BID", id: "97133", }, { db: "JVNDB", id: "JVNDB-2017-002430", }, { db: "PACKETSTORM", id: "142825", }, { db: "PACKETSTORM", id: "141933", }, { db: "CNNVD", id: "CNNVD-201703-1276", }, { db: "NVD", id: "CVE-2017-2471", }, ], }, id: "VAR-201704-0845", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-110674", }, ], trust: 0.01, }, last_update_date: "2024-11-23T21:19:04.893000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Apple security updates", trust: 0.8, url: "https://support.apple.com/en-us/HT201222", }, { title: "HT207617", trust: 0.8, url: "https://support.apple.com/en-us/HT207617", }, { title: "HT207600", trust: 0.8, url: "https://support.apple.com/en-us/HT207600", }, { title: "HT207602", trust: 0.8, url: "https://support.apple.com/en-us/HT207602", }, { title: "HT207600", trust: 0.8, url: "https://support.apple.com/ja-jp/HT207600", }, { title: "HT207602", trust: 0.8, url: "https://support.apple.com/ja-jp/HT207602", }, { title: "HT207617", trust: 0.8, url: "https://support.apple.com/ja-jp/HT207617", }, { title: "Multiple Apple product WebKit Fixes for component security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=68828", }, { title: "Arch Linux Issues: ", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2017-2471", }, { title: "Ubuntu Security Notice: webkit2gtk vulnerabilities", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3257-1", }, { title: "Arch Linux Advisories: [ASA-201704-9] webkit2gtk: multiple issues", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201704-9", }, { title: "", trust: 0.1, url: "https://github.com/marckwei/temp ", }, { title: "domato", trust: 0.1, url: "https://github.com/googleprojectzero/domato ", }, ], sources: [ { db: "VULMON", id: "CVE-2017-2471", }, { db: "JVNDB", id: "JVNDB-2017-002430", }, { db: "CNNVD", id: "CNNVD-201703-1276", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-416", trust: 1.9, }, ], sources: [ { db: "VULHUB", id: "VHN-110674", }, { db: "JVNDB", id: "JVNDB-2017-002430", }, { db: "NVD", id: "CVE-2017-2471", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.9, url: "http://www.securityfocus.com/bid/97133", }, { trust: 1.8, url: "https://support.apple.com/ht207600", }, { trust: 1.8, url: "https://support.apple.com/ht207602", }, { trust: 1.8, url: "https://support.apple.com/ht207617", }, { trust: 1.3, url: "https://www.exploit-db.com/exploits/41813/", }, { trust: 1.3, url: "https://security.gentoo.org/glsa/201706-15", }, { trust: 1.2, url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1105", }, { trust: 1.2, url: "http://www.securitytracker.com/id/1038137", }, { trust: 0.9, url: "https://nvd.nist.gov/vuln/detail/cve-2017-2471", }, { trust: 0.8, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2471", }, { trust: 0.8, url: "http://jvn.jp/vu/jvnvu90482935/index.html", }, { trust: 0.3, url: "https://www.apple.com/", }, { trust: 0.3, url: "http://www.webkit.org/", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/416.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://usn.ubuntu.com/3257-1/", }, { trust: 0.1, url: "https://tools.cisco.com/security/center/viewalert.x?alertid=53194", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7096", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2394", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7652", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2363", }, { trust: 0.1, url: "https://security.gentoo.org/", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2457", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2386", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7587", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2350", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2366", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7589", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2466", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2475", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7586", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7654", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2442", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-7646", }, { trust: 0.1, url: "http://creativecommons.org/licenses/by-sa/2.5", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-7586", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-7641", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2367", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1724", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7599", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2373", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2530", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2459", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7611", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7598", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-7611", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2465", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-6980", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1725", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1727", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2454", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2455", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1727", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7656", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2544", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2354", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-9643", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4692", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2447", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2377", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2464", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-7632", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1728", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2470", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7648", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2365", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2506", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7646", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1728", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-7589", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-7587", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2549", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2471", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2526", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-7639", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1726", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-4743", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-7598", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2514", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2515", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2521", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7641", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2539", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2369", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7632", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7640", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1724", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2460", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2371", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7623", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2419", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2481", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-7635", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7645", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2364", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2469", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-7096", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-7642", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1725", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2468", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-7645", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2505", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2510", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1723", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-7610", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-6984", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7610", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2330", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-4692", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2547", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-7098", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2476", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2376", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-7640", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1723", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2405", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2395", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7639", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2362", }, { trust: 0.1, url: "https://bugs.gentoo.org.", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-7599", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2396", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7649", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2525", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2433", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7098", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-9642", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2445", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2356", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-7623", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2504", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2508", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2531", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2528", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4743", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7635", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2496", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7642", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1726", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2392", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2446", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2355", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7592", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2536", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-2330", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-7592", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2415", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2017-2406", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2017-2379", }, { trust: 0.1, url: "https://support.apple.com/kb/ht204641", }, { trust: 0.1, url: "https://support.apple.com/kb/ht201222", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2017-2444", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2017-2450", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2017-2441", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-3619", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2017-2472", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2017-2473", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2017-2401", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2017-2467", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2017-2458", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2017-2428", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2017-2417", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2017-2462", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2017-2440", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2017-2435", }, { trust: 0.1, url: "https://www.apple.com/support/security/pgp/", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2017-2430", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2017-2432", }, { trust: 0.1, url: "http://gpgtools.org", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2017-2451", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2017-2461", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2017-2439", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2017-2390", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2017-2415", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2017-2407", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2017-2416", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-9643", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2017-2456", }, ], sources: [ { db: "VULHUB", id: "VHN-110674", }, { db: "VULMON", id: "CVE-2017-2471", }, { db: "BID", id: "97133", }, { db: "JVNDB", id: "JVNDB-2017-002430", }, { db: "PACKETSTORM", id: "142825", }, { db: "PACKETSTORM", id: "141933", }, { db: "CNNVD", id: "CNNVD-201703-1276", }, { db: "NVD", id: "CVE-2017-2471", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-110674", }, { db: "VULMON", id: "CVE-2017-2471", }, { db: "BID", id: "97133", }, { db: "JVNDB", id: "JVNDB-2017-002430", }, { db: "PACKETSTORM", id: "142825", }, { db: "PACKETSTORM", id: "141933", }, { db: "CNNVD", id: "CNNVD-201703-1276", }, { db: "NVD", id: "CVE-2017-2471", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2017-04-02T00:00:00", db: "VULHUB", id: "VHN-110674", }, { date: "2017-04-02T00:00:00", db: "VULMON", id: "CVE-2017-2471", }, { date: "2017-03-27T00:00:00", db: "BID", id: "97133", }, { date: "2017-04-13T00:00:00", db: "JVNDB", id: "JVNDB-2017-002430", }, { date: "2017-06-07T14:18:30", db: "PACKETSTORM", id: "142825", }, { date: "2017-03-27T17:32:22", db: "PACKETSTORM", id: "141933", }, { date: "2017-03-30T00:00:00", db: "CNNVD", id: "CNNVD-201703-1276", }, { date: "2017-04-02T01:59:03.403000", db: "NVD", id: "CVE-2017-2471", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2017-08-16T00:00:00", db: "VULHUB", id: "VHN-110674", }, { date: "2017-08-16T00:00:00", db: "VULMON", id: "CVE-2017-2471", }, { date: "2017-06-08T08:02:00", db: "BID", id: "97133", }, { date: "2017-04-13T00:00:00", db: "JVNDB", id: "JVNDB-2017-002430", }, { date: "2017-03-30T00:00:00", db: "CNNVD", id: "CNNVD-201703-1276", }, { date: "2024-11-21T03:23:35.593000", db: "NVD", id: "CVE-2017-2471", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "PACKETSTORM", id: "142825", }, { db: "CNNVD", id: "CNNVD-201703-1276", }, ], trust: 0.7, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural Apple Used in products WebKit Vulnerable to arbitrary code execution", sources: [ { db: "JVNDB", id: "JVNDB-2017-002430", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "lack of information", sources: [ { db: "CNNVD", id: "CNNVD-201703-1276", }, ], trust: 0.6, }, }
gsd-2017-2471
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. watchOS before 3.2 is affected. The issue involves the "WebKit" component. A use-after-free vulnerability allows remote attackers to execute arbitrary code via a crafted web site.
Aliases
Aliases
{ GSD: { alias: "CVE-2017-2471", description: "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. watchOS before 3.2 is affected. The issue involves the \"WebKit\" component. A use-after-free vulnerability allows remote attackers to execute arbitrary code via a crafted web site.", id: "GSD-2017-2471", references: [ "https://ubuntu.com/security/CVE-2017-2471", "https://advisories.mageia.org/CVE-2017-2471.html", "https://security.archlinux.org/CVE-2017-2471", "https://packetstormsecurity.com/files/cve/CVE-2017-2471", ], }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2017-2471", ], details: "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. watchOS before 3.2 is affected. The issue involves the \"WebKit\" component. A use-after-free vulnerability allows remote attackers to execute arbitrary code via a crafted web site.", id: "GSD-2017-2471", modified: "2023-12-13T01:21:05.199945Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "product-security@apple.com", ID: "CVE-2017-2471", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. watchOS before 3.2 is affected. The issue involves the \"WebKit\" component. A use-after-free vulnerability allows remote attackers to execute arbitrary code via a crafted web site.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1038137", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1038137", }, { name: "GLSA-201706-15", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201706-15", }, { name: "https://support.apple.com/HT207602", refsource: "CONFIRM", url: "https://support.apple.com/HT207602", }, { name: "97133", refsource: "BID", url: "http://www.securityfocus.com/bid/97133", }, { name: "https://support.apple.com/HT207600", refsource: "CONFIRM", url: "https://support.apple.com/HT207600", }, { name: "41813", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/41813/", }, { name: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1105", refsource: "MISC", url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1105", }, { name: "https://support.apple.com/HT207617", refsource: "CONFIRM", url: "https://support.apple.com/HT207617", }, ], }, }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:apple:iphone_os:10.2.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:watchos:3.1.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apple:safari:10.0.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "product-security@apple.com", ID: "CVE-2017-2471", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. watchOS before 3.2 is affected. The issue involves the \"WebKit\" component. A use-after-free vulnerability allows remote attackers to execute arbitrary code via a crafted web site.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "CWE-416", }, ], }, ], }, references: { reference_data: [ { name: "https://support.apple.com/HT207617", refsource: "CONFIRM", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/HT207617", }, { name: "https://support.apple.com/HT207602", refsource: "CONFIRM", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/HT207602", }, { name: "https://support.apple.com/HT207600", refsource: "CONFIRM", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/HT207600", }, { name: "97133", refsource: "BID", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/97133", }, { name: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1105", refsource: "MISC", tags: [], url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1105", }, { name: "GLSA-201706-15", refsource: "GENTOO", tags: [], url: "https://security.gentoo.org/glsa/201706-15", }, { name: "1038137", refsource: "SECTRACK", tags: [], url: "http://www.securitytracker.com/id/1038137", }, { name: "41813", refsource: "EXPLOIT-DB", tags: [], url: "https://www.exploit-db.com/exploits/41813/", }, ], }, }, impact: { baseMetricV2: { cvssV2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", userInteractionRequired: true, }, baseMetricV3: { cvssV3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, }, }, lastModifiedDate: "2017-08-16T01:29Z", publishedDate: "2017-04-02T01:59Z", }, }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.