Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2016-1777 (GCVE-0-2016-1777)
Vulnerability from cvelistv5 – Published: 2016-03-24 01:00 – Updated: 2024-08-05 23:10
VLAI?
EPSS
Summary
Web Server in Apple OS X Server before 5.1 supports the RC4 algorithm, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:10:39.525Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1035342",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035342"
},
{
"name": "85054",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/85054"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206173"
},
{
"name": "APPLE-SA-2016-03-21-7",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00006.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Web Server in Apple OS X Server before 5.1 supports the RC4 algorithm, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-16T10:57:01.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "1035342",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035342"
},
{
"name": "85054",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/85054"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206173"
},
{
"name": "APPLE-SA-2016-03-21-7",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00006.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2016-1777",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Web Server in Apple OS X Server before 5.1 supports the RC4 algorithm, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1035342",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035342"
},
{
"name": "85054",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/85054"
},
{
"name": "https://support.apple.com/HT206173",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206173"
},
{
"name": "APPLE-SA-2016-03-21-7",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00006.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2016-1777",
"datePublished": "2016-03-24T01:00:00.000Z",
"dateReserved": "2016-01-13T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:10:39.525Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GSD-2016-1777
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
Web Server in Apple OS X Server before 5.1 supports the RC4 algorithm, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2016-1777",
"description": "Web Server in Apple OS X Server before 5.1 supports the RC4 algorithm, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.",
"id": "GSD-2016-1777"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2016-1777"
],
"details": "Web Server in Apple OS X Server before 5.1 supports the RC4 algorithm, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.",
"id": "GSD-2016-1777",
"modified": "2023-12-13T01:21:24.336944Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2016-1777",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Web Server in Apple OS X Server before 5.1 supports the RC4 algorithm, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1035342",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035342"
},
{
"name": "85054",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/85054"
},
{
"name": "https://support.apple.com/HT206173",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206173"
},
{
"name": "APPLE-SA-2016-03-21-7",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00006.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.0.15",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2016-1777"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Web Server in Apple OS X Server before 5.1 supports the RC4 algorithm, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2016-03-21-7",
"refsource": "APPLE",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00006.html"
},
{
"name": "https://support.apple.com/HT206173",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206173"
},
{
"name": "1035342",
"refsource": "SECTRACK",
"tags": [],
"url": "http://www.securitytracker.com/id/1035342"
},
{
"name": "85054",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/85054"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM"
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2016-12-20T02:59Z",
"publishedDate": "2016-03-24T01:59Z"
}
}
}
CERTFR-2018-AVI-455
Vulnerability from certfr_avis - Published: 2018-09-25 - Updated: 2018-09-25
De multiples vulnérabilités ont été découvertes dans Apple macOS. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneReferences
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "macOS versions 10.13 et ant\u00e9rieurs",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-4353",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4353"
},
{
"name": "CVE-2018-4336",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4336"
},
{
"name": "CVE-2018-4321",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4321"
},
{
"name": "CVE-2018-4324",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4324"
},
{
"name": "CVE-2016-1777",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1777"
},
{
"name": "CVE-2018-5383",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5383"
},
{
"name": "CVE-2018-4344",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4344"
},
{
"name": "CVE-2018-4333",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4333"
}
],
"initial_release_date": "2018-09-25T00:00:00",
"last_revision_date": "2018-09-25T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-455",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-09-25T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Apple macOS. Elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire,\nun contournement de la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple macOS",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT209139 du 24 septembre 2018",
"url": "https://support.apple.com/en-us/HT209139"
}
]
}
CERTFR-2016-AVI-411
Vulnerability from certfr_avis - Published: 2016-12-14 - Updated: 2016-12-14
De multiples vulnérabilités ont été corrigées dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une exécution de code arbitraire et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Apple macOS Sierra versions ant\u00e9rieures \u00e0 10.12.2",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple Safari versions ant\u00e9rieures \u00e0 10.0.2",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple iCloud pour Windows versions ant\u00e9rieures \u00e0 6.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple iTunes pour Windows versions ant\u00e9rieures \u00e0 12.5.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-8615",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8615"
},
{
"name": "CVE-2016-7646",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7646"
},
{
"name": "CVE-2016-7615",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7615"
},
{
"name": "CVE-2016-7411",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7411"
},
{
"name": "CVE-2016-7643",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7643"
},
{
"name": "CVE-2016-7624",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7624"
},
{
"name": "CVE-2016-7589",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7589"
},
{
"name": "CVE-2016-8619",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8619"
},
{
"name": "CVE-2016-7645",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7645"
},
{
"name": "CVE-2016-7650",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7650"
},
{
"name": "CVE-2016-7591",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7591"
},
{
"name": "CVE-2016-7629",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7629"
},
{
"name": "CVE-2016-7637",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7637"
},
{
"name": "CVE-2016-7649",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7649"
},
{
"name": "CVE-2016-4688",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4688"
},
{
"name": "CVE-2016-7640",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7640"
},
{
"name": "CVE-2016-8624",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8624"
},
{
"name": "CVE-2016-7620",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7620"
},
{
"name": "CVE-2016-7587",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7587"
},
{
"name": "CVE-2016-7616",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7616"
},
{
"name": "CVE-2016-8616",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8616"
},
{
"name": "CVE-2016-7659",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7659"
},
{
"name": "CVE-2016-8620",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8620"
},
{
"name": "CVE-2016-7663",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7663"
},
{
"name": "CVE-2016-7648",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7648"
},
{
"name": "CVE-2016-6303",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6303"
},
{
"name": "CVE-2016-7595",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7595"
},
{
"name": "CVE-2016-7657",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7657"
},
{
"name": "CVE-2016-7639",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7639"
},
{
"name": "CVE-2016-7610",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7610"
},
{
"name": "CVE-2016-7605",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7605"
},
{
"name": "CVE-2016-7588",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7588"
},
{
"name": "CVE-2016-7636",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7636"
},
{
"name": "CVE-2016-7602",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7602"
},
{
"name": "CVE-2016-8617",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8617"
},
{
"name": "CVE-2016-7652",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7652"
},
{
"name": "CVE-2016-7641",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7641"
},
{
"name": "CVE-2016-7642",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7642"
},
{
"name": "CVE-2016-6304",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6304"
},
{
"name": "CVE-2016-8618",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8618"
},
{
"name": "CVE-2016-7608",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7608"
},
{
"name": "CVE-2016-4743",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4743"
},
{
"name": "CVE-2016-5419",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5419"
},
{
"name": "CVE-2016-7621",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7621"
},
{
"name": "CVE-2016-8623",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8623"
},
{
"name": "CVE-2016-7606",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7606"
},
{
"name": "CVE-2016-7418",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7418"
},
{
"name": "CVE-2016-7614",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7614"
},
{
"name": "CVE-2016-7596",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7596"
},
{
"name": "CVE-2016-4691",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4691"
},
{
"name": "CVE-2016-4692",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4692"
},
{
"name": "CVE-2016-7592",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7592"
},
{
"name": "CVE-2016-7604",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7604"
},
{
"name": "CVE-2016-7586",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7586"
},
{
"name": "CVE-2016-7167",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7167"
},
{
"name": "CVE-2016-7654",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7654"
},
{
"name": "CVE-2016-5420",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5420"
},
{
"name": "CVE-2016-7141",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7141"
},
{
"name": "CVE-2016-7609",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7609"
},
{
"name": "CVE-2016-7611",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7611"
},
{
"name": "CVE-2016-7416",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7416"
},
{
"name": "CVE-2016-8621",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8621"
},
{
"name": "CVE-2016-7635",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7635"
},
{
"name": "CVE-2016-7599",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7599"
},
{
"name": "CVE-2016-4693",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4693"
},
{
"name": "CVE-2016-7633",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7633"
},
{
"name": "CVE-2016-7658",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7658"
},
{
"name": "CVE-2016-7417",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7417"
},
{
"name": "CVE-2016-7662",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7662"
},
{
"name": "CVE-2016-7660",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7660"
},
{
"name": "CVE-2016-7612",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7612"
},
{
"name": "CVE-2016-7414",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7414"
},
{
"name": "CVE-2016-7625",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7625"
},
{
"name": "CVE-2016-7644",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7644"
},
{
"name": "CVE-2016-1777",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1777"
},
{
"name": "CVE-2016-1823",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1823"
},
{
"name": "CVE-2016-7412",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7412"
},
{
"name": "CVE-2016-7627",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7627"
},
{
"name": "CVE-2016-7632",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7632"
},
{
"name": "CVE-2016-7661",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7661"
},
{
"name": "CVE-2016-7607",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7607"
},
{
"name": "CVE-2016-7655",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7655"
},
{
"name": "CVE-2016-7594",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7594"
},
{
"name": "CVE-2016-7598",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7598"
},
{
"name": "CVE-2016-7622",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7622"
},
{
"name": "CVE-2016-7656",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7656"
},
{
"name": "CVE-2016-8622",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8622"
},
{
"name": "CVE-2016-7617",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7617"
},
{
"name": "CVE-2016-7619",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7619"
},
{
"name": "CVE-2016-7600",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7600"
},
{
"name": "CVE-2016-5421",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5421"
},
{
"name": "CVE-2016-7603",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7603"
},
{
"name": "CVE-2016-7618",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7618"
},
{
"name": "CVE-2016-7413",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7413"
},
{
"name": "CVE-2016-7628",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7628"
},
{
"name": "CVE-2016-8625",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8625"
}
],
"initial_release_date": "2016-12-14T00:00:00",
"last_revision_date": "2016-12-14T00:00:00",
"links": [],
"reference": "CERTFR-2016-AVI-411",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-12-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Apple\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une ex\u00e9cution de code arbitraire et un d\u00e9ni de service \u00e0\ndistance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207424 du 13 d\u00e9cembre 2016",
"url": "https://support.apple.com/en-us/HT207424"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207421 du 13 d\u00e9cembre 2016",
"url": "https://support.apple.com/en-us/HT207421"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207427 du 13 d\u00e9cembre 2016",
"url": "https://support.apple.com/en-us/HT207427"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207423 du 13 d\u00e9cembre 2016",
"url": "https://support.apple.com/en-us/HT207423"
}
]
}
CERTFR-2016-AVI-106
Vulnerability from certfr_avis - Published: 2016-03-22 - Updated: 2016-03-22
De multiples vulnérabilités ont été corrigées dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | N/A | OS X Mavericks versions 10.9.5 et antérieures n'intégrant pas le correctif de sécurité 2016-002 | ||
| Apple | N/A | tvOS versions antérieures à 9.2 pour Apple TV (4ème génération) | ||
| Apple | N/A | OS X El Capitan 10.11.x versions antérieures à 10.11.4 | ||
| Apple | N/A | iOS versions antérieures à 9.3 pour iPhones 4s, iPod touch (5ème génération), iPad 2 et leurs modèles respectifs plus récents | ||
| Apple | N/A | watchOS versions antérieures à 2.2 | ||
| Apple | N/A | OS X Server versions antérieures à 5.1 pour OS X Yosemite versions 10.10.5 et ultérieures | ||
| Apple | N/A | Xcode versions antérieures à 7.3 pour OS X El Capitan versions 10.11 et ultérieures | ||
| Apple | N/A | OS X Yosemite versions 10.10.5 et antérieures n'intégrant pas le correctif de sécurité 2016-002 | ||
| Apple | Safari | Safari versions antérieures à 9.1 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "OS X Mavericks versions 10.9.5 et ant\u00e9rieures n\u0027int\u00e9grant pas le correctif de s\u00e9curit\u00e9 2016-002",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "tvOS versions ant\u00e9rieures \u00e0 9.2 pour Apple TV (4\u00e8me g\u00e9n\u00e9ration)",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "OS X El Capitan 10.11.x versions ant\u00e9rieures \u00e0 10.11.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 9.3 pour iPhones 4s, iPod touch (5\u00e8me g\u00e9n\u00e9ration), iPad 2 et leurs mod\u00e8les respectifs plus r\u00e9cents",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "watchOS versions ant\u00e9rieures \u00e0 2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "OS X Server versions ant\u00e9rieures \u00e0 5.1 pour OS X Yosemite versions 10.10.5 et ult\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Xcode versions ant\u00e9rieures \u00e0 7.3 pour OS X El Capitan versions 10.11 et ult\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "OS X Yosemite versions 10.10.5 et ant\u00e9rieures n\u0027int\u00e9grant pas le correctif de s\u00e9curit\u00e9 2016-002",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Safari versions ant\u00e9rieures \u00e0 9.1",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-1753",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1753"
},
{
"name": "CVE-2016-1781",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1781"
},
{
"name": "CVE-2016-1736",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1736"
},
{
"name": "CVE-2016-1750",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1750"
},
{
"name": "CVE-2016-1779",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1779"
},
{
"name": "CVE-2016-1748",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1748"
},
{
"name": "CVE-2016-1766",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1766"
},
{
"name": "CVE-2016-1758",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1758"
},
{
"name": "CVE-2016-1735",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1735"
},
{
"name": "CVE-2016-1763",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1763"
},
{
"name": "CVE-2016-1767",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1767"
},
{
"name": "CVE-2016-1720",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1720"
},
{
"name": "CVE-2016-1771",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1771"
},
{
"name": "CVE-2016-1719",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1719"
},
{
"name": "CVE-2015-3195",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3195"
},
{
"name": "CVE-2016-1727",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1727"
},
{
"name": "CVE-2016-0777",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0777"
},
{
"name": "CVE-2015-3184",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3184"
},
{
"name": "CVE-2015-1819",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1819"
},
{
"name": "CVE-2016-0801",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0801"
},
{
"name": "CVE-2016-1950",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1950"
},
{
"name": "CVE-2016-1768",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1768"
},
{
"name": "CVE-2016-0802",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0802"
},
{
"name": "CVE-2016-1744",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1744"
},
{
"name": "CVE-2016-1775",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1775"
},
{
"name": "CVE-2016-1787",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1787"
},
{
"name": "CVE-2015-8035",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8035"
},
{
"name": "CVE-2016-1788",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1788"
},
{
"name": "CVE-2015-3187",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3187"
},
{
"name": "CVE-2016-1786",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1786"
},
{
"name": "CVE-2016-1717",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1717"
},
{
"name": "CVE-2015-7499",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7499"
},
{
"name": "CVE-2016-1776",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1776"
},
{
"name": "CVE-2009-2197",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2197"
},
{
"name": "CVE-2016-1785",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1785"
},
{
"name": "CVE-2015-7500",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7500"
},
{
"name": "CVE-2016-1755",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1755"
},
{
"name": "CVE-2016-1733",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1733"
},
{
"name": "CVE-2016-1772",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1772"
},
{
"name": "CVE-2016-1723",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1723"
},
{
"name": "CVE-2015-5312",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5312"
},
{
"name": "CVE-2016-1754",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1754"
},
{
"name": "CVE-2016-1783",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1783"
},
{
"name": "CVE-2016-1756",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1756"
},
{
"name": "CVE-2016-1745",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1745"
},
{
"name": "CVE-2016-1752",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1752"
},
{
"name": "CVE-2014-9495",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9495"
},
{
"name": "CVE-2015-7995",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7995"
},
{
"name": "CVE-2015-7942",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7942"
},
{
"name": "CVE-2015-5333",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5333"
},
{
"name": "CVE-2015-8126",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8126"
},
{
"name": "CVE-2016-1725",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1725"
},
{
"name": "CVE-2016-1761",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1761"
},
{
"name": "CVE-2015-8242",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8242"
},
{
"name": "CVE-2016-1740",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1740"
},
{
"name": "CVE-2016-1764",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1764"
},
{
"name": "CVE-2016-1757",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1757"
},
{
"name": "CVE-2016-1769",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1769"
},
{
"name": "CVE-2016-1743",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1743"
},
{
"name": "CVE-2016-1746",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1746"
},
{
"name": "CVE-2016-1724",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1724"
},
{
"name": "CVE-2016-1762",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1762"
},
{
"name": "CVE-2015-8659",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8659"
},
{
"name": "CVE-2016-1770",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1770"
},
{
"name": "CVE-2016-1749",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1749"
},
{
"name": "CVE-2016-1732",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1732"
},
{
"name": "CVE-2016-1773",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1773"
},
{
"name": "CVE-2016-1777",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1777"
},
{
"name": "CVE-2016-1765",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1765"
},
{
"name": "CVE-2016-1741",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1741"
},
{
"name": "CVE-2016-1737",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1737"
},
{
"name": "CVE-2016-1784",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1784"
},
{
"name": "CVE-2016-1759",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1759"
},
{
"name": "CVE-2016-1778",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1778"
},
{
"name": "CVE-2015-5334",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5334"
},
{
"name": "CVE-2016-1722",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1722"
},
{
"name": "CVE-2015-0973",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0973"
},
{
"name": "CVE-2016-1738",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1738"
},
{
"name": "CVE-2016-1747",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1747"
},
{
"name": "CVE-2015-7551",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7551"
},
{
"name": "CVE-2016-1780",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1780"
},
{
"name": "CVE-2016-1774",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1774"
},
{
"name": "CVE-2016-1721",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1721"
},
{
"name": "CVE-2015-8472",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8472"
},
{
"name": "CVE-2016-1782",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1782"
},
{
"name": "CVE-2016-1726",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1726"
},
{
"name": "CVE-2016-1751",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1751"
},
{
"name": "CVE-2016-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0778"
},
{
"name": "CVE-2016-1734",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1734"
}
],
"initial_release_date": "2016-03-22T00:00:00",
"last_revision_date": "2016-03-22T00:00:00",
"links": [],
"reference": "CERTFR-2016-AVI-106",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-03-22T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Apple\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT206173 du 21 mars 2016",
"url": "https://support.apple.com/en-us/HT206173"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT206169 du 21 mars 2016",
"url": "https://support.apple.com/en-us/HT206169"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT206168 du 21 mars 2016",
"url": "https://support.apple.com/en-us/HT206168"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT206171 du 21 mars 2016",
"url": "https://support.apple.com/en-us/HT206171"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT206166 du 21 mars 2016",
"url": "https://support.apple.com/en-us/HT206166"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT206172 du 21 mars 2016",
"url": "https://support.apple.com/en-us/HT206172"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT206167 du 21 mars 2016",
"url": "https://support.apple.com/en-us/HT206167"
}
]
}
CERTFR-2018-AVI-443
Vulnerability from certfr_avis - Published: 2018-09-18 - Updated: 2018-09-19
De multiples vulnérabilités ont été découvertes dans les produits Apple . Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "watchOS versions ant\u00e9rieures \u00e0 5",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 12",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Xcode versions ant\u00e9rieures \u00e0 10",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Safari versions ant\u00e9rieures \u00e0 12",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "tvOS versions ant\u00e9rieures \u00e0 12",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple Support pour iOS versions ant\u00e9rieures \u00e0 12",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-4322",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4322"
},
{
"name": "CVE-2018-4363",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4363"
},
{
"name": "CVE-2018-4325",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4325"
},
{
"name": "CVE-2018-4329",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4329"
},
{
"name": "CVE-2018-4352",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4352"
},
{
"name": "CVE-2018-4195",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4195"
},
{
"name": "CVE-2018-4307",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4307"
},
{
"name": "CVE-2018-4313",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4313"
},
{
"name": "CVE-2018-4397",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4397"
},
{
"name": "CVE-2018-4357",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4357"
},
{
"name": "CVE-2018-4305",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4305"
},
{
"name": "CVE-2018-4335",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4335"
},
{
"name": "CVE-2016-1777",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1777"
},
{
"name": "CVE-2018-4330",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4330"
},
{
"name": "CVE-2018-5383",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5383"
},
{
"name": "CVE-2018-4338",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4338"
},
{
"name": "CVE-2018-4362",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4362"
},
{
"name": "CVE-2018-4356",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4356"
}
],
"initial_release_date": "2018-09-18T00:00:00",
"last_revision_date": "2018-09-19T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-443",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-09-18T00:00:00.000000"
},
{
"description": "Ajout du bulletin de s\u00e9curit\u00e9 Apple HT209135 du 17 septembre 2018",
"revision_date": "2018-09-19T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple\n. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, un contournement de la politique de\ns\u00e9curit\u00e9 et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT209117 du 17 septembre 2018",
"url": "https://support.apple.com/en-us/HT209117"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT209108 du 17 septembre 2018",
"url": "https://support.apple.com/en-us/HT209108"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT209135 du 17 septembre 2018",
"url": "https://support.apple.com/en-us/HT209135"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT209106 du 17 septembre 2018",
"url": "https://support.apple.com/en-us/HT209106"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT209109 du 17 septembre 2018",
"url": "https://support.apple.com/en-us/HT209109"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT209107 du 17 septembre 2018",
"url": "https://support.apple.com/en-us/HT209107"
}
]
}
FKIE_CVE-2016-1777
Vulnerability from fkie_nvd - Published: 2016-03-24 01:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Web Server in Apple OS X Server before 5.1 supports the RC4 algorithm, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | mac_os_x_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B549527C-F0D8-49B7-846A-822381DBA317",
"versionEndIncluding": "5.0.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Web Server in Apple OS X Server before 5.1 supports the RC4 algorithm, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors."
},
{
"lang": "es",
"value": "Web Server en Apple OS X Server en versiones anteriores a 5.1 soporta el algoritmo RC4, lo que facilita a atacantes remotos vencer los mecanismos de protecci\u00f3n criptogr\u00e1fica a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2016-1777",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-03-24T01:59:44.780",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00006.html"
},
{
"source": "product-security@apple.com",
"url": "http://www.securityfocus.com/bid/85054"
},
{
"source": "product-security@apple.com",
"url": "http://www.securitytracker.com/id/1035342"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206173"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/85054"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035342"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206173"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CNVD-2016-01889
Vulnerability from cnvd - Published: 2016-03-28
VLAI Severity ?
Title
Apple OS X Server Web Server未授权操作漏洞
Description
Apple OS X Server是美国苹果(Apple)公司的一套基于Unix的服务器操作软件。该软件可实现文件共享、会议安排、网站托管、网络远程访问等。Web Server是其中的一个Web服务器。
Apple OS X Server 5.1之前版本的Web Server中存在安全漏洞,该漏洞源于程序支持RC4算法。远程攻击者可利用该漏洞破坏机密保护机制。
Severity
中
Patch Name
Apple OS X Server Web Server未授权操作漏洞的补丁
Patch Description
Apple OS X Server是美国苹果(Apple)公司的一套基于Unix的服务器操作软件。该软件可实现文件共享、会议安排、网站托管、网络远程访问等。Web Server是其中的一个Web服务器。
Apple OS X Server 5.1之前版本的Web Server中存在安全漏洞,该漏洞源于程序支持RC4算法。远程攻击者可利用该漏洞破坏机密保护机制。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接: https://support.apple.com/HT206173
Reference
http://lists.apple.com/archives/security-announce/2016/Mar/msg00006.html
Impacted products
| Name | Apple OS X Server <5.1 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2016-1777"
}
},
"description": "Apple OS X Server\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4e00\u5957\u57fa\u4e8eUnix\u7684\u670d\u52a1\u5668\u64cd\u4f5c\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u53ef\u5b9e\u73b0\u6587\u4ef6\u5171\u4eab\u3001\u4f1a\u8bae\u5b89\u6392\u3001\u7f51\u7ad9\u6258\u7ba1\u3001\u7f51\u7edc\u8fdc\u7a0b\u8bbf\u95ee\u7b49\u3002Web Server\u662f\u5176\u4e2d\u7684\u4e00\u4e2aWeb\u670d\u52a1\u5668\u3002\r\n\r\nApple OS X Server 5.1\u4e4b\u524d\u7248\u672c\u7684Web Server\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u652f\u6301RC4\u7b97\u6cd5\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7834\u574f\u673a\u5bc6\u4fdd\u62a4\u673a\u5236\u3002",
"discovererName": "Apple",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://support.apple.com/HT206173",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2016-01889",
"openTime": "2016-03-28",
"patchDescription": "Apple OS X Server\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4e00\u5957\u57fa\u4e8eUnix\u7684\u670d\u52a1\u5668\u64cd\u4f5c\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u53ef\u5b9e\u73b0\u6587\u4ef6\u5171\u4eab\u3001\u4f1a\u8bae\u5b89\u6392\u3001\u7f51\u7ad9\u6258\u7ba1\u3001\u7f51\u7edc\u8fdc\u7a0b\u8bbf\u95ee\u7b49\u3002Web Server\u662f\u5176\u4e2d\u7684\u4e00\u4e2aWeb\u670d\u52a1\u5668\u3002\r\n\r\nApple OS X Server 5.1\u4e4b\u524d\u7248\u672c\u7684Web Server\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u652f\u6301RC4\u7b97\u6cd5\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7834\u574f\u673a\u5bc6\u4fdd\u62a4\u673a\u5236\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Apple OS X Server Web Server\u672a\u6388\u6743\u64cd\u4f5c\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Apple OS X Server \u003c5.1"
},
"referenceLink": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00006.html",
"serverity": "\u4e2d",
"submitTime": "2016-03-25",
"title": "Apple OS X Server Web Server\u672a\u6388\u6743\u64cd\u4f5c\u6f0f\u6d1e"
}
GHSA-XCWP-4R9F-392X
Vulnerability from github – Published: 2022-05-17 03:21 – Updated: 2022-05-17 03:21
VLAI?
Details
Web Server in Apple OS X Server before 5.1 supports the RC4 algorithm, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.
Severity ?
7.5 (High)
{
"affected": [],
"aliases": [
"CVE-2016-1777"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-03-24T01:59:00Z",
"severity": "HIGH"
},
"details": "Web Server in Apple OS X Server before 5.1 supports the RC4 algorithm, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.",
"id": "GHSA-xcwp-4r9f-392x",
"modified": "2022-05-17T03:21:05Z",
"published": "2022-05-17T03:21:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1777"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT206173"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00006.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/85054"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1035342"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…