CVE-2016-4738

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

libxslt in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

References

http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html

http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html

http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html

http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html

http://www.debian.org/security/2016/dsa-3709

http://www.securityfocus.com/bid/93054

http://www.securitytracker.com/id/1036858

https://lists.fedoraproject.org/archives/list/[email protected]/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/

https://support.apple.com/HT207141

https://support.apple.com/HT207142

https://support.apple.com/HT207143

https://support.apple.com/HT207170

Details

Source: MITRE

Published: 2016-09-25

Updated: 2019-06-18

Type: CWE-119

Risk Information

CVSS v2

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 2.8

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*

cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Tenable Plugins

View all (20 total)

IDNameProductFamilySeverity
151326EulerOS Virtualization for ARM 64 3.0.2.0 : libxslt (EulerOS-SA-2021-2080)NessusHuawei Local Security Checks
high
147590EulerOS Virtualization 3.0.2.6 : libxslt (EulerOS-SA-2021-1442)NessusHuawei Local Security Checks
high
147117EulerOS Virtualization 3.0.6.6 : libxslt (EulerOS-SA-2021-1496)NessusHuawei Local Security Checks
high
146663EulerOS 2.0 SP2 : libxslt (EulerOS-SA-2021-1324)NessusHuawei Local Security Checks
high
146123EulerOS 2.0 SP5 : libxslt (EulerOS-SA-2021-1211)NessusHuawei Local Security Checks
high
145183EulerOS 2.0 SP3 : libxslt (EulerOS-SA-2021-1094)NessusHuawei Local Security Checks
high
126015Fedora 30 : mingw-libxslt (2019-320d5295fc)NessusFedora Local Security Checks
high
108821GLSA-201804-01 : libxslt: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
103237FreeBSD : GitLab -- multiple vulnerabilities (6a177c87-9933-11e7-93f7-d43d7e971a1b)NessusFreeBSD Local Security Checks
high
100367openSUSE Security Update : libxslt (openSUSE-2017-609)NessusSuSE Local Security Checks
high
100243SUSE SLED12 / SLES12 Security Update : libxslt (SUSE-SU-2017:1313-1)NessusSuSE Local Security Checks
high
100208SUSE SLES11 Security Update : libxslt (SUSE-SU-2017:1282-1)NessusSuSE Local Security Checks
high
99725Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : libxslt vulnerabilities (USN-3271-1)NessusUbuntu Local Security Checks
high
94645Debian DSA-3709-1 : libxslt - security updateNessusDebian Local Security Checks
high
94583Debian DLA-700-1 : libxslt security updateNessusDebian Local Security Checks
high
9620Mac OS X 10.x < 10.12 Multiple VulnerabilitiesNessus Network MonitorOperating System Detection
critical
9621Apple TV < 10.0 Multiple VulnerabilitiesNessus Network MonitorInternet Services
critical
9619Apple iOS < 10.0 Multiple VulnerabilitiesNessus Network MonitorMobile Devices
critical
93776Apple TV < 10 Multiple VulnerabilitiesNessusMisc.
critical
93685macOS < 10.12 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
critical