cbcvebase.
CVE-2016-1841
published 2016-05-20

CVE-2016-1841: libxslt, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code…

PriorityP343high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
EPSS
2.36%
81.6th percentile
libxslt, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

Affected

15 ranges
VendorProductVersion rangeFixed in
appleios
appleiphone_os< 9.3.29.3.2
applemac_os_x< 10.11.510.11.5
appleos_x_el_capitan_v10.11.5_and_security_update_2016-003
appletvos< 9.2.19.2.1
appletvos
applewatchos< 2.2.12.2.1
applewatchos
debianlibxslt< libxslt 1.1.29-1 (bookworm)libxslt 1.1.29-1 (bookworm)
xmlsoftlibxslt>= 0 < 1.1.29-11.1.29-1
xmlsoftlibxslt>= 0 < 1.1.29-11.1.29-1
xmlsoftlibxslt>= 0 < 1.1.29-11.1.29-1
xmlsoftlibxslt>= 0 < 1.1.29-11.1.29-1
xmlsoftlibxslt>= 0 < 1.1.28-2ubuntu0.11.1.28-2ubuntu0.1
xmlsoftlibxslt>= 0 < 1.1.28-2.1ubuntu0.11.1.28-2.1ubuntu0.1

CVSS provenance

nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv8.8HIGH
vendor_debian8.8HIGH
vendor_redhat8.8HIGH
vendor_ubuntu5.0MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.