Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2016-6309
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:29:18.440Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.tenable.com/security/tns-2016-20" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.openssl.org/news/secadv/20160926.txt" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03856en_us" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039" }, { "name": "1036885", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1036885" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.tenable.com/security/tns-2016-16" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=acacbfa7565c78d2273c0b2a2e5e803f44afefeb" }, { "name": "93177", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/93177" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bto.bluecoat.com/security-advisory/sa132" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-09-22T00:00:00", "descriptions": [ { "lang": "en", "value": "statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service (use-after-free) or possibly execute arbitrary code via a crafted TLS session." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-07-11T09:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.tenable.com/security/tns-2016-20" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.openssl.org/news/secadv/20160926.txt" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03856en_us" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039" }, { "name": "1036885", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1036885" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.tenable.com/security/tns-2016-16" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=acacbfa7565c78d2273c0b2a2e5e803f44afefeb" }, { "name": "93177", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/93177" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bto.bluecoat.com/security-advisory/sa132" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-6309", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service (use-after-free) or possibly execute arbitrary code via a crafted TLS session." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.tenable.com/security/tns-2016-20", "refsource": "CONFIRM", "url": "https://www.tenable.com/security/tns-2016-20" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" }, { "name": "https://www.openssl.org/news/secadv/20160926.txt", "refsource": "CONFIRM", "url": "https://www.openssl.org/news/secadv/20160926.txt" }, { "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03856en_us", "refsource": "CONFIRM", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03856en_us" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039" }, { "name": "1036885", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1036885" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "name": "https://www.tenable.com/security/tns-2016-16", "refsource": "CONFIRM", "url": "https://www.tenable.com/security/tns-2016-16" }, { "name": "https://git.openssl.org/?p=openssl.git;a=commit;h=acacbfa7565c78d2273c0b2a2e5e803f44afefeb", "refsource": "CONFIRM", "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=acacbfa7565c78d2273c0b2a2e5e803f44afefeb" }, { "name": "93177", "refsource": "BID", "url": "http://www.securityfocus.com/bid/93177" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" }, { "name": "https://bto.bluecoat.com/security-advisory/sa132", "refsource": "CONFIRM", "url": "https://bto.bluecoat.com/security-advisory/sa132" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759", "refsource": "CONFIRM", "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2016-6309", "datePublished": "2016-09-26T19:00:00", "dateReserved": "2016-07-26T00:00:00", "dateUpdated": "2024-08-06T01:29:18.440Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2016-6309\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2016-09-26T19:59:06.393\",\"lastModified\":\"2024-11-21T02:55:52.610\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service (use-after-free) or possibly execute arbitrary code via a crafted TLS session.\"},{\"lang\":\"es\",\"value\":\"statem/statem.c en OpenSSL 1.1.0a no considera el movimiento de bloque de memoria despu\u00e9s de una llamada realloc, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (uso despu\u00e9s de liberaci\u00f3n de memoria) o posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de una sesi\u00f3n TLS manipulada.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.1.0a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C9D7A18A-116B-4F68-BEA3-A4E9DDDA55C6\"}]}]}],\"references\":[{\"url\":\"http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21995039\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/93177\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securitytracker.com/id/1036885\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bto.bluecoat.com/security-advisory/sa132\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=acacbfa7565c78d2273c0b2a2e5e803f44afefeb\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03856en_us\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://www.openssl.org/news/secadv/20160926.txt\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2016-16\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://www.tenable.com/security/tns-2016-20\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21995039\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/93177\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1036885\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bto.bluecoat.com/security-advisory/sa132\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=acacbfa7565c78d2273c0b2a2e5e803f44afefeb\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03856en_us\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.openssl.org/news/secadv/20160926.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2016-16\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.tenable.com/security/tns-2016-20\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}" } }
gsd-2016-6309
Vulnerability from gsd
{ "GSD": { "alias": "CVE-2016-6309", "description": "statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service (use-after-free) or possibly execute arbitrary code via a crafted TLS session.", "id": "GSD-2016-6309", "references": [ "https://www.suse.com/security/cve/CVE-2016-6309.html", "https://advisories.mageia.org/CVE-2016-6309.html", "https://security.archlinux.org/CVE-2016-6309" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2016-6309" ], "details": "statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service (use-after-free) or possibly execute arbitrary code via a crafted TLS session.", "id": "GSD-2016-6309", "modified": "2023-12-13T01:21:23.098609Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-6309", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service (use-after-free) or possibly execute arbitrary code via a crafted TLS session." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.tenable.com/security/tns-2016-20", "refsource": "CONFIRM", "url": "https://www.tenable.com/security/tns-2016-20" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" }, { "name": "https://www.openssl.org/news/secadv/20160926.txt", "refsource": "CONFIRM", "url": "https://www.openssl.org/news/secadv/20160926.txt" }, { "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03856en_us", "refsource": "CONFIRM", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03856en_us" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039" }, { "name": "1036885", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1036885" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "name": "https://www.tenable.com/security/tns-2016-16", "refsource": "CONFIRM", "url": "https://www.tenable.com/security/tns-2016-16" }, { "name": "https://git.openssl.org/?p=openssl.git;a=commit;h=acacbfa7565c78d2273c0b2a2e5e803f44afefeb", "refsource": "CONFIRM", "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=acacbfa7565c78d2273c0b2a2e5e803f44afefeb" }, { "name": "93177", "refsource": "BID", "url": "http://www.securityfocus.com/bid/93177" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" }, { "name": "https://bto.bluecoat.com/security-advisory/sa132", "refsource": "CONFIRM", "url": "https://bto.bluecoat.com/security-advisory/sa132" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759", "refsource": "CONFIRM", "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759" } ] } }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.1.0a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-6309" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service (use-after-free) or possibly execute arbitrary code via a crafted TLS session." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-416" } ] } ] }, "references": { "reference_data": [ { "name": "https://git.openssl.org/?p=openssl.git;a=commit;h=acacbfa7565c78d2273c0b2a2e5e803f44afefeb", "refsource": "CONFIRM", "tags": [ "Issue Tracking" ], "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=acacbfa7565c78d2273c0b2a2e5e803f44afefeb" }, { "name": "https://www.openssl.org/news/secadv/20160926.txt", "refsource": "CONFIRM", "tags": [ "Vendor Advisory" ], "url": "https://www.openssl.org/news/secadv/20160926.txt" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", "refsource": "CONFIRM", "tags": [], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "name": "93177", "refsource": "BID", "tags": [], "url": "http://www.securityfocus.com/bid/93177" }, { "name": "https://bto.bluecoat.com/security-advisory/sa132", "refsource": "CONFIRM", "tags": [], "url": "https://bto.bluecoat.com/security-advisory/sa132" }, { "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759", "refsource": "CONFIRM", "tags": [], "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759" }, { "name": "https://www.tenable.com/security/tns-2016-16", "refsource": "CONFIRM", "tags": [], "url": "https://www.tenable.com/security/tns-2016-16" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", "refsource": "CONFIRM", "tags": [], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039" }, { "name": "1036885", "refsource": "SECTRACK", "tags": [], "url": "http://www.securitytracker.com/id/1036885" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "refsource": "CONFIRM", "tags": [], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "name": "https://www.tenable.com/security/tns-2016-20", "refsource": "CONFIRM", "tags": [], "url": "https://www.tenable.com/security/tns-2016-20" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "refsource": "CONFIRM", "tags": [], "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", "refsource": "CONFIRM", "tags": [], "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" }, { "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03856en_us", "refsource": "CONFIRM", "tags": [], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03856en_us" } ] } }, "impact": { "baseMetricV2": { "cvssV2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false }, "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "exploitabilityScore": 3.9, "impactScore": 5.9 } }, "lastModifiedDate": "2018-07-12T01:29Z", "publishedDate": "2016-09-26T19:59Z" } } }
var-201609-0352
Vulnerability from variot
statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service (use-after-free) or possibly execute arbitrary code via a crafted TLS session. Supplementary information : CWE Vulnerability type by CWE-416: Use After Free ( Use of freed memory ) Has been identified. OpenSSL is prone to a remote code execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201609-0352", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "openssl", "scope": "eq", "trust": 2.4, "vendor": "openssl", "version": "1.1.0a" }, { "model": "paging server", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.10" }, { "model": "webex centers t32", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30000" }, { "model": "sterling connect:express for unix ifix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.13150-13" }, { "model": "clean access manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus series blade switches 4.1 e1", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4000" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.9" }, { "model": "telepresence content server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "proactive network operations center", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "69010" }, { "model": "anyconnect secure mobility client for linux", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.0.7" }, { "model": "ucs central software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance media server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.13" }, { "model": "stealthwatch management console", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ios and cisco ios xe software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "16.2" }, { "model": "anyconnect secure mobility client for android", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.0.7" }, { "model": "jabber software development kit", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "computer telephony integration object server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified workforce optimization", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "industrial router 1.2.1rb4", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "910" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1209" }, { "model": "ip interoperability and collaboration system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "asr series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "50000" }, { "model": "edge digital media player", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3400" }, { "model": "nexus series switches standalone nx-os mode", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9000-0" }, { "model": "unified contact center enterprise", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus series switches standalone nx-os mode 7.0 i5", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9000-" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.11" }, { "model": "nexus series switches 5.2.8", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7000" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3361" }, { "model": "anyconnect secure mobility client for desktop platforms", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.1" }, { "model": "jabber guest", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime license manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance ptz ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.9" }, { "model": "series digital media players 5.3.6 rb3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4300" }, { "model": "stealthwatch flowcollector sflow", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "web security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3394" }, { "model": "visual quality experience server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jd edwards enterpriseone tools", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "9.2.1.1" }, { "model": "video surveillance series ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "60002.9" }, { "model": "content security management appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime collaboration provisioning", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6" }, { "model": "agent for openflow", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "anyconnect secure mobility client for desktop platforms", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.4" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.8" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.4.0" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1" }, { "model": "ons series multiservice provisioning platforms", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "154540" }, { "model": "telepresence sx series ce8.2.2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "prime collaboration assurance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "asa next-generation firewall services", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "email security appliance", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10.0.1" }, { "model": "telepresence server on multiparty media", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8200" }, { "model": "unified communications manager im \u0026 presence service (formerly c", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ios and cisco ios xe software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "16.3" }, { "model": "webex meetings for blackberry", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "wide area application services", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security virtual server protection for vmware", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.1" }, { "model": "firesight system software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.0.1.3" }, { "model": "anyconnect secure mobility client for mac os", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "x4.0.7" }, { "model": "common services platform collector", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.11" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "partner support service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.0" }, { "model": "media services interface", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "cloud web security", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime collaboration assurance", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6" }, { "model": "jabber for iphone and ipad", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0" }, { "model": "unified attendant console advanced", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "common services platform collector", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "anyconnect secure mobility client for windows", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence mx series ce8.2.2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "spectrum control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.8" }, { "model": "webex meetings client on-premises", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "unified intelligence center", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6(1)" }, { "model": "services provisioning platform", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ucs b-series blade servers", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.1.3" }, { "model": "nac appliance clean access manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.6" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10000" }, { "model": "jabber for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "asa next-generation firewall services", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.1.2" }, { "model": "mobilefirst platform foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.0.0" }, { "model": "unified attendant console premium edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "api gateway", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.1.2.4.0" }, { "model": "services provisioning platform sfp1.1", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "mediasense", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber for android", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "video surveillance series high-definition ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "40000" }, { "model": "anyconnect secure mobility client for desktop platforms", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.3.4" }, { "model": "project openssl 1.1.0a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "series digital media players 5.3.6 rb3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4400" }, { "model": "video surveillance series ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "30002.9" }, { "model": "stealthwatch identity", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "aironet series access points", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "270016.2" }, { "model": "application policy infrastructure controller", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.2(1)" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.2" }, { "model": "aironet series access points", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "270016.1" }, { "model": "unified workforce optimization quality management solution 11.5 su1", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "show and share", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence system ex series tc7.3.7", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "universal small cell iuh", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.5" }, { "model": "ucs director", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber client framework components", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "telepresence isdn link", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence profile series tc7.3.7", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "webex meetings client on-premises t32", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "dcm series d9900 digital content manager", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus series switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "70006.2.19" }, { "model": "unified attendant console business edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "aironet series access points", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "270016.4" }, { "model": "peoplesoft enterprise peopletools", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "8.54" }, { "model": "enterprise manager ops center", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.1.4" }, { "model": "mds series multilayer switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "90000" }, { "model": "prime network services controller 1.01u", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "oss support tools", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "8.9.15.9.8" }, { "model": "firesight system software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.4.0.10" }, { "model": "worklight consumer edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.0" }, { "model": "universal small cell series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "50000" }, { "model": "nexus series switches 5.2 sv3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1000v" }, { "model": "telepresence system tx1310", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified communications domain manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence server on multiparty media and", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3103204.4" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.2" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.4" }, { "model": "nac guest server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "enterprise content delivery system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "email security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.11" }, { "model": "anyconnect secure mobility client for linux", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence system ex series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime collaboration deployment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "webex business suite", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "dx series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ios and cisco ios xe software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "15.5(3)" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.18" }, { "model": "anyconnect secure mobility client for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus series blade switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "40000" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.11" }, { "model": "telepresence system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "500-376.1" }, { "model": "jabber for windows", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "telepresence profile series ce8.2.2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "enterprise manager base platform", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "13.1.0.0" }, { "model": "ace30 application control engine module", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vm virtualbox", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "5.0.28" }, { "model": "edge digital media player 1.6rb5", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "300" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "69450" }, { "model": "telepresence isdn gateway mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "83210" }, { "model": "wireless lan controller", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8.4" }, { "model": "jabber software development kit", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "uc integration for microsoft lync", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6.3" }, { "model": "unified contact center enterprise", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6.1" }, { "model": "spa112 2-port phone adapter", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.4.2" }, { "model": "telepresence system tx1310", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.1" }, { "model": "connected grid routers", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.3" }, { "model": "enterprise manager base platform", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.1" }, { "model": "telepresence mx series tc7.3.7", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "ip interoperability and collaboration system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.0(1)" }, { "model": "spa122 analog telephone adapter with router", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "universal small cell series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "50003.5.12.23" }, { "model": "universal small cell series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "50003.4.2.0" }, { "model": "connected grid routers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "uc integration for microsoft lync", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1768" }, { "model": "unity express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "13000" }, { "model": "worklight enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.0" }, { "model": "tandberg codian isdn gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber guest", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.9" }, { "model": "digital media manager 5.3.6 rb3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "series digital media players", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "44000" }, { "model": "ata series analog terminal adaptors", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1901.3" }, { "model": "prime network services controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ata series analog terminal adaptors", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1900" }, { "model": "asr series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "500021.2" }, { "model": "ons series multiservice provisioning platforms", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1545410.7" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.12" }, { "model": "telepresence system series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30000" }, { "model": "worklight consumer edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.2" }, { "model": "hosted collaboration mediation fulfillment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified communications manager session management edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified ip conference phone 10.3.1sr4", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8831" }, { "model": "mobilefirst platform foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.0" }, { "model": "webex meetings server multimedia platform", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70000" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.7" }, { "model": "prime network registrar", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8.3.5" }, { "model": "series stackable managed switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5000" }, { "model": "prime access registrar", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified intelligent contact management enterprise", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6.1" }, { "model": "stealthwatch flowcollector netflow", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ucs manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.1" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.0" }, { "model": "network analysis module", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.2(2)" }, { "model": "video surveillance 4300e and 4500e high-definition ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified attendant console department edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ip series phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "78000" }, { "model": "aironet series access points", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "27000" }, { "model": "onepk all-in-one virtual machine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3387" }, { "model": "industrial router", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9100" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "unified intelligence center", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video distribution suite for internet streaming", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "13006.1" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.7.1" }, { "model": "cloupia unified infrastructure controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "50000" }, { "model": "telepresence system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11006.1" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.20" }, { "model": "packaged contact center enterprise", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "agent desktop for cisco unified contact center express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mobilefirst platform foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70000" }, { "model": "adaptive security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence sx series tc7.3.7", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.5" }, { "model": "nac appliance clean access server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "60000" }, { "model": "firesight system software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.1.0.1" }, { "model": "webex meetings for windows phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "80" }, { "model": "spa232d multi-line dect analog telephone adapter", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime optical for service providers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smart care", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "edge digital media player 1.2rb1.0.3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "340" }, { "model": "universal small cell cloudbase factory recovery root filesystem", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.99.4" }, { "model": "network performance analysis", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus series switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "60006.2.19" }, { "model": "peoplesoft enterprise peopletools", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "8.55" }, { "model": "unified ip conference phone for third-party call control", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "88310" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "webex meetings for windows phone", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "82.8" }, { "model": "spectrum control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.10" }, { "model": "universal small cell cloudbase factory recovery root filesystem", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "secure access control system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.8.0.32.7" }, { "model": "telepresence integrator c series ce8.2.2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.2" }, { "model": "webex meetings client hosted", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.13" }, { "model": "content security management appliance", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.1.140" }, { "model": "security virtual server protection for vmware", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0" }, { "model": "stealthwatch udp director", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus series switches 5.2.8", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6000" }, { "model": "intrusion prevention system solutions", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified ip conference phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "88310" }, { "model": "jabber client framework components", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime ip express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified sip proxy software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.4" }, { "model": "security manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber for mac", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "netflow generation appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified sip proxy software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "99510" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "89450" }, { "model": "telepresence supervisor mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "80500" }, { "model": "telepresence server and mse", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "701087104.4" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.10" }, { "model": "ucs series and series fabric interconnects", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "620063000" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.12" }, { "model": "webex meeting center", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.11" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.4" }, { "model": "netflow generation appliance", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.1(1)" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.13" }, { "model": "socialminer", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.0" }, { "model": "spa112 2-port phone adapter", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance series high-definition ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "40002.9" }, { "model": "intracer", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.3" }, { "model": "jabber for windows", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "oss support tools", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "8.8.15.7.15" }, { "model": "prime infrastructure", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.2" }, { "model": "telepresence video communication server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance 4300e and 4500e high-definition ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.9" }, { "model": "computer telephony integration object server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6.1" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "11000" }, { "model": "telepresence sx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence server on multiparty media and", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3103200" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.1" }, { "model": "content security appliance update servers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "videoscape anyres live", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9.7.2" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "99710" }, { "model": "transportation management", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2" }, { "model": "firesight system software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.4.1.9" }, { "model": "universal small cell iuh", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.17.3" }, { "model": "ata analog telephone adaptor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1870" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.1.1" }, { "model": "ios and cisco ios xe software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "16.4" }, { "model": "telepresence system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "500-326.1" }, { "model": "unity express", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10" }, { "model": "expressway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "virtualization experience media edition", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "vm virtualbox", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "5.1.8" }, { "model": "small business series managed switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3000" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.6" }, { "model": "telepresence system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10006.1" }, { "model": "telepresence isdn gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32410" }, { "model": "telepresence mcu", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "edge digital media player", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3000" }, { "model": "series smart plus switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2200" }, { "model": "enterprise manager ops center", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.2.2" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1000v0" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.5.1" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.6" }, { "model": "virtual security gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.5" }, { "model": "telepresence tx9000 series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "series digital media players", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "43000" }, { "model": "telepresence system series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "30006.1" }, { "model": "universal small cell series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70003.4.2.0" }, { "model": "unity connection", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security manager", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.13" }, { "model": "ucs b-series blade servers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ucs standalone c-series rack server integrated management cont", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "telepresence integrator c series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "spectrum control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.9" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3381" }, { "model": "enterprise content delivery system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.6.9" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "60000" }, { "model": "mds series multilayer switches 5.2.8", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9000" }, { "model": "series digital media players 5.4.1 rb4", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4300" }, { "model": "ucs standalone c-series rack server integrated management cont", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "-3.0" }, { "model": "ios and cisco ios xe software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "16.1" }, { "model": "prime network", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence tx9000 series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.1" }, { "model": "prime performance manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smart net total care local collector appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "prime collaboration provisioning", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.12" }, { "model": "connected grid routers", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "15.8.9" }, { "model": "network analysis module", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus series fabric switches aci mode", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9000-0" }, { "model": "prime performance manager sp1611", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.7" }, { "model": "worklight consumer edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.1" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.12" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.22" }, { "model": "unified ip phone 9.3 sr3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6901" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.16" }, { "model": "telepresence server and mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "701087100" }, { "model": "mds series multilayer switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "90006.2.19" }, { "model": "aironet series access points", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "270015.5(3)" }, { "model": "spectrum control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.11" }, { "model": "telepresence server on virtual machine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "webex meetings for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus series switches 5.2.8", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5000" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3376" }, { "model": "digital media manager 5.4.1 rb4", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "unified workforce optimization quality management solution", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "telepresence integrator c series tc7.3.7", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "spa122 analog telephone adapter with router", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.4.2" }, { "model": "cloud object storage", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.1" }, { "model": "worklight enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.2" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.14" }, { "model": "unified intelligent contact management enterprise", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "application and content networking system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "anyconnect secure mobility client for ios", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ace application control engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "47100" }, { "model": "oss support tools", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "8.15.17.3.14" }, { "model": "anyconnect secure mobility client for mac os", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "x0" }, { "model": "prime infrastructure plug and play standalone gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "virtual security gateway", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.1.6" }, { "model": "nexus series switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "50006.2.19" }, { "model": "telepresence conductor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "application policy infrastructure controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber for mac", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber for iphone and ipad", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "prime network registrar", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9.0" }, { "model": "worklight enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.1" }, { "model": "telepresence video communication server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "x8.8.3" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.4.1" }, { "model": "series digital media players 5.4.1 rb4", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4400" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0" }, { "model": "multicast manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "aironet series access points", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "270016.3" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2" }, { "model": "anyconnect secure mobility client for ios", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.0.7" }, { "model": "secure access control system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.8.0.32.8" }, { "model": "webex node for mcs", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence mcu", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.5(1.89)" }, { "model": "management appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "anyconnect secure mobility client for windows", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.0.7" }, { "model": "videoscape anyres live", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance ptz ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video distribution suite for internet streaming", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.003(002)" }, { "model": "telepresence server on multiparty media", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8204.4" }, { "model": "telepresence serial gateway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.3" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "89610" }, { "model": "expressway series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "x8.8.3" }, { "model": "prime network", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "431" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "500-320" }, { "model": "unified attendant console enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "transportation management", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.1" }, { "model": "unified contact center express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.26" }, { "model": "network analysis module 6.2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "telepresence system ex series ce8.2.2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "prime data center network manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "mxe series media experience engines", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "35000" }, { "model": "universal small cell cloudbase factory recovery root filesystem", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.17.3" }, { "model": "videoscape control suite", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ip series phones vpn feature", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8800-0" }, { "model": "tandberg codian mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "83200" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.3.0" }, { "model": "mobilefirst platform foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.0" }, { "model": "enterprise manager base platform", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "13.2.0.0" }, { "model": "unified meetingplace 8.6mr1", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "telepresence mx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tapi service provider", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance series ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "70002.9" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "500-370" }, { "model": "spa525g 5-line ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence profile series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "secure access control system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified ip conference phone for third-party call control 9.3 sr3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8831" }, { "model": "unified ip series phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "79000" }, { "model": "spa232d multi-line dect analog telephone adapter", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.4.2" }, { "model": "nexus series fabric switches aci mode", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9000-0" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.6" }, { "model": "visual quality experience tools server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "virtualization experience media edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "enterprise manager ops center", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.3.2" }, { "model": "emergency responder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.7" }, { "model": "registered envelope service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "universal small cell series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "70003.5.12.23" }, { "model": "firesight system software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "webex meetings client hosted t32", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "unified meetingplace", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security virtual server protection for vmware", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1" }, { "model": "unified contact center express", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6" }, { "model": "webex meetings server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.6.1.30" } ], "sources": [ { "db": "BID", "id": "93177" }, { "db": "JVNDB", "id": "JVNDB-2016-004995" }, { "db": "CNNVD", "id": "CNNVD-201609-598" }, { "db": "NVD", "id": "CVE-2016-6309" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:openssl:openssl", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-004995" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", "sources": [ { "db": "CNNVD", "id": "CNNVD-201609-598" } ], "trust": 0.6 }, "cve": "CVE-2016-6309", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CVE-2016-6309", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 1.9, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2016-6309", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.8, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2016-6309", "trust": 1.0, "value": "CRITICAL" }, { "author": "NVD", "id": "CVE-2016-6309", "trust": 0.8, "value": "Critical" }, { "author": "CNNVD", "id": "CNNVD-201609-598", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULMON", "id": "CVE-2016-6309", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-6309" }, { "db": "JVNDB", "id": "JVNDB-2016-004995" }, { "db": "CNNVD", "id": "CNNVD-201609-598" }, { "db": "NVD", "id": "CVE-2016-6309" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service (use-after-free) or possibly execute arbitrary code via a crafted TLS session. Supplementary information : CWE Vulnerability type by CWE-416: Use After Free ( Use of freed memory ) Has been identified. OpenSSL is prone to a remote code execution vulnerability. \nAn attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions", "sources": [ { "db": "NVD", "id": "CVE-2016-6309" }, { "db": "JVNDB", "id": "JVNDB-2016-004995" }, { "db": "BID", "id": "93177" }, { "db": "VULMON", "id": "CVE-2016-6309" } ], "trust": 1.98 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2016-6309", "trust": 2.8 }, { "db": "BID", "id": "93177", "trust": 1.4 }, { "db": "JUNIPER", "id": "JSA10759", "trust": 1.1 }, { "db": "TENABLE", "id": "TNS-2016-16", "trust": 1.1 }, { "db": "TENABLE", "id": "TNS-2016-20", "trust": 1.1 }, { "db": "SECTRACK", "id": "1036885", "trust": 1.1 }, { "db": "JVN", "id": "JVNVU99474230", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2016-004995", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201609-598", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2016-6309", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-6309" }, { "db": "BID", "id": "93177" }, { "db": "JVNDB", "id": "JVNDB-2016-004995" }, { "db": "CNNVD", "id": "CNNVD-201609-598" }, { "db": "NVD", "id": "CVE-2016-6309" } ] }, "id": "VAR-201609-0352", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.395923525 }, "last_update_date": "2024-11-23T20:29:56.597000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "cisco-sa-20160927-openssl", "trust": 0.8, "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl" }, { "title": "OpenSSL 1.1.0 Series Release Notes", "trust": 0.8, "url": "https://www.openssl.org/news/openssl-1.1.0-notes.html" }, { "title": "Fix Use After Free for large message sizes", "trust": 0.8, "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=acacbfa7565c78d2273c0b2a2e5e803f44afefeb" }, { "title": "Fix Use After Free for large message sizes (CVE-2016-6309)", "trust": 0.8, "url": "https://www.openssl.org/news/secadv/20160926.txt" }, { "title": "Oracle Critical Patch Update Advisory - October 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "title": "OpenSSL Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=64376" }, { "title": "The Register", "trust": 0.2, "url": "https://www.theregister.co.uk/2016/09/26/openssl_patches_last_weeks_patch/" }, { "title": "Red Hat: CVE-2016-6309", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2016-6309" }, { "title": "Arch Linux Issues: ", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2016-6309" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - January 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=69e9536e77203a3c76b24dd89f4f9300" }, { "title": "Tenable Security Advisories: [R7] Nessus 6.9 Fixes Multiple Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=TNS-2016-16" }, { "title": "Symantec Security Advisories: SA132 : OpenSSL Vulnerabilities 22-Sep-2016 and 26-Sep-2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=1e6dcaf5dac6ef96a7d917a8c1393040" }, { "title": "Cisco: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20160927-openssl" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c" }, { "title": "Tenable Security Advisories: [R3] PVS 5.2.0 Fixes Multiple Third-party Library Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=TNS-2016-20" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - July 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=2f446a7e1ea263c0c3a365776c6713f2" }, { "title": "Forcepoint Security Advisories: CVE-2016-2180 to -2183, -6302 to -6309, -2179, -7052 OpenSSL Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=forcepoint_security_advisories\u0026qid=a9dd8a175d084c7432b7ad47715ac50c" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - April 2018", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4019ca77f50c7a34e4d97833e6f3321e" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - April 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87" }, { "title": "SEEKER_dataset", "trust": 0.1, "url": "https://github.com/SF4bin/SEEKER_dataset " }, { "title": "honggfuzz", "trust": 0.1, "url": "https://github.com/khadas/android_external_honggfuzz " }, { "title": "honggfuzz", "trust": 0.1, "url": "https://github.com/crdroid-r/external_honggfuzz " }, { "title": "honggfuzz", "trust": 0.1, "url": "https://github.com/yaap/external_honggfuzz " }, { "title": "articles", "trust": 0.1, "url": "https://github.com/xinali/articles " }, { "title": "honggfuzz", "trust": 0.1, "url": "https://github.com/DennissimOS/platform_external_honggfuzz " }, { "title": "honggfuzz", "trust": 0.1, "url": "https://github.com/r3p3r/nixawk-honggfuzz " }, { "title": "honggfuzz", "trust": 0.1, "url": "https://github.com/aosp-caf-upstream/platform_external_honggfuzz " }, { "title": "honggfuzz", "trust": 0.1, "url": "https://github.com/TinkerBoard-Android/rockchip-android-external-honggfuzz " }, { "title": "honggfuzz", "trust": 0.1, "url": "https://github.com/jingpad-bsp/android_external_honggfuzz " }, { "title": "honggfuzz", "trust": 0.1, "url": "https://github.com/TinkerEdgeR-Android/external_honggfuzz " }, { "title": "honggfuzz", "trust": 0.1, "url": "https://github.com/random-aosp-stuff/android_external_honggfuzz " }, { "title": "honggfuzz", "trust": 0.1, "url": "https://github.com/bananadroid/android_external_honggfuzz " }, { "title": "honggfuzz", "trust": 0.1, "url": "https://github.com/Wave-Project/external_honggfuzz " }, { "title": "honggfuzz", "trust": 0.1, "url": "https://github.com/imbaya2466/honggfuzz_READ " }, { "title": "honggfuzz", "trust": 0.1, "url": "https://github.com/TheXPerienceProject/android_external_honggfuzz " }, { "title": "honggfuzz", "trust": 0.1, "url": "https://github.com/ForkLineageOS/external_honggfuzz " }, { "title": "honggfuzz", "trust": 0.1, "url": "https://github.com/StatiXOS/android_external_honggfuzz " }, { "title": "honggfuzz", "trust": 0.1, "url": "https://github.com/aosp10-public/external_honggfuzz " }, { "title": "honggfuzz", "trust": 0.1, "url": "https://github.com/crdroidandroid/android_external_honggfuzz " }, { "title": "honggfuzz", "trust": 0.1, "url": "https://github.com/TinkerBoard2-Android/external-honggfuzz " }, { "title": "honggfuzz", "trust": 0.1, "url": "https://github.com/Corvus-R/android_external_honggfuzz " }, { "title": "honggfuzz", "trust": 0.1, "url": "https://github.com/CAF-Extended/external_honggfuzz " }, { "title": "honggfuzz", "trust": 0.1, "url": "https://github.com/ProtonAOSP/android_external_honggfuzz " }, { "title": "honggfuzz", "trust": 0.1, "url": "https://github.com/ProtonAOSP-platina/android_external_honggfuzz " }, { "title": "honggfuzz", "trust": 0.1, "url": "https://github.com/HavocR/external_honggfuzz " }, { "title": "honggfuzz", "trust": 0.1, "url": "https://github.com/Tomoms/android_external_honggfuzz " }, { "title": "Honggfuzz", "trust": 0.1, "url": "https://github.com/ep-infosec/50_google_honggfuzz " }, { "title": "Honggfuzz", "trust": 0.1, "url": "https://github.com/lllnx/lllnx " }, { "title": "Honggfuzz", "trust": 0.1, "url": "https://github.com/google/honggfuzz " }, { "title": "OpenSSL-CVE-lib", "trust": 0.1, "url": "https://github.com/chnzzh/OpenSSL-CVE-lib " } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-6309" }, { "db": "JVNDB", "id": "JVNDB-2016-004995" }, { "db": "CNNVD", "id": "CNNVD-201609-598" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-416", "trust": 1.0 }, { "problemtype": "CWE-Other", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-004995" }, { "db": "NVD", "id": "CVE-2016-6309" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.4, "url": "https://www.openssl.org/news/secadv/20160926.txt" }, { "trust": 1.4, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "trust": 1.4, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039" }, { "trust": 1.2, "url": "http://www.securityfocus.com/bid/93177" }, { "trust": 1.1, "url": "https://bto.bluecoat.com/security-advisory/sa132" }, { "trust": 1.1, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759" }, { "trust": 1.1, "url": "https://www.tenable.com/security/tns-2016-16" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id/1036885" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "trust": 1.1, "url": "https://www.tenable.com/security/tns-2016-20" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" }, { "trust": 1.1, "url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03856en_us" }, { "trust": 1.1, "url": "https://git.openssl.org/?p=openssl.git%3ba=commit%3bh=acacbfa7565c78d2273c0b2a2e5e803f44afefeb" }, { "trust": 0.9, "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160927-openssl" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6309" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu99474230/index.html" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6309" }, { "trust": 0.3, "url": "http://openssl.org/" }, { "trust": 0.3, "url": "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-worklight-and-ibm-mobilefirst-platform-foundation-2/" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024507" }, { "trust": 0.3, "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" }, { "trust": 0.3, "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993061" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995129" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995392" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995393" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995691" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21996181" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/416.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=49041" }, { "trust": 0.1, "url": "https://github.com/xinali/articles" } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-6309" }, { "db": "BID", "id": "93177" }, { "db": "JVNDB", "id": "JVNDB-2016-004995" }, { "db": "CNNVD", "id": "CNNVD-201609-598" }, { "db": "NVD", "id": "CVE-2016-6309" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2016-6309" }, { "db": "BID", "id": "93177" }, { "db": "JVNDB", "id": "JVNDB-2016-004995" }, { "db": "CNNVD", "id": "CNNVD-201609-598" }, { "db": "NVD", "id": "CVE-2016-6309" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-09-26T00:00:00", "db": "VULMON", "id": "CVE-2016-6309" }, { "date": "2016-09-26T00:00:00", "db": "BID", "id": "93177" }, { "date": "2016-09-30T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-004995" }, { "date": "2016-09-27T00:00:00", "db": "CNNVD", "id": "CNNVD-201609-598" }, { "date": "2016-09-26T19:59:06.393000", "db": "NVD", "id": "CVE-2016-6309" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-07T00:00:00", "db": "VULMON", "id": "CVE-2016-6309" }, { "date": "2017-05-02T00:06:00", "db": "BID", "id": "93177" }, { "date": "2016-12-05T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-004995" }, { "date": "2019-02-21T00:00:00", "db": "CNNVD", "id": "CNNVD-201609-598" }, { "date": "2024-11-21T02:55:52.610000", "db": "NVD", "id": "CVE-2016-6309" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201609-598" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL of statem/statem.c Service disruption in (DoS) Vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-004995" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201609-598" } ], "trust": 0.6 } }
wid-sec-w-2024-1277
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "kritisch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Oracle Fusion Middleware b\u00fcndelt mehrere Produkte zur Erstellung, Betrieb und Management von intelligenten Business Anwendungen.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Fusion Middleware ausnutzen, um dadurch die Integrit\u00e4t, Vertraulichkeit und Verf\u00fcgbarkeit zu gef\u00e4hrden.", "title": "Angriff" }, { "category": "general", "text": "- Linux\n- UNIX\n- Windows", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2024-1277 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2017/wid-sec-w-2024-1277.json" }, { "category": "self", "summary": "WID-SEC-2024-1277 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1277" }, { "category": "external", "summary": "Oracle Critical Patch Update Advisory - April 2017 - Oracle Fusion Middleware vom 2017-04-18", "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html#AppendixFMW" }, { "category": "external", "summary": "CISA Known Exploited Vulnerabilities Catalog vom 2024-06-03", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "source_lang": "en-US", "title": "Oracle Fusion Middleware: Mehrere Schwachstellen", "tracking": { "current_release_date": "2024-11-11T23:00:00.000+00:00", "generator": { "date": "2024-11-12T10:06:32.931+00:00", "engine": { "name": "BSI-WID", "version": "1.3.8" } }, "id": "WID-SEC-W-2024-1277", "initial_release_date": "2017-04-18T22:00:00.000+00:00", "revision_history": [ { "date": "2017-04-18T22:00:00.000+00:00", "number": "1", "summary": "Initial Release" }, { "date": "2017-04-18T22:00:00.000+00:00", "number": "2", "summary": "n" }, { "date": "2017-04-18T22:00:00.000+00:00", "number": "3", "summary": "Version nicht vorhanden" }, { "date": "2024-06-03T22:00:00.000+00:00", "number": "4", "summary": "Aktive Ausnutzung gemeldet" }, { "date": "2024-11-11T23:00:00.000+00:00", "number": "5", "summary": "Korrektur" } ], "status": "final", "version": "5" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "Oracle Fusion Middleware", "product": { "name": "Oracle Fusion Middleware", "product_id": "T006198", "product_identification_helper": { "cpe": "cpe:/a:oracle:fusion_middleware:-" } } }, { "category": "product_name", "name": "Oracle WebCenter Sites", "product": { "name": "Oracle WebCenter Sites", "product_id": "T009734", "product_identification_helper": { "cpe": "cpe:/a:oracle:webcenter_sites:-" } } } ], "category": "vendor", "name": "Oracle" } ] }, "vulnerabilities": [ { "cve": "CVE-2012-1007", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T009734", "T006198" ] }, "release_date": "2017-04-18T22:00:00.000+00:00", "title": "CVE-2012-1007" }, { "cve": "CVE-2014-0114", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T009734", "T006198" ] }, "release_date": "2017-04-18T22:00:00.000+00:00", "title": "CVE-2014-0114" }, { "cve": "CVE-2015-5351", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T009734", "T006198" ] }, "release_date": "2017-04-18T22:00:00.000+00:00", "title": "CVE-2015-5351" }, { "cve": "CVE-2015-7501", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T009734", "T006198" ] }, "release_date": "2017-04-18T22:00:00.000+00:00", "title": "CVE-2015-7501" }, { "cve": "CVE-2016-0706", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T009734", "T006198" ] }, "release_date": "2017-04-18T22:00:00.000+00:00", "title": "CVE-2016-0706" }, { "cve": "CVE-2016-0714", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T009734", "T006198" ] }, "release_date": "2017-04-18T22:00:00.000+00:00", "title": "CVE-2016-0714" }, { "cve": "CVE-2016-0763", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T009734", "T006198" ] }, "release_date": "2017-04-18T22:00:00.000+00:00", "title": "CVE-2016-0763" }, { "cve": "CVE-2016-1181", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T009734", "T006198" ] }, "release_date": "2017-04-18T22:00:00.000+00:00", "title": "CVE-2016-1181" }, { "cve": "CVE-2016-1182", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T009734", "T006198" ] }, "release_date": "2017-04-18T22:00:00.000+00:00", "title": "CVE-2016-1182" }, { "cve": "CVE-2016-2177", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T009734", "T006198" ] }, "release_date": "2017-04-18T22:00:00.000+00:00", "title": "CVE-2016-2177" }, { "cve": "CVE-2016-2178", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T009734", "T006198" ] }, "release_date": "2017-04-18T22:00:00.000+00:00", "title": "CVE-2016-2178" }, { "cve": "CVE-2016-2179", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T009734", "T006198" ] }, "release_date": "2017-04-18T22:00:00.000+00:00", "title": "CVE-2016-2179" }, { "cve": "CVE-2016-2180", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T009734", "T006198" ] }, "release_date": "2017-04-18T22:00:00.000+00:00", "title": "CVE-2016-2180" }, { "cve": "CVE-2016-2181", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T009734", "T006198" ] }, "release_date": "2017-04-18T22:00:00.000+00:00", "title": "CVE-2016-2181" }, { "cve": "CVE-2016-2182", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T009734", "T006198" ] }, "release_date": "2017-04-18T22:00:00.000+00:00", "title": "CVE-2016-2182" }, { "cve": "CVE-2016-2183", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T009734", "T006198" ] }, "release_date": "2017-04-18T22:00:00.000+00:00", "title": "CVE-2016-2183" }, { "cve": "CVE-2016-6302", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T009734", "T006198" ] }, "release_date": "2017-04-18T22:00:00.000+00:00", "title": "CVE-2016-6302" }, { "cve": "CVE-2016-6303", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T009734", "T006198" ] }, "release_date": "2017-04-18T22:00:00.000+00:00", "title": "CVE-2016-6303" }, { "cve": "CVE-2016-6304", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T009734", "T006198" ] }, "release_date": "2017-04-18T22:00:00.000+00:00", "title": "CVE-2016-6304" }, { "cve": "CVE-2016-6305", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T009734", "T006198" ] }, "release_date": "2017-04-18T22:00:00.000+00:00", "title": "CVE-2016-6305" }, { "cve": "CVE-2016-6306", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T009734", "T006198" ] }, "release_date": "2017-04-18T22:00:00.000+00:00", "title": "CVE-2016-6306" }, { "cve": "CVE-2016-6307", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T009734", "T006198" ] }, "release_date": "2017-04-18T22:00:00.000+00:00", "title": "CVE-2016-6307" }, { "cve": "CVE-2016-6308", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T009734", "T006198" ] }, "release_date": "2017-04-18T22:00:00.000+00:00", "title": "CVE-2016-6308" }, { "cve": "CVE-2016-6309", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T009734", "T006198" ] }, "release_date": "2017-04-18T22:00:00.000+00:00", "title": "CVE-2016-6309" }, { "cve": "CVE-2016-7052", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T009734", "T006198" ] }, "release_date": "2017-04-18T22:00:00.000+00:00", "title": "CVE-2016-7052" }, { "cve": "CVE-2017-3230", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T009734", "T006198" ] }, "release_date": "2017-04-18T22:00:00.000+00:00", "title": "CVE-2017-3230" }, { "cve": "CVE-2017-3499", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T009734", "T006198" ] }, "release_date": "2017-04-18T22:00:00.000+00:00", "title": "CVE-2017-3499" }, { "cve": "CVE-2017-3506", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T009734", "T006198" ] }, "release_date": "2017-04-18T22:00:00.000+00:00", "title": "CVE-2017-3506" }, { "cve": "CVE-2017-3507", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T009734", "T006198" ] }, "release_date": "2017-04-18T22:00:00.000+00:00", "title": "CVE-2017-3507" }, { "cve": "CVE-2017-3531", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T009734", "T006198" ] }, "release_date": "2017-04-18T22:00:00.000+00:00", "title": "CVE-2017-3531" }, { "cve": "CVE-2017-3540", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T009734", "T006198" ] }, "release_date": "2017-04-18T22:00:00.000+00:00", "title": "CVE-2017-3540" }, { "cve": "CVE-2017-3541", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T009734", "T006198" ] }, "release_date": "2017-04-18T22:00:00.000+00:00", "title": "CVE-2017-3541" }, { "cve": "CVE-2017-3542", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T009734", "T006198" ] }, "release_date": "2017-04-18T22:00:00.000+00:00", "title": "CVE-2017-3542" }, { "cve": "CVE-2017-3543", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T009734", "T006198" ] }, "release_date": "2017-04-18T22:00:00.000+00:00", "title": "CVE-2017-3543" }, { "cve": "CVE-2017-3545", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T009734", "T006198" ] }, "release_date": "2017-04-18T22:00:00.000+00:00", "title": "CVE-2017-3545" }, { "cve": "CVE-2017-3553", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T009734", "T006198" ] }, "release_date": "2017-04-18T22:00:00.000+00:00", "title": "CVE-2017-3553" }, { "cve": "CVE-2017-3554", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T009734", "T006198" ] }, "release_date": "2017-04-18T22:00:00.000+00:00", "title": "CVE-2017-3554" }, { "cve": "CVE-2017-3591", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T009734", "T006198" ] }, "release_date": "2017-04-18T22:00:00.000+00:00", "title": "CVE-2017-3591" }, { "cve": "CVE-2017-3593", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T009734", "T006198" ] }, "release_date": "2017-04-18T22:00:00.000+00:00", "title": "CVE-2017-3593" }, { "cve": "CVE-2017-3594", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T009734", "T006198" ] }, "release_date": "2017-04-18T22:00:00.000+00:00", "title": "CVE-2017-3594" }, { "cve": "CVE-2017-3595", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T009734", "T006198" ] }, "release_date": "2017-04-18T22:00:00.000+00:00", "title": "CVE-2017-3595" }, { "cve": "CVE-2017-3596", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T009734", "T006198" ] }, "release_date": "2017-04-18T22:00:00.000+00:00", "title": "CVE-2017-3596" }, { "cve": "CVE-2017-3597", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T009734", "T006198" ] }, "release_date": "2017-04-18T22:00:00.000+00:00", "title": "CVE-2017-3597" }, { "cve": "CVE-2017-3598", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T009734", "T006198" ] }, "release_date": "2017-04-18T22:00:00.000+00:00", "title": "CVE-2017-3598" }, { "cve": "CVE-2017-3601", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T009734", "T006198" ] }, "release_date": "2017-04-18T22:00:00.000+00:00", "title": "CVE-2017-3601" }, { "cve": "CVE-2017-3602", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T009734", "T006198" ] }, "release_date": "2017-04-18T22:00:00.000+00:00", "title": "CVE-2017-3602" }, { "cve": "CVE-2017-3603", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T009734", "T006198" ] }, "release_date": "2017-04-18T22:00:00.000+00:00", "title": "CVE-2017-3603" }, { "cve": "CVE-2017-3625", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T009734", "T006198" ] }, "release_date": "2017-04-18T22:00:00.000+00:00", "title": "CVE-2017-3625" }, { "cve": "CVE-2017-3626", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T009734", "T006198" ] }, "release_date": "2017-04-18T22:00:00.000+00:00", "title": "CVE-2017-3626" }, { "cve": "CVE-2017-5638", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T009734", "T006198" ] }, "release_date": "2017-04-18T22:00:00.000+00:00", "title": "CVE-2017-5638" } ] }
ghsa-5qvw-r534-xcm4
Vulnerability from github
statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service (use-after-free) or possibly execute arbitrary code via a crafted TLS session.
{ "affected": [], "aliases": [ "CVE-2016-6309" ], "database_specific": { "cwe_ids": [ "CWE-416" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2016-09-26T19:59:00Z", "severity": "CRITICAL" }, "details": "statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service (use-after-free) or possibly execute arbitrary code via a crafted TLS session.", "id": "GHSA-5qvw-r534-xcm4", "modified": "2022-05-14T03:14:44Z", "published": "2022-05-14T03:14:44Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6309" }, { "type": "WEB", "url": "https://bto.bluecoat.com/security-advisory/sa132" }, { "type": "WEB", "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=acacbfa7565c78d2273c0b2a2e5e803f44afefeb" }, { "type": "WEB", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03856en_us" }, { "type": "WEB", "url": "https://www.openssl.org/news/secadv/20160926.txt" }, { "type": "WEB", "url": "https://www.tenable.com/security/tns-2016-16" }, { "type": "WEB", "url": "https://www.tenable.com/security/tns-2016-20" }, { "type": "WEB", "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759" }, { "type": "WEB", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039" }, { "type": "WEB", "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" }, { "type": "WEB", "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" }, { "type": "WEB", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "type": "WEB", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/93177" }, { "type": "WEB", "url": "http://www.securitytracker.com/id/1036885" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.