admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 01:02:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2016/CVE-2016-76xx/CVE-2016-7643.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

163 lines
4.8 KiB
JSON
Raw Blame History

{
"id": "CVE-2016-7643",
"sourceIdentifier": "product-security@apple.com",
"published": "2017-02-20T08:59:03.557",
"lastModified": "2018-10-30T16:27:24.170",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the \"ImageIO\" component. It allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) via a crafted web site."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2 est\u00e1 afectado. macOS en versiones anteriores a 10.12.2 est\u00e1 afectado. watchOS en versiones anteriores a 3.1.3 est\u00e1 afectado. El problema involucra al componente \"ImageIO\". Esto permite a atacantes remotos obtener informaci\u00f3n sensible de los procesos de memoria o provocar una denegaci\u00f3n de servicio (lectura fuera de l\u00edmites y ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de un sito web manipulado."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": true
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndIncluding": "10.1.1",
"matchCriteriaId": "904491D9-AAB8-4754-901C-F5D261BEAC17"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"versionEndIncluding": "10.12.1",
"matchCriteriaId": "1ACD43C5-75C1-4489-8617-77DFB9C23D10"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.2.2",
"matchCriteriaId": "17036F83-6506-40D0-B0B5-43206EF575F0"
}
]
}
]
}
],
"references": [
{
"url": "http://www.securityfocus.com/bid/94905",
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.securitytracker.com/id/1037469",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/HT207422",
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/HT207423",
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/HT207487",
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink