Lucene search

[email protected]NVD:CVE-2016-4448

HistoryJun 09, 2016 - 4:59 p.m.

CVE-2016-4448

2016-06-0916:59:06

CWE-134

[email protected]

web.nvd.nist.gov

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.7%

JSON

Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.

Affected configurations

NVD

Node

hpicewall_federation_agentMatch3.0

AND

redhatenterprise_linuxMatch6.0

redhatenterprise_linuxMatch7.0

Node

applewatchosRange≤2.2.1

Node

applemac_os_xRange<10.11.6

Node

xmlsoftlibxml2Range≤2.9.3

Node

appleicloudRange<5.2.1

AND

microsoftwindowsMatch-

Node

appleiphone_osRange≤9.3.2

Node

redhatenterprise_linux_desktopMatch6.0

redhatenterprise_linux_desktopMatch7.0

redhatenterprise_linux_serverMatch6.0

redhatenterprise_linux_serverMatch7.0

redhatenterprise_linux_server_ausMatch7.2

redhatenterprise_linux_server_ausMatch7.3

redhatenterprise_linux_server_ausMatch7.4

redhatenterprise_linux_server_ausMatch7.6

redhatenterprise_linux_server_ausMatch7.7

redhatenterprise_linux_server_eusMatch7.2

redhatenterprise_linux_server_eusMatch7.3

redhatenterprise_linux_server_eusMatch7.4

redhatenterprise_linux_server_eusMatch7.5

redhatenterprise_linux_server_eusMatch7.6

redhatenterprise_linux_server_eusMatch7.7

redhatenterprise_linux_server_tusMatch7.2

redhatenterprise_linux_server_tusMatch7.3

redhatenterprise_linux_server_tusMatch7.6

redhatenterprise_linux_server_tusMatch7.7

redhatenterprise_linux_workstationMatch6.0

redhatenterprise_linux_workstationMatch7.0

Node

appleitunesRange≤12.4.1

AND

microsoftwindows

Node

slackwareslackware_linuxMatch14.0

slackwareslackware_linuxMatch14.1

Node

oraclevm_serverMatch3.3

oraclevm_serverMatch3.4

Node

appletvosRange≤9.2.1

Node

tenablelog_correlation_engineMatch4.8.0

Node

mcafeeweb_gatewayRange≤7.5.2.10

mcafeeweb_gatewayRange7.6.0.0–7.6.2.3

Node

oraclelinuxMatch6

oraclelinuxMatch70

References

lists.apple.com/archives/security-announce/2016/Jul/msg00000.html

lists.apple.com/archives/security-announce/2016/Jul/msg00001.html

lists.apple.com/archives/security-announce/2016/Jul/msg00002.html

lists.apple.com/archives/security-announce/2016/Jul/msg00003.html

lists.apple.com/archives/security-announce/2016/Jul/msg00005.html

rhn.redhat.com/errata/RHSA-2016-2957.html

www.openwall.com/lists/oss-security/2016/05/25/2

www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html

www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html

www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

www.securityfocus.com/bid/90856

www.securitytracker.com/id/1036348

www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.404722

xmlsoft.org/news.html

access.redhat.com/errata/RHSA-2016:1292

bugzilla.redhat.com/show_bug.cgi?id=1338700

git.gnome.org/browse/libxml2/commit/?id=4472c3a5a5b516aaf59b89be602fbce52756c3e9

git.gnome.org/browse/libxml2/commit/?id=502f6a6d08b08c04b3ddfb1cd21b2f699c1b7f5b

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05194709

kc.mcafee.com/corporate/index?page=content&id=SB10170

support.apple.com/HT206899

support.apple.com/HT206901

support.apple.com/HT206902

support.apple.com/HT206903

support.apple.com/HT206904

support.apple.com/HT206905

www.tenable.com/security/tns-2016-18

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.7%

JSON

Related for NVD:CVE-2016-4448

f52 ubuntucve1 veracode1 cvelist1 prion1 cve1 redhatcve1 debiancve1 openvas19 nessus23 cloudfoundry1 slackware1 ibm20 ubuntu1 centos1 oraclelinux1 suse5 apple12 redhat2 amazon1 fedora2 mageia1 symantec1 tenable1