Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
File Path: /home/ciagent/.m2/repository/org/exoplatform/platform/platform-component-edition-community/5.2.x-SNAPSHOT/platform-component-edition-community-5.2.x-SNAPSHOT.jar
MD5: 3612c5573a3f31ad4761e75522245b96
SHA1: a4aea612eb6e7bb8b35ea98a2c426dc910a97d58
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: eXo Calendar Application
File Path: /home/ciagent/.m2/repository/org/exoplatform/calendar/calendar-webapp/5.2.x-SNAPSHOT/calendar-webapp-5.2.x-SNAPSHOT.war
MD5: 2d969b6da0d2fe73438ef3f2656f9f8b
SHA1: 6eed2fbd7b7d301a24da47e1c4cf2340847af45e
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description:
Commons Lang, a package of Java utility classes for the
classes that are in java.lang's hierarchy, or are considered to be so
standard as to justify existence in java.lang.
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /home/ciagent/.m2/repository/commons-lang/commons-lang/2.6/commons-lang-2.6.jar
Description: Content Repository for Java technology API. Specifies a standard API to access content repositories in JavaTM 2 independently of implementation.
License:
Day License: http://www.day.com/maven/jsr170/licenses/day-spec-license.htmFile Path: /home/ciagent/.m2/repository/javax/jcr/jcr/1.0.1/jcr-1.0.1.jar
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
The content module is a module to parse HTTP Content-* headers. It is used by the hapijs framework to provide this functionality. The module is vulnerable to regular expression denial of service when passed a specifically crafted Content-Type or Content-Disposition header.
Vulnerable Software & Versions:
Description: JavaMail API (compat)
License:
http://www.sun.com/cddl, https://glassfish.java.net/public/CDDL+GPL_1_1.htmlFile Path: /home/ciagent/.m2/repository/javax/mail/mail/1.4.7/mail-1.4.7.jar
Description: The Java Portlet API version 2.0 developed by the Java Community Process JSR-286 Expert Group.
File Path: /home/ciagent/.m2/repository/javax/portlet/portlet-api/2.0/portlet-api-2.0.jar
MD5: 0ec08593cda1df33985391919996c740
SHA1: 1cd72f2a37fcf8ab9893a9468d7ba71c85fe2653
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description:
An implementation of the GoF Chain of Responsibility pattern
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /home/ciagent/.m2/repository/commons-chain/commons-chain/1.2/commons-chain-1.2.jar
Description: The HttpClient component supports the client-side of RFC 1945 (HTTP/1.0) and RFC 2616 (HTTP/1.1) , several related specifications (RFC 2109 (Cookies) , RFC 2617 (HTTP Authentication) , etc.), and provides a framework by which new request types (methods) or HTTP extensions can be created easily.
License:
Apache License: http://www.apache.org/licenses/LICENSE-2.0File Path: /home/ciagent/.m2/repository/commons-httpclient/commons-httpclient/3.1/commons-httpclient-3.1.jar
Description:
A Java library for reading and writing iCalendar (*.ics) files
License:
iCal4j - License: LICENSEFile Path: /home/ciagent/.m2/repository/ical4j/ical4j/1.0-beta5/ical4j-1.0-beta5.jar
Description: WebDAV library used by the Jackrabbit WebDAV support
File Path: /home/ciagent/.m2/repository/org/apache/jackrabbit/jackrabbit-webdav/1.6.5/jackrabbit-webdav-1.6.5.jar
MD5: 1d573cf67bcff173d91dd1d194334b66
SHA1: 5afbee7ce7bcf1c47d7e54e24afcd533cb6776ae
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Severity:
Medium
CVSS Score: 6.4
(AV:N/AC:L/Au:N/C:P/I:P/A:N)
CWE: CWE-20 Improper Input Validation
XML external entity (XXE) vulnerability in Apache Jackrabbit before 2.0.6, 2.2.x before 2.2.14, 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.1, and 2.10.x before 2.10.1 allows remote attackers to read arbitrary files and send requests to intranet servers via a crafted WebDAV request.
Vulnerable Software & Versions: (show all)
Description:
The Digester package lets you configure an XML to Java object mapping module
which triggers certain actions called rules whenever a particular
pattern of nested XML elements is recognized.
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /home/ciagent/.m2/repository/commons-digester/commons-digester/2.1/commons-digester-2.1.jar
Description: Implementation of Command Service of Exoplatform SAS 'eXo Kernel' project.
File Path: /home/ciagent/.m2/repository/org/exoplatform/kernel/exo.kernel.component.command/5.2.x-SNAPSHOT/exo.kernel.component.command-5.2.x-SNAPSHOT.jar
MD5: 679d570afd4a961d065f0dc8414da51c
SHA1: 6fe89cf56ffc0662c4accbfc60f54346621b5744
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description:
c3p0 is an easy-to-use library for augmenting traditional (DriverManager-based) JDBC drivers with JNDI-bindable DataSources,
including DataSources that implement Connection and Statement Pooling, as described by the jdbc3 spec and jdbc2 std extension.
License:
GNU LESSER GENERAL PUBLIC LICENSE: http://www.gnu.org/licenses/lgpl.txtFile Path: /home/ciagent/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar
Description: Enterprise Job Scheduler
License:
http://www.apache.org/licenses/LICENSE-2.0.txt Apache Software License, Version 2.0File Path: /home/ciagent/.m2/repository/org/quartz-scheduler/quartz/2.2.2/quartz-2.2.2.jar
Description: eXo Calendar Service
File Path: /home/ciagent/.m2/repository/org/exoplatform/calendar/calendar-service/5.2.x-SNAPSHOT/calendar-service-5.2.x-SNAPSHOT.jar
MD5: 3fcf9fef83d1686bce1ebdffc073e476
SHA1: a56a2e0bf70ad9e0428cd9ac85527765a1a37c77
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: JSR-250 Reference Implementation by Glassfish
License:
COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0: https://glassfish.dev.java.net/public/CDDLv1.0.htmlFile Path: /home/ciagent/.m2/repository/javax/annotation/jsr250-api/1.0/jsr250-api-1.0.jar
Description: Core Jackson abstractions, basic JSON streaming API implementation
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /home/ciagent/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.4.2/jackson-core-2.4.2.jar
Description: Core annotations used for value types, used by Jackson data binding package.
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /home/ciagent/.m2/repository/com/fasterxml/jackson/core/jackson-annotations/2.4.0/jackson-annotations-2.4.0.jar
Description: tax2 API is an extension to basic Stax 1.0 API that adds significant new functionality, such as full-featured bi-direction validation interface and high-performance Typed Access API.
License:
The BSD License: http://www.opensource.org/licenses/bsd-license.phpFile Path: /home/ciagent/.m2/repository/org/codehaus/woodstox/stax2-api/3.1.4/stax2-api-3.1.4.jar
Description: Data format extension for Jackson (http://jackson.codehaus.org) to offer
alternative support for serializing POJOs as XML and deserializing XML as pojos.
Support implemented on top of Stax API (javax.xml.stream), by implementing core Jackson Streaming API types like JsonGenerator, JsonParser and JsonFactory.
Some data-binding types overridden as well (ObjectMapper sub-classed as XmlMapper).
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /home/ciagent/.m2/repository/com/fasterxml/jackson/dataformat/jackson-dataformat-xml/2.4.2/jackson-dataformat-xml-2.4.2.jar
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows attackers to have unspecified impact via unknown vectors.
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-918 Server-Side Request Forgery (SSRF)
XmlMapper in the Jackson XML dataformat component (aka jackson-dataformat-xml) before 2.7.8 and 2.8.x before 2.8.4 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors related to a DTD.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data
A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data
FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the Spring libraries are available in the classpath.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data
A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation
Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Databind that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. This vulnerability appears to have been fixed in 2.9.8.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-918 Server-Side Request Forgery (SSRF)
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization.
Vulnerable Software & Versions: (show all)
Description: Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/
License:
http://www.apache.org/licenses/LICENSE-2.0.htmlFile Path: /home/ciagent/.m2/repository/io/swagger/swagger-annotations/1.5.0/swagger-annotations-1.5.0.jar
Description: Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/
License:
http://www.apache.org/licenses/LICENSE-2.0.htmlFile Path: /home/ciagent/.m2/repository/io/swagger/swagger-models/1.5.0/swagger-models-1.5.0.jar
File Path: /home/ciagent/.m2/repository/io/swagger/swagger-core/1.5.0/swagger-core-1.5.0.jar
MD5: abc2015d9e823cb96abfa7e2937b43fb
SHA1: 09d5cfb8188ac316bad3a7b38c46bac0568c60e4
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: Annotation supports the FindBugs tool
License:
GNU Lesser Public License: http://www.gnu.org/licenses/lgpl.htmlFile Path: /home/ciagent/.m2/repository/com/google/code/findbugs/annotations/2.0.1/annotations-2.0.1.jar
Description: Reflections - a Java runtime metadata analysis
License:
WTFPL: http://www.wtfpl.net/ The New BSD License: http://www.opensource.org/licenses/bsd-license.htmlFile Path: /home/ciagent/.m2/repository/org/reflections/reflections/0.9.9/reflections-0.9.9.jar
File Path: /home/ciagent/.m2/repository/io/swagger/swagger-jaxrs/1.5.0/swagger-jaxrs-1.5.0.jar
MD5: a09d96c899411ac57a479c6635829600
SHA1: 04a77f3f95bfec3073d9d20660c16f54886dfc9f
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: eXo Calendar Webservice
File Path: /home/ciagent/.m2/repository/org/exoplatform/calendar/calendar-webservice/5.2.x-SNAPSHOT/calendar-webservice-5.2.x-SNAPSHOT.jar
MD5: 2079bbe034171b2a54f0f7af96125b09
SHA1: 06f3c5bd67fe6ba13389f221c0e9275399b24f53
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: Implementation of Commons Utils for Exoplatform SAS 'Web Services' project.
File Path: /home/ciagent/.m2/repository/org/exoplatform/ws/exo.ws.commons/5.2.x-SNAPSHOT/exo.ws.commons-5.2.x-SNAPSHOT.jar
MD5: befd1603c9c8c9945d5e2c42ff65a54e
SHA1: e73c108c3ef3a8f7fbe8dbe74adc4e0c25cf0258
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques
License:
http://www.apache.org/licenses/LICENSE-2.0, http://www.opensource.org/licenses/bsd-license.html, http://opensource-definition.org/licenses/afl-2.1.htmlFile Path: /home/ciagent/.m2/repository/org/cometd/java/bayeux-api/3.0.8/bayeux-api-3.0.8.jar
Description: The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques
License:
http://www.apache.org/licenses/LICENSE-2.0, http://www.opensource.org/licenses/bsd-license.html, http://opensource-definition.org/licenses/afl-2.1.htmlFile Path: /home/ciagent/.m2/repository/org/cometd/java/cometd-java-common/3.0.8/cometd-java-common-3.0.8.jar
Description: The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques
License:
http://www.apache.org/licenses/LICENSE-2.0, http://www.opensource.org/licenses/bsd-license.html, http://opensource-definition.org/licenses/afl-2.1.htmlFile Path: /home/ciagent/.m2/repository/org/cometd/java/cometd-java-websocket-javax-server/3.0.8/cometd-java-websocket-javax-server-3.0.8.jar
Description: The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques
License:
http://www.apache.org/licenses/LICENSE-2.0, http://www.opensource.org/licenses/bsd-license.html, http://opensource-definition.org/licenses/afl-2.1.htmlFile Path: /home/ciagent/.m2/repository/org/cometd/java/cometd-java-websocket-common-server/3.0.8/cometd-java-websocket-common-server-3.0.8.jar
Description: The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques
License:
http://www.apache.org/licenses/LICENSE-2.0, http://www.opensource.org/licenses/bsd-license.html, http://opensource-definition.org/licenses/afl-2.1.htmlFile Path: /home/ciagent/.m2/repository/org/cometd/java/cometd-java-annotations/3.0.8/cometd-java-annotations-3.0.8.jar
Description: Administrative parent pom for Jetty modules
License:
http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.phpFile Path: /home/ciagent/.m2/repository/org/eclipse/jetty/jetty-io/9.2.14.v20151106/jetty-io-9.2.14.v20151106.jar
Description: The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques
License:
http://www.apache.org/licenses/LICENSE-2.0, http://www.opensource.org/licenses/bsd-license.html, http://opensource-definition.org/licenses/afl-2.1.htmlFile Path: /home/ciagent/.m2/repository/org/cometd/java/cometd-java-client/3.0.8/cometd-java-client-3.0.8.jar
Description: The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques
License:
http://www.apache.org/licenses/LICENSE-2.0, http://www.opensource.org/licenses/bsd-license.html, http://opensource-definition.org/licenses/afl-2.1.htmlFile Path: /home/ciagent/.m2/repository/org/cometd/java/cometd-java-websocket-common-client/3.0.8/cometd-java-websocket-common-client-3.0.8.jar
Description: The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques
License:
http://www.apache.org/licenses/LICENSE-2.0, http://www.opensource.org/licenses/bsd-license.html, http://opensource-definition.org/licenses/afl-2.1.htmlFile Path: /home/ciagent/.m2/repository/org/cometd/java/cometd-java-websocket-javax-client/3.0.8/cometd-java-websocket-javax-client-3.0.8.jar
Description: The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques
License:
http://www.apache.org/licenses/LICENSE-2.0, http://www.opensource.org/licenses/bsd-license.html, http://opensource-definition.org/licenses/afl-2.1.htmlFile Path: /home/ciagent/.m2/repository/org/cometd/java/cometd-java-oort/3.0.8/cometd-java-oort-3.0.8.jar
Description: JMX management artifact for jetty.
License:
http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.phpFile Path: /home/ciagent/.m2/repository/org/eclipse/jetty/jetty-jmx/9.2.14.v20151106/jetty-jmx-9.2.14.v20151106.jar
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-284 Improper Access Control
In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), HTTP/0.9 is handled poorly. An HTTP/1 style request line (i.e. method space URI space version) that declares a version of HTTP/0.9 was accepted and treated as a 0.9 request. If deployed behind an intermediary that also accepted and passed through the 0.9 version (but did not act on it), then the response sent could be interpreted by the intermediary as HTTP/1 headers. This could be used to poison the cache if the server allowed the origin client to generate arbitrary content in the response.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-190 Integer Overflow or Wraparound
In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrarily large chunks to be passed on unchanged, then this flaw could be used to bypass the authorization imposed by the intermediary as the fake pipelined request would not be interpreted by the intermediary as a request.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-19 Data Handling
In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was ignored (as per RFC 2616). If an intermediary decided on the shorter length, but still passed on the longer body, then body content could be interpreted by Jetty as a pipelined request. If the intermediary was imposing authorization, the fake pipelined request would bypass that authorization.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure
Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.
Vulnerable Software & Versions:
Description: The CometD project is a scalable web messaging bus that uses WebSocketand HTTP AJAX push technology patterns known as "Comet" techniques
License:
http://www.apache.org/licenses/LICENSE-2.0, http://www.opensource.org/licenses/bsd-license.html, http://opensource-definition.org/licenses/afl-2.1.htmlFile Path: /home/ciagent/.m2/repository/org/cometd/java/cometd-java-server/3.0.8/cometd-java-server-3.0.8.jar
File Path: /home/ciagent/.m2/repository/org/exoplatform/commons/commons-comet-service/5.2.x-SNAPSHOT/commons-comet-service-5.2.x-SNAPSHOT.jar
MD5: d0b2c2bf5bbcfe3001f96d1834e99e99
SHA1: cb4507f7fa99e6b3f2ff4f7406afce9dac0b8e71
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/exoplatform/commons/commons-webui-ext/5.2.x-SNAPSHOT/commons-webui-ext-5.2.x-SNAPSHOT.jar
MD5: d97cd2e8e149cd517143dba5644b75f6
SHA1: 66c1047859bd8c28e5fca6b04fbbc65949e833fa
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: Chromattic Framework Core
File Path: /home/ciagent/.m2/repository/org/chromattic/chromattic.core/1.3.0/chromattic.core-1.3.0.jar
MD5: 9ece56be0e1e1b3289bbe177e8e1b4ab
SHA1: 1bc4ebc89d7b47af394b920f44a0b51409343034
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: The runtime needed to execute a program using AspectJ
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/legal/epl-v10.htmlFile Path: /home/ciagent/.m2/repository/org/aspectj/aspectjrt/1.8.8/aspectjrt-1.8.8.jar
File Path: /home/ciagent/.m2/repository/com/googlecode/owasp-java-html-sanitizer/owasp-java-html-sanitizer/20160413.1/owasp-java-html-sanitizer-20160413.1.jar
MD5: f2dbfedbd7bea844cedc1fc1e95fca80
SHA1: 61780b5d65c39013d733b70b2d2968f72f83aa0a
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/suigeneris/jrcs.diff/0.4.2/jrcs.diff-0.4.2.jar
MD5: a05e71b59b7099da7844fd3b5f38e299
SHA1: 6e8eea2281426cd791a64b348c0932c88b966f39
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/ecs/ecs/1.4.2/ecs-1.4.2.jar
MD5: 62d53be190ca9cbfe01bec9fc3396934
SHA1: f9bc5fdde56d60876c1785087ce2a301b4e4a676
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/liquibase/liquibase-core/3.4.2/liquibase-core-3.4.2.jar
MD5: d4ad6d5f7958b69b8fbd01a5564ae45b
SHA1: c91ccf342466857251cf6795b0cecc42509206f2
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: dom4j: the flexible XML framework for Java
File Path: /home/ciagent/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar
MD5: 4d8f51d3fe3900efc6e395be48030d6d
SHA1: 5d3ccc056b6f056dbf0dddfdf43894b9065a8f94
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Severity:
Medium
CVSS Score: 6.4
(AV:N/AC:L/Au:N/C:N/I:P/A:P)
CWE: CWE-91 XML Injection (aka Blind XPath Injection)
dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later.
Vulnerable Software & Versions: (show all)
Description:
Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation
simple. It is a class library for editing bytecodes in Java.
License:
MPL 1.1: http://www.mozilla.org/MPL/MPL-1.1.html LGPL 2.1: http://www.gnu.org/licenses/lgpl-2.1.html Apache License 2.0: http://www.apache.org/licenses/File Path: /home/ciagent/.m2/repository/org/javassist/javassist/3.20.0-GA/javassist-3.20.0-GA.jar
Description:
Hibernate definition of the Java Persistence 2.0 (JSR 317) API.
License:
license.txtFile Path: /home/ciagent/.m2/repository/org/hibernate/javax/persistence/hibernate-jpa-2.0-api/1.0.1.Final/hibernate-jpa-2.0-api-1.0.1.Final.jar
Description: A module of the Hibernate O/RM project
License:
GNU Lesser General Public License: http://www.gnu.org/licenses/lgpl-2.1.htmlFile Path: /home/ciagent/.m2/repository/org/hibernate/hibernate-entitymanager/4.2.21.Final/hibernate-entitymanager-4.2.21.Final.jar
File Path: /home/ciagent/.m2/repository/org/exoplatform/commons/commons-component-common/5.2.x-SNAPSHOT/commons-component-common-5.2.x-SNAPSHOT.jar
MD5: 061045f18116fe5b9bbec6173042bfee
SHA1: 9b9c6b1b8f2eb5752ea4740e6ce558b0fc3686fc
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description:
A framework for constructing recognizers, compilers,
and translators from grammatical descriptions containing
Java, C#, C++, or Python actions.
License:
BSD License: http://www.antlr.org/license.htmlFile Path: /home/ciagent/.m2/repository/antlr/antlr/2.7.7/antlr-2.7.7.jar
Description: A module of the Hibernate O/RM project
License:
GNU Lesser General Public License: http://www.gnu.org/licenses/lgpl-2.1.htmlFile Path: /home/ciagent/.m2/repository/org/hibernate/hibernate-core/4.2.21.Final/hibernate-core-4.2.21.Final.jar
File Path: /home/ciagent/.m2/repository/jakarta-regexp/jakarta-regexp/1.4/jakarta-regexp-1.4.jar
MD5: 5d8b8c601c21b37aa6142d38f45c0297
SHA1: 0ea514a179ac1dd7e81c7e6594468b9b9910d298
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: XML Pull parser library developed by Extreme Computing Lab, Indiana University
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /home/ciagent/.m2/repository/org/ogce/xpp3/1.1.6/xpp3-1.1.6.jar
Description: API of Organization Service of Exoplatform SAS 'eXo Core' project.
File Path: /home/ciagent/.m2/repository/org/exoplatform/core/exo.core.component.organization.api/5.2.x-SNAPSHOT/exo.core.component.organization.api-5.2.x-SNAPSHOT.jar
MD5: 13f1d72dcd506f059195c04882e17ea0
SHA1: 2d6cb689b999ada402123f4c06ee6c621799f1d0
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: Implementation of 'eXo Security' component of Exoplatform SAS 'eXo Core' project.
File Path: /home/ciagent/.m2/repository/org/exoplatform/core/exo.core.component.security.core/5.2.x-SNAPSHOT/exo.core.component.security.core-5.2.x-SNAPSHOT.jar
MD5: af1ee2d7cc48d42a0d6f61127b6208d3
SHA1: 7bbe8037e634a5fd08b18ea4485e4b601f3db628
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: Apache Lucene Java Core
File Path: /home/ciagent/.m2/repository/org/apache/lucene/lucene-core/3.6.2/lucene-core-3.6.2.jar
MD5: ee396d04f5a35557b424025f5382c815
SHA1: 9ec77e2507f9cc01756964c71d91efd8154a8c47
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: Additional Analyzers
File Path: /home/ciagent/.m2/repository/org/apache/lucene/lucene-analyzers/3.6.2/lucene-analyzers-3.6.2.jar
MD5: 13f8241b6991bd1349c05369a7c0f002
SHA1: 3a083510dcb0d0fc67f8456cdac6f48aa0da2993
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: Spell Checker
File Path: /home/ciagent/.m2/repository/org/apache/lucene/lucene-spellchecker/3.6.2/lucene-spellchecker-3.6.2.jar
MD5: a4b684913f93aea76f5dbd7e479f19c5
SHA1: 15db0c0cfee44e275f15ad046e46b9a05910ad24
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description:
The javax.transaction package. It is appropriate for inclusion in a classpath, and may be added to a Java 2 installation.
File Path: /home/ciagent/.m2/repository/javax/transaction/jta/1.1/jta-1.1.jar
MD5: 82a10ce714f411b28f13850059de09ee
SHA1: 2ca09f0b36ca7d71b762e14ea2ff09d5eac57558
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
License:
Public domain, Sun Microsoystems: >http://gee.cs.oswego.edu/dl/classes/EDU/oswego/cs/dl/util/concurrent/intro.htmlFile Path: /home/ciagent/.m2/repository/concurrent/concurrent/1.3.4/concurrent-1.3.4.jar
Description: Types that extend and augment the Java Collections Framework.
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /home/ciagent/.m2/repository/commons-collections/commons-collections/3.2.2/commons-collections-3.2.2.jar
Description:
Reliable cluster communication toolkit
License:
Apache License 2.0: http://www.apache.org/licenses/LICENSE-2.0.htmlFile Path: /home/ciagent/.m2/repository/org/jgroups/jgroups/3.6.13.Final/jgroups-3.6.13.Final.jar
Description: JBossTS - JBoss Transaction Service. JTA, JTS and XTS (WS-AT, WS-BA)
License:
LGPL 2.1: http://www.gnu.org/licenses/lgpl-2.1.htmlFile Path: /home/ciagent/.m2/repository/org/jboss/jbossts/jbossjta/4.16.6.Final/jbossjta-4.16.6.Final.jar
Description: This is a small collection of utility classes, that allow high performance XML processing based on SAX. Basically, it is assumed, that you are using an JAXP 1.1 compliant XML parser and nothing else. In particular, no dependency on the javax.xml.transform package is introduced.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /home/ciagent/.m2/repository/org/apache/ws/commons/ws-commons-util/1.0.1/ws-commons-util-1.0.1.jar
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation
ws is a "simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455". By sending an overly long websocket payload to a `ws` server, it is possible to crash the node process. This affects ws 1.1.0 and earlier.
Vulnerable Software & Versions:
Description: JBoss Common Core Utility classes
File Path: /home/ciagent/.m2/repository/org/jboss/jboss-common-core/2.2.22.GA/jboss-common-core-2.2.22.GA.jar
MD5: 8c415e1467075a90045a7b0fd19886a3
SHA1: ae1a22412d879c4ac48e35cf00f438bb263d41c3
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: StringTemplate is a java template engine for generating source code,
web pages, emails, or any other formatted text output.
StringTemplate is particularly good at multi-targeted code generators,
multiple site skins, and internationalization/localization.
It evolved over years of effort developing jGuru.com.
StringTemplate also generates the stringtemplate website: http://www.stringtemplate.org
and powers the ANTLR v3 code generator. Its distinguishing characteristic
is that unlike other engines, it strictly enforces model-view separation.
Strict separation makes websites and code generators more flexible
and maintainable; it also provides an excellent defense against malicious
template authors.
There are currently about 600 StringTemplate source downloads a month.
License:
BSD licence: http://antlr.org/license.htmlFile Path: /home/ciagent/.m2/repository/org/antlr/stringtemplate/3.2.1/stringtemplate-3.2.1.jar
Description: A framework for constructing recognizers, compilers, and translators from grammatical descriptions containing Java, C#, C++, or Python actions.
File Path: /home/ciagent/.m2/repository/org/antlr/antlr-runtime/3.5/antlr-runtime-3.5.jar
MD5: aa6d7c8b425df59f5f5bc98c58cfd9fc
SHA1: 0baa82bff19059401e90e1b90020beb9c96305d7
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: Infinispan Implementation of Cache Service for Exoplatform SAS 'eXo Kernel' project.
File Path: /home/ciagent/.m2/repository/org/exoplatform/kernel/exo.kernel.component.ext.cache.impl.infinispan.v8/5.2.x-SNAPSHOT/exo.kernel.component.ext.cache.impl.infinispan.v8-5.2.x-SNAPSHOT.jar
MD5: 592574c93cc71eee7dd32d53f21f47bd
SHA1: a1c34ba81626e776f35d1b62d780fe951041fe0d
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Severity:
Medium
CVSS Score: 6.5
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data
The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote code execution or conduct other attacks.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.5
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data
It was found that the Hotrod client in Infinispan before 9.2.0.CR1 would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.4
(AV:N/AC:L/Au:N/C:P/I:P/A:N)
CWE: CWE-287 Improper Authentication
It was found that the REST API in Infinispan before version 9.0.0 did not properly enforce auth constraints. An attacker could use this vulnerability to read or modify data in the default cache or a known cache name.
Vulnerable Software & Versions: (show all)
Description: JBoss Marshalling OSGi Bundle with API and implementations
License:
http://repository.jboss.org/licenses/cc0-1.0.txtFile Path: /home/ciagent/.m2/repository/org/jboss/marshalling/jboss-marshalling-osgi/2.0.0.Beta3/jboss-marshalling-osgi-2.0.0.Beta3.jar
Description: Infinispan core module
License:
http://www.apache.org/licenses/LICENSE-2.0File Path: /home/ciagent/.m2/repository/org/infinispan/infinispan-core/8.2.6.Final/infinispan-core-8.2.6.Final.jar
Severity:
Medium
CVSS Score: 6.5
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data
The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote code execution or conduct other attacks.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.5
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data
It was found that the Hotrod client in Infinispan before 9.2.0.CR1 would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.4
(AV:N/AC:L/Au:N/C:P/I:P/A:N)
CWE: CWE-287 Improper Authentication
It was found that the REST API in Infinispan before version 9.0.0 did not properly enforce auth constraints. An attacker could use this vulnerability to read or modify data in the default cache or a known cache name.
Vulnerable Software & Versions: (show all)
Description: Implementation of Core Service of Exoplatform SAS 'eXo Core' project.
File Path: /home/ciagent/.m2/repository/org/exoplatform/jcr/exo.jcr.component.core/5.2.x-SNAPSHOT/exo.jcr.component.core-5.2.x-SNAPSHOT.jar
MD5: a1ea82b332ca9d14e2107b1319cb02ad
SHA1: c553be8be54a1cf3241640a831e5fd8a40f447af
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: mime-util is a simple to use, small, light weight and fast open source java utility library that can detect
MIME types from files, input streams, URL's and byte arrays.
Due to the use of regular expressions and the java.nio packages it requires at least Java 1.4.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /home/ciagent/.m2/repository/eu/medsea/mimeutil/mime-util/2.1.3/mime-util-2.1.3.jar
Description: Implementation of Commons Utils of Exoplatform SAS 'eXo Kernel' project.
File Path: /home/ciagent/.m2/repository/org/exoplatform/kernel/exo.kernel.commons/5.2.x-SNAPSHOT/exo.kernel.commons-5.2.x-SNAPSHOT.jar
MD5: 32f3e3030115ff5f49339f43cbf27eae
SHA1: c0ea42d7a974d853aaf2ed2124e90c84431dc2ae
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: Commons Database Connection Pooling
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /home/ciagent/.m2/repository/commons-dbcp/commons-dbcp/1.4/commons-dbcp-1.4.jar
Description: Commons Object Pooling Library
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /home/ciagent/.m2/repository/commons-pool/commons-pool/1.6/commons-pool-1.6.jar
Description: Implementation of Common Service of Exoplatform SAS 'eXo Kernel' project.
File Path: /home/ciagent/.m2/repository/org/exoplatform/kernel/exo.kernel.component.common/5.2.x-SNAPSHOT/exo.kernel.component.common-5.2.x-SNAPSHOT.jar
MD5: 374e56484bca46022c99f4bcf6b0eda9
SHA1: 1936e7088adc64a444f987a3954362c46fb8fcfc
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection.
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /home/ciagent/.m2/repository/commons-beanutils/commons-beanutils/1.8.3/commons-beanutils-1.8.3.jar
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-20 Improper Input Validation
Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.
Vulnerable Software & Versions: (show all)
Description: JiBX runtime code
License:
http://jibx.sourceforge.net/jibx-license.htmlFile Path: /home/ciagent/.m2/repository/org/jibx/jibx-run/1.2.6/jibx-run-1.2.6.jar
Description: APIs for JSR-299: Contexts and Dependency Injection for Java EE
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.htmlFile Path: /home/ciagent/.m2/repository/javax/enterprise/cdi-api/1.0-SP4/cdi-api-1.0-SP4.jar
Description: Implementation of Container for Exoplatform SAS 'eXo Kernel' project.
File Path: /home/ciagent/.m2/repository/org/exoplatform/kernel/exo.kernel.container/5.2.x-SNAPSHOT/exo.kernel.container-5.2.x-SNAPSHOT.jar
MD5: 08b5875655d3b9b61dea9bf5723988a9
SHA1: a1de9405ed33efea83d23e1c3119997978803814
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/exoplatform/gatein/portal/exo.portal.webui.core/5.2.x-SNAPSHOT/exo.portal.webui.core-5.2.x-SNAPSHOT.jar
MD5: 1c0497ce1fd439e375fda7f1ed9899d5
SHA1: 6a496fc2801cb84f38d2793500a214ad741ea2d7
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in In-Portal CMS 5.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the next_template parameter to admin/index.php.
Vulnerable Software & Versions:
Description:
International Component for Unicode for Java (ICU4J) is a mature, widely used Java library
providing Unicode and Globalization support
License:
ICU License: http://source.icu-project.org/repos/icu/icu/trunk/license.htmlFile Path: /home/ciagent/.m2/repository/com/ibm/icu/icu4j/56.1/icu4j-56.1.jar
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The uloc_acceptLanguageFromHTTP function in common/uloc.cpp in International Components for Unicode (ICU) through 57.1 for C/C++ does not ensure that there is a '\0' character at the end of a certain temporary array, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long httpAcceptLanguage argument.
Vulnerable Software & Versions:
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Stack-based buffer overflow in the Locale class in common/locid.cpp in International Components for Unicode (ICU) through 57.1 for C/C++ allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long locale string.
Vulnerable Software & Versions:
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-415 Double Free
Double free in i18n/zonemeta.cpp in International Components for Unicode (ICU) for C/C++ through 59.1 allows remote attackers to execute arbitrary code via a crafted string, aka a "redundant UVector entry clean up function call" issue.
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
A stack buffer overflow in NumberingSystem in International Components for Unicode (ICU) for C/C++ before 60.2, as used in V8 in Google Chrome prior to 62.0.3202.75 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-190 Integer Overflow or Wraparound
Integer overflow in international date handling in International Components for Unicode (ICU) for C/C++ before 60.1, as used in V8 in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in International Components for Unicode (ICU) for C/C++ through 60.1 mishandles ucnv_convertEx calls for UTF-8 to UTF-8 conversion, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted string, as demonstrated by ZNC.
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-787 Out-of-bounds Write
International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_setNativeIndex* function.
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-787 Out-of-bounds Write
International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_moveIndex32* function.
Vulnerable Software & Versions:
File Path: /home/ciagent/.m2/repository/org/gatein/common/common-logging/2.2.2.Final/common-logging-2.2.2.Final.jar
MD5: 28b7108ee63899bca08636d360e7df11
SHA1: aee18008518671fb10982c0fe5f7383e98f71c47
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: eXo Social Core Component: People and Space
File Path: /home/ciagent/.m2/repository/org/exoplatform/social/social-component-core/5.2.x-SNAPSHOT/social-component-core-5.2.x-SNAPSHOT.jar
MD5: 74e5b1963353f51745de0a271f806bcc
SHA1: 9518c78207fbe306eb629a72bdb491c3c74adea5
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: eXo Social Common Component
File Path: /home/ciagent/.m2/repository/org/exoplatform/social/social-component-common/5.2.x-SNAPSHOT/social-component-common-5.2.x-SNAPSHOT.jar
MD5: 465cc9a18bd46e27cf48939b94204e32
SHA1: 60946ca8c8c2a249e9f7406d716bf0a9e8483e33
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/staxnav/staxnav.core/0.9.8/staxnav.core-0.9.8.jar
MD5: 0f786e5be21df9fbe8753175564564c7
SHA1: 27bd12d4d74b0851e38de79f8299462d93ba3d7f
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description:
Apache Commons Lang, a package of Java utility classes for the
classes that are in java.lang's hierarchy, or are considered to be so
standard as to justify existence in java.lang.
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /home/ciagent/.m2/repository/org/apache/commons/commons-lang3/3.3.2/commons-lang3-3.3.2.jar
File Path: /home/ciagent/.m2/repository/org/exoplatform/gatein/pc/pc-federation/5.2.x-SNAPSHOT/pc-federation-5.2.x-SNAPSHOT.jar
MD5: 6c6a1e7d40c69b6b7d5c82224490974a
SHA1: 6117d36bae8919beeb35bcfefe453312aa6084bd
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/exoplatform/gatein/pc/pc-bridge/5.2.x-SNAPSHOT/pc-bridge-5.2.x-SNAPSHOT.jar
MD5: c107045882dc1240aff267b19812216e
SHA1: 9dafa214f5fa281c6b3053afb27fe0eb9c90f018
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: PicketLink IDM IMPL contains the implementation of the API and the Identity Model.
License:
lgpl: http://repository.jboss.com/licenses/lgpl.txtFile Path: /home/ciagent/.m2/repository/org/picketlink/idm/picketlink-idm-core/1.4.6.Final/picketlink-idm-core-1.4.6.Final.jar
Severity:
Medium
CVSS Score: 6.0
(AV:N/AC:M/Au:S/C:P/I:P/A:P)
CWE: CWE-284 Improper Access Control
The Service Provider (SP) in PicketLink before 2.7.0 does not ensure that it is a member of an Audience element when an AudienceRestriction is specified, which allows remote attackers to log in to other users' accounts via a crafted SAML assertion. NOTE: this identifier has been SPLIT per ADT2 due to different vulnerability types. See CVE-2015-6254 for lack of validation for the Destination attribute in a Response element in a SAML assertion.
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:P/I:N/A:N)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The invokeNextValve function in identity/federation/bindings/tomcat/idp/AbstractIDPValve.java in PicketLink before 2.8.0.Beta1 does not properly check role based authorization, which allows remote authenticated users to gain access to restricted application resources via a (1) direct request or (2) request through an SP initiated flow.
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 6.0
(AV:N/AC:M/Au:S/C:P/I:P/A:P)
CWE: CWE-17 Code
The (1) Service Provider (SP) and (2) Identity Provider (IdP) in PicketLink before 2.7.0 does not ensure that the Destination attribute in a Response element in a SAML assertion matches the location from which the message was received, which allows remote attackers to have unspecified impact via unknown vectors. NOTE: this identifier was SPLIT from CVE-2015-0277 per ADT2 due to different vulnerability types.
Vulnerable Software & Versions:
Description: API of the Object Model for Portal
File Path: /home/ciagent/.m2/repository/org/gatein/mop/mop-api/1.3.2.Final/mop-api-1.3.2.Final.jar
MD5: 4f2c10678f3c5850bb85c25514469e2e
SHA1: 78f9c03a23ec1c3564e827d3927ce53eca6d919d
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: SPI of the Object Model for Portal
File Path: /home/ciagent/.m2/repository/org/gatein/mop/mop-spi/1.3.2.Final/mop-spi-1.3.2.Final.jar
MD5: 6ef18d761e625d923ec01c6e5283026e
SHA1: 4fe3a673d58c85d2f6c9ad4446b90229f46c8987
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: Model Object for Portal Core
File Path: /home/ciagent/.m2/repository/org/gatein/mop/mop-core/1.3.2.Final/mop-core-1.3.2.Final.jar
MD5: 7d5eb7a5c2ed2d88362f9d8a9413a475
SHA1: d27e4c960aefd919f7c25049b72a9bc225cd6548
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/gatein/management/gatein-management-spi/2.1.0.Final/gatein-management-spi-2.1.0.Final.jar
MD5: 4e10565858662ec9eea75cfbd3544ba1
SHA1: 79670b2dd849b49e145b7122cbff4ef83116157f
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/args4j/args4j/2.0.16/args4j-2.0.16.jar
MD5: 6571d69d142dd2a003c4ffae6138f0ee
SHA1: 9f00fb12820743b9e05c686eba543d64dd43f2b1
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description:
Closure Compiler is a JavaScript optimizing compiler. It parses your
JavaScript, analyzes it, removes dead code and rewrites and minimizes
what's left. It also checks syntax, variable references, and types, and
warns about common JavaScript pitfalls. It is used in many of Google's
JavaScript apps, including Gmail, Google Web Search, Google Maps, and
Google Docs.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.htmlFile Path: /home/ciagent/.m2/repository/com/google/javascript/closure-compiler/v20131014/closure-compiler-v20131014.jar
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-310 Cryptographic Issues
The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.
Vulnerable Software & Versions: (show all)
Description: A collection of image processing filters.
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0File Path: /home/ciagent/.m2/repository/com/jhlabs/filters/2.0.235/filters-2.0.235.jar
Severity:
Low
CVSS Score: 2.1
(AV:L/AC:L/Au:N/C:P/I:N/A:N)
A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information leak of potentially sensitive visual information that had been removed from the main JPEG image.
Vulnerable Software & Versions:
File Path: /home/ciagent/.m2/repository/org/gatein/captcha/simplecaptcha/1.1.1.Final-gatein-4/simplecaptcha-1.1.1.Final-gatein-4.jar
MD5: a8b83c67e6fd04cd02d8ebcfd47348c1
SHA1: 964c53fedc87745494c5f8f2cd62b2548dbdeff5
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/gatein/api/gatein-api/1.0.1.Final/gatein-api-1.0.1.Final.jar
MD5: 04d51eb4e2734df16f83e514b7110000
SHA1: b67727b03994e6081e2e411804c25bd5d0d919a6
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/exoplatform/gatein/wci/wci-wci/5.2.x-SNAPSHOT/wci-wci-5.2.x-SNAPSHOT.jar
MD5: 9be7f8aea19a80a647423fa43a36c72b
SHA1: 7c6923487afec73cb54ed4e7cca915b5f8cba968
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: All Roads Lead to ROME. ROME is a set of Atom/RSS Java utilities that make it
easy to work in Java with most syndication formats. Today it accepts all flavors of RSS
(0.90, 0.91, 0.92, 0.93, 0.94, 1.0 and 2.0), Atom 0.3 and Atom 1.0 feeds. Rome includes
a set of parsers and generators for the various flavors of feeds, as well as converters
to convert from one format to another. The parsers can give you back Java objects that
are either specific for the format you want to work with, or a generic normalized
SyndFeed object that lets you work on with the data without bothering about the
underlying format.
File Path: /home/ciagent/.m2/repository/rome/rome/1.0/rome-1.0.jar
MD5: 53d38c030287b939f4e6d745ba1269a7
SHA1: 022b33347f315833e9348cec2751af1a5d5656e4
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/exoplatform/calendar/calendar-common/5.2.x-SNAPSHOT/calendar-common-5.2.x-SNAPSHOT.jar
MD5: 58a7e1a371d866d8b5fbac48640a07c0
SHA1: f17c967760c96b115aee5d6a9aa0d3ab9a63a645
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/exoplatform/commons/commons-comet-webapp/5.2.x-SNAPSHOT/commons-comet-webapp-5.2.x-SNAPSHOT.war
MD5: 95509e1805c8474f1978e8d851238679
SHA1: 8efd5d27f55a0defd097f542c5e3d0a89c357c2c
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/exoplatform/commons/commons-extension-webapp/5.2.x-SNAPSHOT/commons-extension-webapp-5.2.x-SNAPSHOT.war
MD5: ee1f4d75c09905de29051956abfc9416
SHA1: d85ffc1306867c4cc75309444a3e16373971dc90
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description:
JTidy is a Java port of HTML Tidy, a HTML syntax checker and pretty printer. Like its non-Java cousin, JTidy can be
used as a tool for cleaning up malformed and faulty HTML. In addition, JTidy provides a DOM interface to the
document that is being processed, which effectively makes you able to use JTidy as a DOM parser for real-world HTML.
License:
Java HTML Tidy License: http://jtidy.svn.sourceforge.net/viewvc/jtidy/trunk/jtidy/LICENSE.txt?revision=95File Path: /home/ciagent/.m2/repository/net/sf/jtidy/jtidy/r938/jtidy-r938.jar
Description: Implementation of XML Processing Service of Exoplatform SAS 'eXo Core' project.
File Path: /home/ciagent/.m2/repository/org/exoplatform/core/exo.core.component.xml-processing/5.2.x-SNAPSHOT/exo.core.component.xml-processing-5.2.x-SNAPSHOT.jar
MD5: 930cf862726c279a9d9c7e13812216a6
SHA1: c33b24f9224ec3f9cd45c3061a1c1afb05045573
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: Implementation of Extension Service of Exoplatform SAS 'eXo JCR' project.
File Path: /home/ciagent/.m2/repository/org/exoplatform/jcr/exo.jcr.component.ext/5.2.x-SNAPSHOT/exo.jcr.component.ext-5.2.x-SNAPSHOT.jar
MD5: a9a13263e325022c9fd3637e4448f100
SHA1: de0c8d7c3d4e309d3ce165cbbfd80ded695139e7
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: eXo DMS Portlet Java Content: ECM Admin
File Path: /home/ciagent/.m2/repository/org/exoplatform/ecms/ecms-apps-portlet-administration/5.2.x-SNAPSHOT/ecms-apps-portlet-administration-5.2.x-SNAPSHOT.war
MD5: 1b707c8b24669f445fd35e582a563259
SHA1: e15d6b3ca6afb9baff549439289149cab548d18d
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: eXo DMS webui extension
File Path: /home/ciagent/.m2/repository/org/exoplatform/ecms/ecms-core-webui/5.2.x-SNAPSHOT/ecms-core-webui-5.2.x-SNAPSHOT.jar
MD5: 2d60893a3b79aa52c829e1474c61257f
SHA1: 704ce4eabc09f10597e212cf7578c29acae04a89
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/exoplatform/ecms/ecms-apps-portlet-presentation/5.2.x-SNAPSHOT/ecms-apps-portlet-presentation-5.2.x-SNAPSHOT.war
MD5: 793d8c94eaa2a65b5ef5141e4b419195
SHA1: e1ab20e04ab7773d9af02328bacacb6e0fae37ec
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: Implementation of Webdav Service of Exoplatform SAS 'eXo JCR' project.
File Path: /home/ciagent/.m2/repository/org/exoplatform/jcr/exo.jcr.component.webdav/5.2.x-SNAPSHOT/exo.jcr.component.webdav-5.2.x-SNAPSHOT.jar
MD5: f4617b449d918c3845d2e891aaf6840b
SHA1: bdf4f1bf7c3f0ee98f0a6601544469316f24e06a
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: eXo Publication Service
File Path: /home/ciagent/.m2/repository/org/exoplatform/ecms/ecms-core-publication/5.2.x-SNAPSHOT/ecms-core-publication-5.2.x-SNAPSHOT.jar
MD5: 1489b9fd861af46c1ba6ade758aa58ae
SHA1: c4708f7e3ca5e061bf3c119d69052a09a7e0e8f2
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/exoplatform/ecms/ecms-core-search/5.2.x-SNAPSHOT/ecms-core-search-5.2.x-SNAPSHOT.jar
MD5: 638e64e9bd38bd859deeb165ff37bca6
SHA1: a5cd29bb5c0e65c348591b4eaefb8dd7d674c0a2
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: A ROME Plug In that supports the Apple iTunes extensions to RSS 2.0 for podcasting
File Path: /home/ciagent/.m2/repository/com/totsp/feedpod/itunes-com-podcast/0.2/itunes-com-podcast-0.2.jar
MD5: 1a9da03053fb0e8d05b6268300f41fea
SHA1: cd1afe7a55b92769f6b1594540230c1b591fe480
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Severity:
Medium
CVSS Score: 5.1
(AV:N/AC:H/Au:N/C:P/I:P/A:P)
CWE: CWE-189 Numeric Errors
Integer overflow in the AAC file parsing code in Apple iTunes before 6.0.5 on Mac OS X 10.2.8 or later, and Windows XP and 2000, allows remote user-assisted attackers to execute arbitrary code via an AAC (M4P, M4A, or M4B) file with a sample table size (STSZ) atom with a "malformed" sample_size_table value.
Vulnerable Software & Versions:
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Heap-based buffer overflow in Apple iTunes before 7.4 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via crafted album cover art in the covr atom of an MP4/AAC file.
Vulnerable Software & Versions:
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-94 Improper Control of Generation of Code ('Code Injection')
Apple iTunes before 10.5.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 2.6
(AV:N/AC:H/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure
Apple iTunes before 8.0 on Mac OS X 10.4.11, when iTunes Music Sharing is enabled but blocked by the host-based firewall, presents misleading information about firewall security, which might allow remote attackers to leverage an exposure that would be absent if the administrator were given better information.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.2
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-189 Numeric Errors
Integer overflow in the IopfCompleteRequest API in the kernel in Microsoft Windows 2000, XP, Server 2003, and Vista allows context-dependent attackers to gain privileges. NOTE: this issue was originally reported for GEARAspiWDM.sys 2.0.7.5 in Gear Software CD DVD Filter driver before 4.001.7, as used in other products including Apple iTunes and multiple Symantec and Norton products, which allows local users to gain privileges via repeated IoAttachDevice IOCTL calls to \\.\GEARAspiWDMDevice in this GEARAspiWDM.sys. However, the root cause is the integer overflow in the API call itself.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation
Apple iTunes before 8.1 on Windows allows remote attackers to cause a denial of service (infinite loop) via a Digital Audio Access Protocol (DAAP) message with a crafted Content-Length header.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure
Apple iTunes before 8.1 does not properly inform the user about the origin of an authentication request, which makes it easier for remote podcast servers to trick a user into providing a username and password when subscribing to a crafted podcast.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Stack-based buffer overflow in Apple iTunes before 8.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an itms: URL with a long URL component after a colon.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Buffer overflow in Apple iTunes before 9.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .pls file.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors
Apple iTunes before 9.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted MP4 podcast file.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.9
(AV:L/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Race condition in the installation package in Apple iTunes before 9.1 on Windows allows local users to gain privileges by replacing an unspecified file with a Trojan horse.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-399 Resource Management Errors
Use-after-free vulnerability in JavaScriptCore in WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to page transitions, a different vulnerability than CVE-2010-1763 and CVE-2010-1769.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 10.0
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Unspecified vulnerability in WebKit in Apple iTunes before 9.2 on Windows has unknown impact and attack vectors, a different vulnerability than CVE-2010-1387 and CVE-2010-1769.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.9
(AV:L/AC:M/Au:N/C:C/I:C/A:C)
Unspecified vulnerability in Apple iTunes before 9.1 allows local users to gain console privileges via vectors related to log files, "insecure file operation," and syncing an iPhone, iPad, or iPod touch.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 10.0
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, accesses out-of-bounds memory during the handling of tables, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, a different vulnerability than CVE-2010-1387 and CVE-2010-1763.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Buffer overflow in Apple iTunes before 9.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted itpc: URL.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.6
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.6
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.6
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.6
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.6
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The DOM level 2 implementation in WebKit, as used in Apple iTunes before 10.2 on Windows and Apple Safari, does not properly handle DOM manipulations associated with event listeners during processing of range objects, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.6
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-399 Resource Management Errors
Use-after-free vulnerability in the setOuterText method in the htmlelement library in WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to DOM manipulations during iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.6
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.6
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.6
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.6
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.6
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.6
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.6
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.6
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.6
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.6
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.6
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.6
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.6
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.6
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.6
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.6
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-399 Resource Management Errors
Use-after-free vulnerability in the Runin box functionality in the Cascading Style Sheets (CSS) 2.1 Visual Formatting Model implementation in WebKit, as used in Apple iTunes before 10.2 on Windows and Apple Safari, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.6
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.2 on Windows, does not properly access glyph data during layout actions for floating blocks associated with pseudo-elements, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.6
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.6
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.6
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.6
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.6
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.6
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.6
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.6
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.6
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.6
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.6
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.6
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.6
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.6
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.6
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.6
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.2 on Windows, does not properly parse HTML elements associated with document namespaces, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to a "dangling pointer" and iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.6
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.6
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.6
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.6
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.6
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.2 on Windows and Apple iOS, does not properly implement the .sort function for JavaScript arrays, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.6
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.6
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.6
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.6
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.6
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Heap-based buffer overflow in ImageIO in CoreGraphics in Apple iTunes before 10.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted International Color Consortium (ICC) profile in a JPEG image.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Buffer overflow in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with JPEG encoding.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Buffer overflow in Fax4Decode in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF Internet Fax image file that has been compressed using CCITT Group 4 encoding, related to the EXPAND2D macro in libtiff/tif_fax3.h. NOTE: some of these details are obtained from third party information.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.6
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CoreFoundation, as used in Apple iTunes before 10.5, does not properly perform string tokenization, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.6
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.6
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.6
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.6
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.6
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.6
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.1
(AV:A/AC:L/Au:N/C:N/I:N/A:C)
CWE: CWE-20 Improper Input Validation
The IPv6 implementation in the kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (CPU consumption) via crafted ICMPv6 packets.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.6
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.6
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.6
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.6
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.6
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.6
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.6
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.6
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.6
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.6
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Buffer overflow in CoreMedia, as used in Apple iTunes before 10.5, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.6
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.6
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.6
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.6
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.6
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.6
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.6
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.6
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Buffer overflow in CoreAudio, as used in Apple iTunes before 10.5, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Advanced Audio Coding (AAC) stream.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.6
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.6
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.6
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.6
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.6
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.6
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Heap-based buffer overflow in Apple iTunes before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .m3u playlist.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 8.3
(AV:N/AC:M/Au:N/C:P/I:P/A:C)
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-399 Resource Management Errors
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-399 Resource Management Errors
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-399 Resource Management Errors
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-399 Resource Management Errors
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-399 Resource Management Errors
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-399 Resource Management Errors
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-399 Resource Management Errors
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-399 Resource Management Errors
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-399 Resource Management Errors
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-399 Resource Management Errors
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-399 Resource Management Errors
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-399 Resource Management Errors
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-399 Resource Management Errors
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-399 Resource Management Errors
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-399 Resource Management Errors
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-399 Resource Management Errors
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-399 Resource Management Errors
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-399 Resource Management Errors
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
(AV:A/AC:M/Au:N/C:P/I:P/A:N)
CWE: CWE-20 Improper Input Validation
Apple iTunes before 11.0.3 does not properly verify X.509 certificates, which allows man-in-the-middle attackers to spoof HTTPS servers via an arbitrary valid certificate.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The iTunes ActiveX control in Apple iTunes before 11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.8
(AV:N/AC:M/Au:N/C:N/I:P/A:P)
CWE: CWE-310 Cryptographic Issues
Apple iTunes before 11.1.4 uses HTTP for the iTunes Tutorials window, which allows man-in-the-middle attackers to spoof content by gaining control over the client-server data stream.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.4
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls
Apple iTunes before 11.2.1 on OS X sets world-writable permissions for /Users and /Users/Shared during reboots, which allows local users to modify files, and consequently obtain access to arbitrary user accounts, via standard filesystem operations.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-416 Use After Free
Use-after-free vulnerability in the ProcessingInstruction::setXSLStyleSheet function in core/dom/ProcessingInstruction.cpp in the DOM implementation in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.4
(AV:A/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-399 Resource Management Errors
WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4462.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Use-after-free vulnerability in WebKit, as used in Apple OS X before 10.10.1, allows remote attackers to execute arbitrary code via crafted page objects in an HTML document.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-399 Resource Management Errors
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-399 Resource Management Errors
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-399 Resource Management Errors
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-399 Resource Management Errors
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-399 Resource Management Errors
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-399 Resource Management Errors
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-399 Resource Management Errors
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-399 Resource Management Errors
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-399 Resource Management Errors
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4477 and CVE-2014-4479.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4476 and CVE-2014-4479.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4476 and CVE-2014-4477.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 does not properly track directionally isolated pieces of text, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-399 Resource Management Errors
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-399 Resource Management Errors
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-399 Resource Management Errors
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-399 Resource Management Errors
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-399 Resource Management Errors
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-399 Resource Management Errors
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-399 Resource Management Errors
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-399 Resource Management Errors
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-399 Resource Management Errors
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-399 Resource Management Errors
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-399 Resource Management Errors
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-399 Resource Management Errors
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-399 Resource Management Errors
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-399 Resource Management Errors
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-399 Resource Management Errors
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-399 Resource Management Errors
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1153 and CVE-2015-1154.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1152 and CVE-2015-1154.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1152 and CVE-2015-1153.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.8
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
CWE: CWE-17 Code
CoreText in Apple iOS 8.x through 8.3 allows remote attackers to cause a denial of service (reboot and messaging disruption) via crafted Unicode text that is not properly handled during display truncation in the Notifications feature, as demonstrated by Arabic characters in (1) an SMS message or (2) a WhatsApp message.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685, CVE-2015-3687, CVE-2015-3688, and CVE-2015-3689.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685, CVE-2015-3686, CVE-2015-3688, and CVE-2015-3689.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685, CVE-2015-3686, CVE-2015-3687, and CVE-2015-3689.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5761.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5755.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 12.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-3.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 12.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-3.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iTunes before 12.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-3.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CoreText in Apple iOS before 9 and iTunes before 12.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
The Software Update component in Apple iTunes before 12.3 does not properly handle redirection, which allows man-in-the-middle attackers to discover encrypted SMB credentials via unspecified vectors.
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-3 and APPLE-SA-2015-10-21-5.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6992 and CVE-2015-7017.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6975 and CVE-2015-7017.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-3 and APPLE-SA-2015-10-21-5.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-3 and APPLE-SA-2015-10-21-5.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6975 and CVE-2015-6992.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.2
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls
Untrusted search path vulnerability in the installer in Apple iTunes before 12.4 allows local users to gain privileges via a Trojan horse DLL in the current working directory.
Vulnerable Software & Versions:
Severity:
High
CVSS Score: 10.0
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure
An issue was discovered in certain Apple products. Safari before 10.0.1 is affected. iCloud before 6.0.1 is affected. iTunes before 12.5.2 is affected. tvOS before 10.0.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-20 Improper Input Validation
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 mishandles error prototypes, which allows remote attackers to execute arbitrary code via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.8
(AV:N/AC:M/Au:N/C:P/I:N/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure
WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly restrict access to the location variable, which allows remote attackers to obtain sensitive information via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4765, CVE-2016-4766, CVE-2016-4767, and CVE-2016-4768.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-284 Improper Access Control
WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to conduct DNS rebinding attacks against non-HTTP Safari sessions by leveraging HTTP/0.9 support.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.9
(AV:N/AC:M/Au:S/C:P/I:P/A:N)
CWE: CWE-310 Cryptographic Issues
WKWebView in WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly verify X.509 certificates from HTTPS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 10 is affected. Safari before 10 is affected. iTunes before 12.5.1 is affected. tvOS before 10 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4766, CVE-2016-4767, and CVE-2016-4768.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4767, and CVE-2016-4768.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4766, and CVE-2016-4768.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4766, and CVE-2016-4767.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
WebKit in Apple iTunes before 12.5.1 on Windows and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. iCloud before 6.0.1 is affected. iTunes before 12.5.2 is affected. tvOS before 10.0.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. watchOS before 3.1.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component, which allows remote attackers to obtain sensitive information via crafted JavaScript prompts on a web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information from process memory via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site that uses HTTP redirects.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure
An issue was discovered in certain Apple products. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. The issue involves the "APNs Server" component. It allows man-in-the-middle attackers to track users by leveraging mishandling of client certificates.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:P/I:N/A:N)
An issue was discovered in certain Apple products. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. The issue involves cleartext client-certificate transmission in the "APNs Server" component. It allows man-in-the-middle attackers to track users via correlation with this certificate.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-416 Use After Free
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-20 Improper Input Validation
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. iTunes before 12.6.1 on Windows is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-125 Out-of-bounds Read
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "libxml2" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted XML file.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. The issue involves the "WebKit Web Inspector" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-125 Out-of-bounds Read
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "libxml2" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted XML file.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit Page Loading" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-284 Improper Access Control
An issue was discovered in certain Apple products. iTunes before 12.6.2 on Windows is affected. The issue involves the "iTunes" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app.
Vulnerable Software & Versions:
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-20 Improper Input Validation
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. The issue involves the "WebKit" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-264 Permissions, Privileges, and Access Controls
An issue was discovered in certain Apple products. iTunes before 12.7 is affected. The issue involves the "Data Sync" component. It allows attackers to access iOS backups (written by iTunes) via a crafted app.
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that is mishandled during parent-tab processing.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure
An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive cookie information via a custom URL scheme.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. A cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via crafted web content that incorrectly interacts with the Application Cache policy.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.8
(AV:N/AC:M/Au:N/C:P/I:P/A:N)
CWE: CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof user-interface information (about whether the entire content is derived from a valid TLS session) via a crafted web site that sends a 401 Unauthorized redirect.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "CFNetwork Session" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. iCloud before 7.3 on Windows is affected. iTunes before 12.7.3 on Windows is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. iCloud before 7.3 on Windows is affected. iTunes before 12.7.3 on Windows is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves a JavaScriptCore function in the "WebKit" component. It allows attackers to trigger an assertion failure by leveraging improper array indexing.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. watchOS before 4.3 is affected. The issue involves the fetch API in the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "Security" component. A buffer overflow allows attackers to execute arbitrary code in a privileged context via a crafted app.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows attackers to cause a denial of service (memory corruption) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
In iCloud for Windows before 7.3, Safari before 11.0.3, iTunes before 12.7.3 for Windows, and iOS before 11.2.5, multiple memory corruption issues exist and were addressed with improved memory handling.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-20 Improper Input Validation
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof the address bar via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-255 Credentials Management
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive credential information that is transmitted during a CSS mask-image fetch.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.1
(AV:N/AC:H/Au:N/C:P/I:P/A:P)
CWE: CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages a race condition.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-416 Use After Free
An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. Safari before 11.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site that triggers a WebCore::jsElementScrollHeightGetter use-after-free.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 11.4 is affected. iOS before 11.3.1 is affected. Safari before 11.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-129 Improper Validation of Array Index
In iOS before 11.3, Safari before 11.1, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, an array indexing issue existed in the handling of a function in javascript core. This issue was addressed with improved checks.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-20 Improper Input Validation
In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to cause a denial of service (memory corruption and Safari crash) or possibly have unspecified other impact via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site that triggers an @generatorState use-after-free.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-125 Out-of-bounds Read
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages a getWasmBufferFromValue out-of-bounds read during WebAssembly compilation.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 2.1
(AV:L/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Security" component. It allows local users to bypass intended restrictions on the reading of a persistent device identifier.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 2.1
(AV:L/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-20 Improper Input Validation
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. watchOS before 4.3.1 is affected. The issue involves the "Security" component. It allows local users to bypass intended restrictions on Keychain state modifications.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 2.1
(AV:L/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. watchOS before 4.3.1 is affected. The issue involves the "Security" component. It allows local users to bypass intended restrictions on the reading of sensitive user information.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-19 Data Handling
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to overwrite cookies via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-704 Incorrect Type Conversion or Cast
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages type confusion.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, multiple memory corruption issues were addressed with improved memory handling.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-254 Security Features
In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking.
Vulnerable Software & Versions: (show all)
Description: The core of Java UNO.
License:
GNU Lesser General Public License, Version 3: http://www.openoffice.org/license.htmlFile Path: /home/ciagent/.m2/repository/org/openoffice/jurt/3.2.1/jurt-3.2.1.jar
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Stack-based buffer overflow in filter\starcalc\scflt.cxx in the StarCalc parser in OpenOffice.org (OOo) Office Suite before 2.2, and 1.x before 1.1.5 Patch, allows user-assisted remote attackers to execute arbitrary code via a document with a long Note.
Vulnerable Software & Versions:
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
OpenOffice.org (OOo) Office Suite allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a prepared link in a crafted document.
Vulnerable Software & Versions:
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Heap-based buffer overflow in OpenOffice.org (OOo) 2.x before 2.4.2 allows remote attackers to execute arbitrary code via a crafted WMF file associated with a StarOffice/StarSuite document.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Multiple integer overflows in OpenOffice.org (OOo) 2.x before 2.4.2 allow remote attackers to execute arbitrary code via crafted EMR records in an EMF file associated with a StarOffice/StarSuite document, which trigger a heap-based buffer overflow.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 10.0
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Unspecified vulnerability in OpenOffice.org (OOo) has unspecified impact and remote attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.9. NOTE: as of 20091005, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
Vulnerable Software & Versions:
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Unspecified vulnerability in OpenOffice.org (OOo) has unknown impact and client-side attack vector, as demonstrated by a certain module in VulnDisco Pack Professional 8.8, aka "Client-side exploit." NOTE: as of 20091005, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
Vulnerable Software & Versions:
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-189 Numeric Errors
simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle integer values associated with dictionary property items, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PowerPoint document that triggers a heap-based buffer overflow, related to an "integer truncation error."
Vulnerable Software & Versions:
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-189 Numeric Errors
Integer overflow in simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted polygons in a PowerPoint document that triggers a heap-based buffer overflow.
Vulnerable Software & Versions:
Description: Allows the boostrapping of a ServicemManager and gives access to the native component loader.
License:
GNU Lesser General Public License, Version 3: http://www.openoffice.org/license.htmlFile Path: /home/ciagent/.m2/repository/org/openoffice/juh/3.2.1/juh-3.2.1.jar
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Stack-based buffer overflow in filter\starcalc\scflt.cxx in the StarCalc parser in OpenOffice.org (OOo) Office Suite before 2.2, and 1.x before 1.1.5 Patch, allows user-assisted remote attackers to execute arbitrary code via a document with a long Note.
Vulnerable Software & Versions:
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
OpenOffice.org (OOo) Office Suite allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a prepared link in a crafted document.
Vulnerable Software & Versions:
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Heap-based buffer overflow in OpenOffice.org (OOo) 2.x before 2.4.2 allows remote attackers to execute arbitrary code via a crafted WMF file associated with a StarOffice/StarSuite document.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Multiple integer overflows in OpenOffice.org (OOo) 2.x before 2.4.2 allow remote attackers to execute arbitrary code via crafted EMR records in an EMF file associated with a StarOffice/StarSuite document, which trigger a heap-based buffer overflow.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 10.0
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Unspecified vulnerability in OpenOffice.org (OOo) has unspecified impact and remote attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.9. NOTE: as of 20091005, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
Vulnerable Software & Versions:
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Unspecified vulnerability in OpenOffice.org (OOo) has unknown impact and client-side attack vector, as demonstrated by a certain module in VulnDisco Pack Professional 8.8, aka "Client-side exploit." NOTE: as of 20091005, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
Vulnerable Software & Versions:
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-189 Numeric Errors
simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle integer values associated with dictionary property items, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PowerPoint document that triggers a heap-based buffer overflow, related to an "integer truncation error."
Vulnerable Software & Versions:
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-189 Numeric Errors
Integer overflow in simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted polygons in a PowerPoint document that triggers a heap-based buffer overflow.
Vulnerable Software & Versions:
Description: The type library and the precompiled Java interfaces of the UDK API.
License:
GNU Lesser General Public License, Version 3: http://www.openoffice.org/license.htmlFile Path: /home/ciagent/.m2/repository/org/openoffice/ridl/3.2.1/ridl-3.2.1.jar
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Stack-based buffer overflow in filter\starcalc\scflt.cxx in the StarCalc parser in OpenOffice.org (OOo) Office Suite before 2.2, and 1.x before 1.1.5 Patch, allows user-assisted remote attackers to execute arbitrary code via a document with a long Note.
Vulnerable Software & Versions:
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
OpenOffice.org (OOo) Office Suite allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a prepared link in a crafted document.
Vulnerable Software & Versions:
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Heap-based buffer overflow in OpenOffice.org (OOo) 2.x before 2.4.2 allows remote attackers to execute arbitrary code via a crafted WMF file associated with a StarOffice/StarSuite document.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Multiple integer overflows in OpenOffice.org (OOo) 2.x before 2.4.2 allow remote attackers to execute arbitrary code via crafted EMR records in an EMF file associated with a StarOffice/StarSuite document, which trigger a heap-based buffer overflow.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 10.0
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Unspecified vulnerability in OpenOffice.org (OOo) has unspecified impact and remote attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.9. NOTE: as of 20091005, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
Vulnerable Software & Versions:
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Unspecified vulnerability in OpenOffice.org (OOo) has unknown impact and client-side attack vector, as demonstrated by a certain module in VulnDisco Pack Professional 8.8, aka "Client-side exploit." NOTE: as of 20091005, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
Vulnerable Software & Versions:
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-189 Numeric Errors
simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle integer values associated with dictionary property items, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PowerPoint document that triggers a heap-based buffer overflow, related to an "integer truncation error."
Vulnerable Software & Versions:
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-189 Numeric Errors
Integer overflow in simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted polygons in a PowerPoint document that triggers a heap-based buffer overflow.
Vulnerable Software & Versions:
Description: The precompiled Java interfaces of the OOo API.
License:
GNU Lesser General Public License, Version 3: http://www.openoffice.org/license.htmlFile Path: /home/ciagent/.m2/repository/org/openoffice/unoil/3.2.1/unoil-3.2.1.jar
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Stack-based buffer overflow in filter\starcalc\scflt.cxx in the StarCalc parser in OpenOffice.org (OOo) Office Suite before 2.2, and 1.x before 1.1.5 Patch, allows user-assisted remote attackers to execute arbitrary code via a document with a long Note.
Vulnerable Software & Versions:
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
OpenOffice.org (OOo) Office Suite allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a prepared link in a crafted document.
Vulnerable Software & Versions:
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Heap-based buffer overflow in OpenOffice.org (OOo) 2.x before 2.4.2 allows remote attackers to execute arbitrary code via a crafted WMF file associated with a StarOffice/StarSuite document.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Multiple integer overflows in OpenOffice.org (OOo) 2.x before 2.4.2 allow remote attackers to execute arbitrary code via crafted EMR records in an EMF file associated with a StarOffice/StarSuite document, which trigger a heap-based buffer overflow.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 10.0
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Unspecified vulnerability in OpenOffice.org (OOo) has unspecified impact and remote attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.9. NOTE: as of 20091005, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
Vulnerable Software & Versions:
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Unspecified vulnerability in OpenOffice.org (OOo) has unknown impact and client-side attack vector, as demonstrated by a certain module in VulnDisco Pack Professional 8.8, aka "Client-side exploit." NOTE: as of 20091005, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
Vulnerable Software & Versions:
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-189 Numeric Errors
simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle integer values associated with dictionary property items, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PowerPoint document that triggers a heap-based buffer overflow, related to an "integer truncation error."
Vulnerable Software & Versions:
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-189 Numeric Errors
Integer overflow in simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted polygons in a PowerPoint document that triggers a heap-based buffer overflow.
Vulnerable Software & Versions:
Description:
JODConverter converts office documents using OpenOffice.org
License:
GNU Lesser General Public License, Version 3 or later: http://www.gnu.org/licenses/lgpl.htmlFile Path: /home/ciagent/.m2/repository/org/artofsolving/jodconverter/jodconverter-core/3.0-eXo03/jodconverter-core-3.0-eXo03.jar
Description: Groovy: A powerful, dynamic language for the JVM
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /home/ciagent/.m2/repository/org/codehaus/groovy/groovy-all/2.4.12/groovy-all-2.4.12.jar
Description: The Java Advanced Imaging API extends the Java 2 platform by allowing
sophisticated, high-performance image processing to be incorporated into Java applets
and applications. It is a set of classes providing imaging functionality beyond that of
Java 2D and the Java Foundation classes, though it is designed for compatibility with
those APIs. This API implements a set of core image processing capabilities including
image tiling, regions of interest, deferred execution and a set of core image processing
operators, including many common point, area, and frequency domain operators.
License:
Sun Microsystems, Inc. Binary Code License Agreement :
http://java.sun.com/products/java-media/jai/downloads/download-1_1_2_01.html
File Path: /home/ciagent/.m2/repository/javax/media/jai-core/1.1.3/jai-core-1.1.3.jarDescription: Java Advanced Imaging Codecs supporting support BMP, GIF (read only),
FlashPix (read only), JPEG, PNG, PNM, TIFF, and WBMP.
License:
Sun Microsystems, Inc. Binary Code License Agreement :
http://java.sun.com/products/java-media/jai/downloads/download-1_1_2_01.html
File Path: /home/ciagent/.m2/repository/com/sun/media/jai-codec/1.1.3/jai-codec-1.1.3.jarDescription: ICEpdf core rendering library.
File Path: /home/ciagent/.m2/repository/org/icepdf/os/icepdf-core/5.1.1/icepdf-core-5.1.1.jar
MD5: 049fc6292cd8378b3974bff95d580b5f
SHA1: a677b063a38bfa801e7969ee0d3f2dcedb527760
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: imgscalr is an simple and efficient best-practices image-scaling and manipulation library implemented in pure Java.
License:
ASF 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /home/ciagent/.m2/repository/org/imgscalr/imgscalr-lib/4.2/imgscalr-lib-4.2.jar
Description:
A complete, Java-based solution for accessing, manipulating,
and outputting XML data
License:
Similar to Apache License but with the acknowledgment clause removed: https://raw.github.com/hunterhacker/jdom/master/LICENSE.txtFile Path: /home/ciagent/.m2/repository/org/jdom/jdom/1.1.3/jdom-1.1.3.jar
Description: eXo CMS Service
File Path: /home/ciagent/.m2/repository/org/exoplatform/ecms/ecms-core-services/5.2.x-SNAPSHOT/ecms-core-services-5.2.x-SNAPSHOT.jar
MD5: 192ec07ff03aced7dc6320768b0649be
SHA1: 352f42e576517a5a91a11fc3dba100181f70d4ef
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/exoplatform/ecms/ecms-core-webui-presentation/5.2.x-SNAPSHOT/ecms-core-webui-presentation-5.2.x-SNAPSHOT.jar
MD5: 899ec47f2c4d73ded574ee8434e2342a
SHA1: 65e63484ca80648cf78bf761f05d7cfa4ca70560
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/exoplatform/ecms/ecms-ext-authoring-services/5.2.x-SNAPSHOT/ecms-ext-authoring-services-5.2.x-SNAPSHOT.jar
MD5: 86dab7741878806524d957d760fb1ce4
SHA1: 1444fbf9383ae2f078ebd9b1e2c16d20f35488ce
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description:
JSON (JavaScript Object Notation) is a lightweight data-interchange format.
It is easy for humans to read and write. It is easy for machines to parse and generate.
It is based on a subset of the JavaScript Programming Language, Standard ECMA-262 3rd Edition
- December 1999. JSON is a text format that is completely language independent but uses
conventions that are familiar to programmers of the C-family of languages, including C, C++, C#,
Java, JavaScript, Perl, Python, and many others.
These properties make JSON an ideal data-interchange language.
File Path: /home/ciagent/.m2/repository/org/json/json/20070829/json-20070829.jar
MD5: 4a913140f9099519dfc0212fa5d9a457
SHA1: 89190ff77b57203c3417555f32226998da97ff38
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/exoplatform/ecms/ecms-apps-portlet-seo/5.2.x-SNAPSHOT/ecms-apps-portlet-seo-5.2.x-SNAPSHOT.war
MD5: 3037bf3ff7a3bd148d9dc6efcf920aac
SHA1: ff81a0b72f976193b54788bb1f943538dadcf20c
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/exoplatform/ecms/ecms-apps-resources-wcm/5.2.x-SNAPSHOT/ecms-apps-resources-wcm-5.2.x-SNAPSHOT.war
MD5: ebec45cdd795f988ce230a1862f7e2fa
SHA1: 8c83a807539bf106deedba54aeb3add6038aa95c
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: eXo WCM Core Services Configuration WAR
File Path: /home/ciagent/.m2/repository/org/exoplatform/ecms/ecms-core-webapp/5.2.x-SNAPSHOT/ecms-core-webapp-5.2.x-SNAPSHOT.war
MD5: e073d68dff0a030dd2ab30abb03b22f2
SHA1: fd83678982d8ad61824d43ede7831135a3debb28
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/exoplatform/commons/commons-component-upgrade/5.2.x-SNAPSHOT/commons-component-upgrade-5.2.x-SNAPSHOT.jar
MD5: 953ec1951d9e9c38944d0c9db39762f2
SHA1: f57f0ffd12acc973a7cb7a13aba3faebd4e737cd
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: A simple Java toolkit for JSON
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /home/ciagent/.m2/repository/com/googlecode/json-simple/json-simple/1.1.1/json-simple-1.1.1.jar
Description:
The Commons IO library contains utility classes, stream implementations, file filters,
file comparators, endian transformation classes, and much more.
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /home/ciagent/.m2/repository/commons-io/commons-io/2.4/commons-io-2.4.jar
Description: eXo ECMS REST Services
File Path: /home/ciagent/.m2/repository/org/exoplatform/ecms/ecms-core-connector/5.2.x-SNAPSHOT/ecms-core-connector-5.2.x-SNAPSHOT.jar
MD5: 0d18bc26ac79b91afb6eea3e5ebd5372
SHA1: edbbb58eb447c5877ce46b51255a055947beeeca
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: eXo Explorer Portlet Java Content: File Explorer
File Path: /home/ciagent/.m2/repository/org/exoplatform/ecms/ecms-core-webui-explorer/5.2.x-SNAPSHOT/ecms-core-webui-explorer-5.2.x-SNAPSHOT.jar
MD5: f824cbbce7724c87c689e338ebc74dbc
SHA1: 89a37ae956a6ceb2da7cef2501544901e1dde4ec
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: Implementation of Cache Service of Exoplatform SAS 'eXo Kernel' project.
File Path: /home/ciagent/.m2/repository/org/exoplatform/kernel/exo.kernel.component.cache/5.2.x-SNAPSHOT/exo.kernel.component.cache-5.2.x-SNAPSHOT.jar
MD5: 3bb0ccb832ec5af6e2dd882b87395a3b
SHA1: db9bfdcf12fc9bb7edfe36f619897f2fd263dfe2
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/exoplatform/ecms/ecms-ext-authoring-apps/5.2.x-SNAPSHOT/ecms-ext-authoring-apps-5.2.x-SNAPSHOT.war
MD5: fe18cbc3e96e96d1bf37cbfd45391ec3
SHA1: fe056a4cd6bbb20d84f1abc34b53ba31de4eb9d4
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: >eXo Fast Content Creator webui component
File Path: /home/ciagent/.m2/repository/org/exoplatform/ecms/ecms-core-webui-fcc/5.2.x-SNAPSHOT/ecms-core-webui-fcc-5.2.x-SNAPSHOT.jar
MD5: 635bdb8111cf739b4da0baf2a885a07a
SHA1: d6160be4692218d770ed1fc0d13b984c224258d8
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: eXo WCM Extension WAR's configuration
File Path: /home/ciagent/.m2/repository/org/exoplatform/ecms/ecms-packaging-wcm-webapp/5.2.x-SNAPSHOT/ecms-packaging-wcm-webapp-5.2.x-SNAPSHOT.war
MD5: 00d259978b7d91dca2317e1579a28d65
SHA1: a9a871cf1b652d4cb399933a8cb8a7258533a4cc
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: Exoplatform SAS 'eXo JCR Ext Services' project.
File Path: /home/ciagent/.m2/repository/org/exoplatform/exo-jcr-services/5.2.x-SNAPSHOT/exo-jcr-services-5.2.x-SNAPSHOT.jar
MD5: c564aac01052150940b1ea1d64d72399
SHA1: bae5f41d49493aa00456747fcde8d21b2a3fc3c7
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description:
The Apache FontBox library is an open source Java tool to obtain low level information
from font files. FontBox is a subproject of Apache PDFBox.
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /home/ciagent/.m2/repository/org/apache/pdfbox/fontbox/1.8.14/fontbox-1.8.14.jar
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation
In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree.
Vulnerable Software & Versions: (show all)
Description:
The Apache JempBox library is an open source Java tool that implements Adobe's XMP(TM)
specification. JempBox is a subproject of Apache PDFBox.
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /home/ciagent/.m2/repository/org/apache/pdfbox/jempbox/1.8.14/jempbox-1.8.14.jar
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation
In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree.
Vulnerable Software & Versions: (show all)
Description:
The Apache PDFBox library is an open source Java tool for working with PDF documents.
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /home/ciagent/.m2/repository/org/apache/pdfbox/pdfbox/1.8.14/pdfbox-1.8.14.jar
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation
In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree.
Vulnerable Software & Versions: (show all)
Description: HTML Lexer is the low level lexical analyzer.
File Path: /home/ciagent/.m2/repository/org/htmlparser/htmllexer/2.1/htmllexer-2.1.jar
MD5: 1cb7184766a0c52f4d98d671bb08be19
SHA1: 2ebf2c073e649b7e674cddd0558ff102a486402f
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: HTML Parser is the high level syntactical analyzer.
File Path: /home/ciagent/.m2/repository/org/htmlparser/htmlparser/2.1/htmlparser-2.1.jar
MD5: aa05b921026c228f92ef8b4a13c26f8d
SHA1: c752e5984b7767533cbd3fdffa48cecb52fa226c
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: Apache POI - Java API To Access Microsoft Format Files
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /home/ciagent/.m2/repository/org/apache/poi/poi/3.13/poi-3.13.jar
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
The XLSX2CSV example in Apache POI before 3.14 allows remote attackers to read arbitrary files via a crafted OpenXML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Vulnerable Software & Versions:
Severity:
High
CVSS Score: 7.1
(AV:N/AC:M/Au:N/C:N/I:N/A:C)
CWE: CWE-399 Resource Management Errors
Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service (CPU consumption) via a specially crafted OOXML file, aka an XML Entity Expansion (XEE) attack.
Vulnerable Software & Versions:
Description: This is the core Apache Tika™ toolkit library from which all other modules inherit functionality. It also includes the core facades for the Tika API.
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /home/ciagent/.m2/repository/org/apache/tika/tika-core/1.5/tika-core-1.5.jar
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data
Apache Tika before 1.14 allows Java code execution for serialized objects embedded in MATLAB files. The issue exists because Tika invokes JMatIO to do native deserialization.
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.8
(AV:N/AC:M/Au:N/C:N/I:P/A:P)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not specify an extract directory on the commandline (--extract-dir=) and the input file has an embedded file with an absolute path, such as "C:/evil.bat", tika-app would overwrite that file.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
In Apache Tika 1.19 (CVE-2018-11761), we added an entity expansion limit for XML parsing. However, Tika reuses SAXParsers and calls reset() after each parse, which, for Xerces2 parsers, as per the documentation, removes the user-specified SecurityManager and thus removes entity expansion limits after the first parse. Apache Tika versions from 0.1 to 1.19 are therefore still vulnerable to entity expansions which can lead to a denial of service attack. Users should upgrade to 1.19.1 or later.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients. The mitigation is to upgrade to Tika 1.18.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors
A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's BPGParser in versions of Apache Tika before 1.18.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors
A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's ChmParser in versions of Apache Tika before 1.18.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors
In Apache Tika 1.2 to 1.18, a carefully crafted file can trigger an infinite loop in the IptcAnpaParser.
Vulnerable Software & Versions: (show all)
File Path: /home/ciagent/.m2/repository/org/gagravarr/vorbis-java-core/0.1/vorbis-java-core-0.1-tests.jar
MD5: d58f076c08a917277d03f3417aa867a6
SHA1: c849979e199d8a7c3da1a00799c623c00f94efac
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/gagravarr/vorbis-java-tika/0.1/vorbis-java-tika-0.1.jar
MD5: 1fccc6796a0924ba4f32eb1d44b8616b
SHA1: 6966c8663a7f689021accb13cceaa6101f53ea3d
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data
Apache Tika before 1.14 allows Java code execution for serialized objects embedded in MATLAB files. The issue exists because Tika invokes JMatIO to do native deserialization.
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
In Apache Tika 1.19 (CVE-2018-11761), we added an entity expansion limit for XML parsing. However, Tika reuses SAXParsers and calls reset() after each parse, which, for Xerces2 parsers, as per the documentation, removes the user-specified SecurityManager and thus removes entity expansion limits after the first parse. Apache Tika versions from 0.1 to 1.19 are therefore still vulnerable to entity expansions which can lead to a denial of service attack. Users should upgrade to 1.19.1 or later.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients. The mitigation is to upgrade to Tika 1.18.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors
A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's BPGParser in versions of Apache Tika before 1.18.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors
A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's ChmParser in versions of Apache Tika before 1.18.
Vulnerable Software & Versions: (show all)
Description: The NetCDF-Java Library is a Java interface to NetCDF files,
as well as to many other types of scientific data formats.
License:
(MIT-style) netCDF C library license.: http://www.unidata.ucar.edu/software/netcdf/copyright.htmlFile Path: /home/ciagent/.m2/repository/edu/ucar/netcdf/4.2-min/netcdf-4.2-min.jar
Description: Java stream based MIME message parser
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /home/ciagent/.m2/repository/org/apache/james/apache-mime4j-core/0.7.2/apache-mime4j-core-0.7.2.jar
Description: XZ data compression
License:
Public DomainFile Path: /home/ciagent/.m2/repository/org/tukaani/xz/1.2/xz-1.2.jar
Severity:
Medium
CVSS Score: 4.6
(AV:L/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-20 Improper Input Validation
scripts/xzgrep.in in xzgrep 5.2.x before 5.2.0, before 5.0.0 does not properly process file names containing semicolons, which allows remote attackers to execute arbitrary code by having a user run xzgrep on a crafted file name.
Vulnerable Software & Versions:
Description:
Apache Commons Compress software defines an API for working with compression and archive formats.
These include: bzip2, gzip, pack200, xz and ar, cpio, jar, tar, zip, dump.
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /home/ciagent/.m2/repository/org/apache/commons/commons-compress/1.5/commons-compress-1.5.jar
Description: TagSoup is a SAX-compliant parser written in Java that, instead of parsing well-formed or valid XML, parses HTML as it is found in the wild: poor, nasty and brutish, though quite often far from short. TagSoup is designed for people who have to process this stuff using some semblance of a rational application design. By providing a SAX interface, it allows standard XML tools to be applied to even the worst HTML. TagSoup also includes a command-line processor that reads HTML files and can generate either clean HTML or well-formed XML that is a close approximation to XHTML.
License:
Apache License 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /home/ciagent/.m2/repository/org/ccil/cowan/tagsoup/tagsoup/1.2.1/tagsoup-1.2.1.jar
File Path: /home/ciagent/.m2/repository/org/ow2/asm/asm-debug-all/4.1/asm-debug-all-4.1.jar
MD5: 6c3a8842f484dd3d620002b361e3610e
SHA1: dd6ba5c392d4102458494e29f54f70ac534ec2a2
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: A generic parser and writer for all ISO 14496 based files (MP4, Quicktime, DCF, PDCF, ...)
License:
Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /home/ciagent/.m2/repository/com/googlecode/mp4parser/isoparser/1.0-RC-1/isoparser-1.0-RC-1.jar
Severity:
Low
CVSS Score: 2.1
(AV:N/AC:H/Au:S/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in the Boxes module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with administer or edit boxes permissions to inject arbitrary web script or HTML via the subject parameter.
Vulnerable Software & Versions: (show all)
Description:
The XMP Library for Java is based on the C++ XMPCore library
and the API is similar.
License:
The BSD License: http://www.adobe.com/devnet/xmp/library/eula-xmp-library-java.htmlFile Path: /home/ciagent/.m2/repository/com/adobe/xmp/xmpcore/5.1.2/xmpcore-5.1.2.jar
Description: Java library for reading metadata from image files.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /home/ciagent/.m2/repository/com/drewnoakes/metadata-extractor/2.6.2/metadata-extractor-2.6.2.jar
File Path: /home/ciagent/.m2/repository/org/gagravarr/vorbis-java-core/0.1/vorbis-java-core-0.1.jar
MD5: b88115be2754cb6883e652ba68ca46c8
SHA1: 662a02b94701947e6e66e7793d996043f05fad4a
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: Java port of universalchardet
License:
Mozilla Public License 1.1 (MPL 1.1): http://www.mozilla.org/MPL/MPL-1.1.htmlFile Path: /home/ciagent/.m2/repository/com/googlecode/juniversalchardet/juniversalchardet/1.0.3/juniversalchardet-1.0.3.jar
Description:
JHighlight is an embeddable pure Java syntax highlighting
library that supports Java, HTML, XHTML, XML and LZX
languages and outputs to XHTML.
It also supports RIFE templates tags and highlights them
clearly so that you can easily identify the difference
between your RIFE markup and the actual marked up source.
License:
CDDL, v1.0: http://www.opensource.org/licenses/cddl1.php LGPL, v2.1 or later: http://www.opensource.org/licenses/lgpl-license.phpFile Path: /home/ciagent/.m2/repository/com/uwyn/jhighlight/1.0/jhighlight-1.0.jar
Description: XmlBeans main jar
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /home/ciagent/.m2/repository/org/apache/xmlbeans/xmlbeans/2.6.0/xmlbeans-2.6.0.jar
Description: Implementation of Document Service of Exoplatform SAS 'eXo Core' project.
File Path: /home/ciagent/.m2/repository/org/exoplatform/core/exo.core.component.document/5.2.x-SNAPSHOT/exo.core.component.document-5.2.x-SNAPSHOT.jar
MD5: 69b892df386bf38d7c09d9d3cfd4e06c
SHA1: f9a9df0f2efee1dadf79891e667107fb7279d18f
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: eXo Publication Plugins
File Path: /home/ciagent/.m2/repository/org/exoplatform/ecms/ecms-core-publication-plugins/5.2.x-SNAPSHOT/ecms-core-publication-plugins-5.2.x-SNAPSHOT.jar
MD5: 8157795683a4f92baf455b67ad96cbbe
SHA1: f7401725ed546f32e537f43312e9a842cc370121
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: eXo PDF Viewer
File Path: /home/ciagent/.m2/repository/org/exoplatform/ecms/ecms-core-viewer/5.2.x-SNAPSHOT/ecms-core-viewer-5.2.x-SNAPSHOT.jar
MD5: d7db5fcd5340c7f0c5663bcdaf286fe0
SHA1: 7f2758ffd646af23fedbac44092a839c19b8a4d3
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: eXo DMS Portlet Java Content: ECM Admin
File Path: /home/ciagent/.m2/repository/org/exoplatform/ecms/ecms-core-webui-administration/5.2.x-SNAPSHOT/ecms-core-webui-administration-5.2.x-SNAPSHOT.jar
MD5: 7195bdd895e58f4200942d438833dd94
SHA1: 1cee9dee13b64218ea5477017b82bc8afa64fe8d
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/exoplatform/ecms/ecms-ext-authoring-webui/5.2.x-SNAPSHOT/ecms-ext-authoring-webui-5.2.x-SNAPSHOT.jar
MD5: d0b68a635992a11ea9b1233bdf0f0700
SHA1: 4bec450821aa7da705d674ffe4480a1b571e41f3
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: Action View Information on Right click popup menu
File Path: /home/ciagent/.m2/repository/org/exoplatform/ecms/ecms-ext-webui/5.2.x-SNAPSHOT/ecms-ext-webui-5.2.x-SNAPSHOT.jar
MD5: ab8628f214622322391214c18b3be377
SHA1: 3de59a23a621be0759b87612425db0ded6c3d286
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: eXo ECMS Upgrade Plugins
File Path: /home/ciagent/.m2/repository/org/exoplatform/ecms/ecms-upgrade-plugins/5.2.x-SNAPSHOT/ecms-upgrade-plugins-5.2.x-SNAPSHOT.jar
MD5: 2ebb56c7b6cc7764c290f05f972072bb
SHA1: 5ec3b903fc623655ecc999ec3a671580dd80e63b
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/exoplatform/forum/forum-forum-webapp/5.2.x-SNAPSHOT/forum-forum-webapp-5.2.x-SNAPSHOT.war
MD5: 020deb0c5b8f5bd5a15802bf90dc9ab1
SHA1: 2cf59ff13ed4d25d3003335773d514353d73e634
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/exoplatform/commons/commons-webui-component/5.2.x-SNAPSHOT/commons-webui-component-5.2.x-SNAPSHOT.jar
MD5: 76472093acb45eeee5df564ed245a98e
SHA1: 04c7f2095b916b755e4236606dd9d172967609c9
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/exoplatform/forum/forum-application-common/5.2.x-SNAPSHOT/forum-application-common-5.2.x-SNAPSHOT.jar
MD5: b92ca82c49a3eabb3751382c5c00a614
SHA1: 68583d791e5fcc2457f13ff3997fa75ae1f42458
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description:
HtmlCleaner is an HTML parser written in Java. It transforms dirty HTML to well-formed XML following
the same rules that most web-browsers use.
License:
BSD License: http://www.opensource.org/licenses/bsd-license.phpFile Path: /home/ciagent/.m2/repository/net/sourceforge/htmlcleaner/htmlcleaner/2.7/htmlcleaner-2.7.jar
Description: Provides a set of utility classes to integrate StAX into existing XML processing applications.
License:
BSD: http://www.opensource.org/licenses/bsd-license.htmlFile Path: /home/ciagent/.m2/repository/net/java/dev/stax-utils/stax-utils/20070216/stax-utils-20070216.jar
Description: XWiki Commons - XML
License:
http://www.gnu.org/licenses/old-licenses/lgpl-2.1.htmlFile Path: /home/ciagent/.m2/repository/org/xwiki/commons/xwiki-commons-xml/5.4.7/xwiki-commons-xml-5.4.7.jar
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The Image Import function in XWiki through 10.7 has XSS.
Vulnerable Software & Versions:
File Path: /home/ciagent/.m2/repository/org/exoplatform/wiki/wiki-renderer/5.2.x-SNAPSHOT/wiki-renderer-5.2.x-SNAPSHOT.jar
MD5: 7e946c82cfa62dfdf16adf76914a0c03
SHA1: 5267f3a6b7d60528aba5cbc072c9008286a16409
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/exoplatform/forum/forum-component-bbcode/5.2.x-SNAPSHOT/forum-component-bbcode-5.2.x-SNAPSHOT.jar
MD5: 6dbef594485792ae3821a96e733c4061
SHA1: 7411c9c0b9f1232f9417fb7fb34d3d7d28d542e0
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/exoplatform/forum/forum-component-common/5.2.x-SNAPSHOT/forum-component-common-5.2.x-SNAPSHOT.jar
MD5: c82ffeb5ed6a4e6938954849e5721309
SHA1: 5a9d007bf4bb9e1ee2d706858c5fe03802baa4a2
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/exoplatform/forum/forum-component-rendering/5.2.x-SNAPSHOT/forum-component-rendering-5.2.x-SNAPSHOT.jar
MD5: 01ad24fc6b98af3f550aacb83c30bea4
SHA1: e6f3da071ebc4731e615689677386aeaed55361a
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/exoplatform/forum/forum-forum-service/5.2.x-SNAPSHOT/forum-forum-service-5.2.x-SNAPSHOT.jar
MD5: 2a53c825af2f57a4db5638c25495398a
SHA1: b668853a48453ea46751114a9166f7fd7866bd1f
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: MXP1 is a stable XmlPull parsing engine that is based on ideas from XPP and in particular XPP2 but completely revised and rewritten to take the best advantage of latest JIT JVMs such as Hotspot in JDK 1.4+.
License:
Indiana University Extreme! Lab Software License, vesion 1.1.1: http://www.extreme.indiana.edu/viewcvs/~checkout~/XPP3/java/LICENSE.txt Public Domain: http://creativecommons.org/licenses/publicdomain Apache Software License, version 1.1: http://www.apache.org/licenses/LICENSE-1.1File Path: /home/ciagent/.m2/repository/xpp3/xpp3/1.1.4c/xpp3-1.1.4c.jar
Description: Integration search portlet
File Path: /home/ciagent/.m2/repository/org/exoplatform/integration/integ-search-portlet/5.2.x-SNAPSHOT/integ-search-portlet-5.2.x-SNAPSHOT.war
MD5: 806ff4b17ee1d6174ea5660ec1998309
SHA1: a892d35abbfbc6ca501785864e6a374977aeb28a
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: Where all the magic happens
File Path: /home/ciagent/.m2/repository/org/juzu/juzu-core/1.2.x-SNAPSHOT/juzu-core-1.2.x-SNAPSHOT.jar
MD5: 7b9082b1b1f088a0174a26e816198244
SHA1: 99eafcdc5c55af114eb8595fb5e1244b2da2ea0e
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: Rhino is an open-source implementation of JavaScript written entirely in Java. It is typically embedded into Java applications to provide scripting to end users.
License:
Mozilla Public License, Version 1.1: http://www.mozilla.org/MPL/MPL-1.1.txt GNU General Public License, Version 2: http://www.gnu.org/licenses/old-licenses/gpl-2.0.txtFile Path: /home/ciagent/.m2/repository/org/mozilla/rhino/1.7R3/rhino-1.7R3.jar
Description: The Less plugin
File Path: /home/ciagent/.m2/repository/org/juzu/juzu-plugins-less/1.2.x-SNAPSHOT/juzu-plugins-less-1.2.x-SNAPSHOT.jar
MD5: 7016b610eb6f024b5ac8a872fc22b811
SHA1: 1985e54c0a0eea1e082f88b7a1da31ca0b5ba471
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: The Portlet plugin
File Path: /home/ciagent/.m2/repository/org/juzu/juzu-plugins-portlet/1.2.x-SNAPSHOT/juzu-plugins-portlet-1.2.x-SNAPSHOT.jar
MD5: 63a9ba045f4fa2481096596fd5e8322f
SHA1: a3ded038c08998747c7151a6b07af09be14b75cc
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: The javax.inject API
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /home/ciagent/.m2/repository/javax/inject/javax.inject/1/javax.inject-1.jar
File Path: /home/ciagent/.m2/repository/org/exoplatform/commons/commons-api/5.2.x-SNAPSHOT/commons-api-5.2.x-SNAPSHOT.jar
MD5: 4884d68613aa2d1b232f47bdaeebd6a6
SHA1: 369cf99f8c9ad8ac3256d6ecdb2900066c87e6e2
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/exoplatform/integration/integ-search-service/5.2.x-SNAPSHOT/integ-search-service-5.2.x-SNAPSHOT.jar
MD5: f3e570177902921fb62568f24f2ce75c
SHA1: 2075df97c60ee081d122eee9a5bc7ec209c10478
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: Implementation of Command Framework of Exoplatform SAS 'eXo JCR' project.
File Path: /home/ciagent/.m2/repository/org/exoplatform/jcr/exo.jcr.framework.command/5.2.x-SNAPSHOT/exo.jcr.framework.command-5.2.x-SNAPSHOT.jar
MD5: 0f39fd3d6a8aee92249580ca322bb469
SHA1: 176eb7a6d19d187eb9f192678a3c11baf8e29f69
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: Implementation of JCR REST adapter of Exoplatform SAS 'eXo JCR' project.
File Path: /home/ciagent/.m2/repository/org/exoplatform/jcr/exo.jcr.framework.web/5.2.x-SNAPSHOT/exo.jcr.framework.web-5.2.x-SNAPSHOT.jar
MD5: 6fd3203d8557ff750a51f5acbe6bb7b9
SHA1: 7e636f19b48d15b3cc67a9744a6255eef5027d48
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: Product informations: version, revision and build numbers
File Path: /home/ciagent/.m2/repository/org/exoplatform/commons/commons-component-product/5.2.x-SNAPSHOT/commons-component-product-5.2.x-SNAPSHOT.jar
MD5: 262f6b0da43a22089d247a70f55a833c
SHA1: ebe583d626729188f0e8abda1267671c94964336
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/exoplatform/platform/platform-component-upgrade-plugins/5.2.x-SNAPSHOT/platform-component-upgrade-plugins-5.2.x-SNAPSHOT.jar
MD5: e444a06bc85102d48cae6fd9add57f56
SHA1: 8f1c7a27ec345a3da08bdb68a6ab9158fb3a8602
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: eXo gadgets
File Path: /home/ciagent/.m2/repository/org/exoplatform/platform/platform-exo-gadget-pack-gadget-pack/5.2.x-SNAPSHOT/platform-exo-gadget-pack-gadget-pack-5.2.x-SNAPSHOT.war
MD5: 1f7a7d893f44d7cca5383bdf82f9cfce
SHA1: e6378b68dca76d4db617c22880f093d7c58661b7
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: Groovy Scripts Instantiator of Exoplatform SAS 'eXo Core' project.
File Path: /home/ciagent/.m2/repository/org/exoplatform/core/exo.core.component.script.groovy/5.2.x-SNAPSHOT/exo.core.component.script.groovy-5.2.x-SNAPSHOT.jar
MD5: 022956563b8583204d58958d5f0eebb0
SHA1: 3d42ec418cbd5bf17dd1836b136a15b095587fc2
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: Gadget pack services
File Path: /home/ciagent/.m2/repository/org/exoplatform/platform/platform-exo-gadget-pack-gadget-pack-services/5.2.x-SNAPSHOT/platform-exo-gadget-pack-gadget-pack-services-5.2.x-SNAPSHOT.jar
MD5: 90a21984889280184768d62910c5927f
SHA1: 70f2708356c7491eb29869da3706b97540a29f63
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/exoplatform/platform/platform-extension-portlet-branding/5.2.x-SNAPSHOT/platform-extension-portlet-branding-5.2.x-SNAPSHOT.war
MD5: d5e38b1d2caefefa4984e4649508e4cc
SHA1: 59e2873135dda120dfb79de949076b6b80d7ed45
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description:
The Apache Commons FileUpload component provides a simple yet flexible means of adding support for multipart
file upload functionality to servlets and web applications.
License:
https://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /home/ciagent/.m2/repository/commons-fileupload/commons-fileupload/1.3.3/commons-fileupload-1.3.3.jar
Description: This module contains :
- assemblies for Juzu application packaging inside eXoPlatform
- eXo Kernel Provider Factory
File Path: /home/ciagent/.m2/repository/org/exoplatform/commons/commons-juzu/5.2.x-SNAPSHOT/commons-juzu-5.2.x-SNAPSHOT.jar
MD5: 718cd408cba0c110006b97acaf40d0dd
SHA1: f324e8acdb02d86706e8ec206de6c3d6f4caa4e5
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: The File Upload plugin
File Path: /home/ciagent/.m2/repository/org/juzu/juzu-plugins-upload/1.2.x-SNAPSHOT/juzu-plugins-upload-1.2.x-SNAPSHOT.jar
MD5: 9cbe928c4e7f3209c203aaee8c8fe2d8
SHA1: 231b5f95d283cb30299e87a9d206082f848ca783
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/exoplatform/platform/platform-extension-portlets-homepage/5.2.x-SNAPSHOT/platform-extension-portlets-homepage-5.2.x-SNAPSHOT.war
MD5: 12146c86cb2b53dadbd1adab3cedff47
SHA1: 2c3ea0e6fb949da3dd2092d41e839904a238fbf7
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: AOP Alliance
License:
Public DomainFile Path: /home/ciagent/.m2/repository/aopalliance/aopalliance/1.0/aopalliance-1.0.jar
Description: Guice is a lightweight dependency injection framework for Java 5 and above
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /home/ciagent/.m2/repository/com/google/inject/guice/3.0/guice-3.0.jar
Description: Guice is a lightweight dependency injection framework for Java 5 and above
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /home/ciagent/.m2/repository/com/google/inject/extensions/guice-multibindings/3.0/guice-multibindings-3.0.jar
Description:
The Apache Commons Codec package contains simple encoder and decoders for
various formats such as Base64 and Hexadecimal. In addition to these
widely used encoders and decoders, the codec package also maintains a
collection of phonetic encoding utilities.
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /home/ciagent/.m2/repository/commons-codec/commons-codec/1.10/commons-codec-1.10.jar
Description:
Guava is a suite of core and expanded libraries that include
utility classes, google's collections, io classes, and much
much more.
Guava has only one code dependency - javax.annotation,
per the JSR-305 spec.
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /home/ciagent/.m2/repository/com/google/guava/guava/18.0/guava-18.0.jar
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-502 Deserialization of Untrusted Data
Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable.
Vulnerable Software & Versions: (show all)
File Path: /home/ciagent/.m2/repository/net/oauth/core/oauth-provider/20100527/oauth-provider-20100527.jar
MD5: afdc85d3f14481e4842c317c4f414f7e
SHA1: 165bfc97e63e5af8e052a47f4dee832ce06bf7d7
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/net/oauth/core/oauth-consumer/20090617/oauth-consumer-20090617.jar
MD5: f0e2849d152f4d8bf725aa4e11b8f969
SHA1: fb70a4c98119c27e78320c5e42a99f0b9eb7c356
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/net/oauth/core/oauth-httpclient4/20090913/oauth-httpclient4-20090913.jar
MD5: 577e1f28c28bc5006b8adcf838ffd46d
SHA1: a42f9135d3d72e77274982c4aa14fa0f4dab882f
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description:
HttpComponents Core (blocking I/O)
File Path: /home/ciagent/.m2/repository/org/apache/httpcomponents/httpcore/4.3.3/httpcore-4.3.3.jar
MD5: c26171852f9810cd3d2416604a387e71
SHA1: f91b7a4aadc5cf486df6e4634748d7dd7a73f06d
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description:
HttpComponents Client
File Path: /home/ciagent/.m2/repository/org/apache/httpcomponents/httpclient/4.3.6/httpclient-4.3.6.jar
MD5: 2d29a27bb6c6b44bc8a608a0e5d09735
SHA1: 4c47155e3e6c9a41a28db36680b828ced53b8af4
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/exoplatform/platform/platform-extension-portlets-platformNavigation/5.2.x-SNAPSHOT/platform-extension-portlets-platformNavigation-5.2.x-SNAPSHOT.war
MD5: ece0f58dd866d7b22081eddc87407368
SHA1: de1c33dbaf21c750af787f350c8a4974ca77d561
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/exoplatform/calendar/calendar-component-create/5.2.x-SNAPSHOT/calendar-component-create-5.2.x-SNAPSHOT.jar
MD5: 2ddd0618c154a50c4302a9fd04b0c882
SHA1: 1c0702a6ca0606c2e1c12616b006415cbe6166ea
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: eXo SEO Portlet Java Content
File Path: /home/ciagent/.m2/repository/org/exoplatform/ecms/ecms-core-webui-seo/5.2.x-SNAPSHOT/ecms-core-webui-seo-5.2.x-SNAPSHOT.jar
MD5: 8d65ed0e4239052ea1115ae56b3bc5a2
SHA1: ec48bde98a97a063be3d931c9efe09790b5cdb89
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/exoplatform/forum/forum-application-create/5.2.x-SNAPSHOT/forum-application-create-5.2.x-SNAPSHOT.jar
MD5: a8a71449abb05a81303e90928778b6be
SHA1: f110e4bb02597daa7db24059565c5047ed07022e
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/exoplatform/platform/platform-component-common/5.2.x-SNAPSHOT/platform-component-common-5.2.x-SNAPSHOT.jar
MD5: d2312bc4b23ee9601267a092b9e26a3a
SHA1: 8ab057589106fcf42c0df52f96b2fbd29d1ad377
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/exoplatform/platform/platform-component-uxpnavigation/5.2.x-SNAPSHOT/platform-component-uxpnavigation-5.2.x-SNAPSHOT.jar
MD5: 0aa1d7eace2c1807f4afcd1dde3e1f0b
SHA1: 37a6aae669a860cd54efbfeb3434b61dd45f3bda
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/exoplatform/platform/platform-component-webui/5.2.x-SNAPSHOT/platform-component-webui-5.2.x-SNAPSHOT.jar
MD5: 2a13901beacd4bc0e57fd9d962eb9009
SHA1: 16bbfa3d21b0a3f06153e02349a2df6d6810f901
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: eXo Social Web UI Component
File Path: /home/ciagent/.m2/repository/org/exoplatform/social/social-component-webui/5.2.x-SNAPSHOT/social-component-webui-5.2.x-SNAPSHOT.jar
MD5: 8810a26ed1d60d0757b042866f673928
SHA1: 4263df8d7e61b1e564c75aa605123f5973b117e4
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: Chromattic Framework Common
File Path: /home/ciagent/.m2/repository/org/chromattic/chromattic.common/1.3.0/chromattic.common-1.3.0.jar
MD5: 15bfb4cc0312aefffb25952cdf18b2cd
SHA1: 55470175c1ba46a917504acf97018e6ef2932659
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: Chromattic Framework Metamodel
File Path: /home/ciagent/.m2/repository/org/chromattic/chromattic.metamodel/1.3.0/chromattic.metamodel-1.3.0.jar
MD5: 0d534975c688ebabbc232601c6bc13da
SHA1: fbaa10037faf34a2d4d8eeb4e6b5ce28c95a9455
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/jboss/logging/jboss-logging-annotations/1.2.0.Beta1/jboss-logging-annotations-1.2.0.Beta1.jar
MD5: 938e552e319015a8863dd91284aada54
SHA1: 2f437f37bb265d9f8f1392823dbca12d2bec06d6
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: Common reflection code used in support of annotation processing
License:
GNU Lesser General Public License: http://www.gnu.org/licenses/lgpl-2.1.htmlFile Path: /home/ciagent/.m2/repository/org/hibernate/common/hibernate-commons-annotations/4.0.5.Final/hibernate-commons-annotations-4.0.5.Final.jar
Description: General data-binding functionality for Jackson: works on core streaming API
License:
http://www.apache.org/licenses/LICENSE-2.0.txt, http://www.gnu.org/licenses/lgpl-2.1.htmlFile Path: /home/ciagent/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.3.1/jackson-databind-2.3.1.jar
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data
A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data
FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the Spring libraries are available in the classpath.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data
A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation
Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Databind that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. This vulnerability appears to have been fixed in 2.9.8.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-918 Server-Side Request Forgery (SSRF)
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.1
(AV:N/AC:H/Au:N/C:P/I:P/A:P)
CWE: CWE-184 Incomplete Blacklist
FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-184 Incomplete Blacklist
FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath.
Vulnerable Software & Versions: (show all)
Description: eXo Social Service Component
File Path: /home/ciagent/.m2/repository/org/exoplatform/social/social-component-service/5.2.x-SNAPSHOT/social-component-service-5.2.x-SNAPSHOT.jar
MD5: 755cc5d3a4052a2915051ac4aaf0cdc8
SHA1: 2e915893e69865ca7601f7dc803a2bdad6cee64f
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: iText, a free Java-PDF library
License:
Mozilla Public License: http://www.mozilla.org/MPL/MPL-1.1.htmlFile Path: /home/ciagent/.m2/repository/com/lowagie/itext/2.1.7/itext-2.1.7.jar
Description:
Bean Validation API
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /home/ciagent/.m2/repository/javax/validation/validation-api/1.1.0.Final/validation-api-1.1.0.Final.jar
Description: SAC is a standard interface for CSS parsers.
License:
The W3C Software License: http://www.w3.org/Consortium/Legal/copyright-software-19980720File Path: /home/ciagent/.m2/repository/org/w3c/css/sac/1.3/sac-1.3.jar
Description: A CSS parser which implements SAC (the Simple API for CSS).
License:
GNU Lesser General Public License: http://www.gnu.org/licenses/lgpl.txtFile Path: /home/ciagent/.m2/repository/net/sourceforge/cssparser/cssparser/0.9.18/cssparser-0.9.18.jar
Description: The Bouncy Castle Java CMS and S/MIME APIs for handling the CMS and S/MIME protocols. This jar contains CMS and S/MIME APIs for JDK 1.5. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs. If the S/MIME API is used, the JavaMail API and the Java activation framework will also be needed.
License:
Bouncy Castle Licence: http://www.bouncycastle.org/licence.htmlFile Path: /home/ciagent/.m2/repository/org/bouncycastle/bcmail-jdk15/1.45/bcmail-jdk15-1.45.jar
Description: The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5.
License:
Bouncy Castle Licence: http://www.bouncycastle.org/licence.htmlFile Path: /home/ciagent/.m2/repository/org/bouncycastle/bcprov-jdk15/1.45/bcprov-jdk15-1.45.jar
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure
The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an "invalid curve attack."
Vulnerable Software & Versions: (show all)
Description: The Bouncy Castle Java API for handling the Time Stamp Protocol (TSP). This jar contains the TSP API for JDK 1.5. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs.
License:
Bouncy Castle Licence: http://www.bouncycastle.org/licence.htmlFile Path: /home/ciagent/.m2/repository/org/bouncycastle/bctsp-jdk15/1.45/bctsp-jdk15-1.45.jar
Description: a library of arguably useful Java utilities.
License:
GNU Lesser General Public License, Version 2.1: http://www.gnu.org/licenses/lgpl-2.1.html Eclipse Public License, Version 1.0: http://www.eclipse.org/org/documents/epl-v10.phpFile Path: /home/ciagent/.m2/repository/com/mchange/mchange-commons-java/0.2.3.4/mchange-commons-java-0.2.3.4.jar
Description: a JDBC Connection pooling / Statement caching library
License:
GNU Lesser General Public License, Version 2.1: http://www.gnu.org/licenses/lgpl-2.1.html Eclipse Public License, Version 1.0: http://www.eclipse.org/org/documents/epl-v10.phpFile Path: /home/ciagent/.m2/repository/com/mchange/c3p0/0.9.2.1/c3p0-0.9.2.1.jar
Description: A module of the Hibernate O/RM project
License:
GNU Lesser General Public License: http://www.gnu.org/licenses/lgpl-2.1.htmlFile Path: /home/ciagent/.m2/repository/org/hibernate/hibernate-c3p0/4.2.21.Final/hibernate-c3p0-4.2.21.Final.jar
Description: Implementation of JDBC Service of Exoplatform SAS 'eXo Core' project.
File Path: /home/ciagent/.m2/repository/org/exoplatform/core/exo.core.component.organization.jdbc/5.2.x-SNAPSHOT/exo.core.component.organization.jdbc-5.2.x-SNAPSHOT.jar
MD5: a85f9b1e55c000a706afea15494e3a42
SHA1: 2b7d0ebfd37f3e8f20b6a600efd4789edbb71433
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/suigeneris/jrcs.rcs/0.4.2/jrcs.rcs-0.4.2.jar
MD5: 39a0ad326f371e1b1b0b1f35cf0f6efb
SHA1: 50fde3e7078afa87aea35a11be3ee01e7805a103
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: Flying Saucer is a CSS 2.1 renderer written in Java. This artifact contains the core rendering and layout code as well as Java2D output.
License:
GNU Lesser General Public License (LGPL), version 2.1 or later: http://www.gnu.org/licenses/lgpl.htmlFile Path: /home/ciagent/.m2/repository/org/xhtmlrenderer/flying-saucer-core/9.0.8/flying-saucer-core-9.0.8.jar
Description: Flying Saucer is a CSS 2.1 renderer written in Java. This artifact supports PDF output.
License:
GNU Lesser General Public License (LGPL), version 2.1 or later: http://www.gnu.org/licenses/lgpl.htmlFile Path: /home/ciagent/.m2/repository/org/xhtmlrenderer/flying-saucer-pdf/9.0.8/flying-saucer-pdf-9.0.8.jar
File Path: /home/ciagent/.m2/repository/org/exoplatform/wiki/wiki-service/5.2.x-SNAPSHOT/wiki-service-5.2.x-SNAPSHOT.jar
MD5: efcf7b807362f3e41542e43ec8b2e6c2
SHA1: d6df7b9cf0d372f7edf4e674cc19ec82bde18662
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/exoplatform/wiki/wiki-macros-iframe/5.2.x-SNAPSHOT/wiki-macros-iframe-5.2.x-SNAPSHOT.jar
MD5: 679e56e4ffa8a5e99a6c39345d392e3f
SHA1: b3ecad95a99363a647857aed31a76d44460e481d
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/python/jython-standalone/2.5.4-rc1/jython-standalone-2.5.4-rc1.jar
MD5: 947e7602dd7ff324e67b0557c088570d
SHA1: 2c7f8e1a5bcc210a686d15f372276365ccd5dffc
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: pygments
License:
Simplified BSD License: http://www.opensource.org/licenses/BSD-2-ClauseFile Path: /home/ciagent/.m2/repository/org/pygments/pygments/1.6/pygments-1.6.jar
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The FontManager._get_nix_font_path function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name.
Vulnerable Software & Versions: (show all)
Description:
A complete, Java-based solution for accessing, manipulating,
and outputting XML data
License:
Similar to Apache License but with the acknowledgment clause removed: https://raw.github.com/hunterhacker/jdom/master/LICENSE.txtFile Path: /home/ciagent/.m2/repository/org/jdom/jdom2/2.0.5/jdom2-2.0.5.jar
File Path: /home/ciagent/.m2/repository/org/exoplatform/wiki/wiki-webui/5.2.x-SNAPSHOT/wiki-webui-5.2.x-SNAPSHOT.jar
MD5: 2071c3e4f0a39d61ae69525b04856ee4
SHA1: 11092043cf943a8db1386b44dfb7e6d702d9402d
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/gatein/common/common-common/2.2.2.Final/common-common-2.2.2.Final.jar
MD5: 8ce16b5e3991285cd27e553740d09d1f
SHA1: 44522d899e31a5a10dbd70f7b0ca2fe5a614f740
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/exoplatform/platform/platform-extension-portlets-notification/5.2.x-SNAPSHOT/platform-extension-portlets-notification-5.2.x-SNAPSHOT.war
MD5: 72bcbbe6ceb5e23c084de1640014c7b2
SHA1: 956c41b0f93ef4a4584c9db6af78c944781507aa
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/exoplatform/platform/platform-extension-resources/5.2.x-SNAPSHOT/platform-extension-resources-5.2.x-SNAPSHOT.war
MD5: 6fdd40ddf069a2ac3cd7d797d28174e3
SHA1: c6d1cf43c98daf2e308f6c4cd9d27588c9dde314
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/exoplatform/platform/platform-extension-webapp/5.2.x-SNAPSHOT/platform-extension-webapp-5.2.x-SNAPSHOT.war
MD5: ad80ac2b77cdfdb35f2c8b0ad507ca10
SHA1: 67045936c598601c68ecc3251ebc3e88042d9dd4
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: The Validation plugin
File Path: /home/ciagent/.m2/repository/org/juzu/juzu-plugins-validation/1.2.x-SNAPSHOT/juzu-plugins-validation-1.2.x-SNAPSHOT.jar
MD5: 8f330f9b9e0079cfe424c932c91938f5
SHA1: 783a1d9a08b113c0e8f4fb76a585b9b7f854b927
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description:
Protocol Buffers are a way of encoding structured data in an efficient yet
extensible format.
License:
New BSD license: http://www.opensource.org/licenses/bsd-license.phpFile Path: /home/ciagent/.m2/repository/com/google/protobuf/protobuf-java/2.5.0/protobuf-java-2.5.0.jar
Severity:
Medium
CVSS Score: 6.5
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
protobuf allows remote authenticated attackers to cause a heap-based buffer overflow.
Vulnerable Software & Versions: (show all)
Description: Less language is an extension of css and less4j compiles it into regular css. It adds several dynamic features into css: variables, expressions, nested rules.
Less4j is a port. The original compiler was written in JavaScript and is called less.js. The less language is mostly defined in less.js documentation/issues and by what less.js actually do. Links to less.js:
* home page: http://lesscss.org/
* source code & issues: https://github.com/cloudhead/less.js
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt Eclipse Public License (EPL): http://www.eclipse.org/legal/epl-v10.html Gnu General Public License, Version 3: http://www.gnu.org/licenses/gpl-3.0.htmlFile Path: /home/ciagent/.m2/repository/com/github/sommeri/less4j/1.4.0/less4j-1.4.0.jar
Description: The Less4j plugin
File Path: /home/ciagent/.m2/repository/org/juzu/juzu-plugins-less4j/1.2.x-SNAPSHOT/juzu-plugins-less4j-1.2.x-SNAPSHOT.jar
MD5: 71cab9e22ec72b786ae0662a31655979
SHA1: 0b3823beeb105d620100ba3ed8ca8404dc146a03
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: WebJar Locator
License:
None: http://webjars.orgFile Path: /home/ciagent/.m2/repository/org/webjars/webjars-locator/0.4/webjars-locator-0.4.jar
Description: The Webjars plugin
File Path: /home/ciagent/.m2/repository/org/juzu/juzu-plugins-webjars/1.2.x-SNAPSHOT/juzu-plugins-webjars-1.2.x-SNAPSHOT.jar
MD5: 1c408db11400b5f3ce52d82dd823e38f
SHA1: dfca4ee3c78a0c67f58a32af0f7a5ff5a2829a2e
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
License:
CDDL License
: http://www.opensource.org/licenses/cddl1.php
File Path: /home/ciagent/.m2/repository/javax/ws/rs/jsr311-api/1.1.1/jsr311-api-1.1.1.jarDescription: Chromattic Framework API
File Path: /home/ciagent/.m2/repository/org/chromattic/chromattic.api/1.3.0/chromattic.api-1.3.0.jar
MD5: 11f2df6e3a3b4451719710c0f4c08103
SHA1: 4f60a9585bd6e68833eaaea1f1a615c682adbe27
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: The Reflext Framework API
File Path: /home/ciagent/.m2/repository/org/reflext/reflext.api/1.1.0/reflext.api-1.1.0.jar
MD5: fe732172fa2fb5ae4b63866ef15da41f
SHA1: 28374c509099736aeedc52fef3d7b8e78238c2a0
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: The Reflect Framework Core
File Path: /home/ciagent/.m2/repository/org/reflext/reflext.core/1.1.0/reflext.core-1.1.0.jar
MD5: cc65231f60a70dec43a57ccba5adce81
SHA1: 56316a714b99d7ac85d23d0f1a4680149c3273d6
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: The Reflext Framework SPI
File Path: /home/ciagent/.m2/repository/org/reflext/reflext.spi/1.1.0/reflext.spi-1.1.0.jar
MD5: 2c967ae0c3078d23b615f8825377f304
SHA1: 4df0428c39922079c53955602bce66735f9d20a8
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: The Reflext Framework Annotation Processing Tool Plugin
File Path: /home/ciagent/.m2/repository/org/reflext/reflext.apt/1.1.0/reflext.apt-1.1.0.jar
MD5: e6bb0195d6cdd15b618939c78999ea4e
SHA1: 093ab21e03197c1c7a2d2d20da4d3dd34a60ac24
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: Chromattic Framework APT Plugin
File Path: /home/ciagent/.m2/repository/org/chromattic/chromattic.apt/1.3.0/chromattic.apt-1.3.0.jar
MD5: 5f51682435a2e2014a9bd9c5936a5cc5
SHA1: f2e219c2b8e13983a26b4c3f4e8eb54d71730b4d
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: Chromattic Framework Extensions
File Path: /home/ciagent/.m2/repository/org/chromattic/chromattic.ext/1.3.0/chromattic.ext-1.3.0.jar
MD5: a8482bb9fe7572e77a58627251740ee1
SHA1: ea3bd25892c827d9b830aea768de69e200a93165
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: Chromattic Framework SPI
File Path: /home/ciagent/.m2/repository/org/chromattic/chromattic.spi/1.3.0/chromattic.spi-1.3.0.jar
MD5: e440e3f5a8e5ad38720975546ab7f06d
SHA1: 64c36f826b832acab48fea793b7c70b019a46181
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/exoplatform/gatein/pc/pc-api/5.2.x-SNAPSHOT/pc-api-5.2.x-SNAPSHOT.jar
MD5: 227a043d01bcd39f7aee187a2c4f4df8
SHA1: 4110ec8816dd8bdd083ff36fc8f176628b13cf52
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: Please refer to the main website for documentation.
File Path: /home/ciagent/.m2/repository/picocontainer/picocontainer/1.1/picocontainer-1.1.jar
MD5: 98f476491eed3b106b9a015f15bf5fda
SHA1: a2babe80a3af3a3672095341625e4a9ba4278c1b
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/exoplatform/gatein/sso/sso-integration/5.2.x-SNAPSHOT/sso-integration-5.2.x-SNAPSHOT.jar
MD5: c05ebac6a8d7e7f132614c64947e4e4d
SHA1: d2a441c5b03109306619b781f7d68976a7071f22
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/exoplatform/gatein/sso/sso-agent/5.2.x-SNAPSHOT/sso-agent-5.2.x-SNAPSHOT.jar
MD5: 491a2d727c66ea0ca04949ce74ce597a
SHA1: f222fcca2c69bf9439a7a467d0187430d6bf0ae2
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
License:
Public Domain: http://www.xmlpull.org/v1/download/unpacked/LICENSE.txtFile Path: /home/ciagent/.m2/repository/xmlpull/xmlpull/1.1.3.1/xmlpull-1.1.3.1.jar
Description: XStream is a serialization library from Java objects to XML and back.
License:
http://x-stream.github.io/license.htmlFile Path: /home/ciagent/.m2/repository/com/thoughtworks/xstream/xstream/1.4.10/xstream-1.4.10.jar
Description:
To enable interoperability between web servers and access mechanisms,
and to facilitate development of device independent web applications,
this specification will define a set of APIs for processing CC/PP information.
License:
Sun Microsystems, Inc. Binary Code License Agreement: http://java.sun.com/j2ee/ccppFile Path: /home/ciagent/.m2/repository/javax/ccpp/ccpp/1.0/ccpp-1.0.jar
Description:
Apache Portals Bridges Common Utilties and Interfaces
File Path: /home/ciagent/.m2/repository/org/apache/portals/bridges/portals-bridges-common/1.0.4/portals-bridges-common-1.0.4.jar
MD5: ea12be4025e9b906f0d22b5ed130a1f5
SHA1: c7ee4640a35fc158cf8c4a645b8e3e21ca3b52ff
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/asm/asm/3.1/asm-3.1.jar
MD5: b9b8d2d556f9458aac8c463fd511f86d
SHA1: c157def142714c544bdea2e6144645702adf7097
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
License:
ASF 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /home/ciagent/.m2/repository/cglib/cglib/2.2/cglib-2.2.jar
Description: Chromattic Framework CGLib Plugin
File Path: /home/ciagent/.m2/repository/org/chromattic/chromattic.cglib/1.3.0/chromattic.cglib-1.3.0.jar
MD5: a81fd6fb445a53cc9a1f6e4565674c7f
SHA1: 082e032bfca75a8481bd3cd747beba603ac677b5
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: A Java 1.5 Parser with AST generation and visitor support. The AST records the source code structure, javadoc and comments. It is also possible to change the AST nodes or create new ones to modify the source code.
License:
GNU Lesser General Public License: http://www.gnu.org/licenses/lgpl.htmlFile Path: /home/ciagent/.m2/repository/com/google/code/javaparser/javaparser/1.0.8/javaparser-1.0.8.jar
Description: Chromattic Framework Groovy
File Path: /home/ciagent/.m2/repository/org/chromattic/chromattic.groovy/1.3.0/chromattic.groovy-1.3.0.jar
MD5: 0380f4b86e1af34ce3ad4f2861a0b059
SHA1: 744c2bb6f74a9bf3d35ffd6ba3540635ce129337
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: The Reflext Framework Java Lang Reflect Plugin
File Path: /home/ciagent/.m2/repository/org/reflext/reflext.jlr/1.1.0/reflext.jlr-1.1.0.jar
MD5: 1103f3b1ed3762e0bd100cbee6e7f345
SHA1: 79ad1a5053213cbb350d37ff12d5f767243c8c46
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: Chromattic Data Object
File Path: /home/ciagent/.m2/repository/org/chromattic/chromattic.dataobject/1.3.0/chromattic.dataobject-1.3.0.jar
MD5: 3e09c98edcb4ccf64e065e55023e1f18
SHA1: 572d95530907c9a738a2580dc539636a1a519b77
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/exoplatform/commons/commons-search/5.2.x-SNAPSHOT/commons-search-5.2.x-SNAPSHOT.jar
MD5: f9d0d4d749b4e59fd9dbaff17cdd0537
SHA1: 120701f955e5ed432ba719479860f8f44831fcaf
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/exoplatform/commons/commons-file-storage/5.2.x-SNAPSHOT/commons-file-storage-5.2.x-SNAPSHOT.jar
MD5: 6fa1cd6579ac51d2f186bf0394e555ad
SHA1: 058378e34e1f16702b38288535d1dbff01a4659c
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: The JBoss Logging Framework
License:
Apache License, version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /home/ciagent/.m2/repository/org/jboss/logging/jboss-logging/3.3.0.Final/jboss-logging-3.3.0.Final.jar
Description: Implementation of Database Service of Exoplatform SAS eXo Core' project.
File Path: /home/ciagent/.m2/repository/org/exoplatform/core/exo.core.component.database/5.2.x-SNAPSHOT/exo.core.component.database-5.2.x-SNAPSHOT.jar
MD5: accd57fc337ec6f516e9ac1b327c3c45
SHA1: c1a6cad3babe71079e9563ab7d7b0a2bc780536b
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: Calendar with Social activity
File Path: /home/ciagent/.m2/repository/org/exoplatform/integration/integ-calendar-social/5.2.x-SNAPSHOT/integ-calendar-social-5.2.x-SNAPSHOT.jar
MD5: 4397cd4b187cb1a5f18e464abeb094ee
SHA1: 9147500dc83173e7543886411d49e1c174054308
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: ECMS with Social activity
File Path: /home/ciagent/.m2/repository/org/exoplatform/integration/integ-ecms-social/5.2.x-SNAPSHOT/integ-ecms-social-5.2.x-SNAPSHOT.jar
MD5: f40f95640f928a89b25f71c15bf85970
SHA1: d211e7e28d7cbef17348b80483818e2bb40415bc
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: Forum with Social activity
File Path: /home/ciagent/.m2/repository/org/exoplatform/integration/integ-forum-social/5.2.x-SNAPSHOT/integ-forum-social-5.2.x-SNAPSHOT.jar
MD5: 75150a23dc5208f2b16d6ab021374d45
SHA1: 6c4485c5617a704ab48754071172e6a61fb24815
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: Select document to public on activity
File Path: /home/ciagent/.m2/repository/org/exoplatform/integration/integ-social-ecms/5.2.x-SNAPSHOT/integ-social-ecms-5.2.x-SNAPSHOT.jar
MD5: ae533eb4f0a48782a7816dca89a3d0fc
SHA1: b0a9aee325a8ac4621926948b006327fcf3e324f
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: Wiki with Social activity
File Path: /home/ciagent/.m2/repository/org/exoplatform/integration/integ-wiki-social/5.2.x-SNAPSHOT/integ-wiki-social-5.2.x-SNAPSHOT.jar
MD5: ae5cd39cc29590f4fe875bc655bda2dc
SHA1: 836142e46eb1593a99cbe602fdb3bec25faa5bf5
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: Populate gadgets for user dashboard and GadgetRegistry
File Path: /home/ciagent/.m2/repository/org/exoplatform/platform/platform-component-gadgets/5.2.x-SNAPSHOT/platform-component-gadgets-5.2.x-SNAPSHOT.jar
MD5: 9a3a383453da8bb02a6563db2b481ad4
SHA1: 3fd479b6e086a77797ec2f26de87816a439b4616
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/exoplatform/platform/platform-component-organization/5.2.x-SNAPSHOT/platform-component-organization-5.2.x-SNAPSHOT.jar
MD5: b4c2363068e482189a08a9fe66f6247b
SHA1: 4ec4acda74281ae0f9c2bb12480a6ef1af9ff6f8
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/exoplatform/platform/platform-extension-config/5.2.x-SNAPSHOT/platform-extension-config-5.2.x-SNAPSHOT.jar
MD5: 3999d6d404757a470521a36830d9ec50
SHA1: fbcf47ebb00efbb9323b9127bffa85214358a159
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: Implementation of REST Core for Exoplatform SAS 'Web Services' project.
File Path: /home/ciagent/.m2/repository/org/exoplatform/ws/exo.ws.rest.core/5.2.x-SNAPSHOT/exo.ws.rest.core-5.2.x-SNAPSHOT.jar
MD5: 0cf1aac1d6cd62ef97aac56b5290f4b1
SHA1: f62bde727a6a7b4a74e6b1b5668c3beb22390c32
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/gatein/web/redirect/5.2.x-SNAPSHOT/redirect-5.2.x-SNAPSHOT.jar
MD5: 2c7b7f5ec3b62f6894205b457142c46a
SHA1: 719377f0a9252fe0f53e7731b895b6057fef00d8
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in In-Portal CMS 5.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the next_template parameter to admin/index.php.
Vulnerable Software & Versions:
Description: Hibernate's Bean Validation (JSR-303) reference implementation.
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /home/ciagent/.m2/repository/org/hibernate/hibernate-validator/4.2.0.Final/hibernate-validator-4.2.0.Final.jar
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-264 Permissions, Privileges, and Access Controls
ReflectionHelper (org.hibernate.validator.util.ReflectionHelper) in Hibernate Validator 4.1.0 before 4.2.1, 4.3.x before 4.3.2, and 5.x before 5.1.2 allows attackers to bypass Java Security Manager (JSM) restrictions and execute restricted reflection calls via a crafted application.
Vulnerable Software & Versions: (show all)
File Path: /home/ciagent/.m2/repository/org/exoplatform/platform/platform-sample-acme-intranet-portlet/5.2.x-SNAPSHOT/platform-sample-acme-intranet-portlet-5.2.x-SNAPSHOT.war
MD5: 27a284a561b77f24eab8139dbf8b2583
SHA1: 61f85b7b240b7ce3d7db2b9254852253a3bae863
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/exoplatform/platform/platform-sample-acme-intranet-webapp/5.2.x-SNAPSHOT/platform-sample-acme-intranet-webapp-5.2.x-SNAPSHOT.war
MD5: efd49e839d1ecf29d9eae0cd34350d5c
SHA1: f4d98cbd59d81e2ab6ce202059f0ed3423ebff2c
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: eXo gadget resources
File Path: /home/ciagent/.m2/repository/org/exoplatform/platform/platform-sample-gadgets-sample-exo-gadget-resources/5.2.x-SNAPSHOT/platform-sample-gadgets-sample-exo-gadget-resources-5.2.x-SNAPSHOT.war
MD5: bf9304386590015fc011380699a195b9
SHA1: 10615f1bfff90bfd722fc9c8b845f380d7da3bdb
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/exoplatform/platform/platform-sample-gadgets-sample-gadgets/5.2.x-SNAPSHOT/platform-sample-gadgets-sample-gadgets-5.2.x-SNAPSHOT.war
MD5: dfbc2102c3a2fe9ff92c68aac2eb038c
SHA1: 4e840e5401c13b02afaca87b52f68ef7175647c8
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/exoplatform/platform/platform-sample-gadgets-sample-service/5.2.x-SNAPSHOT/platform-sample-gadgets-sample-service-5.2.x-SNAPSHOT.jar
MD5: 0f5fe723e1dcdc12c73776855d4858d1
SHA1: fe623bfd6ba1793685de7e15ffe0bc581faf1ecd
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/exoplatform/platform/platform-registration/5.2.x-SNAPSHOT/platform-registration-5.2.x-SNAPSHOT.war
MD5: 3454f50468945e64833634c1a53c9483
SHA1: 11b2ed4df6f0447bf45ed7fcc48971f06d2fbc26
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/exoplatform/platform-ui/platform-ui-skin/5.2.x-SNAPSHOT/platform-ui-skin-5.2.x-SNAPSHOT.war
MD5: 57bf3ad85887c9b42bf633c8e6ba09ea
SHA1: 85a0934241d2adf0857e1008588dc4d7ab57e9e8
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /srv/ciagent/workspace/PLF/platform-public-distributions-develop-site/sources/plf-root-webapp/target/plf-root-webapp-5.2.x-SNAPSHOT.war
MD5: 1cd51285a819ef8a5a058a852758adca
SHA1: 3933bb8e63ce0e303c4cd76bff8d3cb6b4b3cf01
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: eXo Social Extension WAR
File Path: /home/ciagent/.m2/repository/org/exoplatform/social/social-extension-war/5.2.x-SNAPSHOT/social-extension-war-5.2.x-SNAPSHOT.war
MD5: 5c7dd36451dcc108d77846ca06f985f8
SHA1: 95b6c572bcb56b4a591b25c9008ef6872f034df6
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: eXo Social Notification Extension
File Path: /home/ciagent/.m2/repository/org/exoplatform/social/social-notification-extension/5.2.x-SNAPSHOT/social-notification-extension-5.2.x-SNAPSHOT.war
MD5: 90debf22a64210d8fd97a3e8157eca69
SHA1: ff81fc8850e9f9799c5247dffa1cb269f600a70c
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: eXo Social Notification Component
File Path: /home/ciagent/.m2/repository/org/exoplatform/social/social-component-notification/5.2.x-SNAPSHOT/social-component-notification-5.2.x-SNAPSHOT.jar
MD5: e4f5d9727faa9264dbaf3ba1a44ed40d
SHA1: 7667289534e6048727aae745a3c6d14f8be72543
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: eXo Social Core JPA Component
File Path: /home/ciagent/.m2/repository/org/exoplatform/social/social-component-core-jpa/5.2.x-SNAPSHOT/social-component-core-jpa-5.2.x-SNAPSHOT.jar
MD5: 5e1f8995105e5669e8d98fe55820a32f
SHA1: c251772f43f23a0f288cb1107e829297b7c344c8
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: eXo Social Feedmash
File Path: /home/ciagent/.m2/repository/org/exoplatform/social/social-extras-feedmash/5.2.x-SNAPSHOT/social-extras-feedmash-5.2.x-SNAPSHOT.jar
MD5: aa1e99aeb97f13c6b50704fc18c87bce
SHA1: e679296e5da5899a9ed15f9124a4c4ebcac54f14
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/net/oauth/core/oauth/20100527/oauth-20100527.jar
MD5: 91c7c70579f95b7ddee95b2143a49b41
SHA1: a84c5331e225bc25a5a288db328048d6b1bb6fd5
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: eXo Social OpenSocial Component
File Path: /home/ciagent/.m2/repository/org/exoplatform/social/social-component-opensocial/5.2.x-SNAPSHOT/social-component-opensocial-5.2.x-SNAPSHOT.jar
MD5: f3a7377ee8a4cfa26cd80aa530a961ee
SHA1: 81b52232d686643a6a0ac11bf96a97ac03721d43
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: Date and time library to replace JDK date handling
License:
Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /home/ciagent/.m2/repository/joda-time/joda-time/2.4/joda-time-2.4.jar
Description: This is the ehcache core module. Pair it with other modules for added functionality.
License:
The Apache Software License, Version 2.0: src/assemble/EHCACHE-CORE-LICENSE.txtFile Path: /home/ciagent/.m2/repository/net/sf/ehcache/ehcache-core/2.6.9/ehcache-core-2.6.9.jar
File Path: /home/ciagent/.m2/repository/de/odysseus/juel/juel-impl/2.2.7/juel-impl-2.2.7.jar
MD5: c5d7a62edafb5706b6beadbbcfd8f57d
SHA1: 97958467acef4c2b230b72354a4eefc66628dd99
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: Common java code for Shindig
File Path: /home/ciagent/.m2/repository/org/apache/shindig/shindig-common/2.5.2/shindig-common-2.5.2.jar
MD5: 9deeebec74d0530849d5dd42e19ee9cd
SHA1: 8e3d0ee31607e7a18f20612ef705b32ab8eace2b
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description:
Caja is a HTML/CSS/JavaScript compiler which allows websites to safely embed web applications
from third parties, and enables rich interaction between the embedding page and the embedded
applications using an object-capability security model.
License:
Apache 2.0: http://www.apache.org/licenses/LICENSE-2.0.htmlFile Path: /home/ciagent/.m2/repository/caja/caja/r5054/caja-r5054.jar
Description:
A patched version of the nu.validator v1.2.1 HTML parser.
License:
No WarrantyFile Path: /home/ciagent/.m2/repository/caja/htmlparser/r4209/htmlparser-r4209.jar
Description: An HTML parser and tag balancer.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /home/ciagent/.m2/repository/net/sourceforge/nekohtml/nekohtml/1.9.22/nekohtml-1.9.22.jar
Description:
Xerces2 is the next generation of high performance, fully compliant XML parsers in the
Apache Xerces family. This new version of Xerces introduces the Xerces Native Interface (XNI),
a complete framework for building parser components and configurations that is extremely
modular and easy to program.
File Path: /home/ciagent/.m2/repository/xerces/xercesImpl/2.9.1/xercesImpl-2.9.1.jar
MD5: f807f86d7d9db25edbfc782aca7ca2a9
SHA1: 7bc7e49ddfe4fb5f193ed37ecc96c12292c8ceb6
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Severity:
High
CVSS Score: 7.8
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
CWE: CWE-399 Resource Management Errors
Apache Xerces2 Java Parser before 2.12.0 allows remote attackers to cause a denial of service (CPU consumption) via a crafted message to an XML service, which triggers hash table collisions.
Vulnerable Software & Versions:
Description: Apache Sanselan is a pure-Java image library.
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /home/ciagent/.m2/repository/org/apache/sanselan/sanselan/0.97-incubator/sanselan-0.97-incubator.jar
Description: eXo Social Portlet Web App
File Path: /home/ciagent/.m2/repository/org/exoplatform/social/social-webapp-portlet/5.2.x-SNAPSHOT/social-webapp-portlet-5.2.x-SNAPSHOT.war
MD5: b6e6b4c95eb76c23d4eb0c3fdaccf759
SHA1: 212232997aff521a269be4e663e9c9c24b2edab4
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-190 Integer Overflow or Wraparound
The mintToken function of a smart contract implementation for APP, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
Vulnerable Software & Versions:
File Path: /home/ciagent/.m2/repository/org/exoplatform/social/social-webapp-juzu-portlet/5.2.x-SNAPSHOT/social-webapp-juzu-portlet-5.2.x-SNAPSHOT.war
MD5: 99ae0be443897916e9d46e3100f7b71e
SHA1: 0645a59fe2c645246675d3cad313ddcb9ef41580
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: eXo Wiki Upgrade Plugins
File Path: /home/ciagent/.m2/repository/org/exoplatform/wiki/wiki-upgrade-plugins/5.2.x-SNAPSHOT/wiki-upgrade-plugins-5.2.x-SNAPSHOT.jar
MD5: 0c38639cfabb00b49223db99ee6047ad
SHA1: 0c11e37efe299443d1878ba6403946e542a71980
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/exoplatform/wiki/wiki-webapp/5.2.x-SNAPSHOT/wiki-webapp-5.2.x-SNAPSHOT.war
MD5: 589ac4decff9e628c3cf8818cdde3cdc
SHA1: 6e05ea15299ef9f833150ab38dcd1162f9eb19f1
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description:
Protocol Buffers are a way of encoding structured data in an efficient yet
extensible format.
License:
New BSD license: http://www.opensource.org/licenses/bsd-license.phpFile Path: /home/ciagent/.m2/repository/com/google/gwt/gwt-servlet/2.6.1/gwt-servlet-2.6.1.jar
Severity:
Medium
CVSS Score: 6.5
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
protobuf allows remote authenticated attackers to cause a heap-based buffer overflow.
Vulnerable Software & Versions: (show all)
File Path: /home/ciagent/.m2/repository/com/isomorphic/smartgwt/lgpl/smartgwt-lgpl/6.0-p20170514/smartgwt-lgpl-6.0-p20170514.jar
MD5: feef4d7601d4e2ca9cfdaa5315eb17c6
SHA1: b27485a980eca557785290c25f15349075e077b7
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in the Widgets extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via vectors involving base64 encoded content.
Vulnerable Software & Versions:
Description:
JCommon is a free general purpose Java class library that is used in
several projects at www.jfree.org, including JFreeChart and
JFreeReport.
License:
GNU Lesser General Public Licence: http://www.gnu.org/licenses/lgpl.txtFile Path: /home/ciagent/.m2/repository/org/jfree/jcommon/1.0.17/jcommon-1.0.17.jar
Description:
JFreeChart is a class library, written in Java, for generating charts.
Utilising the Java2D APIs, it currently supports bar charts, pie charts,
line charts, XY-plots and time series plots.
License:
GNU Lesser General Public Licence: http://www.gnu.org/licenses/lgpl.txtFile Path: /home/ciagent/.m2/repository/org/jfree/jfreechart/1.0.14/jfreechart-1.0.14.jar
Description: Apache Velocity is a general purpose template engine.
File Path: /home/ciagent/.m2/repository/org/apache/velocity/velocity/1.7/velocity-1.7.jar
MD5: 3692dd72f8367cb35fb6280dc2916725
SHA1: 2ceb567b8f3f21118ecdec129fe1271dbc09aa7a
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/velocity-tools/velocity-tools/1.4/velocity-tools-1.4.jar
MD5: 2ef7ed8b728186558b5d587c38900b84
SHA1: 4e1f4d507030a00959f4c0c7fcc60b3565617d08
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description:
Simple java library for transforming an Object to another Object.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /home/ciagent/.m2/repository/net/sf/ezmorph/ezmorph/1.0.6/ezmorph-1.0.6.jar
File Path: /home/ciagent/.m2/repository/net/sf/json-lib/json-lib/2.4/json-lib-2.4-jdk15.jar
MD5: f5db294d05b3d5a5bfb873455b0a8626
SHA1: 136743e0d12df4e785e62b48618cee169b2ae546
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: Tools to assist in the reading of configuration/preferences files in various formats.
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /home/ciagent/.m2/repository/commons-configuration/commons-configuration/1.10/commons-configuration-1.10.jar
File Path: /home/ciagent/.m2/repository/uk/ac/ed/ph/snuggletex/snuggletex-core/1.1.0/snuggletex-core-1.1.0.jar
MD5: 1ea61a45bcb155a830d6a149f9f3f845
SHA1: 668865eca57ae9765b042558bc95522763333b70
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /home/ciagent/.m2/repository/org/apache/xmlgraphics/batik-css/1.7/batik-css-1.7.jar
Severity:
Medium
CVSS Score: 6.4
(AV:N/AC:L/Au:N/C:P/I:N/A:P)
XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.9
(AV:N/AC:M/Au:S/C:C/I:N/A:C)
CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack.
Vulnerable Software & Versions:
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data
In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization.
Vulnerable Software & Versions: (show all)
Description:
Apache XML Graphics Commons is a library that consists of several reusable
components used by Apache Batik and Apache FOP. Many of these components
can easily be used separately outside the domains of SVG and XSL-FO.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /home/ciagent/.m2/repository/org/apache/xmlgraphics/xmlgraphics-commons/1.3.1/xmlgraphics-commons-1.3.1.jar
Description: This is the core module containing the basic JEuclid rendering and document handling classes.
File Path: /home/ciagent/.m2/repository/net/sourceforge/jeuclid/jeuclid-core/3.1.5/jeuclid-core-3.1.5.jar
MD5: ef55609690f186df77611d25e79ae781
SHA1: e7b45abc13ba621b384b475ff6d10aa13e121b02
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/uk/ac/ed/ph/snuggletex/snuggletex-jeuclid/1.1.0/snuggletex-jeuclid-1.1.0.jar
MD5: 4b84195d37d3ad1ece60e9abb56e9bf7
SHA1: 14c790c08d2ca60b9067b5fd156ba01c83f25a3e
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description:
Serializer to write out XML, HTML etc. as a stream of characters from an input DOM or from input
SAX events.
File Path: /home/ciagent/.m2/repository/xalan/serializer/2.7.1/serializer-2.7.1.jar
MD5: a6b64dfe58229bdd810263fa0cc54cff
SHA1: 4b4b18df434451249bb65a63f2fb69e215a6a020
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled, which allows remote attackers to bypass expected restrictions and load arbitrary classes or access external resources via a crafted (1) xalan:content-header, (2) xalan:entities, (3) xslt:content-header, or (4) xslt:entities property, or a Java property that is bound to the XSLT 1.0 system-property function.
Vulnerable Software & Versions: (show all)
Description:
Xalan-Java is an XSLT processor for transforming XML documents into HTML,
text, or other XML document types. It implements XSL Transformations (XSLT)
Version 1.0 and XML Path Language (XPath) Version 1.0 and can be used from
the command line, in an applet or a servlet, or as a module in other program.
File Path: /home/ciagent/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar
MD5: d43aad24f2c143b675292ccfef487f9c
SHA1: 75f1d83ce27bab5f29fff034fc74aa9f7266f22a
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled, which allows remote attackers to bypass expected restrictions and load arbitrary classes or access external resources via a crafted (1) xalan:content-header, (2) xalan:entities, (3) xslt:content-header, or (4) xslt:entities property, or a Java property that is bound to the XSLT 1.0 system-property function.
Vulnerable Software & Versions: (show all)
File Path: /home/ciagent/.m2/repository/org/exoplatform/wiki/wiki-jpa/5.2.x-SNAPSHOT/wiki-jpa-5.2.x-SNAPSHOT.jar
MD5: c55d49c5aae05fdea0c1813b3067bc66
SHA1: 17911075d749b25b10b811394d46f453ea1b9812
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/exoplatform/wiki/wiki-jpa-migration/5.2.x-SNAPSHOT/wiki-jpa-migration-5.2.x-SNAPSHOT.jar
MD5: 2186867ed6de0fea84b87daa7e8fb6d5
SHA1: 4afbb3cc1280b4001697e58ce00a38cd7020da58
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/gatein/management/gatein-management-api/2.1.0.Final/gatein-management-api-2.1.0.Final.jar
MD5: dde253e45fefd580cab7a4ee75c6d92e
SHA1: 5c73b152fe9497eb37386052f86bfa7ee7d33b87
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/jboss/jboss-dmr/1.1.1.Final/jboss-dmr-1.1.1.Final.jar
MD5: d64cccf4531ef61115e70f3d8bb5e2e2
SHA1: 7506200d32c2bb0833969ab13e8a0e4795853198
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/gatein/management/gatein-management-core/2.1.0.Final/gatein-management-core-2.1.0.Final.jar
MD5: a03a655d42f401bc4eca6c95242808aa
SHA1: 146d88fc22a8c25021c62da29f6ec3b51aa1338f
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/gatein/management/gatein-management-rest/2.1.0.Final/gatein-management-rest-2.1.0.Final.jar
MD5: 77edd585db54a9c915b1c4a8241bf890
SHA1: e818a46b6f5b74c05a6e181c3ae9ea409b20109f
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: A Java library for the Twitter API
License:
Apache License 2.0: http://www.apache.org/licenses/LICENSE-2.0File Path: /home/ciagent/.m2/repository/org/twitter4j/twitter4j-core/3.0.5/twitter4j-core-3.0.5.jar
Description: The best OAuth library out there
License:
MIT: http://github.com/fernandezpablo85/scribe-java/blob/master/LICENSE.txtFile Path: /home/ciagent/.m2/repository/org/scribe/scribe/1.3.5/scribe-1.3.5.jar
Description:
Google HTTP Client Library for Java. Functionality that works on all supported Java platforms,
including Java 5 (or higher) desktop (SE) and web (EE), Android, and Google App Engine.
File Path: /home/ciagent/.m2/repository/com/google/http-client/google-http-client/1.14.1-beta/google-http-client-1.14.1-beta.jar
MD5: 8a3711522ebceef2531d455e2f04a639
SHA1: cb503d4021739e6bac39442ac87b4e311ec77b5e
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: JSR305 Annotations for Findbugs
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /home/ciagent/.m2/repository/com/google/code/findbugs/jsr305/1.3.9/jsr305-1.3.9.jar
Description:
Google OAuth Client Library for Java. Functionality that works on all supported Java platforms,
including Java 5 (or higher) desktop (SE) and web (EE), Android, and Google App Engine.
File Path: /home/ciagent/.m2/repository/com/google/oauth-client/google-oauth-client/1.14.1-beta/google-oauth-client-1.14.1-beta.jar
MD5: 71feea1d54eb7878c12855b7c47ef289
SHA1: 7260cd30808a6d1d4ddef6250e3d92d814aaa4cb
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/com/google/api-client/google-api-client/1.14.1-beta/google-api-client-1.14.1-beta.jar
MD5: 6832804471d4d635ed74ae1fbd5d9d86
SHA1: e95d3b6e36fc67bffd7e71ef60bc5af623e73843
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: Jackson is a high-performance JSON processor (parser, generator)
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /home/ciagent/.m2/repository/org/codehaus/jackson/jackson-core-asl/1.9.11/jackson-core-asl-1.9.11.jar
File Path: /home/ciagent/.m2/repository/com/google/http-client/google-http-client-jackson/1.14.1-beta/google-http-client-jackson-1.14.1-beta.jar
MD5: 85d9f42910a68e85ff22d24805688da9
SHA1: 3cfc08bf4b0f62234ff69ff2a0b3c26d7e447829
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/com/google/apis/google-api-services-plus/v1-rev69-1.14.2-beta/google-api-services-plus-v1-rev69-1.14.2-beta.jar
MD5: fbddf71619f41f1359f0b3abff442444
SHA1: a6c5cc69690a3bd7777025a65b0f1abe66112a5e
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/com/google/apis/google-api-services-oauth2/v2-rev36-1.14.2-beta/google-api-services-oauth2-v2-rev36-1.14.2-beta.jar
MD5: cd2ac31ad0317e53e660c2a4578749f3
SHA1: c7249e1e4832f6e6585f7b7db307585b3ae53881
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/exoplatform/platform/platform-component-oauth-auth/5.2.x-SNAPSHOT/platform-component-oauth-auth-5.2.x-SNAPSHOT.jar
MD5: a3281ee8b01b31c2b6a72a1f2067cfdf
SHA1: 305193231b7bfeec125164b306a8c52f81844493
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/exoplatform/gatein/pc/pc-portlet/5.2.x-SNAPSHOT/pc-portlet-5.2.x-SNAPSHOT.jar
MD5: 6f25e13a9de2d120ff36e267d48e1228
SHA1: 8a067c3d188d76c9a94163fd628eef7a28137166
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/gatein/cdi/gatein-cdi-injection/5.2.x-SNAPSHOT/gatein-cdi-injection-5.2.x-SNAPSHOT.jar
MD5: b36bf5166b83c7a921d0fa4a555fbf14
SHA1: b6347671c5605e945b67c9f7088b9034dbe78d2f
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/gatein/cdi/gatein-cdi-contexts/5.2.x-SNAPSHOT/gatein-cdi-contexts-5.2.x-SNAPSHOT.jar
MD5: ce556cb685c3fec124a64adcc5fff7d5
SHA1: 790e87fbadd1df93ee5ec9988a6d63bb25d8c571
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: logback-core module
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/legal/epl-v10.html GNU Lesser General Public License: http://www.gnu.org/licenses/old-licenses/lgpl-2.1.htmlFile Path: /home/ciagent/.m2/repository/ch/qos/logback/logback-core/1.1.2/logback-core-1.1.2.jar
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data
QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components.
Vulnerable Software & Versions:
Description: Tomcat Remote JMX listener
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /home/ciagent/.m2/repository/org/apache/tomcat/tomcat-catalina-jmx-remote/8.5.35/tomcat-catalina-jmx-remote-8.5.35.jar
Severity:
High
CVSS Score: 7.2
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.
Vulnerable Software & Versions:
Severity:
High
CVSS Score: 7.2
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-19 Data Handling
It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu.
Vulnerable Software & Versions:
File Path: /home/ciagent/.m2/repository/org/codehaus/janino/commons-compiler/2.6.1/commons-compiler-2.6.1.jar
MD5: 502720f1e3cb359c54f794b718cc8b73
SHA1: f81764c6e9199c3ba1b2c525408734c45e772494
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/codehaus/janino/janino/2.6.1/janino-2.6.1.jar
MD5: 88f965703a684a89f42094bfc20113eb
SHA1: 454255eb300ab38db19dd23c1f7ba5168bb646ab
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /srv/ciagent/workspace/PLF/platform-public-distributions-develop-site/sources/plf-tomcat-integration-webapp/target/plf-tomcat-integration-webapp-5.2.x-SNAPSHOT.war
MD5: 039204309a08555a6bdfd8b08e59a959
SHA1: 693fe650d24786aa98fb36bc40f27c6d850b917b
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/exoplatform/gatein/wci/wci-tomcat8/5.2.x-SNAPSHOT/wci-tomcat8-5.2.x-SNAPSHOT.jar
MD5: 1d5e66f4b045720af801a1bddc8176fe
SHA1: ae213f27b1197c2d70d4f7f90de71c126418d4a1
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: This module defines a LifecycleListener to attach to a Tomcat host to create all portal containers.
File Path: /srv/ciagent/workspace/PLF/platform-public-distributions-develop-site/sources/plf-tomcat-pc-creator-listener/target/plf-tomcat-pc-creator-listener-5.2.x-SNAPSHOT.jar
MD5: 47ccfd971a05950654abe00ad86a9aa6
SHA1: 97a0f41d3d21bdecad6a149e65f6880b9070fcf0
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: Jansi is a java library for generating and interpreting ANSI escape sequences.
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /home/ciagent/.m2/repository/org/fusesource/jansi/jansi/1.11/jansi-1.11.jar
Description: HSQLDB - Lightweight 100% Java SQL Database Engine
License:
HSQLDB License, a BSD open source license: http://hsqldb.org/web/hsqlLicense.htmlFile Path: /home/ciagent/.m2/repository/org/hsqldb/hsqldb/2.4.0/hsqldb-2.4.0.jar
Description: JCL 1.1.1 implemented over SLF4J
File Path: /home/ciagent/.m2/repository/org/slf4j/jcl-over-slf4j/1.7.7/jcl-over-slf4j-1.7.7.jar
MD5: 32ad130f946ef0460af416397b7fc7b7
SHA1: 56003dcd0a31deea6391b9e2ef2f2dc90b205a92
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: JUL to SLF4J bridge
File Path: /home/ciagent/.m2/repository/org/slf4j/jul-to-slf4j/1.7.7/jul-to-slf4j-1.7.7.jar
MD5: 151a2a6f7f3fff8f5e5324659f6ccdbb
SHA1: def21bc1a6e648ee40b41a84f1db443132913105
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: Log4j implemented over SLF4J
License:
Apache Software Licenses: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /home/ciagent/.m2/repository/org/slf4j/log4j-over-slf4j/1.7.7/log4j-over-slf4j-1.7.7.jar
Description: The slf4j API
File Path: /home/ciagent/.m2/repository/org/slf4j/slf4j-api/1.7.7/slf4j-api-1.7.7.jar
MD5: ca4280bf93d64367723ae5c8d42dd0b9
SHA1: 2b8019b6249bb05d81d3a3094e468753e2b21311
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: Liquibase SLF4J Logger
License:
MIT License: http://www.opensource.org/licenses/mit-license.htmlFile Path: /home/ciagent/.m2/repository/com/mattbertolini/liquibase-slf4j/2.0.0/liquibase-slf4j-2.0.0.jar
Description: YAML 1.1 parser and emitter for Java
License:
Apache License Version 2.0: LICENSE.txtFile Path: /home/ciagent/.m2/repository/org/yaml/snakeyaml/1.13/snakeyaml-1.13.jar
File Path: /srv/ciagent/workspace/PLF/platform-public-distributions-develop-site/sources/plf-exo-tools/target/plf-exo-tools-5.2.x-SNAPSHOT.jar
MD5: b6cd6663115306f06d2a949e9231206e
SHA1: 97772c9af8697704c0252609311b174866757d93
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: Header Texts and others License resources
File Path: /home/ciagent/.m2/repository/org/exoplatform/resources/exo-lgpl-license-resource-bundle/2/exo-lgpl-license-resource-bundle-2.jar
MD5: 51f6110e482a3bb59e2920e61284f440
SHA1: 5e0e93e2f9d4a62747ed8642dda37799644061fc
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/python/jython-standalone/2.5.4-rc1/jython-standalone-2.5.4-rc1.jar/Lib/distutils/command/wininst-7.1.exe
MD5: 60ca8d5d30a48745d2918fc59f663d82
SHA1: f1eceea0200b381e8df1bd21febe4d86216d3a9d
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/python/jython-standalone/2.5.4-rc1/jython-standalone-2.5.4-rc1.jar/Lib/distutils/command/wininst-6.exe
MD5: 2af1ae03a9ada576bbf62fab00b69be9
SHA1: 0f042eb468c23b791446c1594f8f3bb5023eea36
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/python/jython-standalone/2.5.4-rc1/jython-standalone-2.5.4-rc1.jar/jni/x86_64-Windows/jffi-1.0.dll
MD5: 63e4285e98616f329c88d741ca6f65e8
SHA1: 966259febd6c05d8287b7dd75be57bfcd77fd400
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/python/jython-standalone/2.5.4-rc1/jython-standalone-2.5.4-rc1.jar/jni/i386-Windows/jffi-1.0.dll
MD5: 570f7ce3eae96b92eb4aab891c076b50
SHA1: c35b34b1cf7a20c0478d34bcfbde3d75905a8b19
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/python/jython-standalone/2.5.4-rc1/jython-standalone-2.5.4-rc1.jar/jline/jline32.dll
MD5: b3d9a08ff70440ba3638a325512f2cd8
SHA1: 67a55d8f8ca4937d784d4334e554770adc2a1079
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/python/jython-standalone/2.5.4-rc1/jython-standalone-2.5.4-rc1.jar/jline/jline64.dll
MD5: d2f7b0db1231aac1846a857f5c0c4f2c
SHA1: e297e4e990ce820e64d41f3f27b9be90283f3f96
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/net/sf/ehcache/ehcache-core/2.6.9/ehcache-core-2.6.9.jar/net/sf/ehcache/pool/sizeof/sizeof-agent.jar
MD5: 5ad919b3ac0516897bdca079c9a222a8
SHA1: e86399a80ae6a6c7a563717eaa0ce9ba4708571c
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/com/isomorphic/smartgwt/lgpl/smartgwt-lgpl/6.0-p20170514/smartgwt-lgpl-6.0-p20170514.jar/com/smartclient/public/sc/system/helpers/isomorphic_applets.jar
MD5: 0f754cb070377f2176d66ab61c1adafe
SHA1: b1cfc819d68ad2ecb419ce92f2c36bfceebf0d09
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description: Content Repository for Java technology API. Specifies a standard API to access content repositories in JavaTM 2 independently of implementation.
License:
Day Specification License: http://www.day.com/maven/jsr170/licenses/day-spec-license.htm Day Specification License addendum: http://www.day.com/maven/jsr170/jars/LICENSE.txtFile Path: /home/ciagent/.m2/repository/org/exoplatform/gatein/portal/exo.portal.eXoGadgets/5.2.x-SNAPSHOT/exo.portal.eXoGadgets-5.2.x-SNAPSHOT.war/WEB-INF/lib/jcr-1.0.jar
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
The content module is a module to parse HTTP Content-* headers. It is used by the hapijs framework to provide this functionality. The module is vulnerable to regular expression denial of service when passed a specifically crafted Content-Type or Content-Disposition header.
Vulnerable Software & Versions:
Description: The slf4j API
File Path: /home/ciagent/.m2/repository/org/exoplatform/gatein/portal/exo.portal.eXoGadgets/5.2.x-SNAPSHOT/exo.portal.eXoGadgets-5.2.x-SNAPSHOT.war/WEB-INF/lib/slf4j-api-1.7.5.jar
MD5: 3b1ececad9ebc3fbad2953ccf4a070ca
SHA1: 6b262da268f8ad9eff941b25503a9198f0a0ac93
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/fusesource/jansi/jansi/1.11/jansi-1.11.jar/META-INF/native/windows64/jansi.dll
MD5: fd3a20891286c958103f3ea07174cd3c
SHA1: 829195c9e338d5725cf304ae33fc209db53884eb
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/fusesource/jansi/jansi/1.11/jansi-1.11.jar/META-INF/native/windows32/jansi.dll
MD5: 1e56641bb68937f8e2020cbff5d04a08
SHA1: 97f6e12599bb5848867b9762184d055ed918ab2a
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/exoplatform/platform/addons-manager/1.4.x-SNAPSHOT/addons-manager-1.4.x-SNAPSHOT.zip/addons/addons-manager.jar
MD5: 5aa69e6ed0bc5b6154ae6b91999abe10
SHA1: 678049cf38abee0b149e5052b9d93b87a083cc4a
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Description:
An implementation of the JSP Standard Tag Library (JSTL).
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /home/ciagent/.m2/repository/org/apache/tomcat/tomcat/8.5.35/tomcat-8.5.35.zip/apache-tomcat-8.5.35/webapps/examples/WEB-INF/lib/taglibs-standard-impl-1.2.5.jar
File Path: /home/ciagent/.m2/repository/org/apache/tomcat/tomcat/8.5.35/tomcat-8.5.35.zip/apache-tomcat-8.5.35/webapps/docs/appdev/sample/sample.war
MD5: 570f196c4a1025a717269d16d11d6f37
SHA1: 80f5053b166c69d81697ba21113c673f8372aca0
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
File Path: /home/ciagent/.m2/repository/org/apache/tomcat/tomcat/8.5.35/tomcat-8.5.35.zip/apache-tomcat-8.5.35/bin/bootstrap.jar
MD5: f3940fdc1b7cf81fee43d6963a4d3740
SHA1: 394ae5d3d92b3c7717c26d529729145c53149a22
Referenced In Project/Scope:
eXo PLF:: Platform Public Distributions - Community Tomcat Standalone:provided
Severity:
High
CVSS Score: 7.2
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.
Vulnerable Software & Versions:
Severity:
High
CVSS Score: 7.2
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-19 Data Handling
It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu.
Vulnerable Software & Versions:
Description:
Apache Commons Daemon software provides an alternative invocation mechanism for unix-daemon-like Java code.
License:
https://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /home/ciagent/.m2/repository/org/apache/tomcat/tomcat/8.5.35/tomcat-8.5.35.zip/apache-tomcat-8.5.35/bin/commons-daemon.jar
Description: Tomcat Core Logging Package
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /home/ciagent/.m2/repository/org/apache/tomcat/tomcat/8.5.35/tomcat-8.5.35.zip/apache-tomcat-8.5.35/bin/tomcat-juli.jar
Description: WebSocket (JSR356) API
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /home/ciagent/.m2/repository/org/apache/tomcat/tomcat/8.5.35/tomcat-8.5.35.zip/apache-tomcat-8.5.35/lib/websocket-api.jar
Severity:
High
CVSS Score: 7.2
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.
Vulnerable Software & Versions:
Severity:
High
CVSS Score: 7.2
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-19 Data Handling
It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu.
Vulnerable Software & Versions:
Description: Annotations Package
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /home/ciagent/.m2/repository/org/apache/tomcat/tomcat/8.5.35/tomcat-8.5.35.zip/apache-tomcat-8.5.35/lib/annotations-api.jar
Severity:
High
CVSS Score: 7.2
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.
Vulnerable Software & Versions:
Severity:
High
CVSS Score: 7.2
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-19 Data Handling
It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu.
Vulnerable Software & Versions:
Description: Tomcats JSP Parser
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /home/ciagent/.m2/repository/org/apache/tomcat/tomcat/8.5.35/tomcat-8.5.35.zip/apache-tomcat-8.5.35/lib/jasper.jar
Severity:
High
CVSS Score: 7.2
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.
Vulnerable Software & Versions:
Severity:
High
CVSS Score: 7.2
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-19 Data Handling
It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu.
Vulnerable Software & Versions:
Description: Eclipse Compiler for Java(TM)
License:
Eclipse Public License: http://www.eclipse.org/legal/epl-v10.htmlFile Path: /home/ciagent/.m2/repository/org/apache/tomcat/tomcat/8.5.35/tomcat-8.5.35.zip/apache-tomcat-8.5.35/lib/ecj-4.6.3.jar
Description: javax.servlet package
License:
Apache License, Version 2.0 and
Common Development And Distribution License (CDDL) Version 1.0
:
http://www.apache.org/licenses/LICENSE-2.0.txt and
http://www.opensource.org/licenses/cddl1.txt
File Path: /home/ciagent/.m2/repository/org/apache/tomcat/tomcat/8.5.35/tomcat-8.5.35.zip/apache-tomcat-8.5.35/lib/servlet-api.jarSeverity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
The default configuration of Jakarta Tomcat does not restrict access to the /admin context, which allows remote attackers to read arbitrary files by directly calling the administrative servlets to add a context for the root directory.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.4
(AV:N/AC:L/Au:N/C:P/I:P/A:N)
Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 6.4
(AV:N/AC:L/Au:N/C:P/I:P/A:N)
The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
Vulnerable Software & Versions:
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-254 Security Features
Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, uses trusted privileges when processing the web.xml file, which could allow remote attackers to read portions of some files through the web.xml file.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Multiple cross-site scripting (XSS) vulnerabilities in the (1) examples and (2) ROOT web applications for Jakarta Tomcat 3.x through 3.3.1a allow remote attackers to insert arbitrary web script or HTML.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Jakarta Tomcat before 3.3.1a on certain Windows systems may allow remote attackers to cause a denial of service (thread hang and resource consumption) via a request for a JSP page containing an MS-DOS device name, such as aux.jsp.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Multiple cross-site scripting (XSS) vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) el/functions.jsp, (2) el/implicit-objects.jsp, and (3) jspx/textRotate.jspx in examples/jsp2/, as demonstrated via script in a request to snp/snoop.jsp. NOTE: other XSS issues in the manager were simultaneously reported, but these require admin access and do not cross privilege boundaries.
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 2.6
(AV:N/AC:H/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ';' character, as demonstrated by a URI containing a "snp/snoop.jsp;" sequence.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-16 Configuration
The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
Vulnerable Software & Versions:
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-255 Credentials Management
The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-16 Configuration
Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-20 Improper Input Validation
** DISPUTED ** The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance, a similar issue to CVE-2013-2186. NOTE: this issue is reportedly disputed by the Apache Tomcat team, although Red Hat considers it a vulnerability. The dispute appears to regard whether it is the responsibility of applications to avoid providing untrusted data to be deserialized, or whether this class should inherently protect against this issue.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.8
(AV:N/AC:M/Au:N/C:P/I:P/A:N)
CWE: CWE-20 Improper Input Validation
Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation
Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-94 Improper Control of Generation of Code ('Code Injection')
Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading and accessing a JSP file.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure
Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-352
** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in the Manager application in Apache Tomcat 5.5.25 and earlier allows remote attackers to hijack the authentication of administrators for requests that manipulate application deployment via the POST method, as demonstrated by a /manager/html/undeploy?path= URI. NOTE: the vendor disputes the significance of this report, stating that "the Apache Tomcat Security team has not accepted any reports of CSRF attacks against the Manager application ... as they require a reckless system administrator."
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-189 Numeric Errors
Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-264 Permissions, Privileges, and Access Controls
java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-189 Numeric Errors
Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-264 Permissions, Privileges, and Access Controls
Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.2
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.
Vulnerable Software & Versions:
Severity:
High
CVSS Score: 7.2
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-19 Data Handling
It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu.
Vulnerable Software & Versions:
Description: Spanish translations
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /home/ciagent/.m2/repository/org/apache/tomcat/tomcat/8.5.35/tomcat-8.5.35.zip/apache-tomcat-8.5.35/lib/tomcat-i18n-es.jar
Severity:
High
CVSS Score: 7.2
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.
Vulnerable Software & Versions:
Severity:
High
CVSS Score: 7.2
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-19 Data Handling
It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu.
Vulnerable Software & Versions:
Description: Interface code to the native connector
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /home/ciagent/.m2/repository/org/apache/tomcat/tomcat/8.5.35/tomcat-8.5.35.zip/apache-tomcat-8.5.35/lib/tomcat-jni.jar
Severity:
High
CVSS Score: 7.2
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.
Vulnerable Software & Versions:
Severity:
High
CVSS Score: 7.2
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-19 Data Handling
It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu.
Vulnerable Software & Versions:
Description: javax.security.auth.message package
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /home/ciagent/.m2/repository/org/apache/tomcat/tomcat/8.5.35/tomcat-8.5.35.zip/apache-tomcat-8.5.35/lib/jaspic-api.jar
Severity:
High
CVSS Score: 7.2
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.
Vulnerable Software & Versions:
Severity:
High
CVSS Score: 7.2
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-19 Data Handling
It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu.
Vulnerable Software & Versions:
Description: Tomcat Servlet Engine Core Classes and Standard implementations
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /home/ciagent/.m2/repository/org/apache/tomcat/tomcat/8.5.35/tomcat-8.5.35.zip/apache-tomcat-8.5.35/lib/catalina.jar
Severity:
High
CVSS Score: 7.2
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.
Vulnerable Software & Versions:
Severity:
High
CVSS Score: 7.2
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-19 Data Handling
It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu.
Vulnerable Software & Versions:
Description: Tomcat Connectors and HTTP parser
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /home/ciagent/.m2/repository/org/apache/tomcat/tomcat/8.5.35/tomcat-8.5.35.zip/apache-tomcat-8.5.35/lib/tomcat-coyote.jar
Severity:
High
CVSS Score: 7.2
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.
Vulnerable Software & Versions:
Severity:
High
CVSS Score: 7.2
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-19 Data Handling
It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu.
Vulnerable Software & Versions:
Description: Expression language package
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /home/ciagent/.m2/repository/org/apache/tomcat/tomcat/8.5.35/tomcat-8.5.35.zip/apache-tomcat-8.5.35/lib/el-api.jar
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
The default configuration of Jakarta Tomcat does not restrict access to the /admin context, which allows remote attackers to read arbitrary files by directly calling the administrative servlets to add a context for the root directory.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.4
(AV:N/AC:L/Au:N/C:P/I:P/A:N)
The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
Vulnerable Software & Versions:
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-254 Security Features
Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, uses trusted privileges when processing the web.xml file, which could allow remote attackers to read portions of some files through the web.xml file.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Multiple cross-site scripting (XSS) vulnerabilities in the (1) examples and (2) ROOT web applications for Jakarta Tomcat 3.x through 3.3.1a allow remote attackers to insert arbitrary web script or HTML.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Jakarta Tomcat before 3.3.1a on certain Windows systems may allow remote attackers to cause a denial of service (thread hang and resource consumption) via a request for a JSP page containing an MS-DOS device name, such as aux.jsp.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Multiple cross-site scripting (XSS) vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) el/functions.jsp, (2) el/implicit-objects.jsp, and (3) jspx/textRotate.jspx in examples/jsp2/, as demonstrated via script in a request to snp/snoop.jsp. NOTE: other XSS issues in the manager were simultaneously reported, but these require admin access and do not cross privilege boundaries.
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 2.6
(AV:N/AC:H/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ';' character, as demonstrated by a URI containing a "snp/snoop.jsp;" sequence.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-16 Configuration
The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
Vulnerable Software & Versions:
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-255 Credentials Management
The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-16 Configuration
Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-20 Improper Input Validation
** DISPUTED ** The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance, a similar issue to CVE-2013-2186. NOTE: this issue is reportedly disputed by the Apache Tomcat team, although Red Hat considers it a vulnerability. The dispute appears to regard whether it is the responsibility of applications to avoid providing untrusted data to be deserialized, or whether this class should inherently protect against this issue.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.8
(AV:N/AC:M/Au:N/C:P/I:P/A:N)
CWE: CWE-20 Improper Input Validation
Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation
Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-94 Improper Control of Generation of Code ('Code Injection')
Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading and accessing a JSP file.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure
Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-352
** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in the Manager application in Apache Tomcat 5.5.25 and earlier allows remote attackers to hijack the authentication of administrators for requests that manipulate application deployment via the POST method, as demonstrated by a /manager/html/undeploy?path= URI. NOTE: the vendor disputes the significance of this report, stating that "the Apache Tomcat Security team has not accepted any reports of CSRF attacks against the Manager application ... as they require a reckless system administrator."
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-189 Numeric Errors
Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-264 Permissions, Privileges, and Access Controls
java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-189 Numeric Errors
Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-264 Permissions, Privileges, and Access Controls
Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.2
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.
Vulnerable Software & Versions:
Severity:
High
CVSS Score: 7.2
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-19 Data Handling
It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu.
Vulnerable Software & Versions:
Description: JSP package
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /home/ciagent/.m2/repository/org/apache/tomcat/tomcat/8.5.35/tomcat-8.5.35.zip/apache-tomcat-8.5.35/lib/jsp-api.jar
Severity:
High
CVSS Score: 7.2
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.
Vulnerable Software & Versions:
Severity:
High
CVSS Score: 7.2
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-19 Data Handling
It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu.
Vulnerable Software & Versions:
Description: Support for reading and writing YAML-encoded data via Jackson abstractions.
File Path: /home/ciagent/.m2/repository/com/fasterxml/jackson/dataformat/jackson-dataformat-yaml/2.4.2/jackson-dataformat-yaml-2.4.2.jar/META-INF/maven/com.fasterxml.jackson.dataformat/jackson-dataformat-yaml/pom.xml
MD5: 287aac9a700de46369cc0e327e3577bc
SHA1: da124b77ecdec56e2af7ef65828ec493590ab214
Description: YAML 1.1 parser and emitter for Java
License:
Apache License Version 2.0: LICENSE.txtFile Path: /home/ciagent/.m2/repository/com/fasterxml/jackson/dataformat/jackson-dataformat-yaml/2.4.2/jackson-dataformat-yaml-2.4.2.jar/META-INF/maven/org.yaml/snakeyaml/pom.xml
Description: JBoss Marshalling API
File Path: /home/ciagent/.m2/repository/org/jboss/marshalling/jboss-marshalling-osgi/2.0.0.Beta3/jboss-marshalling-osgi-2.0.0.Beta3.jar/META-INF/maven/org.jboss.marshalling/jboss-marshalling/pom.xml
MD5: 2b0e9541ec4a0f19e378eaabc5e85ea0
SHA1: da91abf3554dceed9454faa89acafc48c0649df5
Description: JBoss Marshalling River Implementation
File Path: /home/ciagent/.m2/repository/org/jboss/marshalling/jboss-marshalling-osgi/2.0.0.Beta3/jboss-marshalling-osgi-2.0.0.Beta3.jar/META-INF/maven/org.jboss.marshalling/jboss-marshalling-river/pom.xml
MD5: 1dda062cdd15bd160a4ee6cf1be9f93d
SHA1: 366411529f00ec1eb4451b9b45012bfc09bde34b
Description: JBoss Marshalling Serial Implementation
File Path: /home/ciagent/.m2/repository/org/jboss/marshalling/jboss-marshalling-osgi/2.0.0.Beta3/jboss-marshalling-osgi-2.0.0.Beta3.jar/META-INF/maven/org.jboss.marshalling/jboss-marshalling-serial/pom.xml
MD5: 16b74097e7ec70db37b74205776ad0a7
SHA1: cf519c8805a14e6ce20933b7a89bfe0d5a7dbf0f
Description: JLine is a java library for reading and editing user input in console applications. It features tab-completion, command history, password masking, customizable keybindings, and pass-through handlers to use to chain to other console applications.
License:
BSD: LICENSE.txtFile Path: /home/ciagent/.m2/repository/org/python/jython-standalone/2.5.4-rc1/jython-standalone-2.5.4-rc1.jar/META-INF/maven/jline/jline/pom.xml
Description: A framework for constructing recognizers, compilers, and translators from grammatical descriptions containing Java, C#, C++, or Python actions.
File Path: /home/ciagent/.m2/repository/org/python/jython-standalone/2.5.4-rc1/jython-standalone-2.5.4-rc1.jar/META-INF/maven/org.antlr/antlr-runtime/pom.xml
MD5: 2663ae2cc7c8739fa5b19e2224ab6e55
SHA1: d72704aaf6a6fd2cd6bc142b959f9206e8f71a90
Description:
Common cross-project/cross-platform POSIX APIs
License:
Common Public License - v 1.0: http://www-128.ibm.com/developerworks/library/os-cpl.html GNU General Public License Version 2: http://www.gnu.org/copyleft/gpl.html GNU Lesser General Public License Version 2.1: http://www.gnu.org/licenses/lgpl.htmlFile Path: /home/ciagent/.m2/repository/org/python/jython-standalone/2.5.4-rc1/jython-standalone-2.5.4-rc1.jar/META-INF/maven/org.jruby.ext.posix/jnr-posix/pom.xml
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The regular expression engine in JRuby before 1.4.1, when $KCODE is set to 'u', does not properly handle characters immediately after a UTF-8 character, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.8
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
CWE: CWE-20 Improper Input Validation
JRuby before 1.6.5.1 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-310 Cryptographic Issues
JRuby computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against the MurmurHash2 algorithm, a different vulnerability than CVE-2011-4838.
Vulnerable Software & Versions:
Description: A set of platform constants (e.g. errno values)
License:
The MIT License: http://www.opensource.org/licenses/mit-license.phpFile Path: /home/ciagent/.m2/repository/org/python/jython-standalone/2.5.4-rc1/jython-standalone-2.5.4-rc1.jar/META-INF/maven/org.jruby.extras/constantine/pom.xml
Description: An abstracted interface to invoking native functions from java
License:
GNU Lesser General Public License Version 3: http://www.gnu.org/licenses/lgpl-3.0.txtFile Path: /home/ciagent/.m2/repository/org/python/jython-standalone/2.5.4-rc1/jython-standalone-2.5.4-rc1.jar/META-INF/maven/org.jruby.extras/jaffl/pom.xml
Description: Java wrapper around libffi
License:
GNU LGPLv3: http://www.gnu.org/licenses/lgpl-3.0.txtFile Path: /home/ciagent/.m2/repository/org/python/jython-standalone/2.5.4-rc1/jython-standalone-2.5.4-rc1.jar/META-INF/maven/org.jruby.extras/jffi/pom.xml
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The regular expression engine in JRuby before 1.4.1, when $KCODE is set to 'u', does not properly handle characters immediately after a UTF-8 character, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.8
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
CWE: CWE-20 Improper Input Validation
JRuby before 1.6.5.1 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-310 Cryptographic Issues
JRuby computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against the MurmurHash2 algorithm, a different vulnerability than CVE-2011-4838.
Vulnerable Software & Versions:
Description: Lookup TCP and UDP services from java
License:
GNU Lesser General Public License Version 3: http://www.gnu.org/licenses/lgpl-3.0.txtFile Path: /home/ciagent/.m2/repository/org/python/jython-standalone/2.5.4-rc1/jython-standalone-2.5.4-rc1.jar/META-INF/maven/org.jruby.extras/jnr-netdb/pom.xml
Description: Library for working with the Java 5 type system
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /home/ciagent/.m2/repository/org/hibernate/hibernate-validator/4.2.0.Final/hibernate-validator-4.2.0.Final.jar/META-INF/maven/com.googlecode.jtype/jtype/pom.xml
Description: The API that projects using HawtJNI should build against.
File Path: /home/ciagent/.m2/repository/org/fusesource/jansi/jansi/1.11/jansi-1.11.jar/META-INF/maven/org.fusesource.hawtjni/hawtjni-runtime/pom.xml
MD5: 9343dc158b5894310f26732ebb2b73ee
SHA1: 14df4655274e472909050661f8e9ed98a28b6721
Description: Jansi is a java library for generating and interpreting ANSI escape sequences.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /home/ciagent/.m2/repository/org/fusesource/jansi/jansi/1.11/jansi-1.11.jar/META-INF/maven/org.fusesource.jansi/jansi-native/pom.xml
Description: Jansi is a java library for generating and interpreting ANSI escape sequences.
File Path: /home/ciagent/.m2/repository/org/fusesource/jansi/jansi/1.11/jansi-1.11.jar/META-INF/maven/org.fusesource.jansi/jansi/pom.xml
MD5: 18c6eba91ac7aa1a27324b482dca06d5
SHA1: 3aea48c5e47064eec9903f4a14e5acee8fe345d8
Description: A Java framework to parse command line options with annotations.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /home/ciagent/.m2/repository/org/exoplatform/platform/addons-manager/1.4.x-SNAPSHOT/addons-manager-1.4.x-SNAPSHOT.zip/addons/addons-manager.jar/META-INF/maven/com.beust/jcommander/pom.xml
License:
The BSD License: http://www.opensource.org/licenses/bsd-license.phpFile Path: /home/ciagent/.m2/repository/org/exoplatform/platform/addons-manager/1.4.x-SNAPSHOT/addons-manager-1.4.x-SNAPSHOT.zip/addons/addons-manager.jar/META-INF/maven/jline/jline/pom.xml
Description:
The application programming interface for the repository system.
File Path: /home/ciagent/.m2/repository/org/exoplatform/platform/addons-manager/1.4.x-SNAPSHOT/addons-manager-1.4.x-SNAPSHOT.zip/addons/addons-manager.jar/META-INF/maven/org.eclipse.aether/aether-api/pom.xml
MD5: fc000d7bc8dbb2b892a953bc3c9ab822
SHA1: ea104d5d0d8d6e495088cc49c71ae3a5b9c04634
Description:
A collection of utility classes to ease usage of the repository system.
File Path: /home/ciagent/.m2/repository/org/exoplatform/platform/addons-manager/1.4.x-SNAPSHOT/addons-manager-1.4.x-SNAPSHOT.zip/addons/addons-manager.jar/META-INF/maven/org.eclipse.aether/aether-util/pom.xml
MD5: cfb325be4744f65098b66ee34e265322
SHA1: 2648fa8032a1428718a58b53fb9badae64643dd0