var-201603-0206
Vulnerability from variot
The History implementation in WebKit in Apple iOS before 9.3, Safari before 9.1, and tvOS before 9.2 allows remote attackers to cause a denial of service (resource consumption and application crash) via a crafted web site. Apple iOS , Safari ,and tvOS Used in etc. WebKit is prone to multiple unspecified memory-corruption vulnerabilities and an unspecified denial-of-service vulnerability. An attacker may exploit these issues by enticing victims into viewing a malicious webpage. Successful exploits will allow attackers to execute arbitrary code in the context of the affected browser or cause resource exhaustion; other attacks may also be possible. in the United States. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems; tvOS is a smart TV operating system. WebKit is an open source web browser engine developed by the KDE community and is currently used by browsers such as Apple Safari and Google Chrome. There are security vulnerabilities in the implementation of History in WebKit of several Apple products. The following products and versions are affected: Apple iOS versions prior to 9.3, Safari versions prior to 9.1, and tvOS versions prior to 9.2. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
APPLE-SA-2016-03-21-3 tvOS 9.2
tvOS 9.2 is now available and addresses the following:
FontParser Available for: Apple TV (4th generation) Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1740 : HappilyCoded (ant4g0nist and r3dsm0k3) working with Trend Micro's Zero Day Initiative (ZDI)
HTTPProtocol Available for: Apple TV (4th generation) Impact: A remote attacker may be able to execute arbitrary code Description: Multiple vulnerabilities existed in nghttp2 versions prior to 1.6.0, the most serious of which may have led to remote code execution. These were addressed by updating nghttp2 to version 1.6.0. CVE-ID CVE-2015-8659
IOHIDFamily Available for: Apple TV (4th generation) Impact: An application may be able to determine kernel memory layout Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1748 : Brandon Azad
Kernel Available for: Apple TV (4th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed through improved memory management. CVE-ID CVE-2016-1750 : CESG
Kernel Available for: Apple TV (4th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple integer overflows were addressed through improved input validation. CVE-ID CVE-2016-1753 : Juwei Lin Trend Micro working with Trend Micro's Zero Day Initiative (ZDI)
Kernel Available for: Apple TV (4th generation) Impact: An application may be able to bypass code signing Description: A permissions issue existed in which execute permission was incorrectly granted. This issue was addressed through improved permission validation. CVE-ID CVE-2016-1751 : Eric Monti of Square Mobile Security
Kernel Available for: Apple TV (4th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1754 : Lufeng Li of Qihoo 360 Vulcan Team CVE-2016-1755 : Ian Beer of Google Project Zero
Kernel Available for: Apple TV (4th generation) Impact: An application may be able to cause a denial of service Description: A denial of service issue was addressed through improved validation. CVE-ID CVE-2016-1752 : CESG
libxml2 Available for: Apple TV (4th generation) Impact: Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2015-1819 CVE-2015-5312 : David Drysdale of Google CVE-2015-7499 CVE-2015-7500 : Kostya Serebryany of Google CVE-2015-7942 : Kostya Serebryany of Google CVE-2015-8035 : gustavo.grieco CVE-2015-8242 : Hugh Davenport CVE-2016-1762
Security Available for: Apple TV (4th generation) Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution Description: A memory corruption issue existed in the ASN.1 decoder. This issue was addressed through improved input validation. CVE-ID CVE-2016-1950 : Francis Gabriel of Quarkslab
TrueTypeScaler Available for: Apple TV (4th generation) Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2016-1775 : 0x1byte working with Trend Micro's Zero Day Initiative (ZDI)
WebKit Available for: Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1784 : Moony Li and Jack Tang of TrendMicro and 李普君 of 无声信息技术PKAV Team (PKAV.net)
Wi-Fi Available for: Apple TV (4th generation) Impact: An attacker with a privileged network position may be able to execute arbitrary code Description: A frame validation and memory corruption issue existed for a given ethertype. This issue was addressed through additional ethertype validation and improved memory handling. CVE-ID CVE-2016-0801 : an anonymous researcher CVE-2016-0802 : an anonymous researcher
Installation note:
Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> System -> Software Update -> Update Software.".
To check the current version of software, select "Settings -> General -> About".
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJW8JP8AAoJEBcWfLTuOo7tR/kP/RD4JRXU2YPUzW1uW8wZp/uE v9ezAlKGUpUwjkRd2CFt7hb1AO1Eic2BSRpmElWmet+LKOmm6E1AUJWzjB/3/8rl xA/KFLamFu7avei6OZEaRwHAYzCmqE9OZT6PjJNSxNpFhcXsk3pr88Mt+L6QNsVE 2Fvx986a1Y4qlpQBREnfXfOzYKNBHBdO8t0XzjECyWzbB9mXgCx9sgj22Ia/L10M B+vDQhi55M46NgbImCNp3ix5XD+zHQabLQ/rTtMe3fkWZMa6uCdFRzEac0E7FR/h QW04J3P+nSiuTWyYddGsFpTs0SPDPhUPa7WwQwOTIOZjHjh9NMyqCediQYbO1FhE 4MqjuQg+vYHljTeAPZQydCqGoTj+sbGQqSg07oa0PVPanNaSZoJPHUnxvnmP/kWQ BL9UwECdbfjTG65mDHZ9OmDZTLLSZX5FZ03cXd+/VkELRinIO5kMyc3RMIVHlkma Vua8/5Nh7pcRUoRtw46TJn0pFih6GOyZzow4sonZoUAT/wHQRR5WSJw/aWuwhurG ErAFG/vUjyKdYDc7o8394kefn1cpl0PbBtpa2IvDcig1dzTF0iWmlhNI8TMeqPQr lNVS1pW1F8FqMCGFPmBoKaJGJckYz5QI7XCddBhxtBxwDeZS8PjmsQ01MlDe9RaL EKY5qeXLPmBhjG354Sz2 =qtHe -----END PGP SIGNATURE----- . CVE-ID CVE-2016-1762
Safari Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 to v10.11.3 Impact: Visiting a malicious website may lead to user interface spoofing Description: An issue existed where the text of a dialog included page-supplied text. CVE-ID CVE-2016-1771 : Russ Cox
Safari Top Sites Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 to v10.11.3 Impact: A website may be able to track sensitive user information Description: A cookie storage issue existed in the Top Sites page. CVE-ID CVE-2016-1772 : WoofWagly
WebKit Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 to v10.11.3 Impact: A website may be able to track sensitive user information Description: An issue existed in the handling of attachment URLs. CVE-ID CVE-2016-1781 : Devdatta Akhawe of Dropbox, Inc. CVE-ID CVE-2016-1782 : Muneaki Nishimura (nishimunea) of Recruit Technologies Co.,Ltd.
WebKit Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 to v10.11.3 Impact: Visiting a maliciously crafted website may reveal a user's current location Description: An issue existed in the parsing of geolocation requests. CVE-ID CVE-2016-1785 : an anonymous researcher
WebKit Page Loading Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 to v10.11.3 Impact: Visiting a malicious website may lead to user interface spoofing Description: Redirect responses may have allowed a malicious website to display an arbitrary URL and read cached contents of the destination origin. CVE-ID CVE-2016-1786 : ma.la of LINE Corporation
Installation note:
Safari 9.1 may be obtained from the Mac App Store
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201603-0206",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "safari",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "9.1"
},
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "9.3"
},
{
"model": "tvos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "9.2"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "9.3 (ipad 2 or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "9.3 (iphone 4s or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "9.3 (ipod touch first 5 after generation )"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "9.1 (os x el capitan v10.11.4)"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "9.1 (os x mavericks v10.9.5)"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "9.1 (os x yosemite v10.10.5)"
},
{
"model": "tvos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "9.2 (apple tv first 4 generation )"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "9.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "9.2.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "9.0.3"
},
{
"model": "open source project webkit",
"scope": "eq",
"trust": 0.3,
"vendor": "webkit",
"version": "0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.6"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.3.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.3.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.2.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.2.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.2.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.7"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3"
},
{
"model": "ipod touch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "ipad",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.9"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.8"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.7"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.10"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0"
}
],
"sources": [
{
"db": "BID",
"id": "85062"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001861"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-376"
},
{
"db": "NVD",
"id": "CVE-2016-1784"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:apple:iphone_os",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:apple:safari",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:apple_tv",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001861"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mihai Parparita of Google and Moony Li and Jack Tang of TrendMicro",
"sources": [
{
"db": "BID",
"id": "85062"
}
],
"trust": 0.3
},
"cve": "CVE-2016-1784",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2016-1784",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-90603",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2016-1784",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-1784",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-1784",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201603-376",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-90603",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90603"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001861"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-376"
},
{
"db": "NVD",
"id": "CVE-2016-1784"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The History implementation in WebKit in Apple iOS before 9.3, Safari before 9.1, and tvOS before 9.2 allows remote attackers to cause a denial of service (resource consumption and application crash) via a crafted web site. Apple iOS , Safari ,and tvOS Used in etc. WebKit is prone to multiple unspecified memory-corruption vulnerabilities and an unspecified denial-of-service vulnerability. \nAn attacker may exploit these issues by enticing victims into viewing a malicious webpage. \nSuccessful exploits will allow attackers to execute arbitrary code in the context of the affected browser or cause resource exhaustion; other attacks may also be possible. in the United States. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems; tvOS is a smart TV operating system. WebKit is an open source web browser engine developed by the KDE community and is currently used by browsers such as Apple Safari and Google Chrome. There are security vulnerabilities in the implementation of History in WebKit of several Apple products. The following products and versions are affected: Apple iOS versions prior to 9.3, Safari versions prior to 9.1, and tvOS versions prior to 9.2. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2016-03-21-3 tvOS 9.2\n\ntvOS 9.2 is now available and addresses the following:\n\nFontParser\nAvailable for: Apple TV (4th generation)\nImpact: Opening a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue was addressed through\nimproved memory handling. \nCVE-ID\nCVE-2016-1740 : HappilyCoded (ant4g0nist and r3dsm0k3) working with\nTrend Micro\u0027s Zero Day Initiative (ZDI)\n\nHTTPProtocol\nAvailable for: Apple TV (4th generation)\nImpact: A remote attacker may be able to execute arbitrary code\nDescription: Multiple vulnerabilities existed in nghttp2 versions\nprior to 1.6.0, the most serious of which may have led to remote code\nexecution. These were addressed by updating nghttp2 to version 1.6.0. \nCVE-ID\nCVE-2015-8659\n\nIOHIDFamily\nAvailable for: Apple TV (4th generation)\nImpact: An application may be able to determine kernel memory layout\nDescription: A memory corruption issue was addressed through\nimproved memory handling. \nCVE-ID\nCVE-2016-1748 : Brandon Azad\n\nKernel\nAvailable for: Apple TV (4th generation)\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed through improved\nmemory management. \nCVE-ID\nCVE-2016-1750 : CESG\n\nKernel\nAvailable for: Apple TV (4th generation)\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple integer overflows were addressed through\nimproved input validation. \nCVE-ID\nCVE-2016-1753 : Juwei Lin Trend Micro working with Trend Micro\u0027s Zero\nDay Initiative (ZDI)\n\nKernel\nAvailable for: Apple TV (4th generation)\nImpact: An application may be able to bypass code signing\nDescription: A permissions issue existed in which execute permission\nwas incorrectly granted. This issue was addressed through improved\npermission validation. \nCVE-ID\nCVE-2016-1751 : Eric Monti of Square Mobile Security\n\nKernel\nAvailable for: Apple TV (4th generation)\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1754 : Lufeng Li of Qihoo 360 Vulcan Team\nCVE-2016-1755 : Ian Beer of Google Project Zero\n\nKernel\nAvailable for: Apple TV (4th generation)\nImpact: An application may be able to cause a denial of service\nDescription: A denial of service issue was addressed through\nimproved validation. \nCVE-ID\nCVE-2016-1752 : CESG\n\nlibxml2\nAvailable for: Apple TV (4th generation)\nImpact: Processing maliciously crafted XML may lead to unexpected\napplication termination or arbitrary code execution\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2015-1819\nCVE-2015-5312 : David Drysdale of Google\nCVE-2015-7499\nCVE-2015-7500 : Kostya Serebryany of Google\nCVE-2015-7942 : Kostya Serebryany of Google\nCVE-2015-8035 : gustavo.grieco\nCVE-2015-8242 : Hugh Davenport\nCVE-2016-1762\n\nSecurity\nAvailable for: Apple TV (4th generation)\nImpact: Processing a maliciously crafted certificate may lead to\narbitrary code execution\nDescription: A memory corruption issue existed in the ASN.1 decoder. \nThis issue was addressed through improved input validation. \nCVE-ID\nCVE-2016-1950 : Francis Gabriel of Quarkslab\n\nTrueTypeScaler\nAvailable for: Apple TV (4th generation)\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: A memory corruption issue existed in the processing of\nfont files. This issue was addressed through improved input\nvalidation. \nCVE-ID\nCVE-2016-1775 : 0x1byte working with Trend Micro\u0027s Zero Day\nInitiative (ZDI)\n\nWebKit\nAvailable for: Apple TV (4th generation)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed through\nimproved memory handling. \nCVE-ID\nCVE-2016-1784 : Moony Li and Jack Tang of TrendMicro and \u674e\u666e\u541b of\n\u65e0\u58f0\u4fe1\u606f\u6280\u672fPKAV Team (PKAV.net)\n\nWi-Fi\nAvailable for: Apple TV (4th generation)\nImpact: An attacker with a privileged network position may be able\nto execute arbitrary code\nDescription: A frame validation and memory corruption issue existed\nfor a given ethertype. This issue was addressed through additional\nethertype validation and improved memory handling. \nCVE-ID\nCVE-2016-0801 : an anonymous researcher\nCVE-2016-0802 : an anonymous researcher\n\nInstallation note:\n\nApple TV will periodically check for software updates. Alternatively,\nyou may manually check for software updates by selecting\n\"Settings -\u003e System -\u003e Software Update -\u003e Update Software.\". \n\nTo check the current version of software, select\n\"Settings -\u003e General -\u003e About\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJW8JP8AAoJEBcWfLTuOo7tR/kP/RD4JRXU2YPUzW1uW8wZp/uE\nv9ezAlKGUpUwjkRd2CFt7hb1AO1Eic2BSRpmElWmet+LKOmm6E1AUJWzjB/3/8rl\nxA/KFLamFu7avei6OZEaRwHAYzCmqE9OZT6PjJNSxNpFhcXsk3pr88Mt+L6QNsVE\n2Fvx986a1Y4qlpQBREnfXfOzYKNBHBdO8t0XzjECyWzbB9mXgCx9sgj22Ia/L10M\nB+vDQhi55M46NgbImCNp3ix5XD+zHQabLQ/rTtMe3fkWZMa6uCdFRzEac0E7FR/h\nQW04J3P+nSiuTWyYddGsFpTs0SPDPhUPa7WwQwOTIOZjHjh9NMyqCediQYbO1FhE\n4MqjuQg+vYHljTeAPZQydCqGoTj+sbGQqSg07oa0PVPanNaSZoJPHUnxvnmP/kWQ\nBL9UwECdbfjTG65mDHZ9OmDZTLLSZX5FZ03cXd+/VkELRinIO5kMyc3RMIVHlkma\nVua8/5Nh7pcRUoRtw46TJn0pFih6GOyZzow4sonZoUAT/wHQRR5WSJw/aWuwhurG\nErAFG/vUjyKdYDc7o8394kefn1cpl0PbBtpa2IvDcig1dzTF0iWmlhNI8TMeqPQr\nlNVS1pW1F8FqMCGFPmBoKaJGJckYz5QI7XCddBhxtBxwDeZS8PjmsQ01MlDe9RaL\nEKY5qeXLPmBhjG354Sz2\n=qtHe\n-----END PGP SIGNATURE-----\n. \nCVE-ID\nCVE-2016-1762\n\nSafari\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nOS X El Capitan v10.11 to v10.11.3\nImpact: Visiting a malicious website may lead to user interface\nspoofing\nDescription: An issue existed where the text of a dialog included\npage-supplied text. \nCVE-ID\nCVE-2016-1771 : Russ Cox\n\nSafari Top Sites\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nOS X El Capitan v10.11 to v10.11.3\nImpact: A website may be able to track sensitive user information\nDescription: A cookie storage issue existed in the Top Sites page. \nCVE-ID\nCVE-2016-1772 : WoofWagly\n\nWebKit\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nOS X El Capitan v10.11 to v10.11.3\nImpact: A website may be able to track sensitive user information\nDescription: An issue existed in the handling of attachment URLs. \nCVE-ID\nCVE-2016-1781 : Devdatta Akhawe of Dropbox, Inc. \nCVE-ID\nCVE-2016-1782 : Muneaki Nishimura (nishimunea) of Recruit\nTechnologies Co.,Ltd. \n\nWebKit\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nOS X El Capitan v10.11 to v10.11.3\nImpact: Visiting a maliciously crafted website may reveal a user\u0027s\ncurrent location\nDescription: An issue existed in the parsing of geolocation\nrequests. \nCVE-ID\nCVE-2016-1785 : an anonymous researcher\n\nWebKit Page Loading\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nOS X El Capitan v10.11 to v10.11.3\nImpact: Visiting a malicious website may lead to user interface\nspoofing\nDescription: Redirect responses may have allowed a malicious website\nto display an arbitrary URL and read cached contents of the\ndestination origin. \nCVE-ID\nCVE-2016-1786 : ma.la of LINE Corporation\n\nInstallation note:\n\nSafari 9.1 may be obtained from the Mac App Store",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1784"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001861"
},
{
"db": "BID",
"id": "85062"
},
{
"db": "VULHUB",
"id": "VHN-90603"
},
{
"db": "PACKETSTORM",
"id": "136344"
},
{
"db": "PACKETSTORM",
"id": "136347"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-1784",
"trust": 3.0
},
{
"db": "SECTRACK",
"id": "1035353",
"trust": 1.7
},
{
"db": "JVN",
"id": "JVNVU97668313",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001861",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201603-376",
"trust": 0.7
},
{
"db": "BID",
"id": "85062",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-90603",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136344",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136347",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90603"
},
{
"db": "BID",
"id": "85062"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001861"
},
{
"db": "PACKETSTORM",
"id": "136344"
},
{
"db": "PACKETSTORM",
"id": "136347"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-376"
},
{
"db": "NVD",
"id": "CVE-2016-1784"
}
]
},
"id": "VAR-201603-0206",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-90603"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:30:34.184000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Apple security updates",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT201222"
},
{
"title": "APPLE-SA-2016-03-21-1 iOS 9.3",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"
},
{
"title": "APPLE-SA-2016-03-21-3 tvOS 9.2",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html"
},
{
"title": "APPLE-SA-2016-03-21-6 Safari 9.1",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00005.html"
},
{
"title": "HT206169",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT206169"
},
{
"title": "HT206171",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT206171"
},
{
"title": "HT206166",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT206166"
},
{
"title": "HT206166",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT206166"
},
{
"title": "HT206169",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT206169"
},
{
"title": "HT206171",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT206171"
},
{
"title": "Multiple Apple product WebKit Remediation measures for denial of service vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60697"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001861"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-376"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.1
},
{
"problemtype": "CWE-399",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90603"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001861"
},
{
"db": "NVD",
"id": "CVE-2016-1784"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2016/mar/msg00000.html"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2016/mar/msg00002.html"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2016/mar/msg00005.html"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht206166"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht206169"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht206171"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1035353"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1784"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu97668313/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1784"
},
{
"trust": 0.3,
"url": "http://www.apple.com/ios/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/safari/download/"
},
{
"trust": 0.3,
"url": "http://www.webkit.org/"
},
{
"trust": 0.2,
"url": "https://gpgtools.org"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1784"
},
{
"trust": 0.2,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1762"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1783"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1751"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1755"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8659"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8035"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1753"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1750"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1819"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7499"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0801"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8242"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5312"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7942"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7500"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht1222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1740"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1752"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1950"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1775"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1754"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0802"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1748"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1771"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1781"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1782"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1772"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1779"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1786"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1785"
},
{
"trust": 0.1,
"url": "http://www.tencent.com)"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2197"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90603"
},
{
"db": "BID",
"id": "85062"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001861"
},
{
"db": "PACKETSTORM",
"id": "136344"
},
{
"db": "PACKETSTORM",
"id": "136347"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-376"
},
{
"db": "NVD",
"id": "CVE-2016-1784"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-90603"
},
{
"db": "BID",
"id": "85062"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001861"
},
{
"db": "PACKETSTORM",
"id": "136344"
},
{
"db": "PACKETSTORM",
"id": "136347"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-376"
},
{
"db": "NVD",
"id": "CVE-2016-1784"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-03-24T00:00:00",
"db": "VULHUB",
"id": "VHN-90603"
},
{
"date": "2016-03-22T00:00:00",
"db": "BID",
"id": "85062"
},
{
"date": "2016-03-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001861"
},
{
"date": "2016-03-22T15:12:44",
"db": "PACKETSTORM",
"id": "136344"
},
{
"date": "2016-03-22T15:20:32",
"db": "PACKETSTORM",
"id": "136347"
},
{
"date": "2016-03-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201603-376"
},
{
"date": "2016-03-24T01:59:51.237000",
"db": "NVD",
"id": "CVE-2016-1784"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-25T00:00:00",
"db": "VULHUB",
"id": "VHN-90603"
},
{
"date": "2016-07-05T22:02:00",
"db": "BID",
"id": "85062"
},
{
"date": "2016-06-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001861"
},
{
"date": "2019-03-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201603-376"
},
{
"date": "2024-11-21T02:47:04.793000",
"db": "NVD",
"id": "CVE-2016-1784"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201603-376"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple iOS Used in etc. WebKit Service disruption in the implementation of history (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001861"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201603-376"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.