var-201205-0195
Vulnerability from variot
Off-by-one error in libxml2, as used in Google Chrome before 19.0.1084.46 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors.
For the stable distribution (squeeze), this problem has been fixed in version 2.7.8.dfsg-2+squeeze4.
For the unstable distribution (sid), this problem has been fixed in version 2.7.8.dfsg-9.1.
We recommend that you upgrade your libxml2 packages. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . An attacker with a privileged network position may inject arbitrary contents. This issue was addressed by using an encrypted HTTPS connection to retrieve tutorials. The verification of md5 checksums and GPG signatures is performed automatically for you. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: mingw32-libxml2 security update Advisory ID: RHSA-2013:0217-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0217.html Issue date: 2013-01-31 CVE Names: CVE-2010-4008 CVE-2010-4494 CVE-2011-0216 CVE-2011-1944 CVE-2011-2821 CVE-2011-2834 CVE-2011-3102 CVE-2011-3905 CVE-2011-3919 CVE-2012-0841 CVE-2012-5134 =====================================================================
- Summary:
Updated mingw32-libxml2 packages that fix several security issues are now available for Red Hat Enterprise Linux 6. This advisory also contains information about future updates for the mingw32 packages, as well as the deprecation of the packages with the release of Red Hat Enterprise Linux 6.4.
The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Optional (v. 6) - noarch Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch Red Hat Enterprise Linux Server Optional (v. 6) - noarch Red Hat Enterprise Linux Workstation Optional (v. 6) - noarch
- Description:
These packages provide the libxml2 library, a development toolbox providing the implementation of various XML standards, for users of MinGW (Minimalist GNU for Windows).
IMPORTANT NOTE: The mingw32 packages in Red Hat Enterprise Linux 6 will no longer be updated proactively and will be deprecated with the release of Red Hat Enterprise Linux 6.4. These packages were provided to support other capabilities in Red Hat Enterprise Linux and were not intended for direct customer use. Customers are advised to not use these packages with immediate effect. Future updates to these packages will be at Red Hat's discretion and these packages may be removed in a future minor release.
A heap-based buffer overflow flaw was found in the way libxml2 decoded entity references with long names. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3919)
A heap-based buffer underflow flaw was found in the way libxml2 decoded certain entities. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-5134)
It was found that the hashing routine used by libxml2 arrays was susceptible to predictable hash collisions. Sending a specially-crafted message to an XML service could result in longer processing time, which could lead to a denial of service. To mitigate this issue, randomization has been added to the hashing function to reduce the chance of an attacker successfully causing intentional collisions. (CVE-2012-0841)
Multiple flaws were found in the way libxml2 parsed certain XPath (XML Path Language) expressions. If an attacker were able to supply a specially-crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash. (CVE-2010-4008, CVE-2010-4494, CVE-2011-2821, CVE-2011-2834)
Two heap-based buffer overflow flaws were found in the way libxml2 decoded certain XML files. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-0216, CVE-2011-3102)
An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XPath expressions. If an attacker were able to supply a specially-crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash or, possibly, execute arbitrary code. (CVE-2011-1944)
An out-of-bounds memory read flaw was found in libxml2. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash. (CVE-2011-3905)
Red Hat would like to thank the Google Security Team for reporting the CVE-2010-4008 issue. Upstream acknowledges Bui Quang Minh from Bkis as the original reporter of CVE-2010-4008.
All users of mingw32-libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
- Solution:
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258
- Bugs fixed (http://bugzilla.redhat.com/):
645341 - CVE-2010-4008 libxml2: Crash (stack frame overflow or NULL pointer dereference) by traversal of XPath axis 665963 - CVE-2010-4494 libxml2: double-free in XPath processing code 709747 - CVE-2011-1944 libxml, libxml2: Heap-based buffer overflow by adding new namespace node to an existing nodeset or merging nodesets 724906 - CVE-2011-0216 libxml2: Off-by-one error leading to heap-based buffer overflow in encoding 735712 - CVE-2011-2821 libxml2: double free caused by malformed XPath expression in XSLT 735751 - CVE-2011-2834 libxml2: double-free caused by malformed XPath expression in XSLT 767387 - CVE-2011-3905 libxml2 out of bounds read 771896 - CVE-2011-3919 libxml2: Heap-based buffer overflow when decoding an entity reference with a long name 787067 - CVE-2012-0841 libxml2: hash table collisions CPU usage DoS 822109 - CVE-2011-3102 libxml: An off-by-one out-of-bounds write by XPointer part evaluation 880466 - CVE-2012-5134 libxml2: Heap-buffer-underflow in xmlParseAttValueComplex
- Package List:
Red Hat Enterprise Linux Desktop Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/mingw32-libxml2-2.7.6-6.el6_3.src.rpm
noarch: mingw32-libxml2-2.7.6-6.el6_3.noarch.rpm mingw32-libxml2-debuginfo-2.7.6-6.el6_3.noarch.rpm mingw32-libxml2-static-2.7.6-6.el6_3.noarch.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/mingw32-libxml2-2.7.6-6.el6_3.src.rpm
noarch: mingw32-libxml2-2.7.6-6.el6_3.noarch.rpm mingw32-libxml2-debuginfo-2.7.6-6.el6_3.noarch.rpm mingw32-libxml2-static-2.7.6-6.el6_3.noarch.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/mingw32-libxml2-2.7.6-6.el6_3.src.rpm
noarch: mingw32-libxml2-2.7.6-6.el6_3.noarch.rpm mingw32-libxml2-debuginfo-2.7.6-6.el6_3.noarch.rpm mingw32-libxml2-static-2.7.6-6.el6_3.noarch.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/mingw32-libxml2-2.7.6-6.el6_3.src.rpm
noarch: mingw32-libxml2-2.7.6-6.el6_3.noarch.rpm mingw32-libxml2-debuginfo-2.7.6-6.el6_3.noarch.rpm mingw32-libxml2-static-2.7.6-6.el6_3.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2010-4008.html https://www.redhat.com/security/data/cve/CVE-2010-4494.html https://www.redhat.com/security/data/cve/CVE-2011-0216.html https://www.redhat.com/security/data/cve/CVE-2011-1944.html https://www.redhat.com/security/data/cve/CVE-2011-2821.html https://www.redhat.com/security/data/cve/CVE-2011-2834.html https://www.redhat.com/security/data/cve/CVE-2011-3102.html https://www.redhat.com/security/data/cve/CVE-2011-3905.html https://www.redhat.com/security/data/cve/CVE-2011-3919.html https://www.redhat.com/security/data/cve/CVE-2012-0841.html https://www.redhat.com/security/data/cve/CVE-2012-5134.html https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFRCujqXlSAg2UNWIIRAq0HAJ41YXDqlCpJkg97YuQmaF2MqKDIpACgn5j7 sLTqWGtUMTYIUvLH8YXGFX4= =rOjB -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ============================================================================ Ubuntu Security Notice USN-1447-1 May 21, 2012
libxml2 vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS
- Ubuntu 8.04 LTS
Summary:
Applications using libxml2 could be made to crash or run programs as your login if they opened a specially crafted file.
Software Description: - libxml2: GNOME XML library
Details:
Juri Aedla discovered that libxml2 contained an off by one error in its XPointer functionality.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 12.04 LTS: libxml2 2.7.8.dfsg-5.1ubuntu4.1
Ubuntu 11.10: libxml2 2.7.8.dfsg-4ubuntu0.3
Ubuntu 11.04: libxml2 2.7.8.dfsg-2ubuntu0.4
Ubuntu 10.04 LTS: libxml2 2.7.6.dfsg-1ubuntu1.5
Ubuntu 8.04 LTS: libxml2 2.6.31.dfsg-2ubuntu1.9
After a standard system update you need to reboot your computer to make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
APPLE-SA-2013-09-20-1 Apple TV 6.0
Apple TV 6.0 is now available and addresses the following:
Apple TV Available for: Apple TV 2nd generation and later Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of JBIG2 encoded data in PDF files. This issue was addressed through additional bounds checking. CVE-ID CVE-2013-1025 : Felix Groebert of the Google Security Team
Apple TV Available for: Apple TV 2nd generation and later Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of Sorenson encoded movie files. This issue was addressed through improved bounds checking. CVE-ID CVE-2013-1019 : Tom Gallagher (Microsoft) & Paul Bates (Microsoft) working with HP's Zero Day Initiative
Apple TV Available for: Apple TV 2nd generation and later Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information Description: TrustWave, a trusted root CA, has issued, and subsequently revoked, a sub-CA certificate from one of its trusted anchors. This sub-CA facilitated the interception of communications secured by Transport Layer Security (TLS). This update added the involved sub-CA certificate to OS X's list of untrusted certificates. CVE-ID CVE-2013-5134
Apple TV Available for: Apple TV 2nd generation and later Impact: An attacker who has arbitrary code execution on a device may be able to persist code execution across reboots Description: Multiple buffer overflows existed in dyld's openSharedCacheFile() function. These issues were addressed through improved bounds checking. CVE-ID CVE-2013-3950 : Stefan Esser
Apple TV Available for: Apple TV 2nd generation and later Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of JPEG2000 encoded data in PDF files. This issue was addressed through additional bounds checking. CVE-ID CVE-2013-1026 : Felix Groebert of the Google Security Team
Apple TV Available for: Apple TV 2nd generation and later Impact: A malicious local application could cause an unexpected system termination Description: A null pointer dereference existed in IOCatalogue. The issue was addressed through additional type checking. CVE-ID CVE-2013-5138 : Will Estes
Apple TV Available for: Apple TV 2nd generation and later Impact: Executing a malicious application may result in arbitrary code execution within the kernel Description: An out of bounds array access existed in the IOSerialFamily driver. This issue was addressed through additional bounds checking. CVE-ID CVE-2013-5139 : @dent1zt
Apple TV Available for: Apple TV 2nd generation and later Impact: A remote attacker can cause a device to unexpectedly restart Description: Sending an invalid packet fragment to a device can cause a kernel assert to trigger, leading to a device restart. The issue was addressed through additional validation of packet fragments. CVE-ID CVE-2013-5140 : Joonas Kuorilehto of Codenomicon, an anonymous researcher working with CERT-FI, Antti LevomAki and Lauri Virtanen of Vulnerability Analysis Group, Stonesoft
Apple TV Available for: Apple TV 2nd generation and later Impact: An attacker on a local network can cause a denial of service Description: An attacker on a local network can send specially crafted IPv6 ICMP packets and cause high CPU load. The issue was addressed by rate limiting ICMP packets before verifying their checksum. CVE-ID CVE-2011-2391 : Marc Heuse
Apple TV Available for: Apple TV 2nd generation and later Impact: Kernel stack memory may be disclosed to local users Description: An information disclosure issue existed in the msgctl and segctl APIs. This issue was addressed by initializing data structures returned from the kernel. CVE-ID CVE-2013-5142 : Kenzley Alphonse of Kenx Technology, Inc
Apple TV Available for: Apple TV 2nd generation and later Impact: Unprivileged processes could get access to the contents of kernel memory which could lead to privilege escalation Description: An information disclosure issue existed in the mach_port_space_info API. This issue was addressed by initializing the iin_collision field in structures returned from the kernel. CVE-ID CVE-2013-3953 : Stefan Esser
Apple TV Available for: Apple TV 2nd generation and later Impact: Unprivileged processes may be able to cause an unexpected system termination or arbitrary code execution in the kernel Description: A memory corruption issue existed in the handling of arguments to the posix_spawn API. This issue was addressed through additional bounds checking. CVE-ID CVE-2013-3954 : Stefan Esser
Apple TV Available for: Apple TV 2nd generation and later Impact: An unauthorized process may modify the set of loaded kernel extensions Description: An issue existed in kextd's handling of IPC messages from unauthenticated senders. This issue was addressed by adding additional authorization checks. CVE-ID CVE-2013-5145 : "Rainbow PRISM"
Apple TV Available for: Apple TV 2nd generation and later Impact: Viewing a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in libxml. These issues were addressed by updating libxml to version 2.9.0. CVE-ID CVE-2011-3102 : Juri Aedla CVE-2012-0841 CVE-2012-2807 : Juri Aedla CVE-2012-5134 : Google Chrome Security Team (Juri Aedla)
Apple TV Available for: Apple TV 2nd generation and later Impact: Viewing a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in libxslt. These issues were addressed by updating libxslt to version 1.1.28. CVE-ID CVE-2012-2825 : Nicolas Gregoire CVE-2012-2870 : Nicolas Gregoire CVE-2012-2871 : Kai Lu of Fortinet's FortiGuard Labs, Nicolas Gregoire
Apple TV Available for: Apple TV 2nd generation and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2013-0879 : Atte Kettunen of OUSPG CVE-2013-0991 : Jay Civelli of the Chromium development community CVE-2013-0992 : Google Chrome Security Team (Martin Barbella) CVE-2013-0993 : Google Chrome Security Team (Inferno) CVE-2013-0994 : David German of Google CVE-2013-0995 : Google Chrome Security Team (Inferno) CVE-2013-0996 : Google Chrome Security Team (Inferno) CVE-2013-0997 : Vitaliy Toropov working with HP's Zero Day Initiative CVE-2013-0998 : pa_kt working with HP's Zero Day Initiative CVE-2013-0999 : pa_kt working with HP's Zero Day Initiative CVE-2013-1000 : Fermin J. Alternatively, you may manually check for software updates by selecting "Settings -> General -> Update Software".
To check the current version of software, select "Settings -> General -> About"
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201205-0195", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "iphone os", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "5.1" }, { "model": "iphone os", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "6.0" }, { "model": "iphone os", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "6.1.2" }, { "model": "iphone os", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "5.1.1" }, { "model": "iphone os", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "5.0" }, { "model": "iphone os", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "6.1" }, { "model": "iphone os", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "6.0.1" }, { "model": "iphone os", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "6.0.2" }, { "model": "iphone os", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "6.1.3" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "1.1.0" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "1.0.0" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "1.1.1" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "3.0.1" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "1.1.5" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "2.1.1" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "1.0.2" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "2.0.1" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "4.3.5" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "4.2.1" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "3.0" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "4.3.3" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "3.1" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "3.1.2" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "4.2.5" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "4.0.2" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "4.0" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "3.2.2" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "3.1.3" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "5.0.1" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "4.1" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "2.0" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "2.1" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "2.0.2" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "2.2.1" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "4.2.8" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "1.1.2" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "4.0.1" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "4.3.1" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "3.2" }, { "model": "chrome", "scope": "lte", "trust": 1.0, "vendor": "google", "version": "19.0.1084.45" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "1.1.3" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "2.0.0" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "2.2" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "4.3.0" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "4.3.2" }, { "model": "iphone os", "scope": "lte", "trust": 1.0, "vendor": "apple", "version": "6.1.4" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "1.0.1" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "1.1.4" }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "3.2.1" }, { "model": "chrome", "scope": "lt", "trust": 0.8, "vendor": "google", "version": "19.0.1084.46" }, { "model": "tv", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "6.0 (apple tv first 2 after generation )" }, { "model": "ios", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "7 (ipad 2 or later )" }, { "model": "ios", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "7 (iphone 4 or later )" }, { "model": "ios", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "7 (ipod touch first 5 after generation )" }, { "model": "itunes", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "11.1.4 (windows 7)" }, { "model": "itunes", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "11.1.4 (windows 8)" }, { "model": "itunes", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "11.1.4 (windows vista)" }, { "model": "itunes", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "11.1.4 (windows xp sp2 or later )" }, { "model": "iphone os", "scope": "eq", "trust": 0.6, "vendor": "apple", "version": "6.1.4" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2012-002426" }, { "db": "CNNVD", "id": "CNNVD-201205-257" }, { "db": "NVD", "id": "CVE-2011-3102" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:google:chrome", "vulnerable": true }, { "cpe22Uri": "cpe:/a:apple:apple_tv", "vulnerable": true }, { "cpe22Uri": "cpe:/o:apple:iphone_os", "vulnerable": true }, { "cpe22Uri": "cpe:/a:apple:itunes", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2012-002426" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apple", "sources": [ { "db": "PACKETSTORM", "id": "124932" }, { "db": "PACKETSTORM", "id": "123339" } ], "trust": 0.2 }, "cve": "CVE-2011-3102", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2011-3102", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.9, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-51047", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2011-3102", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2011-3102", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-201205-257", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-51047", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2011-3102", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-51047" }, { "db": "VULMON", "id": "CVE-2011-3102" }, { "db": "JVNDB", "id": "JVNDB-2012-002426" }, { "db": "CNNVD", "id": "CNNVD-201205-257" }, { "db": "NVD", "id": "CVE-2011-3102" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Off-by-one error in libxml2, as used in Google Chrome before 19.0.1084.46 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors. \n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.7.8.dfsg-2+squeeze4. \n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.7.8.dfsg-9.1. \n\nWe recommend that you upgrade your libxml2 packages. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. An\nattacker with a privileged network position may inject arbitrary\ncontents. This issue was addressed by using an encrypted HTTPS\nconnection to retrieve tutorials. The verification\n of md5 checksums and GPG signatures is performed automatically for you. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: mingw32-libxml2 security update\nAdvisory ID: RHSA-2013:0217-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2013-0217.html\nIssue date: 2013-01-31\nCVE Names: CVE-2010-4008 CVE-2010-4494 CVE-2011-0216 \n CVE-2011-1944 CVE-2011-2821 CVE-2011-2834 \n CVE-2011-3102 CVE-2011-3905 CVE-2011-3919 \n CVE-2012-0841 CVE-2012-5134 \n=====================================================================\n\n1. Summary:\n\nUpdated mingw32-libxml2 packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 6. This advisory also contains\ninformation about future updates for the mingw32 packages, as well as the\ndeprecation of the packages with the release of Red Hat\nEnterprise Linux 6.4. \n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop Optional (v. 6) - noarch\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - noarch\nRed Hat Enterprise Linux Server Optional (v. 6) - noarch\nRed Hat Enterprise Linux Workstation Optional (v. 6) - noarch\n\n3. Description:\n\nThese packages provide the libxml2 library, a development toolbox providing\nthe implementation of various XML standards, for users of MinGW (Minimalist\nGNU for Windows). \n\nIMPORTANT NOTE: The mingw32 packages in Red Hat Enterprise Linux 6 will no\nlonger be updated proactively and will be deprecated with the release of\nRed Hat Enterprise Linux 6.4. These packages were provided to support other\ncapabilities in Red Hat Enterprise Linux and were not intended for direct\ncustomer use. Customers are advised to not use these packages with\nimmediate effect. Future updates to these packages will be at Red Hat\u0027s\ndiscretion and these packages may be removed in a future minor release. \n\nA heap-based buffer overflow flaw was found in the way libxml2 decoded\nentity references with long names. A remote attacker could provide a\nspecially-crafted XML file that, when opened in an application linked\nagainst libxml2, would cause the application to crash or, potentially,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2011-3919)\n\nA heap-based buffer underflow flaw was found in the way libxml2 decoded\ncertain entities. A remote attacker could provide a specially-crafted XML\nfile that, when opened in an application linked against libxml2, would\ncause the application to crash or, potentially, execute arbitrary code with\nthe privileges of the user running the application. (CVE-2012-5134)\n\nIt was found that the hashing routine used by libxml2 arrays was\nsusceptible to predictable hash collisions. Sending a specially-crafted\nmessage to an XML service could result in longer processing time, which\ncould lead to a denial of service. To mitigate this issue, randomization\nhas been added to the hashing function to reduce the chance of an attacker\nsuccessfully causing intentional collisions. (CVE-2012-0841)\n\nMultiple flaws were found in the way libxml2 parsed certain XPath (XML Path\nLanguage) expressions. If an attacker were able to supply a\nspecially-crafted XML file to an application using libxml2, as well as an\nXPath expression for that application to run against the crafted file, it\ncould cause the application to crash. (CVE-2010-4008, CVE-2010-4494,\nCVE-2011-2821, CVE-2011-2834)\n\nTwo heap-based buffer overflow flaws were found in the way libxml2 decoded\ncertain XML files. A remote attacker could provide a specially-crafted XML\nfile that, when opened in an application linked against libxml2, would\ncause the application to crash or, potentially, execute arbitrary code with\nthe privileges of the user running the application. (CVE-2011-0216,\nCVE-2011-3102)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way libxml2 parsed certain XPath expressions. If an attacker\nwere able to supply a specially-crafted XML file to an application using\nlibxml2, as well as an XPath expression for that application to run against\nthe crafted file, it could cause the application to crash or, possibly,\nexecute arbitrary code. (CVE-2011-1944)\n\nAn out-of-bounds memory read flaw was found in libxml2. A remote attacker\ncould provide a specially-crafted XML file that, when opened in an\napplication linked against libxml2, would cause the application to crash. \n(CVE-2011-3905)\n\nRed Hat would like to thank the Google Security Team for reporting the\nCVE-2010-4008 issue. Upstream acknowledges Bui Quang Minh from Bkis as the\noriginal reporter of CVE-2010-4008. \n\nAll users of mingw32-libxml2 are advised to upgrade to these updated\npackages, which contain backported patches to correct these issues. \n\n4. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n645341 - CVE-2010-4008 libxml2: Crash (stack frame overflow or NULL pointer dereference) by traversal of XPath axis\n665963 - CVE-2010-4494 libxml2: double-free in XPath processing code\n709747 - CVE-2011-1944 libxml, libxml2: Heap-based buffer overflow by adding new namespace node to an existing nodeset or merging nodesets\n724906 - CVE-2011-0216 libxml2: Off-by-one error leading to heap-based buffer overflow in encoding\n735712 - CVE-2011-2821 libxml2: double free caused by malformed XPath expression in XSLT\n735751 - CVE-2011-2834 libxml2: double-free caused by malformed XPath expression in XSLT\n767387 - CVE-2011-3905 libxml2 out of bounds read\n771896 - CVE-2011-3919 libxml2: Heap-based buffer overflow when decoding an entity reference with a long name\n787067 - CVE-2012-0841 libxml2: hash table collisions CPU usage DoS\n822109 - CVE-2011-3102 libxml: An off-by-one out-of-bounds write by XPointer part evaluation\n880466 - CVE-2012-5134 libxml2: Heap-buffer-underflow in xmlParseAttValueComplex\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/mingw32-libxml2-2.7.6-6.el6_3.src.rpm\n\nnoarch:\nmingw32-libxml2-2.7.6-6.el6_3.noarch.rpm\nmingw32-libxml2-debuginfo-2.7.6-6.el6_3.noarch.rpm\nmingw32-libxml2-static-2.7.6-6.el6_3.noarch.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/mingw32-libxml2-2.7.6-6.el6_3.src.rpm\n\nnoarch:\nmingw32-libxml2-2.7.6-6.el6_3.noarch.rpm\nmingw32-libxml2-debuginfo-2.7.6-6.el6_3.noarch.rpm\nmingw32-libxml2-static-2.7.6-6.el6_3.noarch.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/mingw32-libxml2-2.7.6-6.el6_3.src.rpm\n\nnoarch:\nmingw32-libxml2-2.7.6-6.el6_3.noarch.rpm\nmingw32-libxml2-debuginfo-2.7.6-6.el6_3.noarch.rpm\nmingw32-libxml2-static-2.7.6-6.el6_3.noarch.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/mingw32-libxml2-2.7.6-6.el6_3.src.rpm\n\nnoarch:\nmingw32-libxml2-2.7.6-6.el6_3.noarch.rpm\nmingw32-libxml2-debuginfo-2.7.6-6.el6_3.noarch.rpm\nmingw32-libxml2-static-2.7.6-6.el6_3.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2010-4008.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-4494.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-0216.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-1944.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-2821.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-2834.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3102.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3905.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3919.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0841.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-5134.html\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2013 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFRCujqXlSAg2UNWIIRAq0HAJ41YXDqlCpJkg97YuQmaF2MqKDIpACgn5j7\nsLTqWGtUMTYIUvLH8YXGFX4=\n=rOjB\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. ============================================================================\nUbuntu Security Notice USN-1447-1\nMay 21, 2012\n\nlibxml2 vulnerability\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 12.04 LTS\n- Ubuntu 11.10\n- Ubuntu 11.04\n- Ubuntu 10.04 LTS\n- Ubuntu 8.04 LTS\n\nSummary:\n\nApplications using libxml2 could be made to crash or run programs as your\nlogin if they opened a specially crafted file. \n\nSoftware Description:\n- libxml2: GNOME XML library\n\nDetails:\n\nJuri Aedla discovered that libxml2 contained an off by one error in its\nXPointer functionality. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 12.04 LTS:\n libxml2 2.7.8.dfsg-5.1ubuntu4.1\n\nUbuntu 11.10:\n libxml2 2.7.8.dfsg-4ubuntu0.3\n\nUbuntu 11.04:\n libxml2 2.7.8.dfsg-2ubuntu0.4\n\nUbuntu 10.04 LTS:\n libxml2 2.7.6.dfsg-1ubuntu1.5\n\nUbuntu 8.04 LTS:\n libxml2 2.6.31.dfsg-2ubuntu1.9\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2013-09-20-1 Apple TV 6.0\n\nApple TV 6.0 is now available and addresses the following:\n\nApple TV\nAvailable for: Apple TV 2nd generation and later\nImpact: Viewing a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in the handling of JBIG2\nencoded data in PDF files. This issue was addressed through\nadditional bounds checking. \nCVE-ID\nCVE-2013-1025 : Felix Groebert of the Google Security Team\n\nApple TV\nAvailable for: Apple TV 2nd generation and later\nImpact: Playing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in the handling of Sorenson\nencoded movie files. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2013-1019 : Tom Gallagher (Microsoft) \u0026 Paul Bates (Microsoft)\nworking with HP\u0027s Zero Day Initiative\n\nApple TV\nAvailable for: Apple TV 2nd generation and later\nImpact: An attacker with a privileged network position may intercept\nuser credentials or other sensitive information\nDescription: TrustWave, a trusted root CA, has issued, and\nsubsequently revoked, a sub-CA certificate from one of its trusted\nanchors. This sub-CA facilitated the interception of communications\nsecured by Transport Layer Security (TLS). This update added the\ninvolved sub-CA certificate to OS X\u0027s list of untrusted certificates. \nCVE-ID\nCVE-2013-5134\n\nApple TV\nAvailable for: Apple TV 2nd generation and later\nImpact: An attacker who has arbitrary code execution on a device may\nbe able to persist code execution across reboots\nDescription: Multiple buffer overflows existed in dyld\u0027s\nopenSharedCacheFile() function. These issues were addressed through\nimproved bounds checking. \nCVE-ID\nCVE-2013-3950 : Stefan Esser\n\nApple TV\nAvailable for: Apple TV 2nd generation and later\nImpact: Viewing a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in the handling of JPEG2000\nencoded data in PDF files. This issue was addressed through\nadditional bounds checking. \nCVE-ID\nCVE-2013-1026 : Felix Groebert of the Google Security Team\n\nApple TV\nAvailable for: Apple TV 2nd generation and later\nImpact: A malicious local application could cause an unexpected\nsystem termination\nDescription: A null pointer dereference existed in IOCatalogue. \nThe issue was addressed through additional type checking. \nCVE-ID\nCVE-2013-5138 : Will Estes\n\nApple TV\nAvailable for: Apple TV 2nd generation and later\nImpact: Executing a malicious application may result in arbitrary\ncode execution within the kernel\nDescription: An out of bounds array access existed in the\nIOSerialFamily driver. This issue was addressed through additional\nbounds checking. \nCVE-ID\nCVE-2013-5139 : @dent1zt\n\nApple TV\nAvailable for: Apple TV 2nd generation and later\nImpact: A remote attacker can cause a device to unexpectedly restart\nDescription: Sending an invalid packet fragment to a device can\ncause a kernel assert to trigger, leading to a device restart. The\nissue was addressed through additional validation of packet\nfragments. \nCVE-ID\nCVE-2013-5140 : Joonas Kuorilehto of Codenomicon, an anonymous\nresearcher working with CERT-FI, Antti LevomAki and Lauri Virtanen\nof Vulnerability Analysis Group, Stonesoft\n\nApple TV\nAvailable for: Apple TV 2nd generation and later\nImpact: An attacker on a local network can cause a denial of service\nDescription: An attacker on a local network can send specially\ncrafted IPv6 ICMP packets and cause high CPU load. The issue was\naddressed by rate limiting ICMP packets before verifying their\nchecksum. \nCVE-ID\nCVE-2011-2391 : Marc Heuse\n\nApple TV\nAvailable for: Apple TV 2nd generation and later\nImpact: Kernel stack memory may be disclosed to local users\nDescription: An information disclosure issue existed in the msgctl\nand segctl APIs. This issue was addressed by initializing data\nstructures returned from the kernel. \nCVE-ID\nCVE-2013-5142 : Kenzley Alphonse of Kenx Technology, Inc\n\nApple TV\nAvailable for: Apple TV 2nd generation and later\nImpact: Unprivileged processes could get access to the contents of\nkernel memory which could lead to privilege escalation\nDescription: An information disclosure issue existed in the\nmach_port_space_info API. This issue was addressed by initializing\nthe iin_collision field in structures returned from the kernel. \nCVE-ID\nCVE-2013-3953 : Stefan Esser\n\nApple TV\nAvailable for: Apple TV 2nd generation and later\nImpact: Unprivileged processes may be able to cause an unexpected\nsystem termination or arbitrary code execution in the kernel\nDescription: A memory corruption issue existed in the handling of\narguments to the posix_spawn API. This issue was addressed through\nadditional bounds checking. \nCVE-ID\nCVE-2013-3954 : Stefan Esser\n\nApple TV\nAvailable for: Apple TV 2nd generation and later\nImpact: An unauthorized process may modify the set of loaded kernel\nextensions\nDescription: An issue existed in kextd\u0027s handling of IPC messages\nfrom unauthenticated senders. This issue was addressed by adding\nadditional authorization checks. \nCVE-ID\nCVE-2013-5145 : \"Rainbow PRISM\"\n\nApple TV\nAvailable for: Apple TV 2nd generation and later\nImpact: Viewing a maliciously crafted web page may lead to an\nunexpected application termination or arbitrary code execution\nDescription: Multiple memory corruption issues existed in libxml. \nThese issues were addressed by updating libxml to version 2.9.0. \nCVE-ID\nCVE-2011-3102 : Juri Aedla\nCVE-2012-0841\nCVE-2012-2807 : Juri Aedla\nCVE-2012-5134 : Google Chrome Security Team (Juri Aedla)\n\nApple TV\nAvailable for: Apple TV 2nd generation and later\nImpact: Viewing a maliciously crafted web page may lead to an\nunexpected application termination or arbitrary code execution\nDescription: Multiple memory corruption issues existed in libxslt. \nThese issues were addressed by updating libxslt to version 1.1.28. \nCVE-ID\nCVE-2012-2825 : Nicolas Gregoire\nCVE-2012-2870 : Nicolas Gregoire\nCVE-2012-2871 : Kai Lu of Fortinet\u0027s FortiGuard Labs, Nicolas\nGregoire\n\nApple TV\nAvailable for: Apple TV 2nd generation and later\nImpact: Visiting a maliciously crafted website may lead to an\nunexpected application termination or arbitrary code execution\nDescription: Multiple memory corruption issues existed in WebKit. \nThese issues were addressed through improved memory handling. \nCVE-ID\nCVE-2013-0879 : Atte Kettunen of OUSPG\nCVE-2013-0991 : Jay Civelli of the Chromium development community\nCVE-2013-0992 : Google Chrome Security Team (Martin Barbella)\nCVE-2013-0993 : Google Chrome Security Team (Inferno)\nCVE-2013-0994 : David German of Google\nCVE-2013-0995 : Google Chrome Security Team (Inferno)\nCVE-2013-0996 : Google Chrome Security Team (Inferno)\nCVE-2013-0997 : Vitaliy Toropov working with HP\u0027s Zero Day Initiative\nCVE-2013-0998 : pa_kt working with HP\u0027s Zero Day Initiative\nCVE-2013-0999 : pa_kt working with HP\u0027s Zero Day Initiative\nCVE-2013-1000 : Fermin J. Alternatively,\nyou may manually check for software updates by selecting\n\"Settings -\u003e General -\u003e Update Software\". \n\nTo check the current version of software, select\n\"Settings -\u003e General -\u003e About\"", "sources": [ { "db": "NVD", "id": "CVE-2011-3102" }, { "db": "JVNDB", "id": "JVNDB-2012-002426" }, { "db": "VULHUB", "id": "VHN-51047" }, { "db": "VULMON", "id": "CVE-2011-3102" }, { "db": "PACKETSTORM", "id": "112989" }, { "db": "PACKETSTORM", "id": "124932" }, { "db": "PACKETSTORM", "id": "121130" }, { "db": "PACKETSTORM", "id": "119960" }, { "db": "PACKETSTORM", "id": "112910" }, { "db": "PACKETSTORM", "id": "114014" }, { "db": "PACKETSTORM", "id": "123339" } ], "trust": 2.43 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2011-3102", "trust": 3.3 }, { "db": "SECUNIA", "id": "49243", "trust": 1.2 }, { "db": "SECUNIA", "id": "54886", "trust": 1.2 }, { "db": "SECUNIA", "id": "50658", "trust": 1.2 }, { "db": "SECUNIA", "id": "55568", "trust": 1.2 }, { "db": "BID", "id": "53540", "trust": 1.2 }, { "db": "SECTRACK", "id": "1027067", "trust": 1.1 }, { "db": "JVN", "id": "JVNVU98681940", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU95174988", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU94321146", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2012-002426", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201205-257", "trust": 0.7 }, { "db": "NSFOCUS", "id": "19635", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "112910", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "112989", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "114014", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "124932", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "116647", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "114580", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-51047", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2011-3102", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "121130", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "119960", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "123339", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-51047" }, { "db": "VULMON", "id": "CVE-2011-3102" }, { "db": "JVNDB", "id": "JVNDB-2012-002426" }, { "db": "PACKETSTORM", "id": "112989" }, { "db": "PACKETSTORM", "id": "124932" }, { "db": "PACKETSTORM", "id": "121130" }, { "db": "PACKETSTORM", "id": "119960" }, { "db": "PACKETSTORM", "id": "112910" }, { "db": "PACKETSTORM", "id": "114014" }, { "db": "PACKETSTORM", "id": "123339" }, { "db": "CNNVD", "id": "CNNVD-201205-257" }, { "db": "NVD", "id": "CVE-2011-3102" } ] }, "id": "VAR-201205-0195", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-51047" } ], "trust": 0.01 }, "last_update_date": "2024-11-29T19:41:44.287000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "APPLE-SA-2013-10-22-8", "trust": 1.6, "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html" }, { "title": "APPLE-SA-2013-09-18-2", "trust": 0.8, "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html" }, { "title": "HT5935", "trust": 0.8, "url": "http://support.apple.com/kb/HT5935" }, { "title": "HT6001", "trust": 0.8, "url": "http://support.apple.com/kb/HT6001" }, { "title": "HT5934", "trust": 0.8, "url": "http://support.apple.com/kb/HT5934" }, { "title": "HT5934", "trust": 0.8, "url": "http://support.apple.com/kb/HT5934?viewlocale=ja_JP" }, { "title": "HT5935", "trust": 0.8, "url": "http://support.apple.com/kb/HT5935?viewlocale=ja_JP" }, { "title": "HT6011", "trust": 0.8, "url": "http://support.apple.com/kb/HT6001?viewlocale=ja_JP" }, { "title": "Issue 125462", "trust": 0.8, "url": "http://code.google.com/p/chromium/issues/detail?id=125462" }, { "title": "Stable Channel Update", "trust": 0.8, "url": "http://googlechromereleases.blogspot.com/2012/05/stable-channel-update.html" }, { "title": "Google Chrome", "trust": 0.8, "url": "http://www.google.co.jp/chrome/intl/ja/landing_ff_yt.html?hl=ja\u0026hl=ja" }, { "title": "RHSA-2013:0217", "trust": 0.8, "url": "http://rhn.redhat.com/errata/RHSA-2013-0217.html" }, { "title": "MDVSA-2013:056", "trust": 0.8, "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:056" }, { "title": "MDVSA-2012:098", "trust": 0.8, "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:098" }, { "title": "CVE-2011-3102 Numeric Errors vulnerability in libxml2", "trust": 0.8, "url": "http://blogs.oracle.com/sunsecurity/entry/cve_2011_3102_numeric_errors" }, { "title": "XRX13-003", "trust": 0.8, "url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf" }, { "title": "Red Hat: Moderate: libxml2 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20121288 - Security Advisory" }, { "title": "Ubuntu Security Notice: libxml2 vulnerability", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1447-1" }, { "title": "Debian CVElist Bug Report Logs: CVE-2011-3102", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=95f6eb00690ae8404917a41a2d6e121e" }, { "title": "Debian Security Advisories: DSA-2479-1 libxml2 -- off-by-one", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=316dc5145bb3d45f6fb1f8c911c8a33f" }, { "title": "Amazon Linux AMI: ALAS-2012-134", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2012-134" }, { "title": "VMware Security Advisories: VMware vSphere security updates for the authentication service and third party libraries", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories\u0026qid=4b5e3f2420b6e62eeeabf7f83f5bb496" } ], "sources": [ { "db": "VULMON", "id": "CVE-2011-3102" }, { "db": "JVNDB", "id": "JVNDB-2012-002426" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-189", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-51047" }, { "db": "JVNDB", "id": "JVNDB-2012-002426" }, { "db": "NVD", "id": "CVE-2011-3102" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "http://code.google.com/p/chromium/issues/detail?id=125462" }, { "trust": 1.8, "url": "http://googlechromereleases.blogspot.com/2012/05/stable-channel-update.html" }, { "trust": 1.3, "url": "http://rhn.redhat.com/errata/rhsa-2013-0217.html" }, { "trust": 1.2, "url": "http://lists.apple.com/archives/security-announce/2013/sep/msg00006.html" }, { "trust": 1.2, "url": "http://lists.apple.com/archives/security-announce/2013/oct/msg00009.html" }, { "trust": 1.2, "url": "http://www.securityfocus.com/bid/53540" }, { "trust": 1.2, "url": "http://support.apple.com/kb/ht5934" }, { "trust": 1.2, "url": "http://support.apple.com/kb/ht6001" }, { "trust": 1.2, "url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_xrx13-003_v1.0.pdf" }, { "trust": 1.2, "url": "http://www.debian.org/security/2012/dsa-2479" }, { "trust": 1.2, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2012:098" }, { "trust": 1.2, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2013:056" }, { "trust": 1.2, "url": "http://www.securitytracker.com/id?1027067" }, { "trust": 1.2, "url": "http://secunia.com/advisories/49243" }, { "trust": 1.2, "url": "http://secunia.com/advisories/50658" }, { "trust": 1.2, "url": "http://secunia.com/advisories/54886" }, { "trust": 1.2, "url": "http://secunia.com/advisories/55568" }, { "trust": 1.2, "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html" }, { "trust": 1.2, "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00017.html" }, { "trust": 1.2, "url": "https://lists.opensuse.org/opensuse-updates/2012-06/msg00011.html" }, { "trust": 1.2, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75607" }, { "trust": 1.0, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3102" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu98681940/index.html" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu95174988/" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu94321146/" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3102" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3102" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/19635" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-5134" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0841" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2807" }, { "trust": 0.2, "url": "http://support.apple.com/kb/ht1222" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2825" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2871" }, { "trust": 0.2, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2870" }, { "trust": 0.2, "url": "http://gpgtools.org" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/189.html" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2012:1288" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/1447-1/" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=26947" }, { "trust": 0.1, "url": "http://secunia.com/" }, { "trust": 0.1, "url": "http://www.debian.org/security/faq" }, { "trust": 0.1, "url": "http://www.debian.org/security/" }, { "trust": 0.1, "url": "http://lists.grok.org.uk/full-disclosure-charter.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1039" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1045" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1024" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-5125" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1043" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1041" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1040" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1038" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-5126" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1044" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1042" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1046" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1047" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-5127" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2842" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1242" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-5128" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1037" }, { "trust": 0.1, "url": "http://www.apple.com/itunes/download/" }, { "trust": 0.1, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=912400" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0338" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0338" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2807" }, { "trust": 0.1, "url": "http://www.mandriva.com/en/support/security/" }, { "trust": 0.1, "url": "http://www.mandriva.com/en/support/security/advisories/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-5134" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-2834.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5134.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2834" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2010-4494.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3919" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3905" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4008" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1944" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.1, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-3102.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-1944.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-3919.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4494" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-2821.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-3905.html" }, { "trust": 0.1, "url": "https://access.redhat.com/knowledge/articles/11258" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0216" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2821" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/key/#package" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0841.html" }, { "trust": 0.1, "url": "http://bugzilla.redhat.com/):" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0216.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2010-4008.html" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/libxml2/2.7.8.dfsg-4ubuntu0.3" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/libxml2/2.6.31.dfsg-2ubuntu1.9" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/libxml2/2.7.8.dfsg-2ubuntu0.4" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/libxml2/2.7.6.dfsg-1ubuntu1.5" }, { "trust": 0.1, "url": "http://www.ubuntu.com/usn/usn-1447-1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/libxml2/2.7.8.dfsg-5.1ubuntu4.1" }, { "trust": 0.1, "url": "http://www.mandriva.com/security/advisories" }, { "trust": 0.1, "url": "http://www.mandriva.com/security/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0997" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0996" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0879" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1000" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1010" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1001" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0995" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0992" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1003" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1005" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2391" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1002" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0993" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1004" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0991" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0999" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0994" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1007" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0998" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1006" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1008" } ], "sources": [ { "db": "VULHUB", "id": "VHN-51047" }, { "db": "VULMON", "id": "CVE-2011-3102" }, { "db": "JVNDB", "id": "JVNDB-2012-002426" }, { "db": "PACKETSTORM", "id": "112989" }, { "db": "PACKETSTORM", "id": "124932" }, { "db": "PACKETSTORM", "id": "121130" }, { "db": "PACKETSTORM", "id": "119960" }, { "db": "PACKETSTORM", "id": "112910" }, { "db": "PACKETSTORM", "id": "114014" }, { "db": "PACKETSTORM", "id": "123339" }, { "db": "CNNVD", "id": "CNNVD-201205-257" }, { "db": "NVD", "id": "CVE-2011-3102" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-51047" }, { "db": "VULMON", "id": "CVE-2011-3102" }, { "db": "JVNDB", "id": "JVNDB-2012-002426" }, { "db": "PACKETSTORM", "id": "112989" }, { "db": "PACKETSTORM", "id": "124932" }, { "db": "PACKETSTORM", "id": "121130" }, { "db": "PACKETSTORM", "id": "119960" }, { "db": "PACKETSTORM", "id": "112910" }, { "db": "PACKETSTORM", "id": "114014" }, { "db": "PACKETSTORM", "id": "123339" }, { "db": "CNNVD", "id": "CNNVD-201205-257" }, { "db": "NVD", "id": "CVE-2011-3102" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2012-05-16T00:00:00", "db": "VULHUB", "id": "VHN-51047" }, { "date": "2012-05-16T00:00:00", "db": "VULMON", "id": "CVE-2011-3102" }, { "date": "2012-05-17T00:00:00", "db": "JVNDB", "id": "JVNDB-2012-002426" }, { "date": "2012-05-24T02:22:30", "db": "PACKETSTORM", "id": "112989" }, { "date": "2014-01-24T01:33:33", "db": "PACKETSTORM", "id": "124932" }, { "date": "2013-04-08T20:28:39", "db": "PACKETSTORM", "id": "121130" }, { "date": "2013-02-01T03:30:19", "db": "PACKETSTORM", "id": "119960" }, { "date": "2012-05-22T00:25:14", "db": "PACKETSTORM", "id": "112910" }, { "date": "2012-06-21T15:34:44", "db": "PACKETSTORM", "id": "114014" }, { "date": "2013-09-20T20:54:13", "db": "PACKETSTORM", "id": "123339" }, { "date": "2012-05-16T00:00:00", "db": "CNNVD", "id": "CNNVD-201205-257" }, { "date": "2012-05-16T00:55:03.683000", "db": "NVD", "id": "CVE-2011-3102" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-12-29T00:00:00", "db": "VULHUB", "id": "VHN-51047" }, { "date": "2017-12-29T00:00:00", "db": "VULMON", "id": "CVE-2011-3102" }, { "date": "2014-02-03T00:00:00", "db": "JVNDB", "id": "JVNDB-2012-002426" }, { "date": "2012-05-16T00:00:00", "db": "CNNVD", "id": "CNNVD-201205-257" }, { "date": "2024-11-21T01:29:44.210000", "db": "NVD", "id": "CVE-2011-3102" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "121130" }, { "db": "PACKETSTORM", "id": "114014" }, { "db": "CNNVD", "id": "CNNVD-201205-257" } ], "trust": 0.8 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Google Chrome Used in libxml2 One-off error vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2012-002426" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "digital error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201205-257" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.