Vulnerabilites related to synology - dsm
CVE-2010-3684 (GCVE-0-2010-3684)
Vulnerability from cvelistv5
Published
2010-09-29 16:00
Modified
2024-08-07 03:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The FTP authentication module in Synology Disk Station 2.x logs passwords to the web application interface in cases of incorrect login attempts, which allows local users to obtain sensitive information by reading a log, a different vulnerability than CVE-2010-2453.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/513970/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:18:52.943Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20100926 Web commands injection through FTP Login in Synology Disk Station - CVE-2010-2453",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/513970/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-09-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The FTP authentication module in Synology Disk Station 2.x logs passwords to the web application interface in cases of incorrect login attempts, which allows local users to obtain sensitive information by reading a log, a different vulnerability than CVE-2010-2453."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20100926 Web commands injection through FTP Login in Synology Disk Station - CVE-2010-2453",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/513970/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3684",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The FTP authentication module in Synology Disk Station 2.x logs passwords to the web application interface in cases of incorrect login attempts, which allows local users to obtain sensitive information by reading a log, a different vulnerability than CVE-2010-2453."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20100926 Web commands injection through FTP Login in Synology Disk Station - CVE-2010-2453",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/513970/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-3684",
"datePublished": "2010-09-29T16:00:00",
"dateReserved": "2010-09-29T00:00:00",
"dateUpdated": "2024-08-07T03:18:52.943Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2453 (GCVE-0-2010-2453)
Vulnerability from cvelistv5
Published
2010-09-29 16:00
Modified
2024-08-07 02:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Synology Disk Station 2.x before DSM3.0-1337 allow remote attackers to inject arbitrary web script or HTML by connecting to the FTP server and providing a crafted (1) USER or (2) PASS command, which is written by the FTP logging module to a web-interface log window, related to a "web commands injection" issue.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/513970/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:32:16.580Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20100926 Web commands injection through FTP Login in Synology Disk Station - CVE-2010-2453",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/513970/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-09-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Synology Disk Station 2.x before DSM3.0-1337 allow remote attackers to inject arbitrary web script or HTML by connecting to the FTP server and providing a crafted (1) USER or (2) PASS command, which is written by the FTP logging module to a web-interface log window, related to a \"web commands injection\" issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20100926 Web commands injection through FTP Login in Synology Disk Station - CVE-2010-2453",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/513970/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2453",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Synology Disk Station 2.x before DSM3.0-1337 allow remote attackers to inject arbitrary web script or HTML by connecting to the FTP server and providing a crafted (1) USER or (2) PASS command, which is written by the FTP logging module to a web-interface log window, related to a \"web commands injection\" issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20100926 Web commands injection through FTP Login in Synology Disk Station - CVE-2010-2453",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/513970/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2453",
"datePublished": "2010-09-29T16:00:00",
"dateReserved": "2010-06-24T00:00:00",
"dateUpdated": "2024-08-07T02:32:16.580Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2010-09-29 17:00
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Synology Disk Station 2.x before DSM3.0-1337 allow remote attackers to inject arbitrary web script or HTML by connecting to the FTP server and providing a crafted (1) USER or (2) PASS command, which is written by the FTP logging module to a web-interface log window, related to a "web commands injection" issue.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| synology | dsm | 2.2-0942 | |
| synology | dsm | 2.2-1041 | |
| synology | dsm | 2.2-1042 | |
| synology | dsm | 2.2-1045 | |
| synology | dsm | 2.3-1139 | |
| synology | dsm | 2.3-1141 | |
| synology | dsm | 2.3-1144 | |
| synology | dsm | 2.3-1157 | |
| synology | dsm | 2.3-1161 | |
| synology | dsm | 3.0-1334 | |
| synology | disk_station_ds1010\+ | * | |
| synology | disk_station_ds109 | * | |
| synology | disk_station_ds110\+ | * | |
| synology | disk_station_ds110j | * | |
| synology | disk_station_ds209 | * | |
| synology | disk_station_ds210\+ | * | |
| synology | disk_station_ds210j | * | |
| synology | disk_station_ds409slim | * | |
| synology | disk_station_ds410 | * | |
| synology | disk_station_ds410j | * | |
| synology | disk_station_ds411\+ | * | |
| synology | disk_station_ds710\+ | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:synology:dsm:2.2-0942:*:*:*:*:*:*:*",
"matchCriteriaId": "850A03A9-978D-4A60-90B2-A037023A34C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:synology:dsm:2.2-1041:*:*:*:*:*:*:*",
"matchCriteriaId": "121E0EE0-0673-42AB-B7E2-CD6729BE26F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:synology:dsm:2.2-1042:*:*:*:*:*:*:*",
"matchCriteriaId": "4FB4A66B-FC2F-47A3-8480-695DE2D52979",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:synology:dsm:2.2-1045:*:*:*:*:*:*:*",
"matchCriteriaId": "F61AF3A3-09BD-4EE0-95A6-984CD8B1D71B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:synology:dsm:2.3-1139:*:*:*:*:*:*:*",
"matchCriteriaId": "7B20EE94-8F9F-45D1-97F1-C429D75E8666",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:synology:dsm:2.3-1141:*:*:*:*:*:*:*",
"matchCriteriaId": "DFC7BB6B-C5F5-42F1-B4B6-39B011C3515B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:synology:dsm:2.3-1144:*:*:*:*:*:*:*",
"matchCriteriaId": "F02F59B2-0224-4CF6-AF55-C2A7B0919955",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:synology:dsm:2.3-1157:*:*:*:*:*:*:*",
"matchCriteriaId": "D7AADE49-1663-48E9-BEE4-E4FF955FC7F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:synology:dsm:2.3-1161:*:*:*:*:*:*:*",
"matchCriteriaId": "5D469DB1-81A7-4F57-833F-CC796C4391F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:synology:dsm:3.0-1334:*:*:*:*:*:*:*",
"matchCriteriaId": "E14D8A0D-1621-4462-B683-8CB45AB24093",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:synology:disk_station_ds1010\\+:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B99359E4-8DFE-4995-9893-CCA6CEB4B8F9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:synology:disk_station_ds109:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68BC068B-16C8-4B4F-9851-4B5293FAEF68",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:synology:disk_station_ds110\\+:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1166EF93-847B-4D97-BE07-A6DE16B5E2A7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:synology:disk_station_ds110j:*:*:*:*:*:*:*:*",
"matchCriteriaId": "14FF9E89-018F-4726-BBA3-4ADD1E73F021",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:synology:disk_station_ds209:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B3B3E5F-7F93-424C-842D-6D9A793972F9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:synology:disk_station_ds210\\+:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4719A127-3E49-4B74-AECB-023D17DB0528",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:synology:disk_station_ds210j:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10F66242-CE8F-4569-97CF-63312CC2D358",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:synology:disk_station_ds409slim:*:*:*:*:*:*:*:*",
"matchCriteriaId": "294CBF5E-AB11-42A1-9466-B62224CE976F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:synology:disk_station_ds410:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CDF651B4-C186-40B5-8F76-9CD1983E919E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:synology:disk_station_ds410j:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29EFF4D3-362B-40A2-8DEC-3BD20D2859F1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:synology:disk_station_ds411\\+:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AC21A0D4-CB0F-4336-AF71-1DFE1DFDDE28",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:synology:disk_station_ds710\\+:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C4D1826-8C3B-4789-A6AD-B5FCF9980936",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Synology Disk Station 2.x before DSM3.0-1337 allow remote attackers to inject arbitrary web script or HTML by connecting to the FTP server and providing a crafted (1) USER or (2) PASS command, which is written by the FTP logging module to a web-interface log window, related to a \"web commands injection\" issue."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Synology Disk Station v2.x antes de DSM3.0-1337 permite a atacantes remotos inyectar secuencias de comandos web o HTML mediante la conexi\u00f3n al servidor FTP y proporciondo un comando (1) USER o (2) PASS manipulados, los cuales son escritos por el m\u00f3dulo de registro (log) del FTP a una ventana de registro de interfaz web, relacionadas con un problema de \"inyecci\u00f3n de comandos web\" ."
}
],
"id": "CVE-2010-2453",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-09-29T17:00:02.993",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/513970/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/513970/100/0/threaded"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-09-29 17:00
Modified
2025-04-11 00:51
Severity ?
Summary
The FTP authentication module in Synology Disk Station 2.x logs passwords to the web application interface in cases of incorrect login attempts, which allows local users to obtain sensitive information by reading a log, a different vulnerability than CVE-2010-2453.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| synology | dsm | 2.2-0942 | |
| synology | dsm | 2.2-1041 | |
| synology | dsm | 2.2-1042 | |
| synology | dsm | 2.2-1045 | |
| synology | dsm | 2.3-1139 | |
| synology | dsm | 2.3-1141 | |
| synology | dsm | 2.3-1144 | |
| synology | dsm | 2.3-1157 | |
| synology | dsm | 2.3-1161 | |
| synology | disk_station_ds1010\+ | * | |
| synology | disk_station_ds109 | * | |
| synology | disk_station_ds110\+ | * | |
| synology | disk_station_ds110j | * | |
| synology | disk_station_ds209 | * | |
| synology | disk_station_ds210\+ | * | |
| synology | disk_station_ds210j | * | |
| synology | disk_station_ds409slim | * | |
| synology | disk_station_ds410 | * | |
| synology | disk_station_ds410j | * | |
| synology | disk_station_ds411\+ | * | |
| synology | disk_station_ds710\+ | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:synology:dsm:2.2-0942:*:*:*:*:*:*:*",
"matchCriteriaId": "850A03A9-978D-4A60-90B2-A037023A34C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:synology:dsm:2.2-1041:*:*:*:*:*:*:*",
"matchCriteriaId": "121E0EE0-0673-42AB-B7E2-CD6729BE26F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:synology:dsm:2.2-1042:*:*:*:*:*:*:*",
"matchCriteriaId": "4FB4A66B-FC2F-47A3-8480-695DE2D52979",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:synology:dsm:2.2-1045:*:*:*:*:*:*:*",
"matchCriteriaId": "F61AF3A3-09BD-4EE0-95A6-984CD8B1D71B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:synology:dsm:2.3-1139:*:*:*:*:*:*:*",
"matchCriteriaId": "7B20EE94-8F9F-45D1-97F1-C429D75E8666",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:synology:dsm:2.3-1141:*:*:*:*:*:*:*",
"matchCriteriaId": "DFC7BB6B-C5F5-42F1-B4B6-39B011C3515B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:synology:dsm:2.3-1144:*:*:*:*:*:*:*",
"matchCriteriaId": "F02F59B2-0224-4CF6-AF55-C2A7B0919955",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:synology:dsm:2.3-1157:*:*:*:*:*:*:*",
"matchCriteriaId": "D7AADE49-1663-48E9-BEE4-E4FF955FC7F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:synology:dsm:2.3-1161:*:*:*:*:*:*:*",
"matchCriteriaId": "5D469DB1-81A7-4F57-833F-CC796C4391F7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:synology:disk_station_ds1010\\+:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B99359E4-8DFE-4995-9893-CCA6CEB4B8F9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:synology:disk_station_ds109:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68BC068B-16C8-4B4F-9851-4B5293FAEF68",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:synology:disk_station_ds110\\+:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1166EF93-847B-4D97-BE07-A6DE16B5E2A7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:synology:disk_station_ds110j:*:*:*:*:*:*:*:*",
"matchCriteriaId": "14FF9E89-018F-4726-BBA3-4ADD1E73F021",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:synology:disk_station_ds209:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B3B3E5F-7F93-424C-842D-6D9A793972F9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:synology:disk_station_ds210\\+:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4719A127-3E49-4B74-AECB-023D17DB0528",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:synology:disk_station_ds210j:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10F66242-CE8F-4569-97CF-63312CC2D358",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:synology:disk_station_ds409slim:*:*:*:*:*:*:*:*",
"matchCriteriaId": "294CBF5E-AB11-42A1-9466-B62224CE976F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:synology:disk_station_ds410:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CDF651B4-C186-40B5-8F76-9CD1983E919E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:synology:disk_station_ds410j:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29EFF4D3-362B-40A2-8DEC-3BD20D2859F1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:synology:disk_station_ds411\\+:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AC21A0D4-CB0F-4336-AF71-1DFE1DFDDE28",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:synology:disk_station_ds710\\+:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C4D1826-8C3B-4789-A6AD-B5FCF9980936",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The FTP authentication module in Synology Disk Station 2.x logs passwords to the web application interface in cases of incorrect login attempts, which allows local users to obtain sensitive information by reading a log, a different vulnerability than CVE-2010-2453."
},
{
"lang": "es",
"value": "El m\u00f3dulo de autenticaci\u00f3n de FTP en Synology Disk Station v2.x registra las contrase\u00f1as de la interfaz de aplicaci\u00f3n web en los casos de intentos de conexi\u00f3n incorrecta, lo cual permite a usuarios locales obtener informaci\u00f3n sensible mediante la lectura de un registro, una vulnerabilidad diferente de CVE-2010-2453."
}
],
"id": "CVE-2010-3684",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-09-29T17:00:05.743",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/513970/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/513970/100/0/threaded"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
var-201009-0275
Vulnerability from variot
Multiple cross-site scripting (XSS) vulnerabilities in Synology Disk Station 2.x before DSM3.0-1337 allow remote attackers to inject arbitrary web script or HTML by connecting to the FTP server and providing a crafted (1) USER or (2) PASS command, which is written by the FTP logging module to a web-interface log window, related to a "web commands injection" issue. Synology DiskStation Manager is prone to multiple HTML-injection vulnerabilities because the device's web-based administration application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible. Synology DiskStation Manager 2.x is vulnerable; other versions may also be affected. Synology DiskStation (DSM) is a network storage server (NAS) from Synology, which can be used as a file sharing center in a local area network. Check Point Software Technologies - Vulnerability Discovery Team (VDT) http://www.checkpoint.com/defense/
Web commands injection through FTP Login in Synology Disk Station CVE-2010-2453
INTRODUCTION
Synology Inc develops high-performance, reliable, versatile, and environmentally-friendly Network Attached Storage (NAS) products. Synology's goal is to deliver user-friendly storage solutions and solid customer service to satisfy the needs of businesses, home offices, individual users and families.
The disk station product provided by Synology as Network Attached Storage is vulnerable to multiple vulnerabilities including the possibility of remote command execution via CSRF (Cross Site Request Forging) through FTP login console. The FTP server is provided as a configurable service through web interface which provides backend access to manage the disks station. The problem occurs in the FTP logging mechanism together with the admin interface used to view those logs. The FTP console input in the form username and password gets logged in the web application interface.
This problem was confirmed in the following versions of Synology Disk Station, other versions may be also affected.
Synology Disk Station 2.x
Synology issued an update for this vulnerability in the release DSM3.0-1337.
CVSS Scoring System
The CVSS score is: 9.5 Base Score: 10 Temporal Score: 9.5 We used the following values to calculate the scores: Base score is: AV:N/AC:L/Au:N/C:C/I:C/A:C Temporal score is: E:F/RL:U/RC:C
DETAILS
There are four steps for exploitation, specified here together with the identified problem:
1. The attacker can inject malicious input from the FTP login console. As the authentication credentials are inappropriate the FTP authentication
module generates error and the requisite input is logged in to the web interface of the disk station.
2. Secondly the FTP logging module is not designed appropriately and the content comes from the FTP login console is directly placed into the log
window without verification of the Content-Type parameter. The content is allowed to be rendered as HTML, Script etc. An attacker can inject
malicious HTML tags, DOM calls, third part y scripts, CSRF calls that gets executed in the context of logged in account which is administering it.
3. Usually log mechanism is handled by the admin account. The chances of code execution and injection fulfillment are high within full privileges
as of administrator. So any code injected by the attacker becomes persistent in most of the cases and remain there for execution. Moreover CSRF
code with malicious calls can be executed without user interaction.
4. Attacker has to be well versed in directory structure of the disk station manager so that injections can be made according to that and further
operations can be performed. The FTP servers accept username string upto 80-100 characters which is good enough to craft injections to get the
things done The scripts can be inserted from local domain or LAN or third party source to inject arbitrary code.
C:\Users\Administrator>ftp example.com Connected to example.com. 220 Disk Station FTP server at DiskStation ready. User (example.com:(none)): "/>alert("Check Point VDT" 331 Password required for "/>alert("Check Point VDT" Password: 530 Login incorrect. Login failed. ftp> Invalid command. ftp> bye 421 Timeout (300 seconds): closing control connection.
In order to determine the size of the allowed input string, we can do:
C:\Users\Administrator>ftp example.com Connected to example.com. 220 Disk Station FTP server at DiskStation ready. User (example.com:(none)): AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -> Our input 331 Password required for AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA. -> The total lenght really used Password: 530 Login incorrect. Login failed. ftp> Invalid command. ftp> bye 421 Timeout (300 seconds): closing control connection.
CREDITS
This vulnerability was discovered and researched by Rodrigo Rubira Branco from Check Point Vulnerability Discovery Team (VDT) and Aditya K. Sood from Secniche.
Best Regards,
Rodrigo.
-- Rodrigo Rubira Branco Senior Security Researcher Vulnerability Discovery Team (VDT) Check Point Software Technologies
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201009-0275",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dsm",
"scope": "eq",
"trust": 1.6,
"vendor": "synology",
"version": "2.3-1161"
},
{
"model": "dsm",
"scope": "eq",
"trust": 1.6,
"vendor": "synology",
"version": "2.2-1041"
},
{
"model": "dsm",
"scope": "eq",
"trust": 1.6,
"vendor": "synology",
"version": "2.2-1042"
},
{
"model": "dsm",
"scope": "eq",
"trust": 1.6,
"vendor": "synology",
"version": "3.0-1334"
},
{
"model": "dsm",
"scope": "eq",
"trust": 1.6,
"vendor": "synology",
"version": "2.2-0942"
},
{
"model": "dsm",
"scope": "eq",
"trust": 1.6,
"vendor": "synology",
"version": "2.3-1157"
},
{
"model": "dsm",
"scope": "eq",
"trust": 1.6,
"vendor": "synology",
"version": "2.3-1144"
},
{
"model": "dsm",
"scope": "eq",
"trust": 1.6,
"vendor": "synology",
"version": "2.3-1139"
},
{
"model": "dsm",
"scope": "eq",
"trust": 1.6,
"vendor": "synology",
"version": "2.3-1141"
},
{
"model": "dsm",
"scope": "eq",
"trust": 1.6,
"vendor": "synology",
"version": "2.2-1045"
},
{
"model": "diskstation manager",
"scope": "eq",
"trust": 0.8,
"vendor": "synology",
"version": "3.0-1337"
},
{
"model": "diskstation manager",
"scope": "lt",
"trust": 0.8,
"vendor": "synology",
"version": "2.x"
},
{
"model": "diskstation manager",
"scope": "eq",
"trust": 0.3,
"vendor": "synology",
"version": "2.x"
}
],
"sources": [
{
"db": "BID",
"id": "43542"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002952"
},
{
"db": "CNNVD",
"id": "CNNVD-201009-279"
},
{
"db": "NVD",
"id": "CVE-2010-2453"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:synology:diskstation_manager",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-002952"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rodrigo Rubira Branco, Check Point Vulnerability Discovery Team (VDT) and Aditya K. Sood, Secniche",
"sources": [
{
"db": "BID",
"id": "43542"
}
],
"trust": 0.3
},
"cve": "CVE-2010-2453",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2010-2453",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-45058",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2010-2453",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2010-2453",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201009-279",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-45058",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-45058"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002952"
},
{
"db": "CNNVD",
"id": "CNNVD-201009-279"
},
{
"db": "NVD",
"id": "CVE-2010-2453"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site scripting (XSS) vulnerabilities in Synology Disk Station 2.x before DSM3.0-1337 allow remote attackers to inject arbitrary web script or HTML by connecting to the FTP server and providing a crafted (1) USER or (2) PASS command, which is written by the FTP logging module to a web-interface log window, related to a \"web commands injection\" issue. Synology DiskStation Manager is prone to multiple HTML-injection vulnerabilities because the device\u0027s web-based administration application fails to properly sanitize user-supplied input before using it in dynamically generated content. \nAttacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible. \nSynology DiskStation Manager 2.x is vulnerable; other versions may also be affected. Synology DiskStation (DSM) is a network storage server (NAS) from Synology, which can be used as a file sharing center in a local area network. Check Point Software Technologies - Vulnerability Discovery Team (VDT)\nhttp://www.checkpoint.com/defense/\n\nWeb commands injection through FTP Login in Synology Disk Station\nCVE-2010-2453\n\n\nINTRODUCTION\n\nSynology Inc develops high-performance, reliable, versatile, and environmentally-friendly Network Attached Storage (NAS) products. Synology\u0027s goal \nis to deliver user-friendly storage solutions and solid customer service to satisfy the needs of businesses, home offices, individual users and \nfamilies. \n\nThe disk station product provided by Synology as Network Attached Storage is vulnerable to multiple vulnerabilities including the possibility of \nremote command execution via CSRF (Cross Site Request Forging) through FTP login console. The FTP server is provided as a configurable service \nthrough web interface which provides backend access to manage the disks station. The problem occurs in the FTP logging mechanism together with the \nadmin interface used to view those logs. The FTP console input in the form username and password gets logged in the web application interface. \n\nThis problem was confirmed in the following versions of Synology Disk Station, other versions may be also affected. \n\nSynology Disk Station 2.x\n\nSynology issued an update for this vulnerability in the release DSM3.0-1337. \n\n\nCVSS Scoring System\n\nThe CVSS score is: 9.5\n\tBase Score: 10\n\tTemporal Score: 9.5\nWe used the following values to calculate the scores:\n\tBase score is: AV:N/AC:L/Au:N/C:C/I:C/A:C\n\tTemporal score is: E:F/RL:U/RC:C\n\n\nDETAILS\n\n\nThere are four steps for exploitation, specified here together with the identified problem:\n\n\t1. The attacker can inject malicious input from the FTP login console. As the authentication credentials are inappropriate the FTP authentication \n\tmodule generates error and the requisite input is logged in to the web interface of the disk station. \n\t2. Secondly the FTP logging module is not designed appropriately and the content comes from the FTP login console is directly placed into the log \n\twindow without verification of the Content-Type parameter. The content is allowed to be rendered as HTML, Script etc. An attacker can inject \n\tmalicious HTML tags, DOM calls, third part y scripts, CSRF calls that gets executed in the context of logged in account which is administering it. \n\t3. Usually log mechanism is handled by the admin account. The chances of code execution and injection fulfillment are high within full privileges \n\tas of administrator. So any code injected by the attacker becomes persistent in most of the cases and remain there for execution. Moreover CSRF \n\tcode with malicious calls can be executed without user interaction. \n\t4. Attacker has to be well versed in directory structure of the disk station manager so that injections can be made according to that and further \n\toperations can be performed. The FTP servers accept username string upto 80-100 characters which is good enough to craft injections to get the \n\tthings done The scripts can be inserted from local domain or LAN or third party source to inject arbitrary code. \n\nC:\\Users\\Administrator\u003eftp example.com\nConnected to example.com. \n220 Disk Station FTP server at DiskStation ready. \nUser (example.com:(none)): \"/\u003e\u003cscript\u003ealert(\"Check Point VDT\"\u003c/script\u003e\n331 Password required for \"/\u003e\u003cscript\u003ealert(\"Check Point VDT\"\u003c/script\u003e\nPassword:\n530 Login incorrect. \nLogin failed. \nftp\u003e Invalid command. \nftp\u003e bye\n421 Timeout (300 seconds): closing control connection. \n\nIn order to determine the size of the allowed input string, we can do:\n\nC:\\Users\\Administrator\u003eftp example.com\nConnected to example.com. \n220 Disk Station FTP server at DiskStation ready. \nUser (example.com:(none)): AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -\u003e Our input\n331 Password required for AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA. -\u003e The total lenght really used\nPassword:\n530 Login incorrect. \nLogin failed. \nftp\u003e Invalid command. \nftp\u003e bye\n421 Timeout (300 seconds): closing control connection. \n\n\n\nCREDITS\n\nThis vulnerability was discovered and researched by Rodrigo Rubira Branco from Check Point Vulnerability Discovery Team (VDT) and Aditya\nK. Sood from Secniche. \n\n\n\nBest Regards,\n \nRodrigo. \n \n--\nRodrigo Rubira Branco\nSenior Security Researcher\nVulnerability Discovery Team (VDT)\nCheck Point Software Technologies\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-2453"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002952"
},
{
"db": "BID",
"id": "43542"
},
{
"db": "VULHUB",
"id": "VHN-45058"
},
{
"db": "PACKETSTORM",
"id": "94283"
}
],
"trust": 2.07
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-45058",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-45058"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2010-2453",
"trust": 2.9
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002952",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201009-279",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20100926 WEB COMMANDS INJECTION THROUGH FTP LOGIN IN SYNOLOGY DISK STATION - CVE-2010-2453",
"trust": 0.6
},
{
"db": "BID",
"id": "43542",
"trust": 0.4
},
{
"db": "PACKETSTORM",
"id": "94283",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-45058",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-45058"
},
{
"db": "BID",
"id": "43542"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002952"
},
{
"db": "PACKETSTORM",
"id": "94283"
},
{
"db": "CNNVD",
"id": "CNNVD-201009-279"
},
{
"db": "NVD",
"id": "CVE-2010-2453"
}
]
},
"id": "VAR-201009-0275",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-45058"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:56:17.657000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.synology.com/index.php?lang=default"
},
{
"title": "synology_x86_1010+_1337",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=34456"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-002952"
},
{
"db": "CNNVD",
"id": "CNNVD-201009-279"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-45058"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002952"
},
{
"db": "NVD",
"id": "CVE-2010-2453"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/513970/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2453"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-2453"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/513970/100/0/threaded"
},
{
"trust": 0.3,
"url": "http://www.synology.com/enu/index.php"
},
{
"trust": 0.1,
"url": "http://www.checkpoint.com/defense/"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2453"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-45058"
},
{
"db": "BID",
"id": "43542"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002952"
},
{
"db": "PACKETSTORM",
"id": "94283"
},
{
"db": "CNNVD",
"id": "CNNVD-201009-279"
},
{
"db": "NVD",
"id": "CVE-2010-2453"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-45058"
},
{
"db": "BID",
"id": "43542"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002952"
},
{
"db": "PACKETSTORM",
"id": "94283"
},
{
"db": "CNNVD",
"id": "CNNVD-201009-279"
},
{
"db": "NVD",
"id": "CVE-2010-2453"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-09-29T00:00:00",
"db": "VULHUB",
"id": "VHN-45058"
},
{
"date": "2010-09-28T00:00:00",
"db": "BID",
"id": "43542"
},
{
"date": "2012-03-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-002952"
},
{
"date": "2010-09-28T02:17:53",
"db": "PACKETSTORM",
"id": "94283"
},
{
"date": "2010-09-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201009-279"
},
{
"date": "2010-09-29T17:00:02.993000",
"db": "NVD",
"id": "CVE-2010-2453"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-10T00:00:00",
"db": "VULHUB",
"id": "VHN-45058"
},
{
"date": "2010-09-28T00:00:00",
"db": "BID",
"id": "43542"
},
{
"date": "2012-03-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-002952"
},
{
"date": "2010-10-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201009-279"
},
{
"date": "2024-11-21T01:16:41.670000",
"db": "NVD",
"id": "CVE-2010-2453"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201009-279"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Synology Disk Station Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-002952"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201009-279"
}
],
"trust": 0.6
}
}
var-201808-0959
Vulnerability from variot
Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis. These attacks are known as L1 Terminal Fault: SGX, L1 Terminal Fault: OS/SMM, and L1 Terminal Fault: VMM. Intel Core Systems with microprocessors contain information disclosure vulnerabilities.Information may be obtained and information may be altered. Multiple Intel Processors are prone to a multiple information-disclosure vulnerabilities. Local attackers can exploit these issues to obtain sensitive information. This may aid in further attacks. Intel Xeon Processor E3 v5 Family, etc. are the central processing unit (CPU) products of Intel Corporation of the United States. The following products are affected: Intel Xeon Processor E3 v5 Family; Intel Xeon Processor E3 v6 Family; 6th generation Intel Core processors; 7th generation Intel Core processors; 8th generation Intel Core processors. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
[slackware-security] Slackware 14.2 kernel (SSA:2018-240-01)
New kernel packages are available for Slackware 14.2 to mitigate security issues.
Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/linux-4.4.153/: Upgraded. This kernel update enables mitigations for L1 Terminal Fault aka Foreshadow and Foreshadow-NG vulnerabilities. Thanks to Bernhard Kaindl for bisecting the boot issue that was preventing us from upgrading to earlier 4.4.x kernels that contained this fix. To see the status of CPU vulnerability mitigations on your system, look at the files in: /sys/devices/system/cpu/vulnerabilities Be sure to upgrade your initrd after upgrading the kernel packages. If you use lilo to boot your machine, be sure lilo.conf points to the correct kernel and initrd and run lilo as root to update the bootloader. If you use elilo to boot your machine, you should run eliloconfig to copy the kernel and initrd to the EFI System Partition. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3615 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3620 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3546 ( Security fix *) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated packages for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.153/kernel-firmware-20180825_fea76a0-noarch-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.153/kernel-generic-4.4.153-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.153/kernel-generic-smp-4.4.153_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.153/kernel-headers-4.4.153_smp-x86-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.153/kernel-huge-4.4.153-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.153/kernel-huge-smp-4.4.153_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.153/kernel-modules-4.4.153-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.153/kernel-modules-smp-4.4.153_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.153/kernel-source-4.4.153_smp-noarch-1.txz
Updated packages for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.153/kernel-firmware-20180825_fea76a0-noarch-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.153/kernel-generic-4.4.153-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.153/kernel-headers-4.4.153-x86-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.153/kernel-huge-4.4.153-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.153/kernel-modules-4.4.153-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.153/kernel-source-4.4.153-noarch-1.txz
MD5 signatures: +-------------+
Slackware 14.2 packages: b0a4ac8050eed122d407069db8704be2 kernel-firmware-20180825_fea76a0-noarch-1.txz cd110706f35e4496017f7270d393fcf9 kernel-generic-4.4.153-i586-1.txz 57b026fb409d15596b91963bfab973b5 kernel-generic-smp-4.4.153_smp-i686-1.txz d1f1a717bcdc85be8382628f0a38ae78 kernel-headers-4.4.153_smp-x86-1.txz 439fc6640ce50c1b061b60b6a7afffe9 kernel-huge-4.4.153-i586-1.txz b1683dd7d0a3f6898f5d8ffecca50c4a kernel-huge-smp-4.4.153_smp-i686-1.txz 5ac4445b7ac81c65e4fe8269fa8f7b23 kernel-modules-4.4.153-i586-1.txz 3f9a394283e7feff520b6bff6219d1de kernel-modules-smp-4.4.153_smp-i686-1.txz 4b8979e2226d66d957b33deacbf5fb26 kernel-source-4.4.153_smp-noarch-1.txz
Slackware x86_64 14.2 packages: b0a4ac8050eed122d407069db8704be2 kernel-firmware-20180825_fea76a0-noarch-1.txz 1109c106490e646cf687fbd1ac7211cd kernel-generic-4.4.153-x86_64-1.txz 8668e44ceb919d862e02c7eedfd2cf1d kernel-headers-4.4.153-x86-1.txz fe42dde9fd78ef32c4527e0a6fa60da0 kernel-huge-4.4.153-x86_64-1.txz 7a872f2bff05ebad6ec781f36bf0e392 kernel-modules-4.4.153-x86_64-1.txz 6403fd73910a3f1e1b9eed3ecb6de0e4 kernel-source-4.4.153-noarch-1.txz
Installation instructions: +------------------------+
Upgrade the packages as root:
upgradepkg kernel-*.txz
If you are using an initrd, you'll need to rebuild it.
For a 32-bit SMP machine, use this command (substitute the appropriate kernel version if you are not running Slackware 14.2):
/usr/share/mkinitrd/mkinitrd_command_generator.sh -k 4.4.153-smp | bash
For a 64-bit machine, or a 32-bit uniprocessor machine, use this command (substitute the appropriate kernel version if you are not running Slackware 14.2):
/usr/share/mkinitrd/mkinitrd_command_generator.sh -k 4.4.153 | bash
Please note that "uniprocessor" has to do with the kernel you are running, not with the CPU. Most systems should run the SMP kernel (if they can) regardless of the number of cores the CPU has. If you aren't sure which kernel you are running, run "uname -a". If you see SMP there, you are running the SMP kernel and should use the 4.4.153-smp version when running mkinitrd_command_generator. Note that this is only for 32-bit -- 64-bit systems should always use 4.4.153 as the version.
If you are using lilo or elilo to boot the machine, you'll need to ensure that the machine is properly prepared before rebooting.
If using LILO: By default, lilo.conf contains an image= line that references a symlink that always points to the correct kernel. No editing should be required unless your machine uses a custom lilo.conf. If that is the case, be sure that the image= line references the correct kernel file. Either way, you'll need to run "lilo" as root to reinstall the boot loader.
If using elilo: Ensure that the /boot/vmlinuz symlink is pointing to the kernel you wish to use, and then run eliloconfig to update the EFI System Partition.
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. | +------------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE-----
iEYEARECAAYFAluFyGYACgkQakRjwEAQIjN99wCbBHlVovtqYBjkObo2PP9WIIr7 eI8An0+88QDu5DNT6mF1CrHvAToR3o8G =SVgT -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201808-0959",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "core i7",
"scope": "eq",
"trust": 1.6,
"vendor": "intel",
"version": "660ue"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.6,
"vendor": "intel",
"version": "660lm"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.6,
"vendor": "intel",
"version": "620um"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.6,
"vendor": "intel",
"version": "640m"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.6,
"vendor": "intel",
"version": "620ue"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.6,
"vendor": "intel",
"version": "640um"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.6,
"vendor": "intel",
"version": "750"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.6,
"vendor": "intel",
"version": "660um"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.6,
"vendor": "intel",
"version": "640lm"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.6,
"vendor": "intel",
"version": "680um"
},
{
"model": "xeon e3 1268l v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6400"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "720qm"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7600u"
},
{
"model": "xeon e3 1240l v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1501m v6",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8400"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6442eq"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6585r"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8550u"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "1515m_v5"
},
{
"model": "xeon e3 1240 v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "740qm"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6300hq"
},
{
"model": "xeon e3 1245 v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6300u"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8650u"
},
{
"model": "xeon e3 1270 v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7820hq"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8100"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6098p"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7560u"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "1535m_v5"
},
{
"model": "xeon e3 1220 v6",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1230 v6",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6006u"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6100t"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "620m"
},
{
"model": "xeon e3 1225 v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "750s"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "1545m_v5"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7y75"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6400t"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "1585_v5"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "1585l_v5"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6102e"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "670"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7820eq"
},
{
"model": "xeon e3 1505l v6",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1240 v6",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "1558l_v5"
},
{
"model": "xeon e3 1505m v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6440eq"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "661"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7700hq"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "840qm"
},
{
"model": "xeon e3 1501l v6",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8700k"
},
{
"model": "xeon e3 1230 v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "1505m_v6"
},
{
"model": "xeon e3 1280 v6",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6300t"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6402p"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "610e"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8350u"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6600k"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "650"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6685r"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "620lm"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7700k"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "860"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6100e"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6200u"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "870"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6260u"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "875k"
},
{
"model": "xeon e3 1235l v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "680"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "1578l_v5"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "1565l_v5"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "1535m_v6"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "880"
},
{
"model": "xeon e3 1260l v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "620le"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "1575m_v5"
},
{
"model": "xeon e3 1220 v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "760"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "660"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6500te"
},
{
"model": "xeon e3 1505l v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1285 v6",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6600"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6267u"
},
{
"model": "xeon e3 1225 v6",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1275 v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7700"
},
{
"model": "xeon e3 1280 v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6167u"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6350hq"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6500t"
},
{
"model": "xeon e3 1245 v6",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7567u"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "860s"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "870s"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7820hk"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6320"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6287u"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7700t"
},
{
"model": "xeon e3 1275 v6",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6100te"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7500u"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6100h"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6600t"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "820qm"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6500"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6157u"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8250u"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6300"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6100u"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7920hq"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6360u"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8350k"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "655k"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6100"
},
{
"model": "xeon e3 1270 v6",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6440hq"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8700"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7660u"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8600k"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "core i3",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "core i5",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "core i7",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "2.0"
},
{
"model": "proliant dl560 gen10 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "dsm",
"scope": "eq",
"trust": 0.3,
"vendor": "synology",
"version": "5.2"
},
{
"model": "vcenter server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.7"
},
{
"model": "proliant ml350e gen8 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "proliant m710p server cartridge",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "proliant dl170h g6 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "proliant xl260a gen9 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "proliant ml330 g6 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "core x-series processor family for intel platforms",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "x990"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "cloudline cl5800 gen9 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "xeon processor e7 family",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "v40"
},
{
"model": "windows server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "18030"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-6.6"
},
{
"model": "vsphere data protection",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.1.6"
},
{
"model": "proliant ml150 g6 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "esxi",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.0"
},
{
"model": "enterprise linux for power big endian extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.5"
},
{
"model": "proliant xl170r gen9 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "proliant sl160z g6 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "proliant dl560 gen9 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-6.5"
},
{
"model": "proliant xl190r gen10 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.2.3"
},
{
"model": "proliant xl750f gen9 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.1.4"
},
{
"model": "sgi uv",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "20000"
},
{
"model": "xeon processor scalable family",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "cloudline cl2100 g3 807s 12g 8sff",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "xeon processor d-2100",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "proliant dl180 gen10 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "xeon processor e5 family",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "v20"
},
{
"model": "fusion",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "10.0"
},
{
"model": "virtualization host",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "proliant sl170z g6 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "proliant m710 server cartridge",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "proliant dl370 g6 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "vrealize automation",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.0"
},
{
"model": "proliant dl180 g6 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "3.2.2"
},
{
"model": "proliant dl360p gen8 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "proliant ml310e gen8 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "v20"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.0.3"
},
{
"model": "proliant bl280c g6 server blade",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "3.4.3"
},
{
"model": "proliant ml370 g6 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "vrealize automation",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "7.3.1"
},
{
"model": "proliant bl460c g7 server blade",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "vsphere data protection",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.0.6"
},
{
"model": "proliant bl460c g6 server blade",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "proliant thin micro tm200 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "proliant dl380e gen8 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "proliant bl620c g7 server blade",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "cloudline cl4100 gen10 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.0.1"
},
{
"model": "xenserver",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "7.5"
},
{
"model": "vrealize automation",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.2"
},
{
"model": "enterprise linux eus compute node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.7"
},
{
"model": "enterprise linux server update services for sap solutions",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.3"
},
{
"model": "proliant ml350 gen10 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.6"
},
{
"model": "proliant dl120 g6 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "esxi",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.5"
},
{
"model": "windows server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20120"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.5.3"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "3.2.3"
},
{
"model": "skynas",
"scope": "eq",
"trust": 0.3,
"vendor": "synology",
"version": "0"
},
{
"model": "proliant dl160 gen8 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "windows version for 32-bit systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1017030"
},
{
"model": "core x-series processor family for intel platforms",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "x2990"
},
{
"model": "proliant xl250a gen9 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.2.0"
},
{
"model": "enterprise linux for arm",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "647"
},
{
"model": "vsphere data protection",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.1.4"
},
{
"model": "windows server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "17090"
},
{
"model": "c880 m5 server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "vrealize automation",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "7.0"
},
{
"model": "proliant ws460c gen9 workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "vsphere data protection",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.0.5"
},
{
"model": "proliant dl120 g7 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "proliant dl380 g6 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "cloudline cl2100 gen10 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "proliant bl685c g7 server blade",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "3.4.0"
},
{
"model": "enterprise linux server update services for sap solutions",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7."
},
{
"model": "windows version for 32-bit systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1018030"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "3.0.4"
},
{
"model": "2nd generation core processors",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.1.1"
},
{
"model": "enterprise linux for real time",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux eus compute node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.5"
},
{
"model": "cloudline cl5200 gen9 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "xeon processor series",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "56000"
},
{
"model": "proliant ml110 g6 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "enterprise linux server extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.4"
},
{
"model": "proliant bl490c g7 server blade",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "fusion pro",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "10.1.1"
},
{
"model": "proliant dl385 g7 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "xeon processor series",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "36000"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.1.0"
},
{
"model": "windows server r2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20120"
},
{
"model": "enterprise linux for ibm z systems",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.11"
},
{
"model": "xeon processor e3 family",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "v20"
},
{
"model": "xeon processor series",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "55000"
},
{
"model": "enterprise linux server extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-6.7"
},
{
"model": "xeon processor e5 family",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "v40"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "3.3.2"
},
{
"model": "fusion pro",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "10.1.2"
},
{
"model": "synergy gen9 compute module",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4800"
},
{
"model": "proliant dl580 gen10 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.1.5"
},
{
"model": "dsm",
"scope": "eq",
"trust": 0.3,
"vendor": "synology",
"version": "6.1"
},
{
"model": "synergy gen9 compute module",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6200"
},
{
"model": "vsphere data protection",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.1"
},
{
"model": "synergy gen10 compute module",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4800"
},
{
"model": "proliant dl160 gen10 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "cloudline cl3100 gen10 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "proliant ml150 gen9 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "5th generation core processors",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "c880 m4 server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "apollo gen9 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "42000"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "3.4.2"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.1.3"
},
{
"model": "proliant dl580 g7 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "7th generation core processors",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "3rd generation core processors",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "3.0.3"
},
{
"model": "vsphere integrated containers",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "1.2"
},
{
"model": "windows server r2 for x64-based systems sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"model": "cloudline cl2200 gen10 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "vsphere integrated containers",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "1.3.1"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.8"
},
{
"model": "windows server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2016"
},
{
"model": "sgi uv",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3000"
},
{
"model": "esxi",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.7"
},
{
"model": "enterprise linux for power little endian extended update supp",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.5"
},
{
"model": "enterprise linux for power little endian",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "integrity superdome with bl920s gen9 server blade",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "x0"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.7"
},
{
"model": "cloudline cl2100 g3 806r 8sff",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-6.6"
},
{
"model": "windows server for x64-based systems sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.3.0"
},
{
"model": "operating system",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "enterprise linux for power little endian extended update supp",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.4"
},
{
"model": "proliant dl980 g7 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.4"
},
{
"model": "xeon processor e5 family",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "v30"
},
{
"model": "proliant sl210t gen8 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "sgi uv",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "10000"
},
{
"model": "cloudline cl2100 g3 407s 12g 4lff",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "xeon processor e7 family",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "3.0.2"
},
{
"model": "core i3 processor",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "6th generation core processors",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "vrealize automation",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.2.5"
},
{
"model": "superdome flex server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "vsphere integrated containers",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "1.3"
},
{
"model": "enterprise linux eus compute node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "virtual machine manager",
"scope": "eq",
"trust": 0.3,
"vendor": "synology",
"version": "0"
},
{
"model": "xeon processor e3 family",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "v40"
},
{
"model": "proliant ml110 g7 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.2.2"
},
{
"model": "proliant dl580 gen8 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "identity manager",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "3.0"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "3.1"
},
{
"model": "proliant ml30 gen9 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "enterprise linux for ibm system z",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "integrity mc990 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "x0"
},
{
"model": "proliant ml110 gen9 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.10"
},
{
"model": "proliant bl490c g6 server blade",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "proliant dl360 gen10 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "proliant m710x server cartridge",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "virtualization els",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7"
},
{
"model": "windows version for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1017090"
},
{
"model": "proliant ml350 gen9 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "proliant dl320 g6 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "integrity superdome with bl920s gen8 server blade",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "x0"
},
{
"model": "fusion pro",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "10.0"
},
{
"model": "proliant xl270d gen10 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "proliant bl660c gen9 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "8th generation core processors",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "proliant xl190r gen9 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "proliant xl450 gen9 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "enterprise linux server extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.5"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "3.1.4"
},
{
"model": "proliant bl680c g7 server blade",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.1.6.1"
},
{
"model": "windows version for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1018030"
},
{
"model": "4th generation core processors",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "proliant dl180 gen9 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "proliant xl450 gen10 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "enterprise linux for power little endian extended update supp",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.3"
},
{
"model": "windows for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "8.10"
},
{
"model": "proliant sl160s g6 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "proliant dl380 g7 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "proliant dl170e g6 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "proliant bl460c gen8 server blade",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.4"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.3"
},
{
"model": "proliant dl380 gen10 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "windows for 32-bit systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "8.10"
},
{
"model": "system management mode",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "xenserver",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "7.1"
},
{
"model": "xeon processor series",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "75000"
},
{
"model": "xenserver ltsr cu1",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "7.1"
},
{
"model": "cloudline cl5200 g3 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.4.1"
},
{
"model": "proliant dl360 g7 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "xeon processor e3 family",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "v30"
},
{
"model": "rhev hypervisor for rhel-6",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "0"
},
{
"model": "proliant dl360 gen9 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "3.4.4"
},
{
"model": "enterprise linux for ibm z systems extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.5"
},
{
"model": "vsphere integrated containers",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "1.0"
},
{
"model": "vsphere data protection",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.0"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "3.3.1"
},
{
"model": "proliant dl360 g6 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "xeon processor e3 family",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "v50"
},
{
"model": "virtualization els",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-6"
},
{
"model": "proliant sl2x170z g6 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "windows for 32-bit systems sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "7"
},
{
"model": "windows for x64-based systems sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "7"
},
{
"model": "enterprise linux for ibm z systems extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.4"
},
{
"model": "management agent for rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "70"
},
{
"model": "windows version for 32-bit systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1016070"
},
{
"model": "proliant dl360e gen8 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "core i7 processor",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.3.1"
},
{
"model": "windows server for 32-bit systems sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"model": "enterprise linux for ibm z systems extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-6.7"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.0.0"
},
{
"model": "proliant bl2x220c g7 server blade",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "dsm",
"scope": "eq",
"trust": 0.3,
"vendor": "synology",
"version": "6.2"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.5"
},
{
"model": "vcenter server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.0"
},
{
"model": "virtualization",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "vrealize automation",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.2.4"
},
{
"model": "vrealize automation",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.2.4.1"
},
{
"model": "synergy gen9 compute module",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6600"
},
{
"model": "cloudline cl2200 g3 1211r lff",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "120"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.9"
},
{
"model": "windows version for 32-bit systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1017090"
},
{
"model": "enterprise linux server extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.3"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.0.2"
},
{
"model": "proliant ml350p gen8 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "synergy gen10 compute module",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6600"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.0.4"
},
{
"model": "enterprise linux for power big endian",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "3.2.0"
},
{
"model": "proliant bl460c gen10 server blade",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "proliant dl320e gen8 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "proliant ml110 gen10 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "proliant bl420c gen8 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.4.0"
},
{
"model": "vrealize automation",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "7.4"
},
{
"model": "xenserver",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "7.4"
},
{
"model": "proliant ml350 g6 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "proliant microserver gen8",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "proliant dl580 gen9 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "vrealize automation",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.1"
},
{
"model": "xeon processor d-1500",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.4"
},
{
"model": "sgi uv",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "30000"
},
{
"model": "enterprise linux for power big endian extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.4"
},
{
"model": "vsphere integrated containers",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "1.1"
},
{
"model": "proliant sl170s g6 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "ucs e-series servers",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "enterprise linux server update services for sap solutions",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.2"
},
{
"model": "enterprise linux for scientific computing",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "xeon processor e3 family",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "v60"
},
{
"model": "proliant bl660c gen8 server blade",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "enterprise linux for power big endian extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-6.7"
},
{
"model": "300h",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "core i5 processor",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "proliant dl560 gen8 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "proliant dl380p gen8 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "3.1.3"
},
{
"model": "enterprise linux for ibm z systems extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.3"
},
{
"model": "windows rt",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "3.3.0"
},
{
"model": "proliant xl270d gen9 accelerator tray 2u configure-to-order serv",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "enterprise linux eus compute node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.4"
},
{
"model": "vrealize automation",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "7.3.0"
},
{
"model": "vcenter server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.5"
},
{
"model": "fusion",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "10.1.1"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "3.4.1"
},
{
"model": "proliant sl390s g7 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "proliant xl230a gen9 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "xeon processor e3 family",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "proliant xl730f gen9 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "enterprise linux extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "virtual machine manager",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "proliant bl460c gen9 server blade",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "proliant dl60 gen9 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "vsphere data protection",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.1.5"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.6.3"
},
{
"model": "xeon processor e7 family",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "v20"
},
{
"model": "xeon processor series",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "34000"
},
{
"model": "proliant dl120 gen9 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.2.1"
},
{
"model": "fusion",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "10.1.2"
},
{
"model": "xeon processor e7 family",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "v30"
},
{
"model": "software guard extensions",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "synergy gen9 special compute module",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6200"
},
{
"model": "proliant bl2x220c g6 server blade",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "proliant xl740f gen9 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "cloudline cl3100 g3 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "cloudline cl2100 g3 807s sff",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "80"
},
{
"model": "proliant xl230k gen10 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "windows for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "100"
},
{
"model": "cloudline cl2200 g3 12g 1211r 12lff",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "vrealize automation",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "7.1"
},
{
"model": "xenserver",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "7.0"
},
{
"model": "vsphere data protection",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.0.7"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "3.2.1"
},
{
"model": "enterprise linux for power",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "97"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.3"
},
{
"model": "enterprise linux for power big endian extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.3"
},
{
"model": "cloudline cl3150 gen10 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "vrealize automation",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "7.2"
},
{
"model": "proliant xl170r gen10 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "proliant dl380 gen9 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "core m processor family",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "fusion",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "10.1"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.5.0"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.1.2"
},
{
"model": "proliant dl120 gen10 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "windows version for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1016070"
},
{
"model": "xeon processor e5 family",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "300rl",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "cloudline cl2100 g3 407s lff",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "40"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.6"
},
{
"model": "xeon processor series",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "65000"
},
{
"model": "proliant dl80 gen9 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "windows version for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1017030"
},
{
"model": "proliant ml310e gen8 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "proliant dl160 g6 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "proliant bl465c g7 server blade",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#982149"
},
{
"db": "BID",
"id": "105080"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006426"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-341"
},
{
"db": "NVD",
"id": "CVE-2018-3615"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:intel:core_i3",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:intel:core_i5",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:intel:core_i7",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:intel:xeon_e3",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006426"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "University of Michigan; Mark Silberstein, Technion; Thomas F.,Raoul Strackx, KU Leuven; Marina Minkin, University of Michigan; Baris Kasikci, and Frank Piessens of imec-DistriNet, Technion; Ofir Weisse, Jo Van Bulck, These vulnerabilities are publicly disclosed by the outside. , University of Michigan; Daniel Genkin",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-341"
}
],
"trust": 0.6
},
"cve": "CVE-2018-3615",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "CVE-2018-3615",
"impactScore": 7.8,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "VHN-133646",
"impactScore": 7.8,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:N/C:C/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.1,
"id": "CVE-2018-3615",
"impactScore": 4.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-3615",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-3615",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201808-341",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-133646",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-3615",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-133646"
},
{
"db": "VULMON",
"id": "CVE-2018-3615"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006426"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-341"
},
{
"db": "NVD",
"id": "CVE-2018-3615"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis. These attacks are known as L1 Terminal Fault: SGX, L1 Terminal Fault: OS/SMM, and L1 Terminal Fault: VMM. Intel Core Systems with microprocessors contain information disclosure vulnerabilities.Information may be obtained and information may be altered. Multiple Intel Processors are prone to a multiple information-disclosure vulnerabilities. \nLocal attackers can exploit these issues to obtain sensitive information. This may aid in further attacks. Intel Xeon Processor E3 v5 Family, etc. are the central processing unit (CPU) products of Intel Corporation of the United States. The following products are affected: Intel Xeon Processor E3 v5 Family; Intel Xeon Processor E3 v6 Family; 6th generation Intel Core processors; 7th generation Intel Core processors; 8th generation Intel Core processors. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n[slackware-security] Slackware 14.2 kernel (SSA:2018-240-01)\n\nNew kernel packages are available for Slackware 14.2 to mitigate\nsecurity issues. \n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n+--------------------------+\npatches/packages/linux-4.4.153/*: Upgraded. \n This kernel update enables mitigations for L1 Terminal Fault aka\n Foreshadow and Foreshadow-NG vulnerabilities. \n Thanks to Bernhard Kaindl for bisecting the boot issue that was preventing\n us from upgrading to earlier 4.4.x kernels that contained this fix. \n To see the status of CPU vulnerability mitigations on your system, look at\n the files in: /sys/devices/system/cpu/vulnerabilities\n Be sure to upgrade your initrd after upgrading the kernel packages. \n If you use lilo to boot your machine, be sure lilo.conf points to the correct\n kernel and initrd and run lilo as root to update the bootloader. \n If you use elilo to boot your machine, you should run eliloconfig to copy the\n kernel and initrd to the EFI System Partition. \n For more information, see:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3615\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3620\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3546\n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.153/kernel-firmware-20180825_fea76a0-noarch-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.153/kernel-generic-4.4.153-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.153/kernel-generic-smp-4.4.153_smp-i686-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.153/kernel-headers-4.4.153_smp-x86-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.153/kernel-huge-4.4.153-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.153/kernel-huge-smp-4.4.153_smp-i686-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.153/kernel-modules-4.4.153-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.153/kernel-modules-smp-4.4.153_smp-i686-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.153/kernel-source-4.4.153_smp-noarch-1.txz\n\nUpdated packages for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.153/kernel-firmware-20180825_fea76a0-noarch-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.153/kernel-generic-4.4.153-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.153/kernel-headers-4.4.153-x86-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.153/kernel-huge-4.4.153-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.153/kernel-modules-4.4.153-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.153/kernel-source-4.4.153-noarch-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.2 packages:\nb0a4ac8050eed122d407069db8704be2 kernel-firmware-20180825_fea76a0-noarch-1.txz\ncd110706f35e4496017f7270d393fcf9 kernel-generic-4.4.153-i586-1.txz\n57b026fb409d15596b91963bfab973b5 kernel-generic-smp-4.4.153_smp-i686-1.txz\nd1f1a717bcdc85be8382628f0a38ae78 kernel-headers-4.4.153_smp-x86-1.txz\n439fc6640ce50c1b061b60b6a7afffe9 kernel-huge-4.4.153-i586-1.txz\nb1683dd7d0a3f6898f5d8ffecca50c4a kernel-huge-smp-4.4.153_smp-i686-1.txz\n5ac4445b7ac81c65e4fe8269fa8f7b23 kernel-modules-4.4.153-i586-1.txz\n3f9a394283e7feff520b6bff6219d1de kernel-modules-smp-4.4.153_smp-i686-1.txz\n4b8979e2226d66d957b33deacbf5fb26 kernel-source-4.4.153_smp-noarch-1.txz\n\nSlackware x86_64 14.2 packages:\nb0a4ac8050eed122d407069db8704be2 kernel-firmware-20180825_fea76a0-noarch-1.txz\n1109c106490e646cf687fbd1ac7211cd kernel-generic-4.4.153-x86_64-1.txz\n8668e44ceb919d862e02c7eedfd2cf1d kernel-headers-4.4.153-x86-1.txz\nfe42dde9fd78ef32c4527e0a6fa60da0 kernel-huge-4.4.153-x86_64-1.txz\n7a872f2bff05ebad6ec781f36bf0e392 kernel-modules-4.4.153-x86_64-1.txz\n6403fd73910a3f1e1b9eed3ecb6de0e4 kernel-source-4.4.153-noarch-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg kernel-*.txz\n\nIf you are using an initrd, you\u0027ll need to rebuild it. \n\nFor a 32-bit SMP machine, use this command (substitute the appropriate\nkernel version if you are not running Slackware 14.2):\n# /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 4.4.153-smp | bash\n\nFor a 64-bit machine, or a 32-bit uniprocessor machine, use this command\n(substitute the appropriate kernel version if you are not running\nSlackware 14.2):\n# /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 4.4.153 | bash\n\nPlease note that \"uniprocessor\" has to do with the kernel you are running,\nnot with the CPU. Most systems should run the SMP kernel (if they can)\nregardless of the number of cores the CPU has. If you aren\u0027t sure which\nkernel you are running, run \"uname -a\". If you see SMP there, you are\nrunning the SMP kernel and should use the 4.4.153-smp version when running\nmkinitrd_command_generator. Note that this is only for 32-bit -- 64-bit\nsystems should always use 4.4.153 as the version. \n\nIf you are using lilo or elilo to boot the machine, you\u0027ll need to ensure\nthat the machine is properly prepared before rebooting. \n\nIf using LILO:\nBy default, lilo.conf contains an image= line that references a symlink\nthat always points to the correct kernel. No editing should be required\nunless your machine uses a custom lilo.conf. If that is the case, be sure\nthat the image= line references the correct kernel file. Either way,\nyou\u0027ll need to run \"lilo\" as root to reinstall the boot loader. \n\nIf using elilo:\nEnsure that the /boot/vmlinuz symlink is pointing to the kernel you wish\nto use, and then run eliloconfig to update the EFI System Partition. \n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. |\n+------------------------------------------------------------------------+\n-----BEGIN PGP SIGNATURE-----\n\niEYEARECAAYFAluFyGYACgkQakRjwEAQIjN99wCbBHlVovtqYBjkObo2PP9WIIr7\neI8An0+88QDu5DNT6mF1CrHvAToR3o8G\n=SVgT\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-3615"
},
{
"db": "CERT/CC",
"id": "VU#982149"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006426"
},
{
"db": "BID",
"id": "105080"
},
{
"db": "VULHUB",
"id": "VHN-133646"
},
{
"db": "VULMON",
"id": "CVE-2018-3615"
},
{
"db": "PACKETSTORM",
"id": "149137"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#982149",
"trust": 3.7
},
{
"db": "NVD",
"id": "CVE-2018-3615",
"trust": 3.0
},
{
"db": "BID",
"id": "105080",
"trust": 2.1
},
{
"db": "SIEMENS",
"id": "SSA-608355",
"trust": 1.8
},
{
"db": "SIEMENS",
"id": "SSA-254686",
"trust": 1.8
},
{
"db": "LENOVO",
"id": "LEN-24163",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1041451",
"trust": 1.8
},
{
"db": "JVN",
"id": "JVNVU97646030",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006426",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201808-341",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.1899",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1899.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4343",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-133646",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-3615",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "149137",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#982149"
},
{
"db": "VULHUB",
"id": "VHN-133646"
},
{
"db": "VULMON",
"id": "CVE-2018-3615"
},
{
"db": "BID",
"id": "105080"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006426"
},
{
"db": "PACKETSTORM",
"id": "149137"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-341"
},
{
"db": "NVD",
"id": "CVE-2018-3615"
}
]
},
"id": "VAR-201808-0959",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-133646"
}
],
"trust": 0.8258663754545454
},
"last_update_date": "2024-11-23T21:27:20.199000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "L1 Terminal Fault / CVE-2018-3615 , CVE-2018-3620 , CVE-2018-3646 / INTEL-SA-00161",
"trust": 0.8,
"url": "https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault"
},
{
"title": "INTEL-SA-00161",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html"
},
{
"title": "JVNVU#97646030(CVE-2018-3615\u3001CVE-2018-3620\u3001CVE-2018-3646)",
"trust": 0.8,
"url": "http://www.fujitsu.com/jp/products/software/resources/condition/security/vulnerabilities/2018/cve-2018-3620.html"
},
{
"title": "Multiple Intel Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83873"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2018-3615"
},
{
"title": "Amazon Linux AMI: ALAS-2018-1058",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2018-1058"
},
{
"title": "Cisco: CPU Side-Channel Information Disclosure Vulnerabilities: August 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20180814-cpusidechannel"
},
{
"title": "IBM: IBM Security Bulletin: Multiple Foreshadow Spectre Variant vulnerabilities affect IBM OS Image for Red Hat Linux Systems in IBM PureApplication System (CVE-2018-3615 CVE-2018-3620 CVE-2018-3646)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=f295531b3aa99d37dbc53693639947d9"
},
{
"title": "HP: HPSBHF03590 rev. 2 - L1 Terminal Fault (L1TF)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=HPSBHF03590"
},
{
"title": "Forcepoint Security Advisories: Meltdown and Spectre Vulnerability CVE-2017-5715, CVE-2017-5753, CVE-2017-5754, CVE-2018-3640, CVE-2018-3639, CVE-2018-3615, CVE-2018-3620, CVE-2018-3646",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=forcepoint_security_advisories\u0026qid=459877525c31ac6029f4be4a6ea97e17"
},
{
"title": "Huawei Security Advisories: Security Advisory - CPU Side Channel Vulnerability \"L1TF\"",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=huawei_security_advisories\u0026qid=28eb43a14c12e8c070afa60d55f86b55"
},
{
"title": "Amazon Linux 2: ALAS2-2018-1058",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2018-1058"
},
{
"title": "Brocade Security Advisories: BSA-2018-687",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=brocade_security_advisories\u0026qid=5bee1c83d00a94900d0bca02ed8ee095"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=831545c255e00dbde24c93b2cf2135d6"
},
{
"title": "IBM: Potential Impact on Processors in the POWER Family",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=cf9e1e42799edbda36ec7415288ad7f0"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=621cdbb127d953e0d9d06eff7dd10106"
},
{
"title": "Fortinet Security Advisories: Meltdown and Spectre class vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=fortinet_security_advisories\u0026qid=FG-IR-18-002"
},
{
"title": "Palo Alto Networks Security Advisory: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory\u0026qid=92773fc334babf80585cb3245f0dc297"
},
{
"title": "cpu-report",
"trust": 0.1,
"url": "https://github.com/rosenbergj/cpu-report "
},
{
"title": "specter---meltdown--checker",
"trust": 0.1,
"url": "https://github.com/vurtne/specter---meltdown--checker "
},
{
"title": "TEApot",
"trust": 0.1,
"url": "https://github.com/Mashiro1995/TEApot "
},
{
"title": "spectre-meltdown-checker",
"trust": 0.1,
"url": "https://github.com/speed47/spectre-meltdown-checker "
},
{
"title": "cSpeculationControlFixes",
"trust": 0.1,
"url": "https://github.com/poshsecurity/cSpeculationControlFixes "
},
{
"title": "puppet-meltdown",
"trust": 0.1,
"url": "https://github.com/timidri/puppet-meltdown "
},
{
"title": "Linux-Tools",
"trust": 0.1,
"url": "https://github.com/minutesinch/Linux-Tools "
},
{
"title": "Hardware-and-Firmware-Security-Guidance",
"trust": 0.1,
"url": "https://github.com/nsacyber/Hardware-and-Firmware-Security-Guidance "
},
{
"title": "hardware-attacks-state-of-the-art",
"trust": 0.1,
"url": "https://github.com/codexlynx/hardware-attacks-state-of-the-art "
},
{
"title": "Exp101tsArchiv30thers",
"trust": 0.1,
"url": "https://github.com/nu11secur1ty/Exp101tsArchiv30thers "
},
{
"title": "awesome-cve-poc_qazbnm456",
"trust": 0.1,
"url": "https://github.com/xbl3/awesome-cve-poc_qazbnm456 "
},
{
"title": "BleepingComputer",
"trust": 0.1,
"url": "https://www.bleepingcomputer.com/news/security/microsoft-rolls-out-new-intel-microcode-for-windows-10-server-2016/"
},
{
"title": "The Register",
"trust": 0.1,
"url": "https://www.theregister.co.uk/2018/08/15/foreshadow_sgx_software_attestations_collateral_damage/"
},
{
"title": "The Register",
"trust": 0.1,
"url": "https://www.theregister.co.uk/2018/08/14/intel_l1_terminal_fault_bugs/"
},
{
"title": "BleepingComputer",
"trust": 0.1,
"url": "https://www.bleepingcomputer.com/news/security/researchers-disclose-new-foreshadow-l1tf-vulnerabilities-affecting-intel-cpus/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-3615"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006426"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-341"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-203",
"trust": 1.1
},
{
"problemtype": "CWE-200",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-133646"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006426"
},
{
"db": "NVD",
"id": "CVE-2018-3615"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.7,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html"
},
{
"trust": 3.0,
"url": "https://www.kb.cert.org/vuls/id/982149"
},
{
"trust": 2.6,
"url": "https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault"
},
{
"trust": 2.6,
"url": "https://foreshadowattack.eu/"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/105080"
},
{
"trust": 2.1,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180814-cpusidechannel"
},
{
"trust": 2.0,
"url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03874en_us"
},
{
"trust": 1.8,
"url": "http://support.lenovo.com/us/en/solutions/len-24163"
},
{
"trust": 1.8,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en"
},
{
"trust": 1.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf"
},
{
"trust": 1.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
},
{
"trust": 1.8,
"url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2018-0008"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20180815-0001/"
},
{
"trust": 1.8,
"url": "https://support.f5.com/csp/article/k35558453"
},
{
"trust": 1.8,
"url": "https://www.synology.com/support/security/synology_sa_18_45"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1041451"
},
{
"trust": 0.9,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-3615"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-3615"
},
{
"trust": 0.8,
"url": "https://www.usenix.org/conference/usenixsecurity18/presentation/bulck"
},
{
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/architecture-and-technology/l1tf.html"
},
{
"trust": 0.8,
"url": "https://www.intel.com/content/dam/www/public/us/en/documents/sa00115-microcode-update-guidance.pdf"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu97646030/index.html"
},
{
"trust": 0.6,
"url": "https://fortiguard.com/psirt/fg-ir-18-002"
},
{
"trust": 0.6,
"url": "https://security.business.xerox.com/wp-content/uploads/2019/11/cert_xrx19-029_ffpsv2_win10_securitybulletin_nov2019.pdf"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.1899.2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.1899/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4343/"
},
{
"trust": 0.6,
"url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20180815-01-cpu-cn"
},
{
"trust": 0.3,
"url": "http://www.intel.com/content/www/us/en/homepage.html"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com"
},
{
"trust": 0.3,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv180018"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1585005"
},
{
"trust": 0.3,
"url": "http://xenbits.xenproject.org/xsa/advisory-289.html"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2018-3620"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2018-3646"
},
{
"trust": 0.3,
"url": "https://www.synology.com/en-global/support/security/synology_sa_18_45"
},
{
"trust": 0.3,
"url": "https://www.vmware.com/in/security/advisories/vmsa-2018-0020.html"
},
{
"trust": 0.3,
"url": "https://www.vmware.com/in/security/advisories/vmsa-2018-0021.html"
},
{
"trust": 0.3,
"url": "https://xenbits.xen.org/xsa/advisory-273.html"
},
{
"trust": 0.3,
"url": "http://xenbits.xenproject.org/xsa/advisory-289.txt"
},
{
"trust": 0.3,
"url": "https://support.citrix.com/article/ctx236548"
},
{
"trust": 0.1,
"url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-hpesbhf03874en_us"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/203.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148320"
},
{
"trust": 0.1,
"url": "https://github.com/rosenbergj/cpu-report"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-3546"
},
{
"trust": 0.1,
"url": "http://slackware.com"
},
{
"trust": 0.1,
"url": "http://osuosl.org)"
},
{
"trust": 0.1,
"url": "http://slackware.com/gpg-key"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-3620"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-3620"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-3546"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#982149"
},
{
"db": "VULHUB",
"id": "VHN-133646"
},
{
"db": "VULMON",
"id": "CVE-2018-3615"
},
{
"db": "BID",
"id": "105080"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006426"
},
{
"db": "PACKETSTORM",
"id": "149137"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-341"
},
{
"db": "NVD",
"id": "CVE-2018-3615"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#982149"
},
{
"db": "VULHUB",
"id": "VHN-133646"
},
{
"db": "VULMON",
"id": "CVE-2018-3615"
},
{
"db": "BID",
"id": "105080"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006426"
},
{
"db": "PACKETSTORM",
"id": "149137"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-341"
},
{
"db": "NVD",
"id": "CVE-2018-3615"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-15T00:00:00",
"db": "CERT/CC",
"id": "VU#982149"
},
{
"date": "2018-08-14T00:00:00",
"db": "VULHUB",
"id": "VHN-133646"
},
{
"date": "2018-08-14T00:00:00",
"db": "VULMON",
"id": "CVE-2018-3615"
},
{
"date": "2018-08-14T00:00:00",
"db": "BID",
"id": "105080"
},
{
"date": "2018-08-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006426"
},
{
"date": "2018-08-29T15:08:33",
"db": "PACKETSTORM",
"id": "149137"
},
{
"date": "2018-08-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-341"
},
{
"date": "2018-08-14T19:29:00.670000",
"db": "NVD",
"id": "CVE-2018-3615"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-10T00:00:00",
"db": "CERT/CC",
"id": "VU#982149"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-133646"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULMON",
"id": "CVE-2018-3615"
},
{
"date": "2019-01-24T11:00:00",
"db": "BID",
"id": "105080"
},
{
"date": "2018-09-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006426"
},
{
"date": "2020-12-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-341"
},
{
"date": "2024-11-21T04:05:46.490000",
"db": "NVD",
"id": "CVE-2018-3615"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "105080"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-341"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Intel processors are vulnerable to a speculative execution side-channel attack called L1 Terminal Fault (L1TF)",
"sources": [
{
"db": "CERT/CC",
"id": "VU#982149"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-341"
}
],
"trust": 0.6
}
}
var-201009-0246
Vulnerability from variot
The FTP authentication module in Synology Disk Station 2.x logs passwords to the web application interface in cases of incorrect login attempts, which allows local users to obtain sensitive information by reading a log, a different vulnerability than CVE-2010-2453. Synology DiskStation (DSM) is a network storage server (NAS) from Synology, which can be used as a file sharing center in a local area network
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201009-0246",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dsm",
"scope": "eq",
"trust": 1.6,
"vendor": "synology",
"version": "2.3-1161"
},
{
"model": "dsm",
"scope": "eq",
"trust": 1.6,
"vendor": "synology",
"version": "2.2-1041"
},
{
"model": "dsm",
"scope": "eq",
"trust": 1.6,
"vendor": "synology",
"version": "2.2-1042"
},
{
"model": "dsm",
"scope": "eq",
"trust": 1.6,
"vendor": "synology",
"version": "2.2-0942"
},
{
"model": "dsm",
"scope": "eq",
"trust": 1.6,
"vendor": "synology",
"version": "2.3-1157"
},
{
"model": "dsm",
"scope": "eq",
"trust": 1.6,
"vendor": "synology",
"version": "2.3-1144"
},
{
"model": "dsm",
"scope": "eq",
"trust": 1.6,
"vendor": "synology",
"version": "2.3-1139"
},
{
"model": "dsm",
"scope": "eq",
"trust": 1.6,
"vendor": "synology",
"version": "2.3-1141"
},
{
"model": "dsm",
"scope": "eq",
"trust": 1.6,
"vendor": "synology",
"version": "2.2-1045"
},
{
"model": "diskstation manager",
"scope": "eq",
"trust": 0.8,
"vendor": "synology",
"version": "2.x"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-003198"
},
{
"db": "CNNVD",
"id": "CNNVD-201009-288"
},
{
"db": "NVD",
"id": "CVE-2010-3684"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:synology:diskstation_manager",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-003198"
}
]
},
"cve": "CVE-2010-3684",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2010-3684",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.9,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-46289",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2010-3684",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "CVE-2010-3684",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNNVD",
"id": "CNNVD-201009-288",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-46289",
"trust": 0.1,
"value": "LOW"
},
{
"author": "VULMON",
"id": "CVE-2010-3684",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-46289"
},
{
"db": "VULMON",
"id": "CVE-2010-3684"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003198"
},
{
"db": "CNNVD",
"id": "CNNVD-201009-288"
},
{
"db": "NVD",
"id": "CVE-2010-3684"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The FTP authentication module in Synology Disk Station 2.x logs passwords to the web application interface in cases of incorrect login attempts, which allows local users to obtain sensitive information by reading a log, a different vulnerability than CVE-2010-2453. Synology DiskStation (DSM) is a network storage server (NAS) from Synology, which can be used as a file sharing center in a local area network",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-3684"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003198"
},
{
"db": "VULHUB",
"id": "VHN-46289"
},
{
"db": "VULMON",
"id": "CVE-2010-3684"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2010-3684",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003198",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201009-288",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20100926 WEB COMMANDS INJECTION THROUGH FTP LOGIN IN SYNOLOGY DISK STATION - CVE-2010-2453",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-46289",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2010-3684",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-46289"
},
{
"db": "VULMON",
"id": "CVE-2010-3684"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003198"
},
{
"db": "CNNVD",
"id": "CNNVD-201009-288"
},
{
"db": "NVD",
"id": "CVE-2010-3684"
}
]
},
"id": "VAR-201009-0246",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-46289"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:56:17.692000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.synology.com/index.php?lang=default"
},
{
"title": "synology_x86_1010+_1337",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=34456"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-003198"
},
{
"db": "CNNVD",
"id": "CNNVD-201009-288"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-46289"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003198"
},
{
"db": "NVD",
"id": "CVE-2010-3684"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.2,
"url": "http://www.securityfocus.com/archive/1/513970/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3684"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-3684"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/513970/100/0/threaded"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/255.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-46289"
},
{
"db": "VULMON",
"id": "CVE-2010-3684"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003198"
},
{
"db": "CNNVD",
"id": "CNNVD-201009-288"
},
{
"db": "NVD",
"id": "CVE-2010-3684"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-46289"
},
{
"db": "VULMON",
"id": "CVE-2010-3684"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003198"
},
{
"db": "CNNVD",
"id": "CNNVD-201009-288"
},
{
"db": "NVD",
"id": "CVE-2010-3684"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-09-29T00:00:00",
"db": "VULHUB",
"id": "VHN-46289"
},
{
"date": "2010-09-29T00:00:00",
"db": "VULMON",
"id": "CVE-2010-3684"
},
{
"date": "2012-03-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-003198"
},
{
"date": "2010-09-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201009-288"
},
{
"date": "2010-09-29T17:00:05.743000",
"db": "NVD",
"id": "CVE-2010-3684"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-10T00:00:00",
"db": "VULHUB",
"id": "VHN-46289"
},
{
"date": "2018-10-10T00:00:00",
"db": "VULMON",
"id": "CVE-2010-3684"
},
{
"date": "2012-03-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-003198"
},
{
"date": "2010-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201009-288"
},
{
"date": "2024-11-21T01:19:23.357000",
"db": "NVD",
"id": "CVE-2010-3684"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201009-288"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Synology Disk Station of FTP Vulnerability in the acquisition of important information in the authentication module",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-003198"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201009-288"
}
],
"trust": 0.6
}
}
var-201712-0144
Vulnerability from variot
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930. Automatic DNS registration and autodiscovery functionality provides an opportunity for the misconfiguration of networks, resulting in a loss of confidentiality and integrity of the network if an attacker on the network adds a specially configured proxy device. Vendors have scripted this vulnerability It has been released as “Engine Memory Corruption Vulnerability”. This vulnerability CVE-2017-11886 , CVE-2017-11889 , CVE-2017-11890 , CVE-2017-11893 , CVE-2017-11894 , CVE-2017-11895 , CVE-2017-11901 , CVE-2017-11905 , CVE-2017-11907 , CVE-2017-11908 , CVE-2017-11909 , CVE-2017-11910 , CVE-2017-11911 , CVE-2017-11912 , CVE-2017-11913 , CVE-2017-11914 , CVE-2017-11916 , CVE-2017-11918 ,and CVE-2017-11930 Is a different vulnerability.An attacker could gain the same user rights as the current user. Router DNS The dynamic registration / update function is enabled and the client PC In the network where the auto-detection function is enabled in "wpad" If a device with the host name is added to the network, the contents of the communication may be obtained or altered. Used in home and office (Google WiFi And Ubiquiti UniFi General including etc. ) In routers, often DNS Dynamic registration / update function is used. DNS Dynamic registration / update function DHCP Use the host name sent from the client side in the request as it is A Records are automatically registered / updated. An attacker with access to the network "wpad" And "isatap" A device with a host name of DNS By registering with, you may attract access to the device and attack it. Also, the discoverer mDNS Clients in the network without using a router PC In "wpad" And "isatap" It is confirmed that it can be accessed in combination with the automatic detection function. WPAD About proxy auto-configuration by so-called Nora DHCP Server or higher DNS On the server Has been considered a problem But, LAN/WLAN There was no mention of the internal auto-configuration function. This problem, Arctic Security Company Ossi Salmi , Mika Seppanen , Marko Laakso , Kasper Kyllonen Discovered and verified by NCSC-FI Made adjustments.In an internal network, an attacker "wpad" If a device with the host name is added to the network, the device can be used as an attack proxy, and as a result, the contents of the communication may be obtained or altered. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Internet Explorer 9, 10 and 11 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201712-0144",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "internet explorer",
"scope": "eq",
"trust": 2.7,
"vendor": "microsoft",
"version": "9"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 2.7,
"vendor": "microsoft",
"version": "11"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 2.7,
"vendor": "microsoft",
"version": "10"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "adtran",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mikrotik",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "pi hole",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "synology",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "tippingpoint",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ubiquiti",
"version": null
},
{
"model": "",
"scope": null,
"trust": 0.8,
"vendor": "multiple vendors",
"version": null
},
{
"model": "wpad",
"scope": "eq",
"trust": 0.3,
"vendor": "wpad",
"version": "0"
},
{
"model": "skynas",
"scope": "eq",
"trust": 0.3,
"vendor": "synology",
"version": "0"
},
{
"model": "router manager",
"scope": "eq",
"trust": 0.3,
"vendor": "synology",
"version": "1.1"
},
{
"model": "dsm",
"scope": "eq",
"trust": 0.3,
"vendor": "synology",
"version": "6.2"
},
{
"model": "dsm",
"scope": "eq",
"trust": 0.3,
"vendor": "synology",
"version": "6.1"
},
{
"model": "dsm",
"scope": "eq",
"trust": 0.3,
"vendor": "synology",
"version": "5.2"
},
{
"model": "total access 900/900e series",
"scope": "eq",
"trust": 0.3,
"vendor": "adtran",
"version": "0"
},
{
"model": "sdx 810-rg",
"scope": "eq",
"trust": 0.3,
"vendor": "adtran",
"version": "0"
},
{
"model": "netvanta",
"scope": "eq",
"trust": 0.3,
"vendor": "adtran",
"version": "60000"
},
{
"model": "netvanta series",
"scope": "eq",
"trust": 0.3,
"vendor": "adtran",
"version": "6000"
},
{
"model": "netvanta series",
"scope": "eq",
"trust": 0.3,
"vendor": "adtran",
"version": "5000"
},
{
"model": "netvanta series",
"scope": "eq",
"trust": 0.3,
"vendor": "adtran",
"version": "4000"
},
{
"model": "netvanta series",
"scope": "eq",
"trust": 0.3,
"vendor": "adtran",
"version": "3000"
},
{
"model": "netvanta series",
"scope": "eq",
"trust": 0.3,
"vendor": "adtran",
"version": "10000"
},
{
"model": "aos r13.2.2",
"scope": null,
"trust": 0.3,
"vendor": "adtran",
"version": null
},
{
"model": "434rg ont",
"scope": "eq",
"trust": 0.3,
"vendor": "adtran",
"version": "0"
},
{
"model": "424rg ont",
"scope": "eq",
"trust": 0.3,
"vendor": "adtran",
"version": "0"
},
{
"model": "414rg ont",
"scope": "eq",
"trust": 0.3,
"vendor": "adtran",
"version": "0"
},
{
"model": "router manager",
"scope": "ne",
"trust": 0.3,
"vendor": "synology",
"version": "1.1.7-6941-2"
},
{
"model": "dsm",
"scope": "ne",
"trust": 0.3,
"vendor": "synology",
"version": "6.2.1-23824"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#598349"
},
{
"db": "BID",
"id": "105298"
},
{
"db": "BID",
"id": "102047"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011110"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014029"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-392"
},
{
"db": "NVD",
"id": "CVE-2017-11903"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-11903"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ossi Salmi, Mika Seppanen, Marko Laakso and Kasper Kyllonen of Arctic Security",
"sources": [
{
"db": "BID",
"id": "105298"
}
],
"trust": 0.3
},
"cve": "CVE-2017-11903",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/severity#"
},
"@id": "https://www.variotdbs.pl/ref/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.6,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2017-11903",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 1.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-11903",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 1.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-11903",
"trust": 1.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201712-392",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011110"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-392"
},
{
"db": "NVD",
"id": "CVE-2017-11903"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930. Automatic DNS registration and autodiscovery functionality provides an opportunity for the misconfiguration of networks, resulting in a loss of confidentiality and integrity of the network if an attacker on the network adds a specially configured proxy device. Vendors have scripted this vulnerability It has been released as \u201cEngine Memory Corruption Vulnerability\u201d. This vulnerability CVE-2017-11886 , CVE-2017-11889 , CVE-2017-11890 , CVE-2017-11893 , CVE-2017-11894 , CVE-2017-11895 , CVE-2017-11901 , CVE-2017-11905 , CVE-2017-11907 , CVE-2017-11908 , CVE-2017-11909 , CVE-2017-11910 , CVE-2017-11911 , CVE-2017-11912 , CVE-2017-11913 , CVE-2017-11914 , CVE-2017-11916 , CVE-2017-11918 ,and CVE-2017-11930 Is a different vulnerability.An attacker could gain the same user rights as the current user. Router DNS The dynamic registration / update function is enabled and the client PC In the network where the auto-detection function is enabled in \"wpad\" If a device with the host name is added to the network, the contents of the communication may be obtained or altered. Used in home and office (Google WiFi And Ubiquiti UniFi General including etc. ) In routers, often DNS Dynamic registration / update function is used. DNS Dynamic registration / update function DHCP Use the host name sent from the client side in the request as it is A Records are automatically registered / updated. An attacker with access to the network \"wpad\" And \"isatap\" A device with a host name of DNS By registering with, you may attract access to the device and attack it. Also, the discoverer mDNS Clients in the network without using a router PC In \"wpad\" And \"isatap\" It is confirmed that it can be accessed in combination with the automatic detection function. WPAD About proxy auto-configuration by so-called Nora DHCP Server or higher DNS On the server \u003ca href=\"https://googleprojectzero.blogspot.fi/2017/12/apacolypse-now-exploiting-windows-10-in_18.html\"target=\"blank\"\u003e Has been considered a problem \u003c/a\u003e But, LAN/WLAN There was no mention of the internal auto-configuration function. This problem, Arctic Security Company Ossi Salmi , Mika Seppanen , Marko Laakso , Kasper Kyllonen Discovered and verified by NCSC-FI Made adjustments.In an internal network, an attacker \"wpad\" If a device with the host name is added to the network, the device can be used as an attack proxy, and as a result, the contents of the communication may be obtained or altered. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. \nAttackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. \nInternet Explorer 9, 10 and 11 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-11903"
},
{
"db": "CERT/CC",
"id": "VU#598349"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011110"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014029"
},
{
"db": "BID",
"id": "105298"
},
{
"db": "BID",
"id": "102047"
}
],
"trust": 3.6
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-11903",
"trust": 2.7
},
{
"db": "EXPLOIT-DB",
"id": "43367",
"trust": 2.4
},
{
"db": "CERT/CC",
"id": "VU#598349",
"trust": 1.9
},
{
"db": "BID",
"id": "102047",
"trust": 1.9
},
{
"db": "SECTRACK",
"id": "1039991",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011110",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU99302544",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014029",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201712-392",
"trust": 0.6
},
{
"db": "BID",
"id": "105298",
"trust": 0.3
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#598349"
},
{
"db": "BID",
"id": "105298"
},
{
"db": "BID",
"id": "102047"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011110"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014029"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-392"
},
{
"db": "NVD",
"id": "CVE-2017-11903"
}
]
},
"id": "VAR-201712-0144",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.1625
},
"last_update_date": "2022-05-04T08:39:09.657000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2017-11903 | Scripting Engine Memory Corruption Vulnerability",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2017-11903"
},
{
"title": "CVE-2017-11903 | \u30b9\u30af\u30ea\u30d7\u30c8 \u30a8\u30f3\u30b8\u30f3\u306e\u30e1\u30e2\u30ea\u7834\u640d\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/cve-2017-11903"
},
{
"title": "Microsoft Windows Internet Explorer scripting Repair measures for engine security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=77102"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011110"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-392"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011110"
},
{
"db": "NVD",
"id": "CVE-2017-11903"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.exploit-db.com/exploits/43367/"
},
{
"trust": 1.9,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2017-11903"
},
{
"trust": 1.6,
"url": "https://googleprojectzero.blogspot.fi/2017/12/apacolypse-now-exploiting-windows-10-in_18.html"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/102047"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1039991"
},
{
"trust": 1.1,
"url": "https://supportforums.adtran.com/docs/doc-9269"
},
{
"trust": 1.1,
"url": "https://www.kb.cert.org/vuls/id/598349"
},
{
"trust": 0.8,
"url": "https://community.ubnt.com/t5/unifi-updates-blog/usg-firmware-v4-4-28-now-available/ba-p/2482349"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-11903"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20171213-ms.html"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2017/at170048.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-11903"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu99302544/"
},
{
"trust": 0.8,
"url": "https://www.viestintavirasto.fi/en/cybersecurity/vulnerabilities/2018/haavoittuvuus-2018-019.html"
},
{
"trust": 0.3,
"url": "https://googleprojectzero.blogspot.com/2017/12/apacolypse-now-exploiting-windows-10-in_18.html"
},
{
"trust": 0.3,
"url": "https://www.synology.com/en-global/support/security/synology_sa_18_53"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com/ie/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#598349"
},
{
"db": "BID",
"id": "105298"
},
{
"db": "BID",
"id": "102047"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011110"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014029"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-392"
},
{
"db": "NVD",
"id": "CVE-2017-11903"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#598349"
},
{
"db": "BID",
"id": "105298"
},
{
"db": "BID",
"id": "102047"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011110"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014029"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-392"
},
{
"db": "NVD",
"id": "CVE-2017-11903"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-05T00:00:00",
"db": "CERT/CC",
"id": "VU#598349"
},
{
"date": "2018-09-05T00:00:00",
"db": "BID",
"id": "105298"
},
{
"date": "2017-12-12T00:00:00",
"db": "BID",
"id": "102047"
},
{
"date": "2018-01-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011110"
},
{
"date": "2018-09-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014029"
},
{
"date": "2017-12-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-392"
},
{
"date": "2017-12-12T21:29:00",
"db": "NVD",
"id": "CVE-2017-11903"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-23T00:00:00",
"db": "CERT/CC",
"id": "VU#598349"
},
{
"date": "2018-09-05T00:00:00",
"db": "BID",
"id": "105298"
},
{
"date": "2017-12-19T22:01:00",
"db": "BID",
"id": "102047"
},
{
"date": "2018-01-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011110"
},
{
"date": "2018-09-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014029"
},
{
"date": "2019-04-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-392"
},
{
"date": "2019-04-25T19:09:00",
"db": "NVD",
"id": "CVE-2017-11903"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "105298"
},
{
"db": "BID",
"id": "102047"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Automatic DNS registration and proxy autodiscovery allow spoofing of network services",
"sources": [
{
"db": "CERT/CC",
"id": "VU#598349"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-392"
}
],
"trust": 0.6
}
}
var-201712-0147
Vulnerability from variot
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930. Automatic DNS registration and autodiscovery functionality provides an opportunity for the misconfiguration of networks, resulting in a loss of confidentiality and integrity of the network if an attacker on the network adds a specially configured proxy device. Router DNS The dynamic registration / update function is enabled and the client PC In the network where the auto-detection function is enabled in "wpad" If a device with the host name is added to the network, the contents of the communication may be obtained or altered. Used in home and office (Google WiFi And Ubiquiti UniFi General including etc. ) In routers, often DNS Dynamic registration / update function is used. DNS Dynamic registration / update function DHCP Use the host name sent from the client side in the request as it is A Records are automatically registered / updated. An attacker with access to the network "wpad" And "isatap" A device with a host name of DNS By registering with, you may attract access to the device and attack it. Also, the discoverer mDNS Clients in the network without using a router PC In "wpad" And "isatap" It is confirmed that it can be accessed in combination with the automatic detection function. WPAD About proxy auto-configuration by so-called Nora DHCP Server or higher DNS On the server Has been considered a problem But, LAN/WLAN There was no mention of the internal auto-configuration function. This problem, Arctic Security Company Ossi Salmi , Mika Seppanen , Marko Laakso , Kasper Kyllonen Discovered and verified by NCSC-FI Made adjustments.In an internal network, an attacker "wpad" If a device with the host name is added to the network, the device can be used as an attack proxy, and as a result, the contents of the communication may be obtained or altered. Vendors have scripted this vulnerability It has been released as “Engine Memory Corruption Vulnerability”. This vulnerability CVE-2017-11886 , CVE-2017-11889 , CVE-2017-11890 , CVE-2017-11893 , CVE-2017-11894 , CVE-2017-11895 , CVE-2017-11901 , CVE-2017-11903 , CVE-2017-11905 , CVE-2017-11908 , CVE-2017-11909 , CVE-2017-11910 , CVE-2017-11911 , CVE-2017-11912 , CVE-2017-11913 , CVE-2017-11914 , CVE-2017-11916 , CVE-2017-11918 , Oh CVE-2017-11930 Is a different vulnerability.An attacker could gain the same user rights as the current user. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Internet Explorer 9, 10 and 11 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201712-0147",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "internet explorer",
"scope": "eq",
"trust": 2.7,
"vendor": "microsoft",
"version": "9"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 2.7,
"vendor": "microsoft",
"version": "11"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 2.7,
"vendor": "microsoft",
"version": "10"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "adtran",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mikrotik",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "pi hole",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "synology",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "tippingpoint",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ubiquiti",
"version": null
},
{
"model": "",
"scope": null,
"trust": 0.8,
"vendor": "multiple vendors",
"version": null
},
{
"model": "wpad",
"scope": "eq",
"trust": 0.3,
"vendor": "wpad",
"version": "0"
},
{
"model": "skynas",
"scope": "eq",
"trust": 0.3,
"vendor": "synology",
"version": "0"
},
{
"model": "router manager",
"scope": "eq",
"trust": 0.3,
"vendor": "synology",
"version": "1.1"
},
{
"model": "dsm",
"scope": "eq",
"trust": 0.3,
"vendor": "synology",
"version": "6.2"
},
{
"model": "dsm",
"scope": "eq",
"trust": 0.3,
"vendor": "synology",
"version": "6.1"
},
{
"model": "dsm",
"scope": "eq",
"trust": 0.3,
"vendor": "synology",
"version": "5.2"
},
{
"model": "total access 900/900e series",
"scope": "eq",
"trust": 0.3,
"vendor": "adtran",
"version": "0"
},
{
"model": "sdx 810-rg",
"scope": "eq",
"trust": 0.3,
"vendor": "adtran",
"version": "0"
},
{
"model": "netvanta",
"scope": "eq",
"trust": 0.3,
"vendor": "adtran",
"version": "60000"
},
{
"model": "netvanta series",
"scope": "eq",
"trust": 0.3,
"vendor": "adtran",
"version": "6000"
},
{
"model": "netvanta series",
"scope": "eq",
"trust": 0.3,
"vendor": "adtran",
"version": "5000"
},
{
"model": "netvanta series",
"scope": "eq",
"trust": 0.3,
"vendor": "adtran",
"version": "4000"
},
{
"model": "netvanta series",
"scope": "eq",
"trust": 0.3,
"vendor": "adtran",
"version": "3000"
},
{
"model": "netvanta series",
"scope": "eq",
"trust": 0.3,
"vendor": "adtran",
"version": "10000"
},
{
"model": "aos r13.2.2",
"scope": null,
"trust": 0.3,
"vendor": "adtran",
"version": null
},
{
"model": "434rg ont",
"scope": "eq",
"trust": 0.3,
"vendor": "adtran",
"version": "0"
},
{
"model": "424rg ont",
"scope": "eq",
"trust": 0.3,
"vendor": "adtran",
"version": "0"
},
{
"model": "414rg ont",
"scope": "eq",
"trust": 0.3,
"vendor": "adtran",
"version": "0"
},
{
"model": "router manager",
"scope": "ne",
"trust": 0.3,
"vendor": "synology",
"version": "1.1.7-6941-2"
},
{
"model": "dsm",
"scope": "ne",
"trust": 0.3,
"vendor": "synology",
"version": "6.2.1-23824"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#598349"
},
{
"db": "BID",
"id": "105298"
},
{
"db": "BID",
"id": "102045"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014029"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011111"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-389"
},
{
"db": "NVD",
"id": "CVE-2017-11907"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-11907"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ossi Salmi, Mika Seppanen, Marko Laakso and Kasper Kyllonen of Arctic Security",
"sources": [
{
"db": "BID",
"id": "105298"
}
],
"trust": 0.3
},
"cve": "CVE-2017-11907",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "CVE-2017-11907",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 1.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-11907",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 1.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-11907",
"trust": 1.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201712-389",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2017-11907",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-11907"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011111"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-389"
},
{
"db": "NVD",
"id": "CVE-2017-11907"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930. Automatic DNS registration and autodiscovery functionality provides an opportunity for the misconfiguration of networks, resulting in a loss of confidentiality and integrity of the network if an attacker on the network adds a specially configured proxy device. Router DNS The dynamic registration / update function is enabled and the client PC In the network where the auto-detection function is enabled in \"wpad\" If a device with the host name is added to the network, the contents of the communication may be obtained or altered. Used in home and office (Google WiFi And Ubiquiti UniFi General including etc. ) In routers, often DNS Dynamic registration / update function is used. DNS Dynamic registration / update function DHCP Use the host name sent from the client side in the request as it is A Records are automatically registered / updated. An attacker with access to the network \"wpad\" And \"isatap\" A device with a host name of DNS By registering with, you may attract access to the device and attack it. Also, the discoverer mDNS Clients in the network without using a router PC In \"wpad\" And \"isatap\" It is confirmed that it can be accessed in combination with the automatic detection function. WPAD About proxy auto-configuration by so-called Nora DHCP Server or higher DNS On the server \u003ca href=\"https://googleprojectzero.blogspot.fi/2017/12/apacolypse-now-exploiting-windows-10-in_18.html\"target=\"blank\"\u003e Has been considered a problem \u003c/a\u003e But, LAN/WLAN There was no mention of the internal auto-configuration function. This problem, Arctic Security Company Ossi Salmi , Mika Seppanen , Marko Laakso , Kasper Kyllonen Discovered and verified by NCSC-FI Made adjustments.In an internal network, an attacker \"wpad\" If a device with the host name is added to the network, the device can be used as an attack proxy, and as a result, the contents of the communication may be obtained or altered. Vendors have scripted this vulnerability It has been released as \u201cEngine Memory Corruption Vulnerability\u201d. This vulnerability CVE-2017-11886 , CVE-2017-11889 , CVE-2017-11890 , CVE-2017-11893 , CVE-2017-11894 , CVE-2017-11895 , CVE-2017-11901 , CVE-2017-11903 , CVE-2017-11905 , CVE-2017-11908 , CVE-2017-11909 , CVE-2017-11910 , CVE-2017-11911 , CVE-2017-11912 , CVE-2017-11913 , CVE-2017-11914 , CVE-2017-11916 , CVE-2017-11918 , Oh CVE-2017-11930 Is a different vulnerability.An attacker could gain the same user rights as the current user. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. \nAttackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. \nInternet Explorer 9, 10 and 11 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-11907"
},
{
"db": "CERT/CC",
"id": "VU#598349"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014029"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011111"
},
{
"db": "BID",
"id": "105298"
},
{
"db": "BID",
"id": "102045"
},
{
"db": "VULMON",
"id": "CVE-2017-11907"
}
],
"trust": 3.69
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=43370",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-11907"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-11907",
"trust": 2.8
},
{
"db": "CERT/CC",
"id": "VU#598349",
"trust": 2.0
},
{
"db": "BID",
"id": "102045",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1039991",
"trust": 1.7
},
{
"db": "EXPLOIT-DB",
"id": "43370",
"trust": 1.7
},
{
"db": "EXPLOIT-DB",
"id": "43367",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU99302544",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014029",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011111",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201712-389",
"trust": 0.6
},
{
"db": "BID",
"id": "105298",
"trust": 0.3
},
{
"db": "VULMON",
"id": "CVE-2017-11907",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#598349"
},
{
"db": "VULMON",
"id": "CVE-2017-11907"
},
{
"db": "BID",
"id": "105298"
},
{
"db": "BID",
"id": "102045"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014029"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011111"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-389"
},
{
"db": "NVD",
"id": "CVE-2017-11907"
}
]
},
"id": "VAR-201712-0147",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.1625
},
"last_update_date": "2022-05-06T12:59:16.669000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2017-11907 | Scripting Engine Memory Corruption Vulnerability",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2017-11907"
},
{
"title": "CVE-2017-11907 | \u30b9\u30af\u30ea\u30d7\u30c8 \u30a8\u30f3\u30b8\u30f3\u306e\u30e1\u30e2\u30ea\u7834\u640d\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/cve-2017-11907"
},
{
"title": "Microsoft Windows Internet Explorer scripting Repair measures for engine security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=77099"
},
{
"title": "CVE-2017-11907",
"trust": 0.1,
"url": "https://github.com/re4lity/cve-2017-11907 "
},
{
"title": "domato",
"trust": 0.1,
"url": "https://github.com/googleprojectzero/domato "
},
{
"title": "js-vuln-db",
"trust": 0.1,
"url": "https://github.com/tunz/js-vuln-db "
},
{
"title": "Exp101tsArchiv30thers",
"trust": 0.1,
"url": "https://github.com/nu11secur1ty/exp101tsarchiv30thers "
},
{
"title": "awesome-cve-poc_qazbnm456",
"trust": 0.1,
"url": "https://github.com/xbl3/awesome-cve-poc_qazbnm456 "
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/project-zero-chains-bugs-for-apacolypse-now-attack-on-windows-10/129193/"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/microsoft-december-patch-tuesday-update-fixes-34-bugs/129154/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-11907"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011111"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-389"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011111"
},
{
"db": "NVD",
"id": "CVE-2017-11907"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2017-11907"
},
{
"trust": 1.8,
"url": "https://www.exploit-db.com/exploits/43370/"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/102045"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1039991"
},
{
"trust": 1.6,
"url": "https://googleprojectzero.blogspot.fi/2017/12/apacolypse-now-exploiting-windows-10-in_18.html"
},
{
"trust": 1.2,
"url": "https://www.kb.cert.org/vuls/id/598349"
},
{
"trust": 1.1,
"url": "https://supportforums.adtran.com/docs/doc-9269"
},
{
"trust": 0.8,
"url": "https://www.exploit-db.com/exploits/43367/"
},
{
"trust": 0.8,
"url": "https://community.ubnt.com/t5/unifi-updates-blog/usg-firmware-v4-4-28-now-available/ba-p/2482349"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu99302544/"
},
{
"trust": 0.8,
"url": "https://www.viestintavirasto.fi/en/cybersecurity/vulnerabilities/2018/haavoittuvuus-2018-019.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-11907"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20171213-ms.html"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2017/at170048.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-11907"
},
{
"trust": 0.3,
"url": "https://googleprojectzero.blogspot.com/2017/12/apacolypse-now-exploiting-windows-10-in_18.html"
},
{
"trust": 0.3,
"url": "https://www.synology.com/en-global/support/security/synology_sa_18_53"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com/ie/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://www.rapid7.com/db/vulnerabilities/msft-cve-2017-11907"
},
{
"trust": 0.1,
"url": "https://github.com/re4lity/cve-2017-11907"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#598349"
},
{
"db": "VULMON",
"id": "CVE-2017-11907"
},
{
"db": "BID",
"id": "105298"
},
{
"db": "BID",
"id": "102045"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014029"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011111"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-389"
},
{
"db": "NVD",
"id": "CVE-2017-11907"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#598349"
},
{
"db": "VULMON",
"id": "CVE-2017-11907"
},
{
"db": "BID",
"id": "105298"
},
{
"db": "BID",
"id": "102045"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014029"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011111"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-389"
},
{
"db": "NVD",
"id": "CVE-2017-11907"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-05T00:00:00",
"db": "CERT/CC",
"id": "VU#598349"
},
{
"date": "2017-12-12T00:00:00",
"db": "VULMON",
"id": "CVE-2017-11907"
},
{
"date": "2018-09-05T00:00:00",
"db": "BID",
"id": "105298"
},
{
"date": "2017-12-12T00:00:00",
"db": "BID",
"id": "102045"
},
{
"date": "2018-09-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014029"
},
{
"date": "2018-01-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011111"
},
{
"date": "2017-12-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-389"
},
{
"date": "2017-12-12T21:29:00",
"db": "NVD",
"id": "CVE-2017-11907"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-23T00:00:00",
"db": "CERT/CC",
"id": "VU#598349"
},
{
"date": "2019-04-25T00:00:00",
"db": "VULMON",
"id": "CVE-2017-11907"
},
{
"date": "2018-09-05T00:00:00",
"db": "BID",
"id": "105298"
},
{
"date": "2017-12-19T22:38:00",
"db": "BID",
"id": "102045"
},
{
"date": "2018-09-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014029"
},
{
"date": "2018-01-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011111"
},
{
"date": "2019-04-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-389"
},
{
"date": "2019-04-25T19:13:00",
"db": "NVD",
"id": "CVE-2017-11907"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "105298"
},
{
"db": "BID",
"id": "102045"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Automatic DNS registration and proxy autodiscovery allow spoofing of network services",
"sources": [
{
"db": "CERT/CC",
"id": "VU#598349"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-389"
}
],
"trust": 0.6
}
}
var-201711-0179
Vulnerability from variot
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka "Internet Explorer Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11856. Automatic DNS registration and autodiscovery functionality provides an opportunity for the misconfiguration of networks, resulting in a loss of confidentiality and integrity of the network if an attacker on the network adds a specially configured proxy device. Router DNS The dynamic registration / update function is enabled and the client PC In the network where the auto-detection function is enabled in "wpad" If a device with the host name is added to the network, the contents of the communication may be obtained or altered. Used in home and office (Google WiFi And Ubiquiti UniFi General including etc. ) In routers, often DNS Dynamic registration / update function is used. DNS Dynamic registration / update function DHCP Use the host name sent from the client side in the request as it is A Records are automatically registered / updated. An attacker with access to the network "wpad" And "isatap" A device with a host name of DNS By registering with, you may attract access to the device and attack it. Also, the discoverer mDNS Clients in the network without using a router PC In "wpad" And "isatap" It is confirmed that it can be accessed in combination with the automatic detection function. WPAD About proxy auto-configuration by so-called Nora DHCP Server or higher DNS On the server Has been considered a problem But, LAN/WLAN There was no mention of the internal auto-configuration function. This problem, Arctic Security Company Ossi Salmi , Mika Seppanen , Marko Laakso , Kasper Kyllonen Discovered and verified by NCSC-FI Made adjustments.In an internal network, an attacker "wpad" If a device with the host name is added to the network, the device can be used as an attack proxy, and as a result, the contents of the communication may be obtained or altered. The vendor Internet Explorer Memory Corruption Vulnerability ". This vulnerability CVE-2017-11856 Is a different vulnerability.An attacker could gain the same user rights as the current user. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201711-0179",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "internet explorer",
"scope": "eq",
"trust": 2.7,
"vendor": "microsoft",
"version": "11"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "9"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "10"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "adtran",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mikrotik",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "pi hole",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "synology",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "tippingpoint",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ubiquiti",
"version": null
},
{
"model": "",
"scope": null,
"trust": 0.8,
"vendor": "multiple vendors",
"version": null
},
{
"model": "wpad",
"scope": "eq",
"trust": 0.3,
"vendor": "wpad",
"version": "0"
},
{
"model": "skynas",
"scope": "eq",
"trust": 0.3,
"vendor": "synology",
"version": "0"
},
{
"model": "router manager",
"scope": "eq",
"trust": 0.3,
"vendor": "synology",
"version": "1.1"
},
{
"model": "dsm",
"scope": "eq",
"trust": 0.3,
"vendor": "synology",
"version": "6.2"
},
{
"model": "dsm",
"scope": "eq",
"trust": 0.3,
"vendor": "synology",
"version": "6.1"
},
{
"model": "dsm",
"scope": "eq",
"trust": 0.3,
"vendor": "synology",
"version": "5.2"
},
{
"model": "total access 900/900e series",
"scope": "eq",
"trust": 0.3,
"vendor": "adtran",
"version": "0"
},
{
"model": "sdx 810-rg",
"scope": "eq",
"trust": 0.3,
"vendor": "adtran",
"version": "0"
},
{
"model": "netvanta",
"scope": "eq",
"trust": 0.3,
"vendor": "adtran",
"version": "60000"
},
{
"model": "netvanta series",
"scope": "eq",
"trust": 0.3,
"vendor": "adtran",
"version": "6000"
},
{
"model": "netvanta series",
"scope": "eq",
"trust": 0.3,
"vendor": "adtran",
"version": "5000"
},
{
"model": "netvanta series",
"scope": "eq",
"trust": 0.3,
"vendor": "adtran",
"version": "4000"
},
{
"model": "netvanta series",
"scope": "eq",
"trust": 0.3,
"vendor": "adtran",
"version": "3000"
},
{
"model": "netvanta series",
"scope": "eq",
"trust": 0.3,
"vendor": "adtran",
"version": "10000"
},
{
"model": "aos r13.2.2",
"scope": null,
"trust": 0.3,
"vendor": "adtran",
"version": null
},
{
"model": "434rg ont",
"scope": "eq",
"trust": 0.3,
"vendor": "adtran",
"version": "0"
},
{
"model": "424rg ont",
"scope": "eq",
"trust": 0.3,
"vendor": "adtran",
"version": "0"
},
{
"model": "414rg ont",
"scope": "eq",
"trust": 0.3,
"vendor": "adtran",
"version": "0"
},
{
"model": "router manager",
"scope": "ne",
"trust": 0.3,
"vendor": "synology",
"version": "1.1.7-6941-2"
},
{
"model": "dsm",
"scope": "ne",
"trust": 0.3,
"vendor": "synology",
"version": "6.2.1-23824"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#598349"
},
{
"db": "BID",
"id": "101751"
},
{
"db": "BID",
"id": "105298"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014029"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010095"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-568"
},
{
"db": "NVD",
"id": "CVE-2017-11855"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-11855"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hui Gao of Palo Alto Networks",
"sources": [
{
"db": "BID",
"id": "101751"
}
],
"trust": 0.3
},
"cve": "CVE-2017-11855",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "CVE-2017-11855",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 1.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-11855",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 1.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-11855",
"trust": 1.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201711-568",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2017-11855",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-11855"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010095"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-568"
},
{
"db": "NVD",
"id": "CVE-2017-11855"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka \"Internet Explorer Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11856. Automatic DNS registration and autodiscovery functionality provides an opportunity for the misconfiguration of networks, resulting in a loss of confidentiality and integrity of the network if an attacker on the network adds a specially configured proxy device. Router DNS The dynamic registration / update function is enabled and the client PC In the network where the auto-detection function is enabled in \"wpad\" If a device with the host name is added to the network, the contents of the communication may be obtained or altered. Used in home and office (Google WiFi And Ubiquiti UniFi General including etc. ) In routers, often DNS Dynamic registration / update function is used. DNS Dynamic registration / update function DHCP Use the host name sent from the client side in the request as it is A Records are automatically registered / updated. An attacker with access to the network \"wpad\" And \"isatap\" A device with a host name of DNS By registering with, you may attract access to the device and attack it. Also, the discoverer mDNS Clients in the network without using a router PC In \"wpad\" And \"isatap\" It is confirmed that it can be accessed in combination with the automatic detection function. WPAD About proxy auto-configuration by so-called Nora DHCP Server or higher DNS On the server \u003ca href=\"https://googleprojectzero.blogspot.fi/2017/12/apacolypse-now-exploiting-windows-10-in_18.html\"target=\"blank\"\u003e Has been considered a problem \u003c/a\u003e But, LAN/WLAN There was no mention of the internal auto-configuration function. This problem, Arctic Security Company Ossi Salmi , Mika Seppanen , Marko Laakso , Kasper Kyllonen Discovered and verified by NCSC-FI Made adjustments.In an internal network, an attacker \"wpad\" If a device with the host name is added to the network, the device can be used as an attack proxy, and as a result, the contents of the communication may be obtained or altered. The vendor Internet Explorer Memory Corruption Vulnerability \". This vulnerability CVE-2017-11856 Is a different vulnerability.An attacker could gain the same user rights as the current user. \nAttackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-11855"
},
{
"db": "CERT/CC",
"id": "VU#598349"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014029"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010095"
},
{
"db": "BID",
"id": "101751"
},
{
"db": "BID",
"id": "105298"
},
{
"db": "VULMON",
"id": "CVE-2017-11855"
}
],
"trust": 3.69
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=43371",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-11855"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-11855",
"trust": 2.8
},
{
"db": "CERT/CC",
"id": "VU#598349",
"trust": 2.0
},
{
"db": "BID",
"id": "101751",
"trust": 2.0
},
{
"db": "EXPLOIT-DB",
"id": "43371",
"trust": 1.7
},
{
"db": "EXPLOIT-DB",
"id": "43367",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU99302544",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014029",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010095",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201711-568",
"trust": 0.6
},
{
"db": "BID",
"id": "105298",
"trust": 0.3
},
{
"db": "VULMON",
"id": "CVE-2017-11855",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#598349"
},
{
"db": "VULMON",
"id": "CVE-2017-11855"
},
{
"db": "BID",
"id": "101751"
},
{
"db": "BID",
"id": "105298"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014029"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010095"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-568"
},
{
"db": "NVD",
"id": "CVE-2017-11855"
}
]
},
"id": "VAR-201711-0179",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.1625
},
"last_update_date": "2022-05-06T12:59:16.773000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2017-11855 | Internet Explorer Memory Corruption Vulnerability",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2017-11855"
},
{
"title": "CVE-2017-11855 | Internet Explorer Memory Corruption Vulnerability",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/cve-2017-11855"
},
{
"title": "Microsoft Windows Internet Explorer Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=76407"
},
{
"title": "The Register",
"trust": 0.2,
"url": "https://www.theregister.co.uk/2017/11/15/november_patch_tuesday/"
},
{
"title": "domato",
"trust": 0.1,
"url": "https://github.com/googleprojectzero/domato "
},
{
"title": "js-vuln-db",
"trust": 0.1,
"url": "https://github.com/tunz/js-vuln-db "
},
{
"title": "Exp101tsArchiv30thers",
"trust": 0.1,
"url": "https://github.com/nu11secur1ty/exp101tsarchiv30thers "
},
{
"title": "awesome-cve-poc_qazbnm456",
"trust": 0.1,
"url": "https://github.com/xbl3/awesome-cve-poc_qazbnm456 "
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/project-zero-chains-bugs-for-apacolypse-now-attack-on-windows-10/129193/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-11855"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010095"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-568"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010095"
},
{
"db": "NVD",
"id": "CVE-2017-11855"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2017-11855"
},
{
"trust": 1.8,
"url": "https://www.exploit-db.com/exploits/43371/"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/101751"
},
{
"trust": 1.6,
"url": "https://googleprojectzero.blogspot.fi/2017/12/apacolypse-now-exploiting-windows-10-in_18.html"
},
{
"trust": 1.2,
"url": "https://www.kb.cert.org/vuls/id/598349"
},
{
"trust": 1.1,
"url": "https://supportforums.adtran.com/docs/doc-9269"
},
{
"trust": 0.8,
"url": "https://www.exploit-db.com/exploits/43367/"
},
{
"trust": 0.8,
"url": "https://community.ubnt.com/t5/unifi-updates-blog/usg-firmware-v4-4-28-now-available/ba-p/2482349"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu99302544/"
},
{
"trust": 0.8,
"url": "https://www.viestintavirasto.fi/en/cybersecurity/vulnerabilities/2018/haavoittuvuus-2018-019.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-11855"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20171115-ms.html"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2017/at170044.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-11855"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com/ie/"
},
{
"trust": 0.3,
"url": "https://googleprojectzero.blogspot.com/2017/12/apacolypse-now-exploiting-windows-10-in_18.html"
},
{
"trust": 0.3,
"url": "https://www.synology.com/en-global/support/security/synology_sa_18_53"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=55852"
},
{
"trust": 0.1,
"url": "https://threatpost.com/project-zero-chains-bugs-for-apacolypse-now-attack-on-windows-10/129193/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#598349"
},
{
"db": "VULMON",
"id": "CVE-2017-11855"
},
{
"db": "BID",
"id": "101751"
},
{
"db": "BID",
"id": "105298"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014029"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010095"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-568"
},
{
"db": "NVD",
"id": "CVE-2017-11855"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#598349"
},
{
"db": "VULMON",
"id": "CVE-2017-11855"
},
{
"db": "BID",
"id": "101751"
},
{
"db": "BID",
"id": "105298"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014029"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010095"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-568"
},
{
"db": "NVD",
"id": "CVE-2017-11855"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-05T00:00:00",
"db": "CERT/CC",
"id": "VU#598349"
},
{
"date": "2017-11-15T00:00:00",
"db": "VULMON",
"id": "CVE-2017-11855"
},
{
"date": "2017-11-14T00:00:00",
"db": "BID",
"id": "101751"
},
{
"date": "2018-09-05T00:00:00",
"db": "BID",
"id": "105298"
},
{
"date": "2018-09-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014029"
},
{
"date": "2017-12-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010095"
},
{
"date": "2017-11-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-568"
},
{
"date": "2017-11-15T03:29:00",
"db": "NVD",
"id": "CVE-2017-11855"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-23T00:00:00",
"db": "CERT/CC",
"id": "VU#598349"
},
{
"date": "2019-04-29T00:00:00",
"db": "VULMON",
"id": "CVE-2017-11855"
},
{
"date": "2017-12-19T22:00:00",
"db": "BID",
"id": "101751"
},
{
"date": "2018-09-05T00:00:00",
"db": "BID",
"id": "105298"
},
{
"date": "2018-09-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014029"
},
{
"date": "2017-12-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010095"
},
{
"date": "2019-04-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-568"
},
{
"date": "2019-04-29T18:34:00",
"db": "NVD",
"id": "CVE-2017-11855"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "101751"
},
{
"db": "BID",
"id": "105298"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Automatic DNS registration and proxy autodiscovery allow spoofing of network services",
"sources": [
{
"db": "CERT/CC",
"id": "VU#598349"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-568"
}
],
"trust": 0.6
}
}
var-201710-0425
Vulnerability from variot
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11796, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821. Automatic DNS registration and autodiscovery functionality provides an opportunity for the misconfiguration of networks, resulting in a loss of confidentiality and integrity of the network if an attacker on the network adds a specially configured proxy device. Router DNS The dynamic registration / update function is enabled and the client PC In the network where the auto-detection function is enabled in "wpad" If a device with the host name is added to the network, the contents of the communication may be obtained or altered. Used in home and office (Google WiFi And Ubiquiti UniFi General including etc. ) In routers, often DNS Dynamic registration / update function is used. DNS Dynamic registration / update function DHCP Use the host name sent from the client side in the request as it is A Records are automatically registered / updated. An attacker with access to the network "wpad" And "isatap" A device with a host name of DNS By registering with, you may attract access to the device and attack it. Also, the discoverer mDNS Clients in the network without using a router PC In "wpad" And "isatap" It is confirmed that it can be accessed in combination with the automatic detection function. WPAD About proxy auto-configuration by so-called Nora DHCP Server or higher DNS On the server Has been considered a problem But, LAN/WLAN There was no mention of the internal auto-configuration function. This problem, Arctic Security Company Ossi Salmi , Mika Seppanen , Marko Laakso , Kasper Kyllonen Discovered and verified by NCSC-FI Made adjustments.In an internal network, an attacker "wpad" If a device with the host name is added to the network, the device can be used as an attack proxy, and as a result, the contents of the communication may be obtained or altered. Internet Explorer Contains a flaw in the memory of the script engine that could allow arbitrary code execution in the current user's context. The vendor Scripting Engine Memory Corruption Vulnerability ". This vulnerability CVE-2017-11792 , CVE-2017-11796 , CVE-2017-11798 , CVE-2017-11799 , CVE-2017-11800 , CVE-2017-11801 , CVE-2017-11802 , CVE-2017-11804 , CVE-2017-11805 , CVE-2017-11806 , CVE-2017-11807 , CVE-2017-11808 , CVE-2017-11809 , CVE-2017-11810 , CVE-2017-11811 , CVE-2017-11812 ,and CVE-2017-11821 Is a different vulnerability.An attacker could execute arbitrary code in the context of the current user. Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Failed attacks will cause denial of service conditions. Internet Explorer 9, 10 and 11 are vulnerable; other versions may also be affected. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201710-0425",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "internet explorer",
"scope": "eq",
"trust": 2.7,
"vendor": "microsoft",
"version": "9"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 2.7,
"vendor": "microsoft",
"version": "11"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 2.7,
"vendor": "microsoft",
"version": "10"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "adtran",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mikrotik",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "pi hole",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "synology",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "tippingpoint",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ubiquiti",
"version": null
},
{
"model": "",
"scope": null,
"trust": 0.8,
"vendor": "multiple vendors",
"version": null
},
{
"model": "wpad",
"scope": "eq",
"trust": 0.3,
"vendor": "wpad",
"version": "0"
},
{
"model": "skynas",
"scope": "eq",
"trust": 0.3,
"vendor": "synology",
"version": "0"
},
{
"model": "router manager",
"scope": "eq",
"trust": 0.3,
"vendor": "synology",
"version": "1.1"
},
{
"model": "dsm",
"scope": "eq",
"trust": 0.3,
"vendor": "synology",
"version": "6.2"
},
{
"model": "dsm",
"scope": "eq",
"trust": 0.3,
"vendor": "synology",
"version": "6.1"
},
{
"model": "dsm",
"scope": "eq",
"trust": 0.3,
"vendor": "synology",
"version": "5.2"
},
{
"model": "total access 900/900e series",
"scope": "eq",
"trust": 0.3,
"vendor": "adtran",
"version": "0"
},
{
"model": "sdx 810-rg",
"scope": "eq",
"trust": 0.3,
"vendor": "adtran",
"version": "0"
},
{
"model": "netvanta",
"scope": "eq",
"trust": 0.3,
"vendor": "adtran",
"version": "60000"
},
{
"model": "netvanta series",
"scope": "eq",
"trust": 0.3,
"vendor": "adtran",
"version": "6000"
},
{
"model": "netvanta series",
"scope": "eq",
"trust": 0.3,
"vendor": "adtran",
"version": "5000"
},
{
"model": "netvanta series",
"scope": "eq",
"trust": 0.3,
"vendor": "adtran",
"version": "4000"
},
{
"model": "netvanta series",
"scope": "eq",
"trust": 0.3,
"vendor": "adtran",
"version": "3000"
},
{
"model": "netvanta series",
"scope": "eq",
"trust": 0.3,
"vendor": "adtran",
"version": "10000"
},
{
"model": "aos r13.2.2",
"scope": null,
"trust": 0.3,
"vendor": "adtran",
"version": null
},
{
"model": "434rg ont",
"scope": "eq",
"trust": 0.3,
"vendor": "adtran",
"version": "0"
},
{
"model": "424rg ont",
"scope": "eq",
"trust": 0.3,
"vendor": "adtran",
"version": "0"
},
{
"model": "414rg ont",
"scope": "eq",
"trust": 0.3,
"vendor": "adtran",
"version": "0"
},
{
"model": "router manager",
"scope": "ne",
"trust": 0.3,
"vendor": "synology",
"version": "1.1.7-6941-2"
},
{
"model": "dsm",
"scope": "ne",
"trust": 0.3,
"vendor": "synology",
"version": "6.2.1-23824"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#598349"
},
{
"db": "BID",
"id": "101141"
},
{
"db": "BID",
"id": "105298"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014029"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009020"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-173"
},
{
"db": "NVD",
"id": "CVE-2017-11793"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-11793"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hui Gao of Palo Alto Networks and Yixiang Zhu of National Engineering Lab for Mobile Internet System and Application Security, China",
"sources": [
{
"db": "BID",
"id": "101141"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-173"
}
],
"trust": 0.9
},
"cve": "CVE-2017-11793",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "CVE-2017-11793",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 1.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-11793",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 1.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-11793",
"trust": 1.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201710-173",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2017-11793",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-11793"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009020"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-173"
},
{
"db": "NVD",
"id": "CVE-2017-11793"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11792, CVE-2017-11796, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821. Automatic DNS registration and autodiscovery functionality provides an opportunity for the misconfiguration of networks, resulting in a loss of confidentiality and integrity of the network if an attacker on the network adds a specially configured proxy device. Router DNS The dynamic registration / update function is enabled and the client PC In the network where the auto-detection function is enabled in \"wpad\" If a device with the host name is added to the network, the contents of the communication may be obtained or altered. Used in home and office (Google WiFi And Ubiquiti UniFi General including etc. ) In routers, often DNS Dynamic registration / update function is used. DNS Dynamic registration / update function DHCP Use the host name sent from the client side in the request as it is A Records are automatically registered / updated. An attacker with access to the network \"wpad\" And \"isatap\" A device with a host name of DNS By registering with, you may attract access to the device and attack it. Also, the discoverer mDNS Clients in the network without using a router PC In \"wpad\" And \"isatap\" It is confirmed that it can be accessed in combination with the automatic detection function. WPAD About proxy auto-configuration by so-called Nora DHCP Server or higher DNS On the server \u003ca href=\"https://googleprojectzero.blogspot.fi/2017/12/apacolypse-now-exploiting-windows-10-in_18.html\"target=\"blank\"\u003e Has been considered a problem \u003c/a\u003e But, LAN/WLAN There was no mention of the internal auto-configuration function. This problem, Arctic Security Company Ossi Salmi , Mika Seppanen , Marko Laakso , Kasper Kyllonen Discovered and verified by NCSC-FI Made adjustments.In an internal network, an attacker \"wpad\" If a device with the host name is added to the network, the device can be used as an attack proxy, and as a result, the contents of the communication may be obtained or altered. Internet Explorer Contains a flaw in the memory of the script engine that could allow arbitrary code execution in the current user\u0027s context. The vendor Scripting Engine Memory Corruption Vulnerability \". This vulnerability CVE-2017-11792 , CVE-2017-11796 , CVE-2017-11798 , CVE-2017-11799 , CVE-2017-11800 , CVE-2017-11801 , CVE-2017-11802 , CVE-2017-11804 , CVE-2017-11805 , CVE-2017-11806 , CVE-2017-11807 , CVE-2017-11808 , CVE-2017-11809 , CVE-2017-11810 , CVE-2017-11811 , CVE-2017-11812 ,and CVE-2017-11821 Is a different vulnerability.An attacker could execute arbitrary code in the context of the current user. Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Failed attacks will cause denial of service conditions. \nInternet Explorer 9, 10 and 11 are vulnerable; other versions may also be affected. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-11793"
},
{
"db": "CERT/CC",
"id": "VU#598349"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014029"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009020"
},
{
"db": "BID",
"id": "101141"
},
{
"db": "BID",
"id": "105298"
},
{
"db": "VULMON",
"id": "CVE-2017-11793"
}
],
"trust": 3.69
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=43368",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-11793"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-11793",
"trust": 2.8
},
{
"db": "CERT/CC",
"id": "VU#598349",
"trust": 2.0
},
{
"db": "BID",
"id": "101141",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1039532",
"trust": 1.7
},
{
"db": "EXPLOIT-DB",
"id": "43368",
"trust": 1.7
},
{
"db": "EXPLOIT-DB",
"id": "43367",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU99302544",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014029",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009020",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201710-173",
"trust": 0.6
},
{
"db": "BID",
"id": "105298",
"trust": 0.3
},
{
"db": "VULMON",
"id": "CVE-2017-11793",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#598349"
},
{
"db": "VULMON",
"id": "CVE-2017-11793"
},
{
"db": "BID",
"id": "101141"
},
{
"db": "BID",
"id": "105298"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014029"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009020"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-173"
},
{
"db": "NVD",
"id": "CVE-2017-11793"
}
]
},
"id": "VAR-201710-0425",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.1625
},
"last_update_date": "2022-05-06T12:59:16.840000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2017-11793 | Scripting Engine Memory Corruption Vulnerability",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2017-11793"
},
{
"title": "CVE-2017-11793 | Scripting Engine Memory Corruption Vulnerability",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/cve-2017-11793"
},
{
"title": "Microsoft Windows Internet Explorer scripting Repair measures for engine security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=75358"
},
{
"title": "The Register",
"trust": 0.2,
"url": "https://www.theregister.co.uk/2017/10/10/october_2017_microsoft_windows_patch_tuesday/"
},
{
"title": "domato",
"trust": 0.1,
"url": "https://github.com/googleprojectzero/domato "
},
{
"title": "js-vuln-db",
"trust": 0.1,
"url": "https://github.com/tunz/js-vuln-db "
},
{
"title": "Exp101tsArchiv30thers",
"trust": 0.1,
"url": "https://github.com/nu11secur1ty/exp101tsarchiv30thers "
},
{
"title": "awesome-cve-poc_qazbnm456",
"trust": 0.1,
"url": "https://github.com/xbl3/awesome-cve-poc_qazbnm456 "
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/project-zero-chains-bugs-for-apacolypse-now-attack-on-windows-10/129193/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-11793"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009020"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-173"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-009020"
},
{
"db": "NVD",
"id": "CVE-2017-11793"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2017-11793"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/101141"
},
{
"trust": 1.8,
"url": "https://www.exploit-db.com/exploits/43368/"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1039532"
},
{
"trust": 1.6,
"url": "https://googleprojectzero.blogspot.fi/2017/12/apacolypse-now-exploiting-windows-10-in_18.html"
},
{
"trust": 1.2,
"url": "https://www.kb.cert.org/vuls/id/598349"
},
{
"trust": 1.1,
"url": "https://supportforums.adtran.com/docs/doc-9269"
},
{
"trust": 0.8,
"url": "https://www.exploit-db.com/exploits/43367/"
},
{
"trust": 0.8,
"url": "https://community.ubnt.com/t5/unifi-updates-blog/usg-firmware-v4-4-28-now-available/ba-p/2482349"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu99302544/"
},
{
"trust": 0.8,
"url": "https://www.viestintavirasto.fi/en/cybersecurity/vulnerabilities/2018/haavoittuvuus-2018-019.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-11793"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20171011-ms.html"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2017/at170039.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-11793"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com/ie/"
},
{
"trust": 0.3,
"url": "https://googleprojectzero.blogspot.com/2017/12/apacolypse-now-exploiting-windows-10-in_18.html"
},
{
"trust": 0.3,
"url": "https://www.synology.com/en-global/support/security/synology_sa_18_53"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=55455"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://threatpost.com/project-zero-chains-bugs-for-apacolypse-now-attack-on-windows-10/129193/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#598349"
},
{
"db": "VULMON",
"id": "CVE-2017-11793"
},
{
"db": "BID",
"id": "101141"
},
{
"db": "BID",
"id": "105298"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014029"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009020"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-173"
},
{
"db": "NVD",
"id": "CVE-2017-11793"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#598349"
},
{
"db": "VULMON",
"id": "CVE-2017-11793"
},
{
"db": "BID",
"id": "101141"
},
{
"db": "BID",
"id": "105298"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014029"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009020"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-173"
},
{
"db": "NVD",
"id": "CVE-2017-11793"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-05T00:00:00",
"db": "CERT/CC",
"id": "VU#598349"
},
{
"date": "2017-10-13T00:00:00",
"db": "VULMON",
"id": "CVE-2017-11793"
},
{
"date": "2017-10-10T00:00:00",
"db": "BID",
"id": "101141"
},
{
"date": "2018-09-05T00:00:00",
"db": "BID",
"id": "105298"
},
{
"date": "2018-09-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014029"
},
{
"date": "2017-11-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-009020"
},
{
"date": "2017-10-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201710-173"
},
{
"date": "2017-10-13T13:29:00",
"db": "NVD",
"id": "CVE-2017-11793"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-23T00:00:00",
"db": "CERT/CC",
"id": "VU#598349"
},
{
"date": "2019-05-10T00:00:00",
"db": "VULMON",
"id": "CVE-2017-11793"
},
{
"date": "2017-10-10T00:00:00",
"db": "BID",
"id": "101141"
},
{
"date": "2018-09-05T00:00:00",
"db": "BID",
"id": "105298"
},
{
"date": "2018-09-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014029"
},
{
"date": "2017-11-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-009020"
},
{
"date": "2019-05-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201710-173"
},
{
"date": "2019-05-10T20:10:00",
"db": "NVD",
"id": "CVE-2017-11793"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "101141"
},
{
"db": "BID",
"id": "105298"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Automatic DNS registration and proxy autodiscovery allow spoofing of network services",
"sources": [
{
"db": "CERT/CC",
"id": "VU#598349"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201710-173"
}
],
"trust": 0.6
}
}
var-201805-0950
Vulnerability from variot
A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs. In some circumstances, some operating systems or hypervisors may not expect or properly handle an Intel architecture hardware debug exception. Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with elevated privileges. 6) - i386, x86_64
-
6.6) - noarch, x86_64
Bug Fix(es):
-
If an NFSv3 client mounted a subdirectory of an exported file system, a directory entry to the mount hosting the export was incorrectly held even after clearing the cache. Consequently, attempts to unmount the subdirectory with the umount command failed with the EBUSY error. With this update, the underlying source code has been fixed, and the unmount operation now succeeds as expected in the described situation. (BZ#1538588)
-
The kernel build requirements have been updated to the GNU Compiler Collection (GCC) compiler version that has the support for Retpolines. The Retpolines mechanism is a software construct that leverages specific knowledge of the underlying hardware to mitigate the branch target injection, also known as Spectre variant 2 vulnerability described in CVE-2017-5715. (BZ#1554254)
-
Description:
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. (BZ#1549768)
-
6.4) - x86_64
-
(BZ#1554251)
-
Intel Architecture (processor architecture) is a CPU specification developed by Intel Corporation for its processor. There are security vulnerabilities in the operating systems of multiple vendors. Systems from the following vendors are affected: Apple; DragonFly BSD Project; FreeBSD Project; Linux Kernel; Microsoft; Red Hat; SUSE Linux; Ubuntu; Vmware; Xen. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: kernel security, bug fix, and enhancement update Advisory ID: RHSA-2018:1318-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:1318 Issue date: 2018-05-08 CVE Names: CVE-2017-16939 CVE-2018-1068 CVE-2018-1087 CVE-2018-1091 CVE-2018-8897 CVE-2018-1000199 =====================================================================
- Summary:
An update for kernel is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - noarch, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - noarch, ppc64le
- Description:
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
-
Kernel: KVM: error in exception handling leads to wrong debug stack value (CVE-2018-1087)
-
Kernel: error in exception handling leads to DoS (CVE-2018-8897)
-
Kernel: ipsec: xfrm: use-after-free leading to potential privilege escalation (CVE-2017-16939)
-
kernel: Out-of-bounds write via userland offsets in ebt_entry struct in netfilter/ebtables.c (CVE-2018-1068)
-
kernel: ptrace() incorrect error handling leads to corruption and DoS (CVE-2018-1000199)
-
kernel: guest kernel crash during core dump on POWER9 host (CVE-2018-1091)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Red Hat would like to thank Andy Lutomirski for reporting CVE-2018-1087 and CVE-2018-1000199 and Nick Peterson (Everdox Tech LLC) and Andy Lutomirski for reporting CVE-2018-8897.
Bug Fix(es):
These updated kernel packages include also numerous bug fixes. Space precludes documenting all of these bug fixes in this advisory. See the bug fix descriptions in the related Knowledge Article: https://access.redhat.com/articles/3431641
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
1517220 - CVE-2017-16939 Kernel: ipsec: xfrm: use-after-free leading to potential privilege escalation 1552048 - CVE-2018-1068 kernel: Out-of-bounds write via userland offsets in ebt_entry struct in netfilter/ebtables.c 1558149 - CVE-2018-1091 kernel: guest kernel crash during core dump on POWER9 host 1566837 - CVE-2018-1087 Kernel: KVM: error in exception handling leads to wrong debug stack value 1567074 - CVE-2018-8897 Kernel: error in exception handling leads to DoS 1568477 - CVE-2018-1000199 kernel: ptrace() incorrect error handling leads to corruption and DoS
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: kernel-3.10.0-862.2.3.el7.src.rpm
noarch: kernel-abi-whitelists-3.10.0-862.2.3.el7.noarch.rpm kernel-doc-3.10.0-862.2.3.el7.noarch.rpm
x86_64: kernel-3.10.0-862.2.3.el7.x86_64.rpm kernel-debug-3.10.0-862.2.3.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm kernel-debug-devel-3.10.0-862.2.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.2.3.el7.x86_64.rpm kernel-devel-3.10.0-862.2.3.el7.x86_64.rpm kernel-headers-3.10.0-862.2.3.el7.x86_64.rpm kernel-tools-3.10.0-862.2.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm kernel-tools-libs-3.10.0-862.2.3.el7.x86_64.rpm perf-3.10.0-862.2.3.el7.x86_64.rpm perf-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm python-perf-3.10.0-862.2.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: kernel-debug-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.2.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-862.2.3.el7.x86_64.rpm perf-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: kernel-3.10.0-862.2.3.el7.src.rpm
noarch: kernel-abi-whitelists-3.10.0-862.2.3.el7.noarch.rpm kernel-doc-3.10.0-862.2.3.el7.noarch.rpm
x86_64: kernel-3.10.0-862.2.3.el7.x86_64.rpm kernel-debug-3.10.0-862.2.3.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm kernel-debug-devel-3.10.0-862.2.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.2.3.el7.x86_64.rpm kernel-devel-3.10.0-862.2.3.el7.x86_64.rpm kernel-headers-3.10.0-862.2.3.el7.x86_64.rpm kernel-tools-3.10.0-862.2.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm kernel-tools-libs-3.10.0-862.2.3.el7.x86_64.rpm perf-3.10.0-862.2.3.el7.x86_64.rpm perf-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm python-perf-3.10.0-862.2.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: kernel-debug-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.2.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-862.2.3.el7.x86_64.rpm perf-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: kernel-3.10.0-862.2.3.el7.src.rpm
noarch: kernel-abi-whitelists-3.10.0-862.2.3.el7.noarch.rpm kernel-doc-3.10.0-862.2.3.el7.noarch.rpm
ppc64: kernel-3.10.0-862.2.3.el7.ppc64.rpm kernel-bootwrapper-3.10.0-862.2.3.el7.ppc64.rpm kernel-debug-3.10.0-862.2.3.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-862.2.3.el7.ppc64.rpm kernel-debug-devel-3.10.0-862.2.3.el7.ppc64.rpm kernel-debuginfo-3.10.0-862.2.3.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-862.2.3.el7.ppc64.rpm kernel-devel-3.10.0-862.2.3.el7.ppc64.rpm kernel-headers-3.10.0-862.2.3.el7.ppc64.rpm kernel-tools-3.10.0-862.2.3.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-862.2.3.el7.ppc64.rpm kernel-tools-libs-3.10.0-862.2.3.el7.ppc64.rpm perf-3.10.0-862.2.3.el7.ppc64.rpm perf-debuginfo-3.10.0-862.2.3.el7.ppc64.rpm python-perf-3.10.0-862.2.3.el7.ppc64.rpm python-perf-debuginfo-3.10.0-862.2.3.el7.ppc64.rpm
ppc64le: kernel-3.10.0-862.2.3.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-862.2.3.el7.ppc64le.rpm kernel-debug-3.10.0-862.2.3.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-862.2.3.el7.ppc64le.rpm kernel-debuginfo-3.10.0-862.2.3.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-862.2.3.el7.ppc64le.rpm kernel-devel-3.10.0-862.2.3.el7.ppc64le.rpm kernel-headers-3.10.0-862.2.3.el7.ppc64le.rpm kernel-tools-3.10.0-862.2.3.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-862.2.3.el7.ppc64le.rpm kernel-tools-libs-3.10.0-862.2.3.el7.ppc64le.rpm perf-3.10.0-862.2.3.el7.ppc64le.rpm perf-debuginfo-3.10.0-862.2.3.el7.ppc64le.rpm python-perf-3.10.0-862.2.3.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-862.2.3.el7.ppc64le.rpm
s390x: kernel-3.10.0-862.2.3.el7.s390x.rpm kernel-debug-3.10.0-862.2.3.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-862.2.3.el7.s390x.rpm kernel-debug-devel-3.10.0-862.2.3.el7.s390x.rpm kernel-debuginfo-3.10.0-862.2.3.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-862.2.3.el7.s390x.rpm kernel-devel-3.10.0-862.2.3.el7.s390x.rpm kernel-headers-3.10.0-862.2.3.el7.s390x.rpm kernel-kdump-3.10.0-862.2.3.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-862.2.3.el7.s390x.rpm kernel-kdump-devel-3.10.0-862.2.3.el7.s390x.rpm perf-3.10.0-862.2.3.el7.s390x.rpm perf-debuginfo-3.10.0-862.2.3.el7.s390x.rpm python-perf-3.10.0-862.2.3.el7.s390x.rpm python-perf-debuginfo-3.10.0-862.2.3.el7.s390x.rpm
x86_64: kernel-3.10.0-862.2.3.el7.x86_64.rpm kernel-debug-3.10.0-862.2.3.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm kernel-debug-devel-3.10.0-862.2.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.2.3.el7.x86_64.rpm kernel-devel-3.10.0-862.2.3.el7.x86_64.rpm kernel-headers-3.10.0-862.2.3.el7.x86_64.rpm kernel-tools-3.10.0-862.2.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm kernel-tools-libs-3.10.0-862.2.3.el7.x86_64.rpm perf-3.10.0-862.2.3.el7.x86_64.rpm perf-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm python-perf-3.10.0-862.2.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):
noarch: kernel-abi-whitelists-3.10.0-862.2.3.el7.noarch.rpm kernel-doc-3.10.0-862.2.3.el7.noarch.rpm
ppc64le: kernel-3.10.0-862.2.3.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-862.2.3.el7.ppc64le.rpm kernel-debug-3.10.0-862.2.3.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-862.2.3.el7.ppc64le.rpm kernel-debuginfo-3.10.0-862.2.3.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-862.2.3.el7.ppc64le.rpm kernel-devel-3.10.0-862.2.3.el7.ppc64le.rpm kernel-headers-3.10.0-862.2.3.el7.ppc64le.rpm kernel-tools-3.10.0-862.2.3.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-862.2.3.el7.ppc64le.rpm kernel-tools-libs-3.10.0-862.2.3.el7.ppc64le.rpm perf-3.10.0-862.2.3.el7.ppc64le.rpm perf-debuginfo-3.10.0-862.2.3.el7.ppc64le.rpm python-perf-3.10.0-862.2.3.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-862.2.3.el7.ppc64le.rpm
s390x: kernel-3.10.0-862.2.3.el7.s390x.rpm kernel-debug-3.10.0-862.2.3.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-862.2.3.el7.s390x.rpm kernel-debug-devel-3.10.0-862.2.3.el7.s390x.rpm kernel-debuginfo-3.10.0-862.2.3.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-862.2.3.el7.s390x.rpm kernel-devel-3.10.0-862.2.3.el7.s390x.rpm kernel-headers-3.10.0-862.2.3.el7.s390x.rpm kernel-kdump-3.10.0-862.2.3.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-862.2.3.el7.s390x.rpm kernel-kdump-devel-3.10.0-862.2.3.el7.s390x.rpm perf-3.10.0-862.2.3.el7.s390x.rpm perf-debuginfo-3.10.0-862.2.3.el7.s390x.rpm python-perf-3.10.0-862.2.3.el7.s390x.rpm python-perf-debuginfo-3.10.0-862.2.3.el7.s390x.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: kernel-debug-debuginfo-3.10.0-862.2.3.el7.ppc64.rpm kernel-debuginfo-3.10.0-862.2.3.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-862.2.3.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-862.2.3.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-862.2.3.el7.ppc64.rpm perf-debuginfo-3.10.0-862.2.3.el7.ppc64.rpm python-perf-debuginfo-3.10.0-862.2.3.el7.ppc64.rpm
ppc64le: kernel-debug-debuginfo-3.10.0-862.2.3.el7.ppc64le.rpm kernel-debug-devel-3.10.0-862.2.3.el7.ppc64le.rpm kernel-debuginfo-3.10.0-862.2.3.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-862.2.3.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-862.2.3.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-862.2.3.el7.ppc64le.rpm perf-debuginfo-3.10.0-862.2.3.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-862.2.3.el7.ppc64le.rpm
x86_64: kernel-debug-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.2.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-862.2.3.el7.x86_64.rpm perf-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):
noarch: kernel-doc-3.10.0-862.2.3.el7.noarch.rpm
ppc64le: kernel-debug-debuginfo-3.10.0-862.2.3.el7.ppc64le.rpm kernel-debug-devel-3.10.0-862.2.3.el7.ppc64le.rpm kernel-debuginfo-3.10.0-862.2.3.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-862.2.3.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-862.2.3.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-862.2.3.el7.ppc64le.rpm perf-debuginfo-3.10.0-862.2.3.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-862.2.3.el7.ppc64le.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: kernel-3.10.0-862.2.3.el7.src.rpm
noarch: kernel-abi-whitelists-3.10.0-862.2.3.el7.noarch.rpm kernel-doc-3.10.0-862.2.3.el7.noarch.rpm
x86_64: kernel-3.10.0-862.2.3.el7.x86_64.rpm kernel-debug-3.10.0-862.2.3.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm kernel-debug-devel-3.10.0-862.2.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.2.3.el7.x86_64.rpm kernel-devel-3.10.0-862.2.3.el7.x86_64.rpm kernel-headers-3.10.0-862.2.3.el7.x86_64.rpm kernel-tools-3.10.0-862.2.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm kernel-tools-libs-3.10.0-862.2.3.el7.x86_64.rpm perf-3.10.0-862.2.3.el7.x86_64.rpm perf-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm python-perf-3.10.0-862.2.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: kernel-debug-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.2.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-862.2.3.el7.x86_64.rpm perf-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2017-16939 https://access.redhat.com/security/cve/CVE-2018-1068 https://access.redhat.com/security/cve/CVE-2018-1087 https://access.redhat.com/security/cve/CVE-2018-1091 https://access.redhat.com/security/cve/CVE-2018-8897 https://access.redhat.com/security/cve/CVE-2018-1000199 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/articles/3431641
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFa8evCXlSAg2UNWIIRArfVAJkBoBiLSeqFIz+baibVTReRFZDjygCff6YB NvzATG53DXsBLux92Ow7M4o= =Sknh -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
CVE-2018-10471
An error was discovered in the mitigations against Meltdown which
could result in denial of service.
CVE-2018-10472
Anthony Perard discovered that incorrect parsing of CDROM images
can result in information disclosure.
CVE-2018-10981
Jan Beulich discovered that malformed device models could result
in denial of service.
CVE-2018-10982
Roger Pau Monne discovered that incorrect handling of high precision
event timers could result in denial of service and potentially
privilege escalation. ==========================================================================
Ubuntu Security Notice USN-3641-2 May 08, 2018
linux, linux-lts-trusty vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 ESM
Summary:
Several security issues were fixed in the Linux kernel. This update provides the corresponding updates for Ubuntu 12.04 ESM. A local attacker could use this to cause a denial of service (system crash). This issue only affected the amd64 architecture. A local attacker in a KVM virtual machine could use this to cause a denial of service (guest VM crash) or possibly escalate privileges inside of the virtual machine. This issue only affected the i386 and amd64 architectures. (CVE-2018-1087)
Andy Lutomirski discovered that the Linux kernel did not properly perform error handling on virtualized debug registers. (CVE-2018-1000199)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 12.04 ESM: linux-image-3.13.0-147-generic 3.13.0-147.196~precise1 linux-image-3.13.0-147-generic-lpae 3.13.0-147.196~precise1 linux-image-3.2.0-134-generic 3.2.0-134.180 linux-image-3.2.0-134-generic-pae 3.2.0-134.180 linux-image-3.2.0-134-highbank 3.2.0-134.180 linux-image-3.2.0-134-omap 3.2.0-134.180 linux-image-3.2.0-134-powerpc-smp 3.2.0-134.180 linux-image-3.2.0-134-powerpc64-smp 3.2.0-134.180 linux-image-3.2.0-134-virtual 3.2.0-134.180 linux-image-generic 3.2.0.134.149 linux-image-generic-lpae-lts-trusty 3.13.0.147.138 linux-image-generic-lts-trusty 3.13.0.147.138 linux-image-generic-pae 3.2.0.134.149 linux-image-highbank 3.2.0.134.149 linux-image-omap 3.2.0.134.149 linux-image-powerpc 3.2.0.134.149 linux-image-powerpc-smp 3.2.0.134.149 linux-image-powerpc64-smp 3.2.0.134.149
After a standard system update you need to reboot your computer to make all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
============================================================================= FreeBSD-SA-18:06.debugreg Security Advisory The FreeBSD Project
Topic: Mishandling of x86 debug exceptions
Category: core Module: kernel Announced: 2018-05-08 Credits: Nick Peterson, Everdox Tech LLC https://www.linkedin.com/in/everdox Andy Lutomirski Affects: All supported versions of FreeBSD. Corrected: 2018-05-08 17:03:33 UTC (stable/11, 11.2-PRERELEASE) 2018-05-08 17:12:10 UTC (releng/11.1, 11.1-RELEASE-p10) 2018-05-08 17:05:39 UTC (stable/10, 10.4-STABLE) 2018-05-08 17:12:10 UTC (releng/10.4, 10.4-RELEASE-p9) CVE Name: CVE-2018-8897
For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . Background
On x86 architecture systems, the stack is represented by the combination of a stack segment and a stack pointer, which must remain in sync for proper operation. Instructions related to manipulating the stack segment have special handling to facilitate consistency with changes to the stack pointer.
II. If that instruction is a system call or similar instruction that transfers control to the operating system, the debug exception will be handled in the kernel context instead of the user context.
III. Impact
An authenticated local attacker may be able to read sensitive data in kernel memory, control low-level operating system functions, or may panic the system.
IV. Workaround
No workaround is available.
V. Solution
Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date, using either a binary or source code patch, and then reboot.
1) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:
freebsd-update fetch
freebsd-update install
And reboot.
2) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.
[FreeBSD 11.1]
fetch https://security.FreeBSD.org/patches/SA-18:06/debugreg.11.1.patch
fetch https://security.FreeBSD.org/patches/SA-18:06/debugreg.11.1.patch.asc
gpg --verify debugreg.11.1.patch.asc
[FreeBSD 10.4]
fetch https://security.FreeBSD.org/patches/SA-18:06/debugreg.10.4.patch
fetch https://security.FreeBSD.org/patches/SA-18:06/debugreg.10.4.patch.asc
gpg --verify debugreg.10.4.patch.asc
b) Apply the patch. Execute the following commands as root:
cd /usr/src
patch < /path/to/patch
c) Recompile and install your kernel as described in and reboot the system.
VI. Correction details
The following list contains the correction revision numbers for each affected branch.
Branch/path Revision
stable/10/ r333370 releng/10.4/ r333371 stable/11/ r333369 releng/11.1/ r333371
To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:
svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
VII.
CVE-2018-1087
Andy Lutomirski discovered that the KVM implementation did not
properly handle #DB exceptions while deferred by MOV SS/POP SS,
allowing an unprivileged KVM guest user to crash the guest or
potentially escalate their privileges.
For the oldstable distribution (jessie), these problems have been fixed in version 3.16.56-1+deb8u1. This update includes various fixes for regressions from 3.16.56-1 as released in DSA-4187-1 (Cf.
For the stable distribution (stretch), these problems have been fixed in version 4.9.88-1+deb9u1. The fix for CVE-2018-1108 applied in DSA-4188-1 is temporarily reverted due to various regression, cf.
For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlryHFFfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0SMQA/9HoJDt2OdyqqtfNUuWfP3sgGV1QVjIJnF39unKRdIaGw9m0RHQUu1G3rC cgxcYcpQ0h10Yy5KVh4APqt55K7aVWVQT6xB0yx2VddMEwwl3rp2r/eL7EtoOkQT zZW5JponzlEAjC9uGk7CouA7z/qFtd5awufFhAjMF5eL4ZQ6pG8wWEbae6DbU9nz c7F+okC4hL6yPuWVEWzTRUFK1W0hs2N+VQgHV/afZaMAAooeZJDJeq1Hn/PVYvwJ IHSOs01+kn0OUFHkVRA7kVdFAYUJlfhsDcXd9nB/lkxhc/HNI1g/dK76mRxjsiMo pJlkPbEmZlOtmNG7vogxEp72ab24j2CITIHiID7ftZH5R/I2CSxp2dIzRVKdmP6P tsfh/KcpUMNwwiPiGed1DMCjtsHOodBOkLtVsoHHJVMZg2xqfCrlqNRUn9o+0DcR gO7HBsWG9K1qvSBWuRtQLT8QP00P3dSdhHmfWyfN8eJxTot+WJuMF/o+jbF6GGrZ lPmzWqg4oL7jvQO8nlEkatjIFejEg0jmt+rCXyEbK8Uc9xjJk35GKIZne5X09BFe 36zY7HbMlPvLP/VHSb6fcPBpQo/HuG0/htAB1HpWS1fPrth1J76g2EmwFSG5Lo51 IRxTXP4UZuOL1sJHQ80220tThKs2dk1Yy77dKk8qQiQ2nC2JgNs= =CskH -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201805-0950",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "ubuntu",
"version": null
},
{
"model": "xenserver",
"scope": "eq",
"trust": 1.0,
"vendor": "citrix",
"version": "7.4"
},
{
"model": "freebsd",
"scope": "gte",
"trust": 1.0,
"vendor": "freebsd",
"version": "11.0"
},
{
"model": "diskstation manager",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "6.1"
},
{
"model": "xenserver",
"scope": "eq",
"trust": 1.0,
"vendor": "citrix",
"version": "6.0.2"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "17.10"
},
{
"model": "xenserver",
"scope": "eq",
"trust": 1.0,
"vendor": "citrix",
"version": "7.0"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.13.4"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "xenserver",
"scope": "eq",
"trust": 1.0,
"vendor": "citrix",
"version": "6.5"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "xen",
"scope": "eq",
"trust": 1.0,
"vendor": "xen",
"version": null
},
{
"model": "xenserver",
"scope": "eq",
"trust": 1.0,
"vendor": "citrix",
"version": "7.3"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "diskstation manager",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "5.2"
},
{
"model": "freebsd",
"scope": "lt",
"trust": 1.0,
"vendor": "freebsd",
"version": "11.1"
},
{
"model": "xenserver",
"scope": "eq",
"trust": 1.0,
"vendor": "citrix",
"version": "7.1"
},
{
"model": "skynas",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "7.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "diskstation manager",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "6.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "xenserver",
"scope": "eq",
"trust": 1.0,
"vendor": "citrix",
"version": "6.2.0"
},
{
"model": "enterprise virtualization manager",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "3.0"
},
{
"model": "xenserver",
"scope": "eq",
"trust": 1.0,
"vendor": "citrix",
"version": "7.2"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "check point",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "dragonfly bsd",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "freebsd",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "linux kernel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "vmware",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "xen",
"version": null
},
{
"model": "kernel",
"scope": "ne",
"trust": 0.3,
"vendor": "linux",
"version": "4.14.31"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.2.62"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.15.8"
},
{
"model": "11.1-release-p9",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.4.28"
},
{
"model": "windows server r2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20120"
},
{
"model": "vcenter server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.7"
},
{
"model": "vrealize automation",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.1"
},
{
"model": "10.4-release-p8",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.13.7"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.2.1"
},
{
"model": "vsphere integrated containers",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "1.1"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.2.38"
},
{
"model": "enterprise linux server extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-6.7"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.11.5"
},
{
"model": "11.1-release-p4",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.2.2"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.2.12"
},
{
"model": "dsm",
"scope": "eq",
"trust": 0.3,
"vendor": "synology",
"version": "6.1"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.2.64"
},
{
"model": "windows version for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1018030"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.10.5"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.2.51"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.10.10"
},
{
"model": "windows server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "18030"
},
{
"model": "kernel 4.10-rc8",
"scope": null,
"trust": 0.3,
"vendor": "linux",
"version": null
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "10.4"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.2.56"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.4.38"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.4.105"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.9.3"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.4.23"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.12.10"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.15"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.2.9"
},
{
"model": "kernel",
"scope": "ne",
"trust": 0.3,
"vendor": "linux",
"version": "4.4.125"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.4.25"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.4.24"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.16.7"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.9.11"
},
{
"model": "windows for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "8.10"
},
{
"model": "windows rt",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "8.1"
},
{
"model": "windows server r2 for itanium-based systems sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.12"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.9.9"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.14.7"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.2.60"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.16"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.14.5"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.9.13"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.10.3"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.12.1"
},
{
"model": "11.1-release-p7",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "vrealize automation",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "7.3.0"
},
{
"model": "windows for 32-bit systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "8.10"
},
{
"model": "11.2-prerelease",
"scope": "ne",
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.2.78"
},
{
"model": "10.4-release-p6",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "vcenter server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.5"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.9.4"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.4.7"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.2.24"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.10.15"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.2.65"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.13.8"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.1.47"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.2.44"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.13.10"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.14.2"
},
{
"model": "virtual dsm",
"scope": "eq",
"trust": 0.3,
"vendor": "synology",
"version": "0"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.2.82"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "enterprise linux extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.1.1"
},
{
"model": "vsphere integrated containers",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "1.2"
},
{
"model": "windows server r2 for x64-based systems sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.10"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.12.9"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.4.22"
},
{
"model": "vsphere integrated containers",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "1.3.1"
},
{
"model": "vrealize automation",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.0"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.11.9"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.14.3"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.13.11"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.1"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.2.55"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.2.72"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.2.42"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.14.13"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.13"
},
{
"model": "enterprise linux long life 5.9.server",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "dsm",
"scope": "eq",
"trust": 0.3,
"vendor": "synology",
"version": "6.0"
},
{
"model": "kernel",
"scope": "ne",
"trust": 0.3,
"vendor": "linux",
"version": "4.9.91"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.4.27"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.11"
},
{
"model": "vsphere integrated containers",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "1.0"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.2.63-2"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.2.50"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.10.12"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.13.2"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.10.6"
},
{
"model": "vrealize automation",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "7.3.1"
},
{
"model": "windows for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "100"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.14.8"
},
{
"model": "windows server for x64-based systems sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "17.10"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.10.4"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.16.36"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.1.15"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.16.0-28"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.10.13"
},
{
"model": "kernel 4.10-rc1",
"scope": null,
"trust": 0.3,
"vendor": "linux",
"version": null
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.15.4"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.6"
},
{
"model": "windows server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20160"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.14.6"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.11.4"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.04"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "11.2"
},
{
"model": "vrealize automation",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "7.1"
},
{
"model": "10.4-release-p3",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "linux esm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.4.26"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.10.11"
},
{
"model": "windows for 32-bit systems sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "7"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.15.11"
},
{
"model": "windows server for itanium-based systems sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"model": "macos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.13.4"
},
{
"model": "kernel",
"scope": "ne",
"trust": 0.3,
"vendor": "linux",
"version": "4.15.14"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.11.3"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "10.4-release-p9",
"scope": "ne",
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "windows for x64-based systems sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "7"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.14.10"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.14.14"
},
{
"model": "kernel 4.12-rc1",
"scope": null,
"trust": 0.3,
"vendor": "linux",
"version": null
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.14.11"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.14"
},
{
"model": "mrg realtime for rhel server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "62"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.13.4"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.13.3"
},
{
"model": "windows version for 32-bit systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1016070"
},
{
"model": "vrealize automation",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.2"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.13.1"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.10.2"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.14.15"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.14.4"
},
{
"model": "vsphere data protection",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "0"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.11.2"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.13.9"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.1.4"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.15.9"
},
{
"model": "windows server for 32-bit systems sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.9.68"
},
{
"model": "vrealize automation",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "7.2"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.2.23"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.14.1"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.10.7"
},
{
"model": "windows server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20120"
},
{
"model": "vcenter server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.0"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.2.63"
},
{
"model": "vrealize automation",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.2.5"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.9.74"
},
{
"model": "vrealize automation",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.2.4"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.4.14"
},
{
"model": "skynas",
"scope": "eq",
"trust": 0.3,
"vendor": "synology",
"version": "0"
},
{
"model": "vrealize automation",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.2.4.1"
},
{
"model": "vsphere integrated containers",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "1.3"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.13.6"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.9.8"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.13.5"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.9.36"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.2.54"
},
{
"model": "windows version for 32-bit systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1017030"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.16.1"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "16.04"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.12.2"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.4.1"
},
{
"model": "windows version for 32-bit systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1017090"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.10.9"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.2.13"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.11.7"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.15.7"
},
{
"model": "macos security update",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "2018"
},
{
"model": "windows server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "17090"
},
{
"model": "windows for 32-bit systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "100"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.2.81"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.16.6"
},
{
"model": "vrealize automation",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "7.0"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.12.3"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.11.8"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.4.30"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.2.57"
},
{
"model": "windows version for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1016070"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.4.29"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.2.53"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.16.2"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "11.1"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.16.3"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.10.1"
},
{
"model": "windows version for 32-bit systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1018030"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.9.71"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.4.2"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.2.52"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.10.8"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.12.4"
},
{
"model": "11.1-release-p10",
"scope": "ne",
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "identity manager",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "0"
},
{
"model": "vrealize automation",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "7.4"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.11.1"
},
{
"model": "10.4-stable",
"scope": "ne",
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "enterprise linux server extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.4"
},
{
"model": "windows version for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1017030"
},
{
"model": "windows version for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1017090"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#631579"
},
{
"db": "BID",
"id": "104071"
},
{
"db": "NVD",
"id": "CVE-2018-8897"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "147550"
},
{
"db": "PACKETSTORM",
"id": "147535"
},
{
"db": "PACKETSTORM",
"id": "147543"
},
{
"db": "PACKETSTORM",
"id": "147545"
},
{
"db": "PACKETSTORM",
"id": "147541"
},
{
"db": "PACKETSTORM",
"id": "147534"
},
{
"db": "PACKETSTORM",
"id": "147537"
},
{
"db": "PACKETSTORM",
"id": "147546"
}
],
"trust": 0.8
},
"cve": "CVE-2018-8897",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2018-8897",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 6.8,
"collateralDamagePotential": "NOT DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 5.3,
"exploitability": "PROOF-OF-CONCEPT",
"exploitabilityScore": 8.6,
"id": "CVE-2018-8897",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "OFFICIAL FIX",
"reportConfidence": "CONFIRMED",
"severity": "MEDIUM",
"targetDistribution": "NOT DEFINED",
"trust": 0.8,
"userInteractionRequired": null,
"vector_string": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-138929",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2018-8897",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-8897",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-8897",
"trust": 0.8,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-138929",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#631579"
},
{
"db": "VULHUB",
"id": "VHN-138929"
},
{
"db": "NVD",
"id": "CVE-2018-8897"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer\u0027s Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL \u003c 3, the debug exception is delivered after the transfer to CPL \u003c 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs. In some circumstances, some operating systems or hypervisors may not expect or properly handle an Intel architecture hardware debug exception. Microsoft Windows is prone to a local privilege-escalation vulnerability. \nAn attacker can exploit this issue to execute arbitrary code with elevated privileges. 6) - i386, x86_64\n\n3. 6.6) - noarch, x86_64\n\n3. \n\nBug Fix(es):\n\n* If an NFSv3 client mounted a subdirectory of an exported file system, a\ndirectory entry to the mount hosting the export was incorrectly held even\nafter clearing the cache. Consequently, attempts to unmount the\nsubdirectory with the umount command failed with the EBUSY error. With this\nupdate, the underlying source code has been fixed, and the unmount\noperation now succeeds as expected in the described situation. (BZ#1538588)\n\n* The kernel build requirements have been updated to the GNU Compiler\nCollection (GCC) compiler version that has the support for Retpolines. The\nRetpolines mechanism is a software construct that leverages specific\nknowledge of the underlying hardware to mitigate the branch target\ninjection, also known as Spectre variant 2 vulnerability described in\nCVE-2017-5715. (BZ#1554254)\n\n4. Description:\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which enables\nfine-tuning for systems with extremely high determinism requirements. \n(BZ#1549768)\n\n4. 6.4) - x86_64\n\n3. (BZ#1554251)\n\n4. Intel Architecture (processor architecture) is a CPU specification developed by Intel Corporation for its processor. There are security vulnerabilities in the operating systems of multiple vendors. Systems from the following vendors are affected: Apple; DragonFly BSD Project; FreeBSD Project; Linux Kernel; Microsoft; Red Hat; SUSE Linux; Ubuntu; Vmware; Xen. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: kernel security, bug fix, and enhancement update\nAdvisory ID: RHSA-2018:1318-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2018:1318\nIssue date: 2018-05-08\nCVE Names: CVE-2017-16939 CVE-2018-1068 CVE-2018-1087 \n CVE-2018-1091 CVE-2018-8897 CVE-2018-1000199 \n=====================================================================\n\n1. Summary:\n\nAn update for kernel is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - noarch, ppc64le, s390x\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - noarch, ppc64le\n\n3. Description:\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system. \n\nSecurity Fix(es):\n\n* Kernel: KVM: error in exception handling leads to wrong debug stack value\n(CVE-2018-1087)\n\n* Kernel: error in exception handling leads to DoS (CVE-2018-8897)\n\n* Kernel: ipsec: xfrm: use-after-free leading to potential privilege\nescalation (CVE-2017-16939)\n\n* kernel: Out-of-bounds write via userland offsets in ebt_entry struct in\nnetfilter/ebtables.c (CVE-2018-1068)\n\n* kernel: ptrace() incorrect error handling leads to corruption and DoS\n(CVE-2018-1000199)\n\n* kernel: guest kernel crash during core dump on POWER9 host\n(CVE-2018-1091)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\nRed Hat would like to thank Andy Lutomirski for reporting CVE-2018-1087 and\nCVE-2018-1000199 and Nick Peterson (Everdox Tech LLC) and Andy Lutomirski\nfor reporting CVE-2018-8897. \n\nBug Fix(es):\n\nThese updated kernel packages include also numerous bug fixes. Space\nprecludes documenting all of these bug fixes in this advisory. See the bug\nfix descriptions in the related Knowledge Article:\nhttps://access.redhat.com/articles/3431641\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1517220 - CVE-2017-16939 Kernel: ipsec: xfrm: use-after-free leading to potential privilege escalation\n1552048 - CVE-2018-1068 kernel: Out-of-bounds write via userland offsets in ebt_entry struct in netfilter/ebtables.c\n1558149 - CVE-2018-1091 kernel: guest kernel crash during core dump on POWER9 host\n1566837 - CVE-2018-1087 Kernel: KVM: error in exception handling leads to wrong debug stack value\n1567074 - CVE-2018-8897 Kernel: error in exception handling leads to DoS\n1568477 - CVE-2018-1000199 kernel: ptrace() incorrect error handling leads to corruption and DoS\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nkernel-3.10.0-862.2.3.el7.src.rpm\n\nnoarch:\nkernel-abi-whitelists-3.10.0-862.2.3.el7.noarch.rpm\nkernel-doc-3.10.0-862.2.3.el7.noarch.rpm\n\nx86_64:\nkernel-3.10.0-862.2.3.el7.x86_64.rpm\nkernel-debug-3.10.0-862.2.3.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm\nkernel-debug-devel-3.10.0-862.2.3.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-862.2.3.el7.x86_64.rpm\nkernel-devel-3.10.0-862.2.3.el7.x86_64.rpm\nkernel-headers-3.10.0-862.2.3.el7.x86_64.rpm\nkernel-tools-3.10.0-862.2.3.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm\nkernel-tools-libs-3.10.0-862.2.3.el7.x86_64.rpm\nperf-3.10.0-862.2.3.el7.x86_64.rpm\nperf-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm\npython-perf-3.10.0-862.2.3.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nkernel-debug-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-862.2.3.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm\nkernel-tools-libs-devel-3.10.0-862.2.3.el7.x86_64.rpm\nperf-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nkernel-3.10.0-862.2.3.el7.src.rpm\n\nnoarch:\nkernel-abi-whitelists-3.10.0-862.2.3.el7.noarch.rpm\nkernel-doc-3.10.0-862.2.3.el7.noarch.rpm\n\nx86_64:\nkernel-3.10.0-862.2.3.el7.x86_64.rpm\nkernel-debug-3.10.0-862.2.3.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm\nkernel-debug-devel-3.10.0-862.2.3.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-862.2.3.el7.x86_64.rpm\nkernel-devel-3.10.0-862.2.3.el7.x86_64.rpm\nkernel-headers-3.10.0-862.2.3.el7.x86_64.rpm\nkernel-tools-3.10.0-862.2.3.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm\nkernel-tools-libs-3.10.0-862.2.3.el7.x86_64.rpm\nperf-3.10.0-862.2.3.el7.x86_64.rpm\nperf-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm\npython-perf-3.10.0-862.2.3.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nkernel-debug-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-862.2.3.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm\nkernel-tools-libs-devel-3.10.0-862.2.3.el7.x86_64.rpm\nperf-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nkernel-3.10.0-862.2.3.el7.src.rpm\n\nnoarch:\nkernel-abi-whitelists-3.10.0-862.2.3.el7.noarch.rpm\nkernel-doc-3.10.0-862.2.3.el7.noarch.rpm\n\nppc64:\nkernel-3.10.0-862.2.3.el7.ppc64.rpm\nkernel-bootwrapper-3.10.0-862.2.3.el7.ppc64.rpm\nkernel-debug-3.10.0-862.2.3.el7.ppc64.rpm\nkernel-debug-debuginfo-3.10.0-862.2.3.el7.ppc64.rpm\nkernel-debug-devel-3.10.0-862.2.3.el7.ppc64.rpm\nkernel-debuginfo-3.10.0-862.2.3.el7.ppc64.rpm\nkernel-debuginfo-common-ppc64-3.10.0-862.2.3.el7.ppc64.rpm\nkernel-devel-3.10.0-862.2.3.el7.ppc64.rpm\nkernel-headers-3.10.0-862.2.3.el7.ppc64.rpm\nkernel-tools-3.10.0-862.2.3.el7.ppc64.rpm\nkernel-tools-debuginfo-3.10.0-862.2.3.el7.ppc64.rpm\nkernel-tools-libs-3.10.0-862.2.3.el7.ppc64.rpm\nperf-3.10.0-862.2.3.el7.ppc64.rpm\nperf-debuginfo-3.10.0-862.2.3.el7.ppc64.rpm\npython-perf-3.10.0-862.2.3.el7.ppc64.rpm\npython-perf-debuginfo-3.10.0-862.2.3.el7.ppc64.rpm\n\nppc64le:\nkernel-3.10.0-862.2.3.el7.ppc64le.rpm\nkernel-bootwrapper-3.10.0-862.2.3.el7.ppc64le.rpm\nkernel-debug-3.10.0-862.2.3.el7.ppc64le.rpm\nkernel-debug-debuginfo-3.10.0-862.2.3.el7.ppc64le.rpm\nkernel-debuginfo-3.10.0-862.2.3.el7.ppc64le.rpm\nkernel-debuginfo-common-ppc64le-3.10.0-862.2.3.el7.ppc64le.rpm\nkernel-devel-3.10.0-862.2.3.el7.ppc64le.rpm\nkernel-headers-3.10.0-862.2.3.el7.ppc64le.rpm\nkernel-tools-3.10.0-862.2.3.el7.ppc64le.rpm\nkernel-tools-debuginfo-3.10.0-862.2.3.el7.ppc64le.rpm\nkernel-tools-libs-3.10.0-862.2.3.el7.ppc64le.rpm\nperf-3.10.0-862.2.3.el7.ppc64le.rpm\nperf-debuginfo-3.10.0-862.2.3.el7.ppc64le.rpm\npython-perf-3.10.0-862.2.3.el7.ppc64le.rpm\npython-perf-debuginfo-3.10.0-862.2.3.el7.ppc64le.rpm\n\ns390x:\nkernel-3.10.0-862.2.3.el7.s390x.rpm\nkernel-debug-3.10.0-862.2.3.el7.s390x.rpm\nkernel-debug-debuginfo-3.10.0-862.2.3.el7.s390x.rpm\nkernel-debug-devel-3.10.0-862.2.3.el7.s390x.rpm\nkernel-debuginfo-3.10.0-862.2.3.el7.s390x.rpm\nkernel-debuginfo-common-s390x-3.10.0-862.2.3.el7.s390x.rpm\nkernel-devel-3.10.0-862.2.3.el7.s390x.rpm\nkernel-headers-3.10.0-862.2.3.el7.s390x.rpm\nkernel-kdump-3.10.0-862.2.3.el7.s390x.rpm\nkernel-kdump-debuginfo-3.10.0-862.2.3.el7.s390x.rpm\nkernel-kdump-devel-3.10.0-862.2.3.el7.s390x.rpm\nperf-3.10.0-862.2.3.el7.s390x.rpm\nperf-debuginfo-3.10.0-862.2.3.el7.s390x.rpm\npython-perf-3.10.0-862.2.3.el7.s390x.rpm\npython-perf-debuginfo-3.10.0-862.2.3.el7.s390x.rpm\n\nx86_64:\nkernel-3.10.0-862.2.3.el7.x86_64.rpm\nkernel-debug-3.10.0-862.2.3.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm\nkernel-debug-devel-3.10.0-862.2.3.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-862.2.3.el7.x86_64.rpm\nkernel-devel-3.10.0-862.2.3.el7.x86_64.rpm\nkernel-headers-3.10.0-862.2.3.el7.x86_64.rpm\nkernel-tools-3.10.0-862.2.3.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm\nkernel-tools-libs-3.10.0-862.2.3.el7.x86_64.rpm\nperf-3.10.0-862.2.3.el7.x86_64.rpm\nperf-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm\npython-perf-3.10.0-862.2.3.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm\n\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):\n\nnoarch:\nkernel-abi-whitelists-3.10.0-862.2.3.el7.noarch.rpm\nkernel-doc-3.10.0-862.2.3.el7.noarch.rpm\n\nppc64le:\nkernel-3.10.0-862.2.3.el7.ppc64le.rpm\nkernel-bootwrapper-3.10.0-862.2.3.el7.ppc64le.rpm\nkernel-debug-3.10.0-862.2.3.el7.ppc64le.rpm\nkernel-debug-debuginfo-3.10.0-862.2.3.el7.ppc64le.rpm\nkernel-debuginfo-3.10.0-862.2.3.el7.ppc64le.rpm\nkernel-debuginfo-common-ppc64le-3.10.0-862.2.3.el7.ppc64le.rpm\nkernel-devel-3.10.0-862.2.3.el7.ppc64le.rpm\nkernel-headers-3.10.0-862.2.3.el7.ppc64le.rpm\nkernel-tools-3.10.0-862.2.3.el7.ppc64le.rpm\nkernel-tools-debuginfo-3.10.0-862.2.3.el7.ppc64le.rpm\nkernel-tools-libs-3.10.0-862.2.3.el7.ppc64le.rpm\nperf-3.10.0-862.2.3.el7.ppc64le.rpm\nperf-debuginfo-3.10.0-862.2.3.el7.ppc64le.rpm\npython-perf-3.10.0-862.2.3.el7.ppc64le.rpm\npython-perf-debuginfo-3.10.0-862.2.3.el7.ppc64le.rpm\n\ns390x:\nkernel-3.10.0-862.2.3.el7.s390x.rpm\nkernel-debug-3.10.0-862.2.3.el7.s390x.rpm\nkernel-debug-debuginfo-3.10.0-862.2.3.el7.s390x.rpm\nkernel-debug-devel-3.10.0-862.2.3.el7.s390x.rpm\nkernel-debuginfo-3.10.0-862.2.3.el7.s390x.rpm\nkernel-debuginfo-common-s390x-3.10.0-862.2.3.el7.s390x.rpm\nkernel-devel-3.10.0-862.2.3.el7.s390x.rpm\nkernel-headers-3.10.0-862.2.3.el7.s390x.rpm\nkernel-kdump-3.10.0-862.2.3.el7.s390x.rpm\nkernel-kdump-debuginfo-3.10.0-862.2.3.el7.s390x.rpm\nkernel-kdump-devel-3.10.0-862.2.3.el7.s390x.rpm\nperf-3.10.0-862.2.3.el7.s390x.rpm\nperf-debuginfo-3.10.0-862.2.3.el7.s390x.rpm\npython-perf-3.10.0-862.2.3.el7.s390x.rpm\npython-perf-debuginfo-3.10.0-862.2.3.el7.s390x.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nkernel-debug-debuginfo-3.10.0-862.2.3.el7.ppc64.rpm\nkernel-debuginfo-3.10.0-862.2.3.el7.ppc64.rpm\nkernel-debuginfo-common-ppc64-3.10.0-862.2.3.el7.ppc64.rpm\nkernel-tools-debuginfo-3.10.0-862.2.3.el7.ppc64.rpm\nkernel-tools-libs-devel-3.10.0-862.2.3.el7.ppc64.rpm\nperf-debuginfo-3.10.0-862.2.3.el7.ppc64.rpm\npython-perf-debuginfo-3.10.0-862.2.3.el7.ppc64.rpm\n\nppc64le:\nkernel-debug-debuginfo-3.10.0-862.2.3.el7.ppc64le.rpm\nkernel-debug-devel-3.10.0-862.2.3.el7.ppc64le.rpm\nkernel-debuginfo-3.10.0-862.2.3.el7.ppc64le.rpm\nkernel-debuginfo-common-ppc64le-3.10.0-862.2.3.el7.ppc64le.rpm\nkernel-tools-debuginfo-3.10.0-862.2.3.el7.ppc64le.rpm\nkernel-tools-libs-devel-3.10.0-862.2.3.el7.ppc64le.rpm\nperf-debuginfo-3.10.0-862.2.3.el7.ppc64le.rpm\npython-perf-debuginfo-3.10.0-862.2.3.el7.ppc64le.rpm\n\nx86_64:\nkernel-debug-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-862.2.3.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm\nkernel-tools-libs-devel-3.10.0-862.2.3.el7.x86_64.rpm\nperf-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm\n\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):\n\nnoarch:\nkernel-doc-3.10.0-862.2.3.el7.noarch.rpm\n\nppc64le:\nkernel-debug-debuginfo-3.10.0-862.2.3.el7.ppc64le.rpm\nkernel-debug-devel-3.10.0-862.2.3.el7.ppc64le.rpm\nkernel-debuginfo-3.10.0-862.2.3.el7.ppc64le.rpm\nkernel-debuginfo-common-ppc64le-3.10.0-862.2.3.el7.ppc64le.rpm\nkernel-tools-debuginfo-3.10.0-862.2.3.el7.ppc64le.rpm\nkernel-tools-libs-devel-3.10.0-862.2.3.el7.ppc64le.rpm\nperf-debuginfo-3.10.0-862.2.3.el7.ppc64le.rpm\npython-perf-debuginfo-3.10.0-862.2.3.el7.ppc64le.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nkernel-3.10.0-862.2.3.el7.src.rpm\n\nnoarch:\nkernel-abi-whitelists-3.10.0-862.2.3.el7.noarch.rpm\nkernel-doc-3.10.0-862.2.3.el7.noarch.rpm\n\nx86_64:\nkernel-3.10.0-862.2.3.el7.x86_64.rpm\nkernel-debug-3.10.0-862.2.3.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm\nkernel-debug-devel-3.10.0-862.2.3.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-862.2.3.el7.x86_64.rpm\nkernel-devel-3.10.0-862.2.3.el7.x86_64.rpm\nkernel-headers-3.10.0-862.2.3.el7.x86_64.rpm\nkernel-tools-3.10.0-862.2.3.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm\nkernel-tools-libs-3.10.0-862.2.3.el7.x86_64.rpm\nperf-3.10.0-862.2.3.el7.x86_64.rpm\nperf-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm\npython-perf-3.10.0-862.2.3.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nkernel-debug-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-862.2.3.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm\nkernel-tools-libs-devel-3.10.0-862.2.3.el7.x86_64.rpm\nperf-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-862.2.3.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2017-16939\nhttps://access.redhat.com/security/cve/CVE-2018-1068\nhttps://access.redhat.com/security/cve/CVE-2018-1087\nhttps://access.redhat.com/security/cve/CVE-2018-1091\nhttps://access.redhat.com/security/cve/CVE-2018-8897\nhttps://access.redhat.com/security/cve/CVE-2018-1000199\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/articles/3431641\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2018 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFa8evCXlSAg2UNWIIRArfVAJkBoBiLSeqFIz+baibVTReRFZDjygCff6YB\nNvzATG53DXsBLux92Ow7M4o=\n=Sknh\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nCVE-2018-10471\n\n An error was discovered in the mitigations against Meltdown which\n could result in denial of service. \n\nCVE-2018-10472\n\n Anthony Perard discovered that incorrect parsing of CDROM images\n can result in information disclosure. \n\nCVE-2018-10981\n\n Jan Beulich discovered that malformed device models could result\n in denial of service. \n\nCVE-2018-10982\n\n Roger Pau Monne discovered that incorrect handling of high precision\n event timers could result in denial of service and potentially\n privilege escalation. ==========================================================================\nUbuntu Security Notice USN-3641-2\nMay 08, 2018\n\nlinux, linux-lts-trusty vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 12.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in the Linux kernel. This update provides the\ncorresponding updates for Ubuntu 12.04 ESM. A local attacker\ncould use this to cause a denial of service (system crash). This issue only\naffected the amd64 architecture. A local attacker in a KVM virtual machine could use this to\ncause a denial of service (guest VM crash) or possibly escalate privileges\ninside of the virtual machine. This issue only affected the i386 and amd64\narchitectures. (CVE-2018-1087)\n\nAndy Lutomirski discovered that the Linux kernel did not properly perform\nerror handling on virtualized debug registers. (CVE-2018-1000199)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 12.04 ESM:\n linux-image-3.13.0-147-generic 3.13.0-147.196~precise1\n linux-image-3.13.0-147-generic-lpae 3.13.0-147.196~precise1\n linux-image-3.2.0-134-generic 3.2.0-134.180\n linux-image-3.2.0-134-generic-pae 3.2.0-134.180\n linux-image-3.2.0-134-highbank 3.2.0-134.180\n linux-image-3.2.0-134-omap 3.2.0-134.180\n linux-image-3.2.0-134-powerpc-smp 3.2.0-134.180\n linux-image-3.2.0-134-powerpc64-smp 3.2.0-134.180\n linux-image-3.2.0-134-virtual 3.2.0-134.180\n linux-image-generic 3.2.0.134.149\n linux-image-generic-lpae-lts-trusty 3.13.0.147.138\n linux-image-generic-lts-trusty 3.13.0.147.138\n linux-image-generic-pae 3.2.0.134.149\n linux-image-highbank 3.2.0.134.149\n linux-image-omap 3.2.0.134.149\n linux-image-powerpc 3.2.0.134.149\n linux-image-powerpc-smp 3.2.0.134.149\n linux-image-powerpc64-smp 3.2.0.134.149\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n\nATTENTION: Due to an unavoidable ABI change the kernel updates have\nbeen given a new version number, which requires you to recompile and\nreinstall all third party kernel modules you might have installed. \nUnless you manually uninstalled the standard kernel metapackages\n(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,\nlinux-powerpc), a standard system upgrade will automatically perform\nthis as well. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n=============================================================================\nFreeBSD-SA-18:06.debugreg Security Advisory\n The FreeBSD Project\n\nTopic: Mishandling of x86 debug exceptions\n\nCategory: core\nModule: kernel\nAnnounced: 2018-05-08\nCredits: Nick Peterson, Everdox Tech LLC\n https://www.linkedin.com/in/everdox\n Andy Lutomirski\nAffects: All supported versions of FreeBSD. \nCorrected: 2018-05-08 17:03:33 UTC (stable/11, 11.2-PRERELEASE)\n 2018-05-08 17:12:10 UTC (releng/11.1, 11.1-RELEASE-p10)\n 2018-05-08 17:05:39 UTC (stable/10, 10.4-STABLE)\n 2018-05-08 17:12:10 UTC (releng/10.4, 10.4-RELEASE-p9)\nCVE Name: CVE-2018-8897\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:https://security.FreeBSD.org/\u003e. Background\n\nOn x86 architecture systems, the stack is represented by the combination of\na stack segment and a stack pointer, which must remain in sync for proper\noperation. Instructions related to manipulating the stack segment have\nspecial handling to facilitate consistency with changes to the stack pointer. \n\nII. If that instruction is\na system call or similar instruction that transfers control to the operating\nsystem, the debug exception will be handled in the kernel context instead of\nthe user context. \n\nIII. Impact\n\nAn authenticated local attacker may be able to read sensitive data in kernel\nmemory, control low-level operating system functions, or may panic the\nsystem. \n\nIV. Workaround\n\nNo workaround is available. \n\nV. Solution\n\nUpgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date,\nusing either a binary or source code patch, and then reboot. \n\n1) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\nAnd reboot. \n\n2) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 11.1]\n# fetch https://security.FreeBSD.org/patches/SA-18:06/debugreg.11.1.patch\n# fetch https://security.FreeBSD.org/patches/SA-18:06/debugreg.11.1.patch.asc\n# gpg --verify debugreg.11.1.patch.asc\n\n[FreeBSD 10.4]\n# fetch https://security.FreeBSD.org/patches/SA-18:06/debugreg.10.4.patch\n# fetch https://security.FreeBSD.org/patches/SA-18:06/debugreg.10.4.patch.asc\n# gpg --verify debugreg.10.4.patch.asc\n\nb) Apply the patch. Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n\nc) Recompile and install your kernel as described in\n\u003cURL:https://www.FreeBSD.org/handbook/kernelconfig.html\u003e and reboot the\nsystem. \n\nVI. Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path Revision\n- -------------------------------------------------------------------------\nstable/10/ r333370\nreleng/10.4/ r333371\nstable/11/ r333369\nreleng/11.1/ r333371\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\n\u003cURL:https://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\u003e\n\nVII. \n\nCVE-2018-1087\n\n Andy Lutomirski discovered that the KVM implementation did not\n properly handle #DB exceptions while deferred by MOV SS/POP SS,\n allowing an unprivileged KVM guest user to crash the guest or\n potentially escalate their privileges. \n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 3.16.56-1+deb8u1. This update includes various fixes for\nregressions from 3.16.56-1 as released in DSA-4187-1 (Cf. \n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 4.9.88-1+deb9u1. The fix for CVE-2018-1108 applied in DSA-4188-1\nis temporarily reverted due to various regression, cf. \n\nFor the detailed security status of linux please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/linux\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlryHFFfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2\nNDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND\nz0SMQA/9HoJDt2OdyqqtfNUuWfP3sgGV1QVjIJnF39unKRdIaGw9m0RHQUu1G3rC\ncgxcYcpQ0h10Yy5KVh4APqt55K7aVWVQT6xB0yx2VddMEwwl3rp2r/eL7EtoOkQT\nzZW5JponzlEAjC9uGk7CouA7z/qFtd5awufFhAjMF5eL4ZQ6pG8wWEbae6DbU9nz\nc7F+okC4hL6yPuWVEWzTRUFK1W0hs2N+VQgHV/afZaMAAooeZJDJeq1Hn/PVYvwJ\nIHSOs01+kn0OUFHkVRA7kVdFAYUJlfhsDcXd9nB/lkxhc/HNI1g/dK76mRxjsiMo\npJlkPbEmZlOtmNG7vogxEp72ab24j2CITIHiID7ftZH5R/I2CSxp2dIzRVKdmP6P\ntsfh/KcpUMNwwiPiGed1DMCjtsHOodBOkLtVsoHHJVMZg2xqfCrlqNRUn9o+0DcR\ngO7HBsWG9K1qvSBWuRtQLT8QP00P3dSdhHmfWyfN8eJxTot+WJuMF/o+jbF6GGrZ\nlPmzWqg4oL7jvQO8nlEkatjIFejEg0jmt+rCXyEbK8Uc9xjJk35GKIZne5X09BFe\n36zY7HbMlPvLP/VHSb6fcPBpQo/HuG0/htAB1HpWS1fPrth1J76g2EmwFSG5Lo51\nIRxTXP4UZuOL1sJHQ80220tThKs2dk1Yy77dKk8qQiQ2nC2JgNs=\n=CskH\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-8897"
},
{
"db": "CERT/CC",
"id": "VU#631579"
},
{
"db": "BID",
"id": "104071"
},
{
"db": "PACKETSTORM",
"id": "147550"
},
{
"db": "PACKETSTORM",
"id": "147535"
},
{
"db": "PACKETSTORM",
"id": "147543"
},
{
"db": "PACKETSTORM",
"id": "147545"
},
{
"db": "PACKETSTORM",
"id": "147541"
},
{
"db": "VULHUB",
"id": "VHN-138929"
},
{
"db": "PACKETSTORM",
"id": "147534"
},
{
"db": "PACKETSTORM",
"id": "147651"
},
{
"db": "PACKETSTORM",
"id": "147549"
},
{
"db": "PACKETSTORM",
"id": "147537"
},
{
"db": "PACKETSTORM",
"id": "147536"
},
{
"db": "PACKETSTORM",
"id": "147546"
},
{
"db": "PACKETSTORM",
"id": "147551"
},
{
"db": "PACKETSTORM",
"id": "147547"
}
],
"trust": 3.15
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.kb.cert.org/vuls/id/631579",
"trust": 0.8,
"type": "poc"
},
{
"reference": "https://www.scap.org.cn/vuln/vhn-138929",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#631579"
},
{
"db": "VULHUB",
"id": "VHN-138929"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-8897",
"trust": 2.7
},
{
"db": "CERT/CC",
"id": "VU#631579",
"trust": 2.2
},
{
"db": "BID",
"id": "104071",
"trust": 1.4
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2018/05/08/4",
"trust": 1.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2018/05/08/1",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1040849",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1040882",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1040744",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1040866",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1040861",
"trust": 1.1
},
{
"db": "EXPLOIT-DB",
"id": "44697",
"trust": 1.1
},
{
"db": "EXPLOIT-DB",
"id": "45024",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "147541",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "147543",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "147550",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "147536",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "148549",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147542",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147539",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147548",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-138929",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147535",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147545",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147547",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147534",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147651",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147549",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147537",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147546",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147551",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#631579"
},
{
"db": "VULHUB",
"id": "VHN-138929"
},
{
"db": "BID",
"id": "104071"
},
{
"db": "PACKETSTORM",
"id": "147550"
},
{
"db": "PACKETSTORM",
"id": "147535"
},
{
"db": "PACKETSTORM",
"id": "147543"
},
{
"db": "PACKETSTORM",
"id": "147545"
},
{
"db": "PACKETSTORM",
"id": "147541"
},
{
"db": "PACKETSTORM",
"id": "147547"
},
{
"db": "PACKETSTORM",
"id": "147534"
},
{
"db": "PACKETSTORM",
"id": "147651"
},
{
"db": "PACKETSTORM",
"id": "147549"
},
{
"db": "PACKETSTORM",
"id": "147537"
},
{
"db": "PACKETSTORM",
"id": "147536"
},
{
"db": "PACKETSTORM",
"id": "147546"
},
{
"db": "PACKETSTORM",
"id": "147551"
},
{
"db": "NVD",
"id": "CVE-2018-8897"
}
]
},
"id": "VAR-201805-0950",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-138929"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-29T21:15:49.132000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-362",
"trust": 1.1
},
{
"problemtype": "CWE-264",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-138929"
},
{
"db": "NVD",
"id": "CVE-2018-8897"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-8897"
},
{
"trust": 1.9,
"url": "https://xenbits.xen.org/xsa/advisory-260.html"
},
{
"trust": 1.5,
"url": "https://access.redhat.com/security/vulnerabilities/pop_ss"
},
{
"trust": 1.4,
"url": "https://www.kb.cert.org/vuls/id/631579"
},
{
"trust": 1.4,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1567074"
},
{
"trust": 1.4,
"url": "https://www.freebsd.org/security/advisories/freebsd-sa-18:06.debugreg.asc"
},
{
"trust": 1.4,
"url": "https://usn.ubuntu.com/3641-1/"
},
{
"trust": 1.4,
"url": "https://usn.ubuntu.com/3641-2/"
},
{
"trust": 1.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8897"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2018:1318"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2018:1319"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2018:1345"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2018:1349"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2018:1351"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2018:1353"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2018:1354"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2018:1355"
},
{
"trust": 1.1,
"url": "https://kb.vmware.com/s/article/54988"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/104071"
},
{
"trust": 1.1,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190921-01-debug-en"
},
{
"trust": 1.1,
"url": "https://help.ecostruxureit.com/display/public/uadce725/security+fixes+in+struxureware+data+center+expert+v7.6.0"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20180927-0002/"
},
{
"trust": 1.1,
"url": "https://support.citrix.com/article/ctx234679"
},
{
"trust": 1.1,
"url": "https://www.synology.com/support/security/synology_sa_18_21"
},
{
"trust": 1.1,
"url": "https://www.debian.org/security/2018/dsa-4196"
},
{
"trust": 1.1,
"url": "https://www.debian.org/security/2018/dsa-4201"
},
{
"trust": 1.1,
"url": "https://www.exploit-db.com/exploits/44697/"
},
{
"trust": 1.1,
"url": "https://www.exploit-db.com/exploits/45024/"
},
{
"trust": 1.1,
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9"
},
{
"trust": 1.1,
"url": "http://openwall.com/lists/oss-security/2018/05/08/1"
},
{
"trust": 1.1,
"url": "http://openwall.com/lists/oss-security/2018/05/08/4"
},
{
"trust": 1.1,
"url": "https://github.com/can1357/cve-2018-8897/"
},
{
"trust": 1.1,
"url": "https://github.com/torvalds/linux/commit/d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9"
},
{
"trust": 1.1,
"url": "https://patchwork.kernel.org/patch/10386677/"
},
{
"trust": 1.1,
"url": "https://support.apple.com/ht208742"
},
{
"trust": 1.1,
"url": "https://www.triplefault.io/2018/05/spurious-db-exceptions-with-pop-ss.html"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00015.html"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00000.html"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00013.html"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:1346"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:1347"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:1348"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:1350"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:1352"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:1524"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1040744"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1040849"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1040861"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1040866"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1040882"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/security/cve/cve-2018-8897"
},
{
"trust": 1.0,
"url": "https://svnweb.freebsd.org/base?view=revision\u0026revision=333368"
},
{
"trust": 0.8,
"url": "https://everdox.net/popss.pdf"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/703.html"
},
{
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht208742"
},
{
"trust": 0.8,
"url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventsubmit_dogoviewsolutiondetails=\u0026solutionid=sk126534"
},
{
"trust": 0.8,
"url": "https://security.freebsd.org/advisories/freebsd-sa-18:06.debugreg.asc"
},
{
"trust": 0.8,
"url": "https://usn.ubuntu.com/3641-1/https://usn.ubuntu.com/3641-2/"
},
{
"trust": 0.8,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.8,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1087"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000199"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2018-1000199"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com"
},
{
"trust": 0.3,
"url": "https://support.apple.com/en-ie/ht208742"
},
{
"trust": 0.3,
"url": "https://lists.apple.com/archives/security-announce/2018/may/msg00001.html"
},
{
"trust": 0.3,
"url": "https://www.synology.com/en-global/support/security/synology_sa_18_21"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2018-1087"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2017-5754"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/vulnerabilities/speculativeexecution"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-16939"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1068"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-1068"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2017-16939"
},
{
"trust": 0.2,
"url": "https://usn.ubuntu.com/usn/usn-3641-1"
},
{
"trust": 0.2,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.2,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://svnweb.freebsd.org/base?view=revision\u0026amp;revision=333368"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-18017"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13166"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-7645"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-8824"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7645"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/3431591"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18017"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-13166"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-1000410"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8824"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-1000410"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-raspi2/4.4.0-1089.97"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-euclid/4.4.0-9027.29"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux/3.13.0-147.196"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gcp/4.13.0-1015.19"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-azure/4.13.0-1016.19"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux/4.4.0-124.148"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-raspi2/4.13.0-1019.20"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1019.19"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux/4.13.0-41.46"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-oem/4.13.0-1026.29"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1057.66"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-hwe/4.13.0-41.46~16.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-snapdragon/4.4.0-1092.97"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-kvm/4.4.0-1023.28"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-lts-xenial/4.4.0-124.148~14.04.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1091"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1091"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/3431641"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10471"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/xen"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10472"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10982"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10981"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/usn/usn-3641-2"
},
{
"trust": 0.1,
"url": "https://security.freebsd.org/\u003e."
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8897\u003e"
},
{
"trust": 0.1,
"url": "https://security.freebsd.org/patches/sa-18:06/debugreg.10.4.patch"
},
{
"trust": 0.1,
"url": "https://security.freebsd.org/patches/sa-18:06/debugreg.11.1.patch"
},
{
"trust": 0.1,
"url": "https://www.freebsd.org/handbook/kernelconfig.html\u003e"
},
{
"trust": 0.1,
"url": "https://security.freebsd.org/patches/sa-18:06/debugreg.11.1.patch.asc"
},
{
"trust": 0.1,
"url": "https://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn\u003e"
},
{
"trust": 0.1,
"url": "https://security.freebsd.org/advisories/freebsd-sa-18:06.debugreg.asc\u003e"
},
{
"trust": 0.1,
"url": "https://security.freebsd.org/patches/sa-18:06/debugreg.10.4.patch.asc"
},
{
"trust": 0.1,
"url": "https://www.linkedin.com/in/everdox"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/linux"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#631579"
},
{
"db": "VULHUB",
"id": "VHN-138929"
},
{
"db": "BID",
"id": "104071"
},
{
"db": "PACKETSTORM",
"id": "147550"
},
{
"db": "PACKETSTORM",
"id": "147535"
},
{
"db": "PACKETSTORM",
"id": "147543"
},
{
"db": "PACKETSTORM",
"id": "147545"
},
{
"db": "PACKETSTORM",
"id": "147541"
},
{
"db": "PACKETSTORM",
"id": "147547"
},
{
"db": "PACKETSTORM",
"id": "147534"
},
{
"db": "PACKETSTORM",
"id": "147651"
},
{
"db": "PACKETSTORM",
"id": "147549"
},
{
"db": "PACKETSTORM",
"id": "147537"
},
{
"db": "PACKETSTORM",
"id": "147536"
},
{
"db": "PACKETSTORM",
"id": "147546"
},
{
"db": "PACKETSTORM",
"id": "147551"
},
{
"db": "NVD",
"id": "CVE-2018-8897"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#631579"
},
{
"db": "VULHUB",
"id": "VHN-138929"
},
{
"db": "BID",
"id": "104071"
},
{
"db": "PACKETSTORM",
"id": "147550"
},
{
"db": "PACKETSTORM",
"id": "147535"
},
{
"db": "PACKETSTORM",
"id": "147543"
},
{
"db": "PACKETSTORM",
"id": "147545"
},
{
"db": "PACKETSTORM",
"id": "147541"
},
{
"db": "PACKETSTORM",
"id": "147547"
},
{
"db": "PACKETSTORM",
"id": "147534"
},
{
"db": "PACKETSTORM",
"id": "147651"
},
{
"db": "PACKETSTORM",
"id": "147549"
},
{
"db": "PACKETSTORM",
"id": "147537"
},
{
"db": "PACKETSTORM",
"id": "147536"
},
{
"db": "PACKETSTORM",
"id": "147546"
},
{
"db": "PACKETSTORM",
"id": "147551"
},
{
"db": "NVD",
"id": "CVE-2018-8897"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-08T00:00:00",
"db": "CERT/CC",
"id": "VU#631579"
},
{
"date": "2018-05-08T00:00:00",
"db": "VULHUB",
"id": "VHN-138929"
},
{
"date": "2018-05-08T00:00:00",
"db": "BID",
"id": "104071"
},
{
"date": "2018-05-08T23:57:37",
"db": "PACKETSTORM",
"id": "147550"
},
{
"date": "2018-05-08T20:33:37",
"db": "PACKETSTORM",
"id": "147535"
},
{
"date": "2018-05-08T23:54:17",
"db": "PACKETSTORM",
"id": "147543"
},
{
"date": "2018-05-08T23:55:04",
"db": "PACKETSTORM",
"id": "147545"
},
{
"date": "2018-05-08T23:53:34",
"db": "PACKETSTORM",
"id": "147541"
},
{
"date": "2018-05-08T23:56:14",
"db": "PACKETSTORM",
"id": "147547"
},
{
"date": "2018-05-08T20:33:22",
"db": "PACKETSTORM",
"id": "147534"
},
{
"date": "2018-05-16T07:54:27",
"db": "PACKETSTORM",
"id": "147651"
},
{
"date": "2018-05-08T23:56:57",
"db": "PACKETSTORM",
"id": "147549"
},
{
"date": "2018-05-08T20:35:01",
"db": "PACKETSTORM",
"id": "147537"
},
{
"date": "2018-05-08T20:33:55",
"db": "PACKETSTORM",
"id": "147536"
},
{
"date": "2018-05-08T23:55:56",
"db": "PACKETSTORM",
"id": "147546"
},
{
"date": "2018-05-09T17:44:05",
"db": "PACKETSTORM",
"id": "147551"
},
{
"date": "2018-05-08T18:29:00.547000",
"db": "NVD",
"id": "CVE-2018-8897"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-07-11T00:00:00",
"db": "CERT/CC",
"id": "VU#631579"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-138929"
},
{
"date": "2018-05-17T06:00:00",
"db": "BID",
"id": "104071"
},
{
"date": "2024-11-21T04:14:33.140000",
"db": "NVD",
"id": "CVE-2018-8897"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "104071"
},
{
"db": "PACKETSTORM",
"id": "147547"
},
{
"db": "PACKETSTORM",
"id": "147549"
},
{
"db": "PACKETSTORM",
"id": "147536"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hardware debug exception documentation may result in unexpected behavior",
"sources": [
{
"db": "CERT/CC",
"id": "VU#631579"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "104071"
}
],
"trust": 0.3
}
}
var-201808-0958
Vulnerability from variot
Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis. These attacks are known as L1 Terminal Fault: SGX, L1 Terminal Fault: OS/SMM, and L1 Terminal Fault: VMM. Multiple Intel Processors are prone to a multiple information-disclosure vulnerabilities. Local attackers can exploit these issues to obtain sensitive information. This may aid in further attacks. Intel Core i3 processor, etc. are all CPU (central processing unit) products of Intel Corporation of the United States. The following products are affected: Intel Core i3 processor; Intel Core i5 processor; Intel Core i7 processor; Intel Core M processor family; 2nd generation Intel Core processors; 3rd generation Intel Core processors; 4th generation Intel Core processors; 5th generation Intel Core processors, etc. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. 7) - noarch, x86_64
- Description:
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. (BZ#1594915)
Bug Fix(es):
-
Due to a bug in a CPU's speculative execution engine, the CPU could previously leak data from other processes on the system, including passwords, encryption keys, or other sensitive information. With this update, the kernel build requirements have been updated to the GNU Compiler Collection (GCC) compiler version that has the support for Expoline for IBM z Systems. As a result, data leak no longer occurs under the described circumstances. (BZ#1577761)
-
6) - i386, x86_64
Bug Fix(es):
-
The Least recently used (LRU) operations are batched by caching pages in per-cpu page vectors to prevent contention of the heavily used lru_lock spinlock. The page vectors can hold even the compound pages. Previously, the page vectors were cleared only if they were full. Subsequently, the amount of memory held in page vectors, which is not reclaimable, was sometimes too high. Consequently the page reclamation started the Out of Memory (OOM) killing processes. With this update, the underlying source code has been fixed to clear LRU page vectors each time when a compound page is added to them. As a result, OOM killing processes due to high amounts of memory held in page vectors no longer occur. (BZ#1575819)
-
========================================================================= Ubuntu Security Notice USN-3741-2 August 14, 2018
linux-lts-xenial, linux-aws vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in the Linux kernel. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS.
It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. A local attacker in a guest virtual machine could use this to expose sensitive information (memory from other guests or the host OS). (CVE-2018-3646)
It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. A remote attacker could use this to cause a denial of service. (CVE-2018-5390)
Juha-Matti Tilli discovered that the IP implementation in the Linux kernel performed algorithmically expensive operations in some situations when handling incoming packet fragments. A remote attacker could use this to cause a denial of service. (CVE-2018-5391)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 LTS: linux-image-4.4.0-1027-aws 4.4.0-1027.30 linux-image-4.4.0-133-generic 4.4.0-133.159~14.04.1 linux-image-4.4.0-133-generic-lpae 4.4.0-133.159~14.04.1 linux-image-4.4.0-133-lowlatency 4.4.0-133.159~14.04.1 linux-image-4.4.0-133-powerpc-e500mc 4.4.0-133.159~14.04.1 linux-image-4.4.0-133-powerpc-smp 4.4.0-133.159~14.04.1 linux-image-4.4.0-133-powerpc64-emb 4.4.0-133.159~14.04.1 linux-image-4.4.0-133-powerpc64-smp 4.4.0-133.159~14.04.1 linux-image-aws 4.4.0.1027.27 linux-image-generic-lpae-lts-xenial 4.4.0.133.113 linux-image-generic-lts-xenial 4.4.0.133.113 linux-image-lowlatency-lts-xenial 4.4.0.133.113 linux-image-powerpc-e500mc-lts-xenial 4.4.0.133.113 linux-image-powerpc-smp-lts-xenial 4.4.0.133.113 linux-image-powerpc64-emb-lts-xenial 4.4.0.133.113 linux-image-powerpc64-smp-lts-xenial 4.4.0.133.113
Please note that the recommended mitigation for CVE-2018-3646 involves updating processor microcode in addition to updating the kernel; however, the kernel includes a fallback for processors that have not received microcode updates.
ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2018:2384-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:2384 Issue date: 2018-08-14 CVE Names: CVE-2017-13215 CVE-2018-3620 CVE-2018-3646 CVE-2018-3693 CVE-2018-5390 CVE-2018-7566 CVE-2018-10675 ==================================================================== 1. Summary:
An update for kernel is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - noarch, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - noarch, ppc64le
- Description:
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
-
Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimisation) in combination with handling of page-faults caused by terminated virtual to physical address resolving process. As a result, an unprivileged attacker could use this flaw to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks. (CVE-2018-3620, CVE-2018-3646)
-
An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions past bounds check. The flaw relies on the presence of a precisely-defined instruction sequence in the privileged code and the fact that memory writes occur to an address which depends on the untrusted value. Such writes cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to influence speculative execution and/or read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3693)
-
A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses. (CVE-2018-5390)
-
kernel: crypto: privilege escalation in skcipher_recvmsg function (CVE-2017-13215)
-
kernel: mm: use-after-free in do_get_mempolicy function allows local DoS or other unspecified impact (CVE-2018-10675)
-
kernel: race condition in snd_seq_write() may lead to UAF or OOB access (CVE-2018-7566)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Red Hat would like to thank Intel OSSIRT (Intel.com) for reporting CVE-2018-3620 and CVE-2018-3646; Vladimir Kiriansky (MIT) and Carl Waldspurger (Carl Waldspurger Consulting) for reporting CVE-2018-3693; and Juha-Matti Tilli (Aalto University, Department of Communications and Networking and Nokia Bell Labs) for reporting CVE-2018-5390.
Bug Fix(es):
These updated kernel packages include also numerous bug fixes. Space precludes documenting all of the bug fixes in this advisory. See the descriptions in the related Knowledge Article:
https://access.redhat.com/articles/3527791
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
1535173 - CVE-2017-13215 kernel: crypto: privilege escalation in skcipher_recvmsg function 1550142 - CVE-2018-7566 kernel: race condition in snd_seq_write() may lead to UAF or OOB-access 1575065 - CVE-2018-10675 kernel: mm: use-after-free in do_get_mempolicy function allows local DoS or other unspecified impact 1581650 - CVE-2018-3693 Kernel: speculative bounds check bypass store 1585005 - CVE-2018-3646 Kernel: hw: cpu: L1 terminal fault (L1TF) 1601704 - CVE-2018-5390 kernel: TCP segments with random offsets allow a remote denial of service (SegmentSmack)
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: kernel-3.10.0-862.11.6.el7.src.rpm
noarch: kernel-abi-whitelists-3.10.0-862.11.6.el7.noarch.rpm kernel-doc-3.10.0-862.11.6.el7.noarch.rpm
x86_64: kernel-3.10.0-862.11.6.el7.x86_64.rpm kernel-debug-3.10.0-862.11.6.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-debug-devel-3.10.0-862.11.6.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.11.6.el7.x86_64.rpm kernel-devel-3.10.0-862.11.6.el7.x86_64.rpm kernel-headers-3.10.0-862.11.6.el7.x86_64.rpm kernel-tools-3.10.0-862.11.6.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-tools-libs-3.10.0-862.11.6.el7.x86_64.rpm perf-3.10.0-862.11.6.el7.x86_64.rpm perf-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm python-perf-3.10.0-862.11.6.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: kernel-debug-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.11.6.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-862.11.6.el7.x86_64.rpm perf-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: kernel-3.10.0-862.11.6.el7.src.rpm
noarch: kernel-abi-whitelists-3.10.0-862.11.6.el7.noarch.rpm kernel-doc-3.10.0-862.11.6.el7.noarch.rpm
x86_64: kernel-3.10.0-862.11.6.el7.x86_64.rpm kernel-debug-3.10.0-862.11.6.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-debug-devel-3.10.0-862.11.6.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.11.6.el7.x86_64.rpm kernel-devel-3.10.0-862.11.6.el7.x86_64.rpm kernel-headers-3.10.0-862.11.6.el7.x86_64.rpm kernel-tools-3.10.0-862.11.6.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-tools-libs-3.10.0-862.11.6.el7.x86_64.rpm perf-3.10.0-862.11.6.el7.x86_64.rpm perf-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm python-perf-3.10.0-862.11.6.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: kernel-debug-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.11.6.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-862.11.6.el7.x86_64.rpm perf-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: kernel-3.10.0-862.11.6.el7.src.rpm
noarch: kernel-abi-whitelists-3.10.0-862.11.6.el7.noarch.rpm kernel-doc-3.10.0-862.11.6.el7.noarch.rpm
ppc64: kernel-3.10.0-862.11.6.el7.ppc64.rpm kernel-bootwrapper-3.10.0-862.11.6.el7.ppc64.rpm kernel-debug-3.10.0-862.11.6.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-862.11.6.el7.ppc64.rpm kernel-debug-devel-3.10.0-862.11.6.el7.ppc64.rpm kernel-debuginfo-3.10.0-862.11.6.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-862.11.6.el7.ppc64.rpm kernel-devel-3.10.0-862.11.6.el7.ppc64.rpm kernel-headers-3.10.0-862.11.6.el7.ppc64.rpm kernel-tools-3.10.0-862.11.6.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-862.11.6.el7.ppc64.rpm kernel-tools-libs-3.10.0-862.11.6.el7.ppc64.rpm perf-3.10.0-862.11.6.el7.ppc64.rpm perf-debuginfo-3.10.0-862.11.6.el7.ppc64.rpm python-perf-3.10.0-862.11.6.el7.ppc64.rpm python-perf-debuginfo-3.10.0-862.11.6.el7.ppc64.rpm
ppc64le: kernel-3.10.0-862.11.6.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-862.11.6.el7.ppc64le.rpm kernel-debug-3.10.0-862.11.6.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm kernel-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-862.11.6.el7.ppc64le.rpm kernel-devel-3.10.0-862.11.6.el7.ppc64le.rpm kernel-headers-3.10.0-862.11.6.el7.ppc64le.rpm kernel-tools-3.10.0-862.11.6.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm kernel-tools-libs-3.10.0-862.11.6.el7.ppc64le.rpm perf-3.10.0-862.11.6.el7.ppc64le.rpm perf-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm python-perf-3.10.0-862.11.6.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm
s390x: kernel-3.10.0-862.11.6.el7.s390x.rpm kernel-debug-3.10.0-862.11.6.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-862.11.6.el7.s390x.rpm kernel-debug-devel-3.10.0-862.11.6.el7.s390x.rpm kernel-debuginfo-3.10.0-862.11.6.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-862.11.6.el7.s390x.rpm kernel-devel-3.10.0-862.11.6.el7.s390x.rpm kernel-headers-3.10.0-862.11.6.el7.s390x.rpm kernel-kdump-3.10.0-862.11.6.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-862.11.6.el7.s390x.rpm kernel-kdump-devel-3.10.0-862.11.6.el7.s390x.rpm perf-3.10.0-862.11.6.el7.s390x.rpm perf-debuginfo-3.10.0-862.11.6.el7.s390x.rpm python-perf-3.10.0-862.11.6.el7.s390x.rpm python-perf-debuginfo-3.10.0-862.11.6.el7.s390x.rpm
x86_64: kernel-3.10.0-862.11.6.el7.x86_64.rpm kernel-debug-3.10.0-862.11.6.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-debug-devel-3.10.0-862.11.6.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.11.6.el7.x86_64.rpm kernel-devel-3.10.0-862.11.6.el7.x86_64.rpm kernel-headers-3.10.0-862.11.6.el7.x86_64.rpm kernel-tools-3.10.0-862.11.6.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-tools-libs-3.10.0-862.11.6.el7.x86_64.rpm perf-3.10.0-862.11.6.el7.x86_64.rpm perf-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm python-perf-3.10.0-862.11.6.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):
noarch: kernel-abi-whitelists-3.10.0-862.11.6.el7.noarch.rpm kernel-doc-3.10.0-862.11.6.el7.noarch.rpm
ppc64le: kernel-3.10.0-862.11.6.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-862.11.6.el7.ppc64le.rpm kernel-debug-3.10.0-862.11.6.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm kernel-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-862.11.6.el7.ppc64le.rpm kernel-devel-3.10.0-862.11.6.el7.ppc64le.rpm kernel-headers-3.10.0-862.11.6.el7.ppc64le.rpm kernel-tools-3.10.0-862.11.6.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm kernel-tools-libs-3.10.0-862.11.6.el7.ppc64le.rpm perf-3.10.0-862.11.6.el7.ppc64le.rpm perf-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm python-perf-3.10.0-862.11.6.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm
s390x: kernel-3.10.0-862.11.6.el7.s390x.rpm kernel-debug-3.10.0-862.11.6.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-862.11.6.el7.s390x.rpm kernel-debug-devel-3.10.0-862.11.6.el7.s390x.rpm kernel-debuginfo-3.10.0-862.11.6.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-862.11.6.el7.s390x.rpm kernel-devel-3.10.0-862.11.6.el7.s390x.rpm kernel-headers-3.10.0-862.11.6.el7.s390x.rpm kernel-kdump-3.10.0-862.11.6.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-862.11.6.el7.s390x.rpm kernel-kdump-devel-3.10.0-862.11.6.el7.s390x.rpm perf-3.10.0-862.11.6.el7.s390x.rpm perf-debuginfo-3.10.0-862.11.6.el7.s390x.rpm python-perf-3.10.0-862.11.6.el7.s390x.rpm python-perf-debuginfo-3.10.0-862.11.6.el7.s390x.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: kernel-debug-debuginfo-3.10.0-862.11.6.el7.ppc64.rpm kernel-debuginfo-3.10.0-862.11.6.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-862.11.6.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-862.11.6.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-862.11.6.el7.ppc64.rpm perf-debuginfo-3.10.0-862.11.6.el7.ppc64.rpm python-perf-debuginfo-3.10.0-862.11.6.el7.ppc64.rpm
ppc64le: kernel-debug-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm kernel-debug-devel-3.10.0-862.11.6.el7.ppc64le.rpm kernel-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-862.11.6.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-862.11.6.el7.ppc64le.rpm perf-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm
x86_64: kernel-debug-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.11.6.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-862.11.6.el7.x86_64.rpm perf-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):
noarch: kernel-doc-3.10.0-862.11.6.el7.noarch.rpm
ppc64le: kernel-debug-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm kernel-debug-devel-3.10.0-862.11.6.el7.ppc64le.rpm kernel-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-862.11.6.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-862.11.6.el7.ppc64le.rpm perf-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: kernel-3.10.0-862.11.6.el7.src.rpm
noarch: kernel-abi-whitelists-3.10.0-862.11.6.el7.noarch.rpm kernel-doc-3.10.0-862.11.6.el7.noarch.rpm
x86_64: kernel-3.10.0-862.11.6.el7.x86_64.rpm kernel-debug-3.10.0-862.11.6.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-debug-devel-3.10.0-862.11.6.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.11.6.el7.x86_64.rpm kernel-devel-3.10.0-862.11.6.el7.x86_64.rpm kernel-headers-3.10.0-862.11.6.el7.x86_64.rpm kernel-tools-3.10.0-862.11.6.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-tools-libs-3.10.0-862.11.6.el7.x86_64.rpm perf-3.10.0-862.11.6.el7.x86_64.rpm perf-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm python-perf-3.10.0-862.11.6.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: kernel-debug-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.11.6.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-862.11.6.el7.x86_64.rpm perf-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2017-13215 https://access.redhat.com/security/cve/CVE-2018-3620 https://access.redhat.com/security/cve/CVE-2018-3646 https://access.redhat.com/security/cve/CVE-2018-3693 https://access.redhat.com/security/cve/CVE-2018-5390 https://access.redhat.com/security/cve/CVE-2018-7566 https://access.redhat.com/security/cve/CVE-2018-10675 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/L1TF https://access.redhat.com/articles/3527791
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBW3MjONzjgjWX9erEAQioYA/9Ge//K50oCrGaDEMuI2PHYLcztiZt9meh C578LP6sC/HT17VAbV8C+Tvy9QBCU80t4mGU4GOPu8Q5HzZQv45n0NtdRTGCC+yb A1bFcf0vhXIALNsuDEZN9g5SwUBapxkRoh43R+E7ITCQWp0XIPaSjYgGNqpTTuD/ lxRCzc10HhxW+pUY+ERFcK6c0poc14FtSqM3GqZe10FhkykdIlmngFjkthjzefXO dUkYDy53G+iAdTrVFI03h3Wt+UBMmNwKtu8ydqtAxZ0zDZIP5ijASOtM4mlf77ec VsNn7OWythkpTcpa+Sh5+dk6DK+lU2vziVsEocYNpzB+T/aHC9n/+I8ibfp3B4DC k4lYqZJQDFR2jVABjkOVS9dWFlOYKFmU2JBwsqdRvt3rgVFXEH3n5OQydHGFskmP NFwDbRAFlwo3zjd9KuiQzdFTOensc35+eSHykY8nxY2hGMH5gGccShFL4C7N2mtx s8JnzA/Zj00VHMg8qIHGfQ7RSd/xyEJ5vn87WZcTshTNli6x1/0VnzpTKG85Ga+K S2EJDXFP9LqCT98TL1RDJmCTtfDjU3I/gbgu5xFaofQZfV48qAUomUQ2E+MhQAOX eBr/OvlfFP8HEwVEJBDtXKxxs1LgmjTSqOtfP8AvS5zI9/Y6o56i0d7Ng1CcaGKP lZgWJhC3Yik=i4St -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . These CVEs are security vulnerabilities caused by flaws in the design of speculative execution hardware in the computer's CPU.
Details on the vulnerability and our response can be found here: https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/L1TF
Due to the high complexity of the fixes and the need for a corresponding CPU microcode update for a complete fix, we are unable to livepatch these CVEs. Please plan to reboot into an updated kernel as soon as possible.
References: CVE-2018-3620, and CVE-2018-3646
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201810-06
https://security.gentoo.org/
Severity: Normal Title: Xen: Multiple vulnerabilities Date: October 30, 2018 Bugs: #643350, #655188, #655544, #659442 ID: 201810-06
Synopsis
Multiple vulnerabilities have been found in Xen, the worst of which could cause a Denial of Service condition.
Background
Xen is a bare-metal hypervisor.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-emulation/xen < 4.10.1-r2 >= 4.10.1-r2 2 app-emulation/xen-tools < 4.10.1-r2 >= 4.10.1-r2 ------------------------------------------------------------------- 2 affected packages
Description
Multiple vulnerabilities have been discovered in Xen. Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Xen users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.10.1-r2"
All Xen tools users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=app-emulation/xen-tools-4.10.1-r2"
References
[ 1 ] CVE-2017-5715 https://nvd.nist.gov/vuln/detail/CVE-2017-5715 [ 2 ] CVE-2017-5753 https://nvd.nist.gov/vuln/detail/CVE-2017-5753 [ 3 ] CVE-2017-5754 https://nvd.nist.gov/vuln/detail/CVE-2017-5754 [ 4 ] CVE-2018-10471 https://nvd.nist.gov/vuln/detail/CVE-2018-10471 [ 5 ] CVE-2018-10472 https://nvd.nist.gov/vuln/detail/CVE-2018-10472 [ 6 ] CVE-2018-10981 https://nvd.nist.gov/vuln/detail/CVE-2018-10981 [ 7 ] CVE-2018-10982 https://nvd.nist.gov/vuln/detail/CVE-2018-10982 [ 8 ] CVE-2018-12891 https://nvd.nist.gov/vuln/detail/CVE-2018-12891 [ 9 ] CVE-2018-12892 https://nvd.nist.gov/vuln/detail/CVE-2018-12892 [ 10 ] CVE-2018-12893 https://nvd.nist.gov/vuln/detail/CVE-2018-12893 [ 11 ] CVE-2018-15468 https://nvd.nist.gov/vuln/detail/CVE-2018-15468 [ 12 ] CVE-2018-15469 https://nvd.nist.gov/vuln/detail/CVE-2018-15469 [ 13 ] CVE-2018-15470 https://nvd.nist.gov/vuln/detail/CVE-2018-15470 [ 14 ] CVE-2018-3620 https://nvd.nist.gov/vuln/detail/CVE-2018-3620 [ 15 ] CVE-2018-3646 https://nvd.nist.gov/vuln/detail/CVE-2018-3646 [ 16 ] CVE-2018-5244 https://nvd.nist.gov/vuln/detail/CVE-2018-5244 [ 17 ] CVE-2018-7540 https://nvd.nist.gov/vuln/detail/CVE-2018-7540 [ 18 ] CVE-2018-7541 https://nvd.nist.gov/vuln/detail/CVE-2018-7541 [ 19 ] CVE-2018-7542 https://nvd.nist.gov/vuln/detail/CVE-2018-7542
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201810-06
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2018 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201808-0958",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "930"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6400"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "720qm"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2655le"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3470"
},
{
"model": "core m",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5y31"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "550"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6585r"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8550u"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4210m"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4150t"
},
{
"model": "core m",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5y10c"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4150"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "740qm"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4350t"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6300hq"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "920xm"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3340m"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3630qm"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4720hq"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4000m"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2405s"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8100"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4670k"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2435m"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4770"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3770t"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "620m"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3380m"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4360"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5350u"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2410m"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6400t"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3317u"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4700ec"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4160t"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3339y"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "460m"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2620m"
},
{
"model": "core m3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7y32"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "950"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2960xm"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4570s"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "840qm"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8700k"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4330m"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2400s"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4500u"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4160"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4400e"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6300t"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5750hq"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4570r"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8350u"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2760qm"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "650"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6685r"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "520um"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3770s"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3570k"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7700k"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4130"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "970"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5550u"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3225"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6260u"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2310"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "875k"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "680"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5350h"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3840qm"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4308u"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2920xm"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2340ue"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3240"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4712mq"
},
{
"model": "core m3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7y30"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4670s"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3230m"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2720qm"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4130t"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5775c"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3227u"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "760"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5700eq"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4330t"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4460"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6600"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "*"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5675c"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4790"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4702mq"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4570"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5557u"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5157u"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3517u"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2629m"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2380p"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5257u"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4700mq"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4005u"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "560um"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "640lm"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6600t"
},
{
"model": "core m5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6y57"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "820qm"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2600k"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2675qm"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2310m"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6100u"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5300u"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8350k"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3220"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3475s"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4460t"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4340te"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4310u"
},
{
"model": "core m",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5y10"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4460s"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2860qm"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2637m"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3120m"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4210u"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5200u"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "580m"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4260u"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "560"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4690k"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5675r"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3612qm"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2500"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4750hq"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4785t"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3610qm"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4770t"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2600s"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4722hq"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5500u"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8650u"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2120"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4600m"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2375m"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4340m"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2500s"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2540m"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5600u"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "430um"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6100t"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4590s"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3720qm"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4860hq"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2820qm"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2310e"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3210"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4770te"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3217u"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7820eq"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "670"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "960"
},
{
"model": "core m7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6y75"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2102"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4170t"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6440eq"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3610me"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3610qe"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2700k"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2330e"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "470um"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "640m"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4210y"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2649m"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2600"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "330um"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3550"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4370t"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6402p"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "610e"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4950hq"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "540um"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2300"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "530"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "520m"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "660lm"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "660um"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "860"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4770s"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4402e"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "870"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2390t"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2617m"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2515e"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "560m"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3667u"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4600u"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2467m"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4850hq"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5775r"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2557m"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4570te"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "620le"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4440s"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4578u"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4800mq"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "350m"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4030u"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4300m"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4430"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "540"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6500t"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4670"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4350"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "870s"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2550k"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3689y"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5700hq"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4910mq"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7820hk"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4440"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6287u"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4100u"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3350p"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4202y"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3437u"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6100h"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4300y"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4700eq"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7500u"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4100m"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8250u"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2320"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6157u"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4110e"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4100e"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4370"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4610m"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4550u"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3520m"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4200u"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7660u"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4410e"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "750"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "980x"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2670qm"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4340"
},
{
"model": "core m",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5y51"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "640um"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4250u"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "370m"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "540m"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4360t"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4770r"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2430m"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2357m"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3550s"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "940"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7820hq"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3330"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6006u"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4158u"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3217ue"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3360m"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4112e"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2348m"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3570"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4012y"
},
{
"model": "core m",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5y70"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4771"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "520e"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2120t"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3229y"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4702ec"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5650u"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "620um"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "980"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "620ue"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "480m"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "620lm"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2100"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "430m"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3330s"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4278u"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3130m"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6200u"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "380m"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4510u"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2640m"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3340"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4690"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4200m"
},
{
"model": "core m",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5y71"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2125"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2370m"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3427u"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5575r"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3250t"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4558u"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4710mq"
},
{
"model": "core m3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6y30"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2630qm"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3517ue"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4422e"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3320m"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4770hq"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3245"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2510e"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2312m"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4310m"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3632qm"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4710hq"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "660"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4200y"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5015u"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6267u"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3687u"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4300u"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4790s"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7700"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3635qm"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6167u"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4330te"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "860s"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7567u"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4765t"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4670t"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3240t"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3340s"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "965"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3450"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3115c"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7700t"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5287u"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "940xm"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6100te"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "660ue"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "975"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2635qm"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2450m"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4670r"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3615qm"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6300"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4770k"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3470s"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4790t"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4712hq"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4760hq"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "655k"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4200h"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "990x"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2450p"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4102e"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8700"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8600k"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3615qe"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4960hq"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4810mq"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7600u"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3450s"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8400"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5950hq"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4030y"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4210h"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4360u"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6442eq"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3210m"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3439y"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6300u"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2365m"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5850eq"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6098p"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3120me"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7560u"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4790k"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3110m"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4288u"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "750s"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3612qe"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3540m"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7y75"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4900mq"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2537m"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6102e"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3250"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3555le"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4350u"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5020u"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4590"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3220t"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "661"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2677m"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4302y"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7700hq"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4258u"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3337u"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6600k"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4330"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2100t"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4010y"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4610y"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2657m"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6100e"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2330m"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5010u"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5250u"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4010u"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2377m"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4590t"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4690t"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2115c"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2500k"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3470t"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2710qe"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2400"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "880"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "920"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4700hq"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4170"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3820qm"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2520m"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4120u"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2350m"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4220y"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6500te"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4650u"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3770k"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2367m"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4110m"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3740qm"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6350hq"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4430s"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4980hq"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6320"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5005u"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4402ec"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "680um"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2715qe"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4020y"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2130"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "450m"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2500t"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4702hq"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5850hq"
},
{
"model": "core m",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5y10a"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "330e"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3570t"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6500"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2610ue"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "390m"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2328m"
},
{
"model": "core m5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6y54"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "380um"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2105"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4025u"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4570t"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4690s"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3570s"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6360u"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7920hq"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "330m"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3770"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6100"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4870hq"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6440hq"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3537u"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "2.0"
},
{
"model": "proliant dl560 gen10 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "dsm",
"scope": "eq",
"trust": 0.3,
"vendor": "synology",
"version": "5.2"
},
{
"model": "vcenter server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.7"
},
{
"model": "proliant ml350e gen8 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "proliant m710p server cartridge",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "proliant dl170h g6 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "proliant xl260a gen9 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "proliant ml330 g6 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "core x-series processor family for intel platforms",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "x990"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "cloudline cl5800 gen9 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "xeon processor e7 family",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "v40"
},
{
"model": "windows server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "18030"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-6.6"
},
{
"model": "vsphere data protection",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.1.6"
},
{
"model": "proliant ml150 g6 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "esxi",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.0"
},
{
"model": "enterprise linux for power big endian extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.5"
},
{
"model": "proliant xl170r gen9 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "proliant sl160z g6 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "proliant dl560 gen9 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-6.5"
},
{
"model": "proliant xl190r gen10 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.2.3"
},
{
"model": "proliant xl750f gen9 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.1.4"
},
{
"model": "sgi uv",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "20000"
},
{
"model": "xeon processor scalable family",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "cloudline cl2100 g3 807s 12g 8sff",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "xeon processor d-2100",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "proliant dl180 gen10 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "xeon processor e5 family",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "v20"
},
{
"model": "fusion",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "10.0"
},
{
"model": "virtualization host",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "proliant sl170z g6 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "proliant m710 server cartridge",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "proliant dl370 g6 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "vrealize automation",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.0"
},
{
"model": "proliant dl180 g6 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "3.2.2"
},
{
"model": "proliant dl360p gen8 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "proliant ml310e gen8 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "v20"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.0.3"
},
{
"model": "proliant bl280c g6 server blade",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "3.4.3"
},
{
"model": "proliant ml370 g6 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "vrealize automation",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "7.3.1"
},
{
"model": "proliant bl460c g7 server blade",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "vsphere data protection",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.0.6"
},
{
"model": "proliant bl460c g6 server blade",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "proliant thin micro tm200 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "proliant dl380e gen8 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "proliant bl620c g7 server blade",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "cloudline cl4100 gen10 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.0.1"
},
{
"model": "xenserver",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "7.5"
},
{
"model": "vrealize automation",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.2"
},
{
"model": "enterprise linux eus compute node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.7"
},
{
"model": "enterprise linux server update services for sap solutions",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.3"
},
{
"model": "proliant ml350 gen10 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.6"
},
{
"model": "proliant dl120 g6 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "esxi",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.5"
},
{
"model": "windows server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20120"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.5.3"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "3.2.3"
},
{
"model": "skynas",
"scope": "eq",
"trust": 0.3,
"vendor": "synology",
"version": "0"
},
{
"model": "proliant dl160 gen8 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "windows version for 32-bit systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1017030"
},
{
"model": "core x-series processor family for intel platforms",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "x2990"
},
{
"model": "proliant xl250a gen9 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.2.0"
},
{
"model": "enterprise linux for arm",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "647"
},
{
"model": "vsphere data protection",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.1.4"
},
{
"model": "windows server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "17090"
},
{
"model": "c880 m5 server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "vrealize automation",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "7.0"
},
{
"model": "proliant ws460c gen9 workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "vsphere data protection",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.0.5"
},
{
"model": "proliant dl120 g7 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "proliant dl380 g6 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "cloudline cl2100 gen10 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "proliant bl685c g7 server blade",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "3.4.0"
},
{
"model": "enterprise linux server update services for sap solutions",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7."
},
{
"model": "windows version for 32-bit systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1018030"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "3.0.4"
},
{
"model": "2nd generation core processors",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.1.1"
},
{
"model": "enterprise linux for real time",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux eus compute node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.5"
},
{
"model": "cloudline cl5200 gen9 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "xeon processor series",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "56000"
},
{
"model": "proliant ml110 g6 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "enterprise linux server extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.4"
},
{
"model": "proliant bl490c g7 server blade",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "fusion pro",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "10.1.1"
},
{
"model": "proliant dl385 g7 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "xeon processor series",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "36000"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.1.0"
},
{
"model": "windows server r2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20120"
},
{
"model": "enterprise linux for ibm z systems",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.11"
},
{
"model": "xeon processor e3 family",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "v20"
},
{
"model": "xeon processor series",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "55000"
},
{
"model": "enterprise linux server extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-6.7"
},
{
"model": "xeon processor e5 family",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "v40"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "3.3.2"
},
{
"model": "fusion pro",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "10.1.2"
},
{
"model": "synergy gen9 compute module",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4800"
},
{
"model": "proliant dl580 gen10 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.1.5"
},
{
"model": "dsm",
"scope": "eq",
"trust": 0.3,
"vendor": "synology",
"version": "6.1"
},
{
"model": "synergy gen9 compute module",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6200"
},
{
"model": "vsphere data protection",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.1"
},
{
"model": "synergy gen10 compute module",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4800"
},
{
"model": "proliant dl160 gen10 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "cloudline cl3100 gen10 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "proliant ml150 gen9 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "5th generation core processors",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "c880 m4 server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "apollo gen9 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "42000"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "3.4.2"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.1.3"
},
{
"model": "proliant dl580 g7 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "7th generation core processors",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "3rd generation core processors",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "3.0.3"
},
{
"model": "vsphere integrated containers",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "1.2"
},
{
"model": "windows server r2 for x64-based systems sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"model": "cloudline cl2200 gen10 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "vsphere integrated containers",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "1.3.1"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.8"
},
{
"model": "windows server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2016"
},
{
"model": "sgi uv",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3000"
},
{
"model": "esxi",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.7"
},
{
"model": "enterprise linux for power little endian extended update supp",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.5"
},
{
"model": "enterprise linux for power little endian",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "integrity superdome with bl920s gen9 server blade",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "x0"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.7"
},
{
"model": "cloudline cl2100 g3 806r 8sff",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-6.6"
},
{
"model": "windows server for x64-based systems sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.3.0"
},
{
"model": "operating system",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "enterprise linux for power little endian extended update supp",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.4"
},
{
"model": "proliant dl980 g7 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.4"
},
{
"model": "xeon processor e5 family",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "v30"
},
{
"model": "proliant sl210t gen8 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "sgi uv",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "10000"
},
{
"model": "cloudline cl2100 g3 407s 12g 4lff",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "xeon processor e7 family",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "3.0.2"
},
{
"model": "core i3 processor",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "6th generation core processors",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "vrealize automation",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.2.5"
},
{
"model": "superdome flex server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "vsphere integrated containers",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "1.3"
},
{
"model": "enterprise linux eus compute node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "virtual machine manager",
"scope": "eq",
"trust": 0.3,
"vendor": "synology",
"version": "0"
},
{
"model": "xeon processor e3 family",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "v40"
},
{
"model": "proliant ml110 g7 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.2.2"
},
{
"model": "proliant dl580 gen8 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "identity manager",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "3.0"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "3.1"
},
{
"model": "proliant ml30 gen9 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "enterprise linux for ibm system z",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "integrity mc990 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "x0"
},
{
"model": "proliant ml110 gen9 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.10"
},
{
"model": "proliant bl490c g6 server blade",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "proliant dl360 gen10 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "proliant m710x server cartridge",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "virtualization els",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7"
},
{
"model": "windows version for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1017090"
},
{
"model": "proliant ml350 gen9 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "proliant dl320 g6 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "integrity superdome with bl920s gen8 server blade",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "x0"
},
{
"model": "fusion pro",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "10.0"
},
{
"model": "proliant xl270d gen10 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "proliant bl660c gen9 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "8th generation core processors",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "proliant xl190r gen9 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "proliant xl450 gen9 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "enterprise linux server extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.5"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "3.1.4"
},
{
"model": "proliant bl680c g7 server blade",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.1.6.1"
},
{
"model": "windows version for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1018030"
},
{
"model": "4th generation core processors",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "proliant dl180 gen9 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "proliant xl450 gen10 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "enterprise linux for power little endian extended update supp",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.3"
},
{
"model": "windows for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "8.10"
},
{
"model": "proliant sl160s g6 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "proliant dl380 g7 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "proliant dl170e g6 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "proliant bl460c gen8 server blade",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.4"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.3"
},
{
"model": "proliant dl380 gen10 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "windows for 32-bit systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "8.10"
},
{
"model": "system management mode",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "xenserver",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "7.1"
},
{
"model": "xeon processor series",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "75000"
},
{
"model": "xenserver ltsr cu1",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "7.1"
},
{
"model": "cloudline cl5200 g3 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.4.1"
},
{
"model": "proliant dl360 g7 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "xeon processor e3 family",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "v30"
},
{
"model": "rhev hypervisor for rhel-6",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "0"
},
{
"model": "proliant dl360 gen9 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "3.4.4"
},
{
"model": "enterprise linux for ibm z systems extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.5"
},
{
"model": "vsphere integrated containers",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "1.0"
},
{
"model": "vsphere data protection",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.0"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "3.3.1"
},
{
"model": "proliant dl360 g6 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "xeon processor e3 family",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "v50"
},
{
"model": "virtualization els",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-6"
},
{
"model": "proliant sl2x170z g6 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "windows for 32-bit systems sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "7"
},
{
"model": "windows for x64-based systems sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "7"
},
{
"model": "enterprise linux for ibm z systems extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.4"
},
{
"model": "management agent for rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "70"
},
{
"model": "windows version for 32-bit systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1016070"
},
{
"model": "proliant dl360e gen8 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "core i7 processor",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.3.1"
},
{
"model": "windows server for 32-bit systems sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"model": "enterprise linux for ibm z systems extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-6.7"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.0.0"
},
{
"model": "proliant bl2x220c g7 server blade",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "dsm",
"scope": "eq",
"trust": 0.3,
"vendor": "synology",
"version": "6.2"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.5"
},
{
"model": "vcenter server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.0"
},
{
"model": "virtualization",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "vrealize automation",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.2.4"
},
{
"model": "vrealize automation",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.2.4.1"
},
{
"model": "synergy gen9 compute module",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6600"
},
{
"model": "cloudline cl2200 g3 1211r lff",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "120"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.9"
},
{
"model": "windows version for 32-bit systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1017090"
},
{
"model": "enterprise linux server extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.3"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.0.2"
},
{
"model": "proliant ml350p gen8 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "synergy gen10 compute module",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6600"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.0.4"
},
{
"model": "enterprise linux for power big endian",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "3.2.0"
},
{
"model": "proliant bl460c gen10 server blade",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "proliant dl320e gen8 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "proliant ml110 gen10 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "proliant bl420c gen8 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.4.0"
},
{
"model": "vrealize automation",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "7.4"
},
{
"model": "xenserver",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "7.4"
},
{
"model": "proliant ml350 g6 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "proliant microserver gen8",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "proliant dl580 gen9 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "vrealize automation",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.1"
},
{
"model": "xeon processor d-1500",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.4"
},
{
"model": "sgi uv",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "30000"
},
{
"model": "enterprise linux for power big endian extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.4"
},
{
"model": "vsphere integrated containers",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "1.1"
},
{
"model": "proliant sl170s g6 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "ucs e-series servers",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "enterprise linux server update services for sap solutions",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.2"
},
{
"model": "enterprise linux for scientific computing",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "xeon processor e3 family",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "v60"
},
{
"model": "proliant bl660c gen8 server blade",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "enterprise linux for power big endian extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-6.7"
},
{
"model": "300h",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "core i5 processor",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "proliant dl560 gen8 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "proliant dl380p gen8 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "3.1.3"
},
{
"model": "enterprise linux for ibm z systems extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.3"
},
{
"model": "windows rt",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "3.3.0"
},
{
"model": "proliant xl270d gen9 accelerator tray 2u configure-to-order serv",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "enterprise linux eus compute node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.4"
},
{
"model": "vrealize automation",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "7.3.0"
},
{
"model": "vcenter server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.5"
},
{
"model": "fusion",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "10.1.1"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "3.4.1"
},
{
"model": "proliant sl390s g7 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "proliant xl230a gen9 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "xeon processor e3 family",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "proliant xl730f gen9 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "enterprise linux extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "virtual machine manager",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "proliant bl460c gen9 server blade",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "proliant dl60 gen9 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "vsphere data protection",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.1.5"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.6.3"
},
{
"model": "xeon processor e7 family",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "v20"
},
{
"model": "xeon processor series",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "34000"
},
{
"model": "proliant dl120 gen9 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.2.1"
},
{
"model": "fusion",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "10.1.2"
},
{
"model": "xeon processor e7 family",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "v30"
},
{
"model": "software guard extensions",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "synergy gen9 special compute module",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6200"
},
{
"model": "proliant bl2x220c g6 server blade",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "proliant xl740f gen9 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "cloudline cl3100 g3 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "cloudline cl2100 g3 807s sff",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "80"
},
{
"model": "proliant xl230k gen10 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "windows for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "100"
},
{
"model": "cloudline cl2200 g3 12g 1211r 12lff",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "vrealize automation",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "7.1"
},
{
"model": "xenserver",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "7.0"
},
{
"model": "vsphere data protection",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.0.7"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "3.2.1"
},
{
"model": "enterprise linux for power",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "97"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.3"
},
{
"model": "enterprise linux for power big endian extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.3"
},
{
"model": "cloudline cl3150 gen10 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "vrealize automation",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "7.2"
},
{
"model": "proliant xl170r gen10 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "proliant dl380 gen9 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "core m processor family",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "fusion",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "10.1"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.5.0"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.1.2"
},
{
"model": "proliant dl120 gen10 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "windows version for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1016070"
},
{
"model": "xeon processor e5 family",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "300rl",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "cloudline cl2100 g3 407s lff",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "40"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.6"
},
{
"model": "xeon processor series",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "65000"
},
{
"model": "proliant dl80 gen9 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "windows version for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1017030"
},
{
"model": "proliant ml310e gen8 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "proliant dl160 g6 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "proliant bl465c g7 server blade",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#982149"
},
{
"db": "BID",
"id": "105080"
},
{
"db": "NVD",
"id": "CVE-2018-3620"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "148941"
},
{
"db": "PACKETSTORM",
"id": "148907"
},
{
"db": "PACKETSTORM",
"id": "148901"
},
{
"db": "PACKETSTORM",
"id": "148898"
},
{
"db": "PACKETSTORM",
"id": "149142"
},
{
"db": "PACKETSTORM",
"id": "148899"
}
],
"trust": 0.6
},
"cve": "CVE-2018-3620",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "CVE-2018-3620",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "VHN-133651",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:N/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.1,
"id": "CVE-2018-3620",
"impactScore": 4.0,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-3620",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-133651",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-3620",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-133651"
},
{
"db": "VULMON",
"id": "CVE-2018-3620"
},
{
"db": "NVD",
"id": "CVE-2018-3620"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis. These attacks are known as L1 Terminal Fault: SGX, L1 Terminal Fault: OS/SMM, and L1 Terminal Fault: VMM. Multiple Intel Processors are prone to a multiple information-disclosure vulnerabilities. \nLocal attackers can exploit these issues to obtain sensitive information. This may aid in further attacks. Intel Core i3 processor, etc. are all CPU (central processing unit) products of Intel Corporation of the United States. The following products are affected: Intel Core i3 processor; Intel Core i5 processor; Intel Core i7 processor; Intel Core M processor family; 2nd generation Intel Core processors; 3rd generation Intel Core processors; 4th generation Intel Core processors; 5th generation Intel Core processors, etc. These packages include redhat-release-virtualization-host,\novirt-node, and rhev-hypervisor. RHVH features a Cockpit user\ninterface for monitoring the host\u0027s resources and performing administrative\ntasks. 7) - noarch, x86_64\n\n3. Description:\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which enables\nfine-tuning for systems with extremely high determinism requirements. \n(BZ#1594915)\n\n4. \n\nBug Fix(es):\n\n* Due to a bug in a CPU\u0027s speculative execution engine, the CPU could\npreviously leak data from other processes on the system, including\npasswords, encryption keys, or other sensitive information. With this\nupdate, the kernel build requirements have been updated to the GNU Compiler\nCollection (GCC) compiler version that has the support for Expoline for IBM\nz Systems. As a result, data leak no longer occurs under the described\ncircumstances. (BZ#1577761)\n\n4. 6) - i386, x86_64\n\n3. \n\nBug Fix(es):\n\n* The Least recently used (LRU) operations are batched by caching pages in\nper-cpu page vectors to prevent contention of the heavily used lru_lock\nspinlock. The page vectors can hold even the compound pages. Previously,\nthe page vectors were cleared only if they were full. Subsequently, the\namount of memory held in page vectors, which is not reclaimable, was\nsometimes too high. Consequently the page reclamation started the Out of\nMemory (OOM) killing processes. With this update, the underlying source\ncode has been fixed to clear LRU page vectors each time when a compound\npage is added to them. As a result, OOM killing processes due to high\namounts of memory held in page vectors no longer occur. (BZ#1575819)\n\n4. =========================================================================\nUbuntu Security Notice USN-3741-2\nAugust 14, 2018\n\nlinux-lts-xenial, linux-aws vulnerabilities\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in the Linux kernel. This update provides the corresponding updates for the Linux\nHardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu\n14.04 LTS. \n\nIt was discovered that memory present in the L1 data cache of an Intel CPU\ncore may be exposed to a malicious process that is executing on the CPU\ncore. A local\nattacker in a guest virtual machine could use this to expose sensitive\ninformation (memory from other guests or the host OS). (CVE-2018-3646)\n\nIt was discovered that memory present in the L1 data cache of an Intel CPU\ncore may be exposed to a malicious process that is executing on the CPU\ncore. A remote attacker could use this to cause a\ndenial of service. (CVE-2018-5390)\n\nJuha-Matti Tilli discovered that the IP implementation in the Linux kernel\nperformed algorithmically expensive operations in some situations when\nhandling incoming packet fragments. A remote attacker could use this to\ncause a denial of service. (CVE-2018-5391)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 LTS:\n linux-image-4.4.0-1027-aws 4.4.0-1027.30\n linux-image-4.4.0-133-generic 4.4.0-133.159~14.04.1\n linux-image-4.4.0-133-generic-lpae 4.4.0-133.159~14.04.1\n linux-image-4.4.0-133-lowlatency 4.4.0-133.159~14.04.1\n linux-image-4.4.0-133-powerpc-e500mc 4.4.0-133.159~14.04.1\n linux-image-4.4.0-133-powerpc-smp 4.4.0-133.159~14.04.1\n linux-image-4.4.0-133-powerpc64-emb 4.4.0-133.159~14.04.1\n linux-image-4.4.0-133-powerpc64-smp 4.4.0-133.159~14.04.1\n linux-image-aws 4.4.0.1027.27\n linux-image-generic-lpae-lts-xenial 4.4.0.133.113\n linux-image-generic-lts-xenial 4.4.0.133.113\n linux-image-lowlatency-lts-xenial 4.4.0.133.113\n linux-image-powerpc-e500mc-lts-xenial 4.4.0.133.113\n linux-image-powerpc-smp-lts-xenial 4.4.0.133.113\n linux-image-powerpc64-emb-lts-xenial 4.4.0.133.113\n linux-image-powerpc64-smp-lts-xenial 4.4.0.133.113\n\nPlease note that the recommended mitigation for CVE-2018-3646 involves\nupdating processor microcode in addition to updating the kernel;\nhowever, the kernel includes a fallback for processors that have not\nreceived microcode updates. \n\nATTENTION: Due to an unavoidable ABI change the kernel updates have\nbeen given a new version number, which requires you to recompile and\nreinstall all third party kernel modules you might have installed. \nUnless you manually uninstalled the standard kernel metapackages\n(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,\nlinux-powerpc), a standard system upgrade will automatically perform\nthis as well. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: kernel security and bug fix update\nAdvisory ID: RHSA-2018:2384-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2018:2384\nIssue date: 2018-08-14\nCVE Names: CVE-2017-13215 CVE-2018-3620 CVE-2018-3646\n CVE-2018-3693 CVE-2018-5390 CVE-2018-7566\n CVE-2018-10675\n====================================================================\n1. Summary:\n\nAn update for kernel is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - noarch, ppc64le, s390x\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - noarch, ppc64le\n\n3. Description:\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system. \n\nSecurity Fix(es):\n\n* Modern operating systems implement virtualization of physical memory to\nefficiently use available system resources and provide inter-domain\nprotection through access control and isolation. The L1TF issue was found\nin the way the x86 microprocessor designs have implemented speculative\nexecution of instructions (a commonly used performance optimisation) in\ncombination with handling of page-faults caused by terminated virtual to\nphysical address resolving process. As a result, an unprivileged attacker\ncould use this flaw to read privileged memory of the kernel or other\nprocesses and/or cross guest/host boundaries to read host memory by\nconducting targeted cache side-channel attacks. (CVE-2018-3620,\nCVE-2018-3646)\n\n* An industry-wide issue was found in the way many modern microprocessor\ndesigns have implemented speculative execution of instructions past bounds\ncheck. The flaw relies on the presence of a precisely-defined instruction\nsequence in the privileged code and the fact that memory writes occur to an\naddress which depends on the untrusted value. Such writes cause an update\ninto the microprocessor\u0027s data cache even for speculatively executed\ninstructions that never actually commit (retire). As a result, an\nunprivileged attacker could use this flaw to influence speculative\nexecution and/or read privileged memory by conducting targeted cache\nside-channel attacks. (CVE-2018-3693)\n\n* A flaw named SegmentSmack was found in the way the Linux kernel handled\nspecially crafted TCP packets. A remote attacker could use this flaw to\ntrigger time and calculation expensive calls to tcp_collapse_ofo_queue()\nand tcp_prune_ofo_queue() functions by sending specially modified packets\nwithin ongoing TCP sessions which could lead to a CPU saturation and hence\na denial of service on the system. Maintaining the denial of service\ncondition requires continuous two-way TCP sessions to a reachable open\nport, thus the attacks cannot be performed using spoofed IP addresses. \n(CVE-2018-5390)\n\n* kernel: crypto: privilege escalation in skcipher_recvmsg function\n(CVE-2017-13215)\n\n* kernel: mm: use-after-free in do_get_mempolicy function allows local DoS\nor other unspecified impact (CVE-2018-10675)\n\n* kernel: race condition in snd_seq_write() may lead to UAF or OOB access\n(CVE-2018-7566)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\nRed Hat would like to thank Intel OSSIRT (Intel.com) for reporting\nCVE-2018-3620 and CVE-2018-3646; Vladimir Kiriansky (MIT) and Carl\nWaldspurger (Carl Waldspurger Consulting) for reporting CVE-2018-3693; and\nJuha-Matti Tilli (Aalto University, Department of Communications and\nNetworking and Nokia Bell Labs) for reporting CVE-2018-5390. \n\nBug Fix(es):\n\nThese updated kernel packages include also numerous bug fixes. Space\nprecludes documenting all of the bug fixes in this advisory. See the\ndescriptions in the related Knowledge Article:\n\nhttps://access.redhat.com/articles/3527791\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1535173 - CVE-2017-13215 kernel: crypto: privilege escalation in skcipher_recvmsg function\n1550142 - CVE-2018-7566 kernel: race condition in snd_seq_write() may lead to UAF or OOB-access\n1575065 - CVE-2018-10675 kernel: mm: use-after-free in do_get_mempolicy function allows local DoS or other unspecified impact\n1581650 - CVE-2018-3693 Kernel: speculative bounds check bypass store\n1585005 - CVE-2018-3646 Kernel: hw: cpu: L1 terminal fault (L1TF)\n1601704 - CVE-2018-5390 kernel: TCP segments with random offsets allow a remote denial of service (SegmentSmack)\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nkernel-3.10.0-862.11.6.el7.src.rpm\n\nnoarch:\nkernel-abi-whitelists-3.10.0-862.11.6.el7.noarch.rpm\nkernel-doc-3.10.0-862.11.6.el7.noarch.rpm\n\nx86_64:\nkernel-3.10.0-862.11.6.el7.x86_64.rpm\nkernel-debug-3.10.0-862.11.6.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm\nkernel-debug-devel-3.10.0-862.11.6.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-862.11.6.el7.x86_64.rpm\nkernel-devel-3.10.0-862.11.6.el7.x86_64.rpm\nkernel-headers-3.10.0-862.11.6.el7.x86_64.rpm\nkernel-tools-3.10.0-862.11.6.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm\nkernel-tools-libs-3.10.0-862.11.6.el7.x86_64.rpm\nperf-3.10.0-862.11.6.el7.x86_64.rpm\nperf-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm\npython-perf-3.10.0-862.11.6.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nkernel-debug-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-862.11.6.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm\nkernel-tools-libs-devel-3.10.0-862.11.6.el7.x86_64.rpm\nperf-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nkernel-3.10.0-862.11.6.el7.src.rpm\n\nnoarch:\nkernel-abi-whitelists-3.10.0-862.11.6.el7.noarch.rpm\nkernel-doc-3.10.0-862.11.6.el7.noarch.rpm\n\nx86_64:\nkernel-3.10.0-862.11.6.el7.x86_64.rpm\nkernel-debug-3.10.0-862.11.6.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm\nkernel-debug-devel-3.10.0-862.11.6.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-862.11.6.el7.x86_64.rpm\nkernel-devel-3.10.0-862.11.6.el7.x86_64.rpm\nkernel-headers-3.10.0-862.11.6.el7.x86_64.rpm\nkernel-tools-3.10.0-862.11.6.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm\nkernel-tools-libs-3.10.0-862.11.6.el7.x86_64.rpm\nperf-3.10.0-862.11.6.el7.x86_64.rpm\nperf-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm\npython-perf-3.10.0-862.11.6.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nkernel-debug-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-862.11.6.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm\nkernel-tools-libs-devel-3.10.0-862.11.6.el7.x86_64.rpm\nperf-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nkernel-3.10.0-862.11.6.el7.src.rpm\n\nnoarch:\nkernel-abi-whitelists-3.10.0-862.11.6.el7.noarch.rpm\nkernel-doc-3.10.0-862.11.6.el7.noarch.rpm\n\nppc64:\nkernel-3.10.0-862.11.6.el7.ppc64.rpm\nkernel-bootwrapper-3.10.0-862.11.6.el7.ppc64.rpm\nkernel-debug-3.10.0-862.11.6.el7.ppc64.rpm\nkernel-debug-debuginfo-3.10.0-862.11.6.el7.ppc64.rpm\nkernel-debug-devel-3.10.0-862.11.6.el7.ppc64.rpm\nkernel-debuginfo-3.10.0-862.11.6.el7.ppc64.rpm\nkernel-debuginfo-common-ppc64-3.10.0-862.11.6.el7.ppc64.rpm\nkernel-devel-3.10.0-862.11.6.el7.ppc64.rpm\nkernel-headers-3.10.0-862.11.6.el7.ppc64.rpm\nkernel-tools-3.10.0-862.11.6.el7.ppc64.rpm\nkernel-tools-debuginfo-3.10.0-862.11.6.el7.ppc64.rpm\nkernel-tools-libs-3.10.0-862.11.6.el7.ppc64.rpm\nperf-3.10.0-862.11.6.el7.ppc64.rpm\nperf-debuginfo-3.10.0-862.11.6.el7.ppc64.rpm\npython-perf-3.10.0-862.11.6.el7.ppc64.rpm\npython-perf-debuginfo-3.10.0-862.11.6.el7.ppc64.rpm\n\nppc64le:\nkernel-3.10.0-862.11.6.el7.ppc64le.rpm\nkernel-bootwrapper-3.10.0-862.11.6.el7.ppc64le.rpm\nkernel-debug-3.10.0-862.11.6.el7.ppc64le.rpm\nkernel-debug-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm\nkernel-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm\nkernel-debuginfo-common-ppc64le-3.10.0-862.11.6.el7.ppc64le.rpm\nkernel-devel-3.10.0-862.11.6.el7.ppc64le.rpm\nkernel-headers-3.10.0-862.11.6.el7.ppc64le.rpm\nkernel-tools-3.10.0-862.11.6.el7.ppc64le.rpm\nkernel-tools-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm\nkernel-tools-libs-3.10.0-862.11.6.el7.ppc64le.rpm\nperf-3.10.0-862.11.6.el7.ppc64le.rpm\nperf-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm\npython-perf-3.10.0-862.11.6.el7.ppc64le.rpm\npython-perf-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm\n\ns390x:\nkernel-3.10.0-862.11.6.el7.s390x.rpm\nkernel-debug-3.10.0-862.11.6.el7.s390x.rpm\nkernel-debug-debuginfo-3.10.0-862.11.6.el7.s390x.rpm\nkernel-debug-devel-3.10.0-862.11.6.el7.s390x.rpm\nkernel-debuginfo-3.10.0-862.11.6.el7.s390x.rpm\nkernel-debuginfo-common-s390x-3.10.0-862.11.6.el7.s390x.rpm\nkernel-devel-3.10.0-862.11.6.el7.s390x.rpm\nkernel-headers-3.10.0-862.11.6.el7.s390x.rpm\nkernel-kdump-3.10.0-862.11.6.el7.s390x.rpm\nkernel-kdump-debuginfo-3.10.0-862.11.6.el7.s390x.rpm\nkernel-kdump-devel-3.10.0-862.11.6.el7.s390x.rpm\nperf-3.10.0-862.11.6.el7.s390x.rpm\nperf-debuginfo-3.10.0-862.11.6.el7.s390x.rpm\npython-perf-3.10.0-862.11.6.el7.s390x.rpm\npython-perf-debuginfo-3.10.0-862.11.6.el7.s390x.rpm\n\nx86_64:\nkernel-3.10.0-862.11.6.el7.x86_64.rpm\nkernel-debug-3.10.0-862.11.6.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm\nkernel-debug-devel-3.10.0-862.11.6.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-862.11.6.el7.x86_64.rpm\nkernel-devel-3.10.0-862.11.6.el7.x86_64.rpm\nkernel-headers-3.10.0-862.11.6.el7.x86_64.rpm\nkernel-tools-3.10.0-862.11.6.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm\nkernel-tools-libs-3.10.0-862.11.6.el7.x86_64.rpm\nperf-3.10.0-862.11.6.el7.x86_64.rpm\nperf-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm\npython-perf-3.10.0-862.11.6.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm\n\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):\n\nnoarch:\nkernel-abi-whitelists-3.10.0-862.11.6.el7.noarch.rpm\nkernel-doc-3.10.0-862.11.6.el7.noarch.rpm\n\nppc64le:\nkernel-3.10.0-862.11.6.el7.ppc64le.rpm\nkernel-bootwrapper-3.10.0-862.11.6.el7.ppc64le.rpm\nkernel-debug-3.10.0-862.11.6.el7.ppc64le.rpm\nkernel-debug-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm\nkernel-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm\nkernel-debuginfo-common-ppc64le-3.10.0-862.11.6.el7.ppc64le.rpm\nkernel-devel-3.10.0-862.11.6.el7.ppc64le.rpm\nkernel-headers-3.10.0-862.11.6.el7.ppc64le.rpm\nkernel-tools-3.10.0-862.11.6.el7.ppc64le.rpm\nkernel-tools-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm\nkernel-tools-libs-3.10.0-862.11.6.el7.ppc64le.rpm\nperf-3.10.0-862.11.6.el7.ppc64le.rpm\nperf-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm\npython-perf-3.10.0-862.11.6.el7.ppc64le.rpm\npython-perf-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm\n\ns390x:\nkernel-3.10.0-862.11.6.el7.s390x.rpm\nkernel-debug-3.10.0-862.11.6.el7.s390x.rpm\nkernel-debug-debuginfo-3.10.0-862.11.6.el7.s390x.rpm\nkernel-debug-devel-3.10.0-862.11.6.el7.s390x.rpm\nkernel-debuginfo-3.10.0-862.11.6.el7.s390x.rpm\nkernel-debuginfo-common-s390x-3.10.0-862.11.6.el7.s390x.rpm\nkernel-devel-3.10.0-862.11.6.el7.s390x.rpm\nkernel-headers-3.10.0-862.11.6.el7.s390x.rpm\nkernel-kdump-3.10.0-862.11.6.el7.s390x.rpm\nkernel-kdump-debuginfo-3.10.0-862.11.6.el7.s390x.rpm\nkernel-kdump-devel-3.10.0-862.11.6.el7.s390x.rpm\nperf-3.10.0-862.11.6.el7.s390x.rpm\nperf-debuginfo-3.10.0-862.11.6.el7.s390x.rpm\npython-perf-3.10.0-862.11.6.el7.s390x.rpm\npython-perf-debuginfo-3.10.0-862.11.6.el7.s390x.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nkernel-debug-debuginfo-3.10.0-862.11.6.el7.ppc64.rpm\nkernel-debuginfo-3.10.0-862.11.6.el7.ppc64.rpm\nkernel-debuginfo-common-ppc64-3.10.0-862.11.6.el7.ppc64.rpm\nkernel-tools-debuginfo-3.10.0-862.11.6.el7.ppc64.rpm\nkernel-tools-libs-devel-3.10.0-862.11.6.el7.ppc64.rpm\nperf-debuginfo-3.10.0-862.11.6.el7.ppc64.rpm\npython-perf-debuginfo-3.10.0-862.11.6.el7.ppc64.rpm\n\nppc64le:\nkernel-debug-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm\nkernel-debug-devel-3.10.0-862.11.6.el7.ppc64le.rpm\nkernel-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm\nkernel-debuginfo-common-ppc64le-3.10.0-862.11.6.el7.ppc64le.rpm\nkernel-tools-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm\nkernel-tools-libs-devel-3.10.0-862.11.6.el7.ppc64le.rpm\nperf-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm\npython-perf-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm\n\nx86_64:\nkernel-debug-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-862.11.6.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm\nkernel-tools-libs-devel-3.10.0-862.11.6.el7.x86_64.rpm\nperf-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm\n\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):\n\nnoarch:\nkernel-doc-3.10.0-862.11.6.el7.noarch.rpm\n\nppc64le:\nkernel-debug-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm\nkernel-debug-devel-3.10.0-862.11.6.el7.ppc64le.rpm\nkernel-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm\nkernel-debuginfo-common-ppc64le-3.10.0-862.11.6.el7.ppc64le.rpm\nkernel-tools-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm\nkernel-tools-libs-devel-3.10.0-862.11.6.el7.ppc64le.rpm\nperf-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm\npython-perf-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nkernel-3.10.0-862.11.6.el7.src.rpm\n\nnoarch:\nkernel-abi-whitelists-3.10.0-862.11.6.el7.noarch.rpm\nkernel-doc-3.10.0-862.11.6.el7.noarch.rpm\n\nx86_64:\nkernel-3.10.0-862.11.6.el7.x86_64.rpm\nkernel-debug-3.10.0-862.11.6.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm\nkernel-debug-devel-3.10.0-862.11.6.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-862.11.6.el7.x86_64.rpm\nkernel-devel-3.10.0-862.11.6.el7.x86_64.rpm\nkernel-headers-3.10.0-862.11.6.el7.x86_64.rpm\nkernel-tools-3.10.0-862.11.6.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm\nkernel-tools-libs-3.10.0-862.11.6.el7.x86_64.rpm\nperf-3.10.0-862.11.6.el7.x86_64.rpm\nperf-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm\npython-perf-3.10.0-862.11.6.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nkernel-debug-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-862.11.6.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm\nkernel-tools-libs-devel-3.10.0-862.11.6.el7.x86_64.rpm\nperf-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2017-13215\nhttps://access.redhat.com/security/cve/CVE-2018-3620\nhttps://access.redhat.com/security/cve/CVE-2018-3646\nhttps://access.redhat.com/security/cve/CVE-2018-3693\nhttps://access.redhat.com/security/cve/CVE-2018-5390\nhttps://access.redhat.com/security/cve/CVE-2018-7566\nhttps://access.redhat.com/security/cve/CVE-2018-10675\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/security/vulnerabilities/L1TF\nhttps://access.redhat.com/articles/3527791\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2018 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBW3MjONzjgjWX9erEAQioYA/9Ge//K50oCrGaDEMuI2PHYLcztiZt9meh\nC578LP6sC/HT17VAbV8C+Tvy9QBCU80t4mGU4GOPu8Q5HzZQv45n0NtdRTGCC+yb\nA1bFcf0vhXIALNsuDEZN9g5SwUBapxkRoh43R+E7ITCQWp0XIPaSjYgGNqpTTuD/\nlxRCzc10HhxW+pUY+ERFcK6c0poc14FtSqM3GqZe10FhkykdIlmngFjkthjzefXO\ndUkYDy53G+iAdTrVFI03h3Wt+UBMmNwKtu8ydqtAxZ0zDZIP5ijASOtM4mlf77ec\nVsNn7OWythkpTcpa+Sh5+dk6DK+lU2vziVsEocYNpzB+T/aHC9n/+I8ibfp3B4DC\nk4lYqZJQDFR2jVABjkOVS9dWFlOYKFmU2JBwsqdRvt3rgVFXEH3n5OQydHGFskmP\nNFwDbRAFlwo3zjd9KuiQzdFTOensc35+eSHykY8nxY2hGMH5gGccShFL4C7N2mtx\ns8JnzA/Zj00VHMg8qIHGfQ7RSd/xyEJ5vn87WZcTshTNli6x1/0VnzpTKG85Ga+K\nS2EJDXFP9LqCT98TL1RDJmCTtfDjU3I/gbgu5xFaofQZfV48qAUomUQ2E+MhQAOX\neBr/OvlfFP8HEwVEJBDtXKxxs1LgmjTSqOtfP8AvS5zI9/Y6o56i0d7Ng1CcaGKP\nlZgWJhC3Yik=i4St\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. These CVEs are security vulnerabilities \ncaused by flaws in the design of speculative execution hardware in the \ncomputer\u0027s CPU. \n\nDetails on the vulnerability and our response can be found here:\nhttps://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/L1TF\n\nDue to the high complexity of the fixes and the need for a corresponding\nCPU microcode update for a complete fix, we are unable to livepatch these\nCVEs. Please plan to reboot into an updated kernel as soon as possible. \n\nReferences:\n CVE-2018-3620, and CVE-2018-3646\n\n-- \nubuntu-security-announce mailing list\nubuntu-security-announce@lists.ubuntu.com\nModify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201810-06\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Xen: Multiple vulnerabilities\n Date: October 30, 2018\n Bugs: #643350, #655188, #655544, #659442\n ID: 201810-06\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Xen, the worst of which\ncould cause a Denial of Service condition. \n\nBackground\n==========\n\nXen is a bare-metal hypervisor. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-emulation/xen \u003c 4.10.1-r2 \u003e= 4.10.1-r2\n 2 app-emulation/xen-tools \u003c 4.10.1-r2 \u003e= 4.10.1-r2\n -------------------------------------------------------------------\n 2 affected packages\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Xen. Please review the\nreferenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Xen users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-emulation/xen-4.10.1-r2\"\n\nAll Xen tools users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=app-emulation/xen-tools-4.10.1-r2\"\n\nReferences\n==========\n\n[ 1 ] CVE-2017-5715\n https://nvd.nist.gov/vuln/detail/CVE-2017-5715\n[ 2 ] CVE-2017-5753\n https://nvd.nist.gov/vuln/detail/CVE-2017-5753\n[ 3 ] CVE-2017-5754\n https://nvd.nist.gov/vuln/detail/CVE-2017-5754\n[ 4 ] CVE-2018-10471\n https://nvd.nist.gov/vuln/detail/CVE-2018-10471\n[ 5 ] CVE-2018-10472\n https://nvd.nist.gov/vuln/detail/CVE-2018-10472\n[ 6 ] CVE-2018-10981\n https://nvd.nist.gov/vuln/detail/CVE-2018-10981\n[ 7 ] CVE-2018-10982\n https://nvd.nist.gov/vuln/detail/CVE-2018-10982\n[ 8 ] CVE-2018-12891\n https://nvd.nist.gov/vuln/detail/CVE-2018-12891\n[ 9 ] CVE-2018-12892\n https://nvd.nist.gov/vuln/detail/CVE-2018-12892\n[ 10 ] CVE-2018-12893\n https://nvd.nist.gov/vuln/detail/CVE-2018-12893\n[ 11 ] CVE-2018-15468\n https://nvd.nist.gov/vuln/detail/CVE-2018-15468\n[ 12 ] CVE-2018-15469\n https://nvd.nist.gov/vuln/detail/CVE-2018-15469\n[ 13 ] CVE-2018-15470\n https://nvd.nist.gov/vuln/detail/CVE-2018-15470\n[ 14 ] CVE-2018-3620\n https://nvd.nist.gov/vuln/detail/CVE-2018-3620\n[ 15 ] CVE-2018-3646\n https://nvd.nist.gov/vuln/detail/CVE-2018-3646\n[ 16 ] CVE-2018-5244\n https://nvd.nist.gov/vuln/detail/CVE-2018-5244\n[ 17 ] CVE-2018-7540\n https://nvd.nist.gov/vuln/detail/CVE-2018-7540\n[ 18 ] CVE-2018-7541\n https://nvd.nist.gov/vuln/detail/CVE-2018-7541\n[ 19 ] CVE-2018-7542\n https://nvd.nist.gov/vuln/detail/CVE-2018-7542\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201810-06\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2018 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-3620"
},
{
"db": "CERT/CC",
"id": "VU#982149"
},
{
"db": "BID",
"id": "105080"
},
{
"db": "VULHUB",
"id": "VHN-133651"
},
{
"db": "VULMON",
"id": "CVE-2018-3620"
},
{
"db": "PACKETSTORM",
"id": "148941"
},
{
"db": "PACKETSTORM",
"id": "148907"
},
{
"db": "PACKETSTORM",
"id": "148901"
},
{
"db": "PACKETSTORM",
"id": "148898"
},
{
"db": "PACKETSTORM",
"id": "148916"
},
{
"db": "PACKETSTORM",
"id": "148913"
},
{
"db": "PACKETSTORM",
"id": "149142"
},
{
"db": "PACKETSTORM",
"id": "148899"
},
{
"db": "PACKETSTORM",
"id": "148934"
},
{
"db": "PACKETSTORM",
"id": "150083"
}
],
"trust": 2.97
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-133651",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-133651"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-3620",
"trust": 2.5
},
{
"db": "CERT/CC",
"id": "VU#982149",
"trust": 2.3
},
{
"db": "BID",
"id": "105080",
"trust": 1.5
},
{
"db": "SIEMENS",
"id": "SSA-608355",
"trust": 1.2
},
{
"db": "SIEMENS",
"id": "SSA-254686",
"trust": 1.2
},
{
"db": "LENOVO",
"id": "LEN-24163",
"trust": 1.2
},
{
"db": "SECTRACK",
"id": "1041451",
"trust": 1.2
},
{
"db": "PACKETSTORM",
"id": "149142",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "148934",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "148916",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "148901",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "148913",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "148941",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "148908",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "148946",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "148976",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "148903",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "148897",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "148914",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "150376",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "148936",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "148912",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "148952",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "149143",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "149010",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "148902",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-133651",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-3620",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "148907",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "148898",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "148899",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "150083",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#982149"
},
{
"db": "VULHUB",
"id": "VHN-133651"
},
{
"db": "VULMON",
"id": "CVE-2018-3620"
},
{
"db": "BID",
"id": "105080"
},
{
"db": "PACKETSTORM",
"id": "148941"
},
{
"db": "PACKETSTORM",
"id": "148907"
},
{
"db": "PACKETSTORM",
"id": "148901"
},
{
"db": "PACKETSTORM",
"id": "148898"
},
{
"db": "PACKETSTORM",
"id": "148916"
},
{
"db": "PACKETSTORM",
"id": "148913"
},
{
"db": "PACKETSTORM",
"id": "149142"
},
{
"db": "PACKETSTORM",
"id": "148899"
},
{
"db": "PACKETSTORM",
"id": "148934"
},
{
"db": "PACKETSTORM",
"id": "150083"
},
{
"db": "NVD",
"id": "CVE-2018-3620"
}
]
},
"id": "VAR-201808-0958",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-133651"
}
],
"trust": 0.8258663754545454
},
"last_update_date": "2024-11-29T20:39:00.692000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Red Hat: Important: rhev-hypervisor7 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20182404 - Security Advisory"
},
{
"title": "Red Hat: Important: kernel security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20182603 - Security Advisory"
},
{
"title": "Red Hat: Important: kernel security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20182602 - Security Advisory"
},
{
"title": "Red Hat: Important: kernel security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20182389 - Security Advisory"
},
{
"title": "Red Hat: Important: kernel security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20182388 - Security Advisory"
},
{
"title": "Red Hat: Important: redhat-virtualization-host security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20182403 - Security Advisory"
},
{
"title": "Red Hat: Important: rhvm-appliance security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20182402 - Security Advisory"
},
{
"title": "Debian Security Advisories: DSA-4279-1 linux -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=dac4eea76febd76490afc049b9aa11cb"
},
{
"title": "Debian Security Advisories: DSA-4274-1 xen -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=2129055bb51ebf11b86d56acef7f5da1"
},
{
"title": "Red Hat: Important: kernel security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20182391 - Security Advisory"
},
{
"title": "Red Hat: Important: kernel security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20182392 - Security Advisory"
},
{
"title": "Red Hat: Important: kernel security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20182393 - Security Advisory"
},
{
"title": "Red Hat: Important: kernel-rt security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20182396 - Security Advisory"
},
{
"title": "Red Hat: Important: kernel security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20182387 - Security Advisory"
},
{
"title": "Ubuntu Security Notice: linux vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3823-1"
},
{
"title": "Red Hat: Important: kernel security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20182394 - Security Advisory"
},
{
"title": "Red Hat: CVE-2018-3620",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2018-3620"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2018-3620"
},
{
"title": "Ubuntu Security Notice: linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oem, linux-raspi2 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3740-1"
},
{
"title": "Ubuntu Security Notice: linux-hwe, linux-azure, linux-gcp vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3740-2"
},
{
"title": "Ubuntu Security Notice: linux-lts-xenial, linux-aws vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3741-2"
},
{
"title": "Ubuntu Security Notice: linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3741-1"
},
{
"title": "Ubuntu Security Notice: linux regressions",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3741-3"
},
{
"title": "Red Hat: Important: kernel security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20182390 - Security Advisory"
},
{
"title": "Amazon Linux AMI: ALAS-2018-1058",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2018-1058"
},
{
"title": "Ubuntu Security Notice: linux vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3742-1"
},
{
"title": "Ubuntu Security Notice: linux-lts-trusty vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3742-2"
},
{
"title": "Ubuntu Security Notice: linux-lts-trusty regressions",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3742-3"
},
{
"title": "Amazon Linux 2: ALAS2-2018-1058",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2018-1058"
},
{
"title": "Red Hat: Important: kernel-rt security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20182395 - Security Advisory"
},
{
"title": "Red Hat: Important: kernel security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20182384 - Security Advisory"
},
{
"title": "HP: SUPPORT COMMUNICATION- SECURITY BULLETIN\nHPSBHF03590 rev. 2 - L1 Terminal Fault (L1TF)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=ba953f0879f87a755234bc0818c99c6d"
},
{
"title": "HP: SUPPORT COMMUNICATION- SECURITY BULLETIN\nHPSBHF03590 rev. 2 - L1 Terminal Fault (L1TF)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=deca5f6210b098f58ce384c28747b82c"
},
{
"title": "Cisco: CPU Side-Channel Information Disclosure Vulnerabilities: August 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20180814-cpusidechannel"
},
{
"title": "Huawei Security Advisories: Security Advisory - CPU Side Channel Vulnerability \"L1TF\"",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=huawei_security_advisories\u0026qid=28eb43a14c12e8c070afa60d55f86b55"
},
{
"title": "Citrix Security Bulletins: XenServer Multiple Security Updates",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=89d06253986d1cdae0f8d9ffbff97d18"
},
{
"title": "Palo Alto Networks Security Advisory: PAN-SA-2018-0011 Information about L1 Terminal Fault findings",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory\u0026qid=74b853f8cd89b12964ff841924244a71"
},
{
"title": "https://github.com/houseofxyz/CVE-2020-17382",
"trust": 0.1,
"url": "https://github.com/houseofxyz/CVE-2020-17382 "
},
{
"title": "https://github.com/blitz/l1tf-demo",
"trust": 0.1,
"url": "https://github.com/blitz/l1tf-demo "
},
{
"title": "Overview\nUsage\nContributing",
"trust": 0.1,
"url": "https://github.com/microsoft/SpeculationControl "
},
{
"title": "Overview\nUsage\nContributing",
"trust": 0.1,
"url": "https://github.com/Microsoft/SpeculationControl "
},
{
"title": "Livepatch overlay",
"trust": 0.1,
"url": "https://github.com/aliceinwire/elivepatch-overlay "
},
{
"title": "Livepatch overlay",
"trust": 0.1,
"url": "https://github.com/elivepatch/livepatch-overlay "
},
{
"title": "Network Configuration\nOS-independent",
"trust": 0.1,
"url": "https://github.com/interlunar/win10-regtweak "
},
{
"title": "SpecuCheck",
"trust": 0.1,
"url": "https://github.com/ionescu007/SpecuCheck "
},
{
"title": "Spectre \u0026 Meltdown Checker",
"trust": 0.1,
"url": "https://github.com/rosenbergj/cpu-report "
},
{
"title": "Transient Execution Attack Pot",
"trust": 0.1,
"url": "https://github.com/github-3rr0r/TEApot "
},
{
"title": "Transient Execution Attack Pot",
"trust": 0.1,
"url": "https://github.com/Mashiro1995/TEApot "
},
{
"title": "cSpeculationControlFixes",
"trust": 0.1,
"url": "https://github.com/poshsecurity/cSpeculationControlFixes "
},
{
"title": "meltdown",
"trust": 0.1,
"url": "https://github.com/timidri/puppet-meltdown "
},
{
"title": "Spectre \u0026 Meltdown Checker",
"trust": 0.1,
"url": "https://github.com/edsonjt81/spectre-meltdown "
},
{
"title": "Spectre \u0026 Meltdown Checker",
"trust": 0.1,
"url": "https://github.com/merlinepedra25/spectre-meltdown-checker "
},
{
"title": "Spectre \u0026 Meltdown Checker",
"trust": 0.1,
"url": "https://github.com/merlinepedra/spectre-meltdown-checker "
},
{
"title": "Spectre \u0026 Meltdown Checker\nspectre-meltdown-checker\nspectre-meltdown-checker",
"trust": 0.1,
"url": "https://github.com/kali973/spectre-meltdown-checker "
},
{
"title": "Spectre \u0026 Meltdown Checker",
"trust": 0.1,
"url": "https://github.com/kin-cho/my-spectre-meltdown-checker "
},
{
"title": "Hyperbleed - Current state of spectre-BTI mitigations on cloud",
"trust": 0.1,
"url": "https://github.com/es0j/hyperbleed "
},
{
"title": "Spectre \u0026 Meltdown Checker",
"trust": 0.1,
"url": "https://github.com/speed47/spectre-meltdown-checker "
},
{
"title": "Hardware and Firmware Security Guidance",
"trust": 0.1,
"url": "https://github.com/nsacyber/Hardware-and-Firmware-Security-Guidance "
},
{
"title": "Kaosagnt\u0027s Ansible Everyday Utils",
"trust": 0.1,
"url": "https://github.com/kaosagnt/ansible-everyday "
},
{
"title": "Hardware attacks / State of the art",
"trust": 0.1,
"url": "https://github.com/codexlynx/hardware-attacks-state-of-the-art "
},
{
"title": "SecDB - Security Feeds",
"trust": 0.1,
"url": "https://github.com/giterlizzi/secdb-feeds "
},
{
"title": "The Register",
"trust": 0.1,
"url": "https://www.theregister.co.uk/2018/08/15/foreshadow_sgx_software_attestations_collateral_damage/"
},
{
"title": "The Register",
"trust": 0.1,
"url": "https://www.theregister.co.uk/2018/08/14/intel_l1_terminal_fault_bugs/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-3620"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-203",
"trust": 1.1
},
{
"problemtype": "CWE-200",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-133651"
},
{
"db": "NVD",
"id": "CVE-2018-3620"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html"
},
{
"trust": 2.0,
"url": "https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault"
},
{
"trust": 2.0,
"url": "https://foreshadowattack.eu/"
},
{
"trust": 1.6,
"url": "https://www.kb.cert.org/vuls/id/982149"
},
{
"trust": 1.5,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180814-cpusidechannel"
},
{
"trust": 1.5,
"url": "http://xenbits.xen.org/xsa/advisory-273.html"
},
{
"trust": 1.5,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv180018"
},
{
"trust": 1.4,
"url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03874en_us"
},
{
"trust": 1.3,
"url": "https://security.gentoo.org/glsa/201810-06"
},
{
"trust": 1.3,
"url": "https://access.redhat.com/errata/rhsa-2018:2384"
},
{
"trust": 1.3,
"url": "https://access.redhat.com/errata/rhsa-2018:2388"
},
{
"trust": 1.3,
"url": "https://access.redhat.com/errata/rhsa-2018:2390"
},
{
"trust": 1.3,
"url": "https://access.redhat.com/errata/rhsa-2018:2395"
},
{
"trust": 1.3,
"url": "https://access.redhat.com/errata/rhsa-2018:2403"
},
{
"trust": 1.3,
"url": "https://access.redhat.com/errata/rhsa-2018:2404"
},
{
"trust": 1.3,
"url": "https://access.redhat.com/errata/rhsa-2018:2602"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/105080"
},
{
"trust": 1.2,
"url": "http://support.lenovo.com/us/en/solutions/len-24163"
},
{
"trust": 1.2,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en"
},
{
"trust": 1.2,
"url": "http://www.vmware.com/security/advisories/vmsa-2018-0021.html"
},
{
"trust": 1.2,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf"
},
{
"trust": 1.2,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
},
{
"trust": 1.2,
"url": "https://help.ecostruxureit.com/display/public/uadce725/security+fixes+in+struxureware+data+center+expert+v7.6.0"
},
{
"trust": 1.2,
"url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2018-0009"
},
{
"trust": 1.2,
"url": "https://security.netapp.com/advisory/ntap-20180815-0001/"
},
{
"trust": 1.2,
"url": "https://support.f5.com/csp/article/k95275140"
},
{
"trust": 1.2,
"url": "https://www.synology.com/support/security/synology_sa_18_45"
},
{
"trust": 1.2,
"url": "https://www.debian.org/security/2018/dsa-4274"
},
{
"trust": 1.2,
"url": "https://www.debian.org/security/2018/dsa-4279"
},
{
"trust": 1.2,
"url": "https://security.freebsd.org/advisories/freebsd-sa-18:09.l1tf.asc"
},
{
"trust": 1.2,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 1.2,
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"trust": 1.2,
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00029.html"
},
{
"trust": 1.2,
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2018:2387"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2018:2389"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2018:2391"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2018:2392"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2018:2393"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2018:2394"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2018:2396"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2018:2402"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2018:2603"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1041451"
},
{
"trust": 1.2,
"url": "https://usn.ubuntu.com/3740-1/"
},
{
"trust": 1.2,
"url": "https://usn.ubuntu.com/3740-2/"
},
{
"trust": 1.2,
"url": "https://usn.ubuntu.com/3741-1/"
},
{
"trust": 1.2,
"url": "https://usn.ubuntu.com/3741-2/"
},
{
"trust": 1.2,
"url": "https://usn.ubuntu.com/3742-1/"
},
{
"trust": 1.2,
"url": "https://usn.ubuntu.com/3742-2/"
},
{
"trust": 1.2,
"url": "https://usn.ubuntu.com/3823-1/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/xrfkqwyv2h4bv75cungcge5tnvqclbgz/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/v4uwgorqwcencif2bhwuef2odbv75qs2/"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-3646"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-3620"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2018-3620"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2018-3646"
},
{
"trust": 0.8,
"url": "https://www.usenix.org/conference/usenixsecurity18/presentation/bulck"
},
{
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/architecture-and-technology/l1tf.html"
},
{
"trust": 0.8,
"url": "https://www.intel.com/content/dam/www/public/us/en/documents/sa00115-microcode-update-guidance.pdf"
},
{
"trust": 0.6,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.6,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/vulnerabilities/l1tf"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5390"
},
{
"trust": 0.3,
"url": "http://www.intel.com/content/www/us/en/homepage.html"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1585005"
},
{
"trust": 0.3,
"url": "http://xenbits.xenproject.org/xsa/advisory-289.html"
},
{
"trust": 0.3,
"url": "https://www.synology.com/en-global/support/security/synology_sa_18_45"
},
{
"trust": 0.3,
"url": "https://www.vmware.com/in/security/advisories/vmsa-2018-0020.html"
},
{
"trust": 0.3,
"url": "https://www.vmware.com/in/security/advisories/vmsa-2018-0021.html"
},
{
"trust": 0.3,
"url": "http://xenbits.xenproject.org/xsa/advisory-289.txt"
},
{
"trust": 0.3,
"url": "https://support.citrix.com/article/ctx236548"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2018-5390"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2018-7566"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7566"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2018-3693"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-3693"
},
{
"trust": 0.3,
"url": "https://wiki.ubuntu.com/securityteam/knowledgebase/l1tf"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13215"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2017-13215"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10675"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-10675"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5391"
},
{
"trust": 0.1,
"url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-hpesbhf03874en_us"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/xrfkqwyv2h4bv75cungcge5tnvqclbgz/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/v4uwgorqwcencif2bhwuef2odbv75qs2/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/203.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/blitz/l1tf-demo"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/2974891"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-15265"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-15265"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1000004"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-0861"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-0861"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10901"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000004"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-10901"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1027.30"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/usn/usn-3741-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-lts-xenial/4.4.0-133.159~14.04.1"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/usn/usn-3741-2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1017.18~16.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-hwe/4.15.0-32.35~16.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-azure/4.15.0-1021.21~16.04.1"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/usn/usn-3740-2"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/usn/usn-3740-1"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/3527791"
},
{
"trust": 0.1,
"url": "https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5244"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7542"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12892"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10471"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12891"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5753"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12893"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10982"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-15469"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10472"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5754"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10981"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5715"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-15468"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-15470"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7541"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7540"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#982149"
},
{
"db": "VULHUB",
"id": "VHN-133651"
},
{
"db": "VULMON",
"id": "CVE-2018-3620"
},
{
"db": "BID",
"id": "105080"
},
{
"db": "PACKETSTORM",
"id": "148941"
},
{
"db": "PACKETSTORM",
"id": "148907"
},
{
"db": "PACKETSTORM",
"id": "148901"
},
{
"db": "PACKETSTORM",
"id": "148898"
},
{
"db": "PACKETSTORM",
"id": "148916"
},
{
"db": "PACKETSTORM",
"id": "148913"
},
{
"db": "PACKETSTORM",
"id": "149142"
},
{
"db": "PACKETSTORM",
"id": "148899"
},
{
"db": "PACKETSTORM",
"id": "148934"
},
{
"db": "PACKETSTORM",
"id": "150083"
},
{
"db": "NVD",
"id": "CVE-2018-3620"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#982149"
},
{
"db": "VULHUB",
"id": "VHN-133651"
},
{
"db": "VULMON",
"id": "CVE-2018-3620"
},
{
"db": "BID",
"id": "105080"
},
{
"db": "PACKETSTORM",
"id": "148941"
},
{
"db": "PACKETSTORM",
"id": "148907"
},
{
"db": "PACKETSTORM",
"id": "148901"
},
{
"db": "PACKETSTORM",
"id": "148898"
},
{
"db": "PACKETSTORM",
"id": "148916"
},
{
"db": "PACKETSTORM",
"id": "148913"
},
{
"db": "PACKETSTORM",
"id": "149142"
},
{
"db": "PACKETSTORM",
"id": "148899"
},
{
"db": "PACKETSTORM",
"id": "148934"
},
{
"db": "PACKETSTORM",
"id": "150083"
},
{
"db": "NVD",
"id": "CVE-2018-3620"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-15T00:00:00",
"db": "CERT/CC",
"id": "VU#982149"
},
{
"date": "2018-08-14T00:00:00",
"db": "VULHUB",
"id": "VHN-133651"
},
{
"date": "2018-08-14T00:00:00",
"db": "VULMON",
"id": "CVE-2018-3620"
},
{
"date": "2018-08-14T00:00:00",
"db": "BID",
"id": "105080"
},
{
"date": "2018-08-15T17:16:28",
"db": "PACKETSTORM",
"id": "148941"
},
{
"date": "2018-08-15T04:40:44",
"db": "PACKETSTORM",
"id": "148907"
},
{
"date": "2018-08-15T04:37:56",
"db": "PACKETSTORM",
"id": "148901"
},
{
"date": "2018-08-15T04:37:29",
"db": "PACKETSTORM",
"id": "148898"
},
{
"date": "2018-08-15T04:42:57",
"db": "PACKETSTORM",
"id": "148916"
},
{
"date": "2018-08-15T04:42:40",
"db": "PACKETSTORM",
"id": "148913"
},
{
"date": "2018-08-30T23:36:28",
"db": "PACKETSTORM",
"id": "149142"
},
{
"date": "2018-08-15T04:37:37",
"db": "PACKETSTORM",
"id": "148899"
},
{
"date": "2018-08-14T19:02:22",
"db": "PACKETSTORM",
"id": "148934"
},
{
"date": "2018-10-31T01:14:40",
"db": "PACKETSTORM",
"id": "150083"
},
{
"date": "2018-08-14T19:29:00.793000",
"db": "NVD",
"id": "CVE-2018-3620"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-10T00:00:00",
"db": "CERT/CC",
"id": "VU#982149"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-133651"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2018-3620"
},
{
"date": "2019-01-24T11:00:00",
"db": "BID",
"id": "105080"
},
{
"date": "2024-11-21T04:05:47.007000",
"db": "NVD",
"id": "CVE-2018-3620"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "105080"
},
{
"db": "PACKETSTORM",
"id": "148916"
},
{
"db": "PACKETSTORM",
"id": "148913"
}
],
"trust": 0.5
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Intel processors are vulnerable to a speculative execution side-channel attack called L1 Terminal Fault (L1TF)",
"sources": [
{
"db": "CERT/CC",
"id": "VU#982149"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "105080"
}
],
"trust": 0.3
}
}
var-201712-0172
Vulnerability from variot
Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930. Automatic DNS registration and autodiscovery functionality provides an opportunity for the misconfiguration of networks, resulting in a loss of confidentiality and integrity of the network if an attacker on the network adds a specially configured proxy device. Router DNS The dynamic registration / update function is enabled and the client PC In the network where the auto-detection function is enabled in "wpad" If a device with the host name is added to the network, the contents of the communication may be obtained or altered. Used in home and office (Google WiFi And Ubiquiti UniFi General including etc. ) In routers, often DNS Dynamic registration / update function is used. DNS Dynamic registration / update function DHCP Use the host name sent from the client side in the request as it is A Records are automatically registered / updated. An attacker with access to the network "wpad" And "isatap" A device with a host name of DNS By registering with, you may attract access to the device and attack it. Also, the discoverer mDNS Clients in the network without using a router PC In "wpad" And "isatap" It is confirmed that it can be accessed in combination with the automatic detection function. WPAD About proxy auto-configuration by so-called Nora DHCP Server or higher DNS On the server Has been considered a problem But, LAN/WLAN There was no mention of the internal auto-configuration function. This problem, Arctic Security Company Ossi Salmi , Mika Seppanen , Marko Laakso , Kasper Kyllonen Discovered and verified by NCSC-FI Made adjustments.In an internal network, an attacker "wpad" If a device with the host name is added to the network, the device can be used as an attack proxy, and as a result, the contents of the communication may be obtained or altered. Internet Explorer Contains a vulnerability in the execution of arbitrary code in the context of the current user due to a flaw in handling objects in memory. Vendors have scripted this vulnerability It has been released as “Engine Memory Corruption Vulnerability”. This vulnerability CVE-2017-11886 , CVE-2017-11889 , CVE-2017-11893 , CVE-2017-11894 , CVE-2017-11895 , CVE-2017-11901 , CVE-2017-11903 , CVE-2017-11905 , CVE-2017-11907 , CVE-2017-11908 , CVE-2017-11909 , CVE-2017-11910 , CVE-2017-11911 , CVE-2017-11912 , CVE-2017-11913 , CVE-2017-11914 , CVE-2017-11916 , CVE-2017-11918 and CVE-2017-11930 Is a different vulnerability.An attacker could execute arbitrary code in the context of the current user. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. Microsoft Internet Explorer are prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page. Failed attacks will cause denial of service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201712-0172",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "internet explorer",
"scope": "eq",
"trust": 2.7,
"vendor": "microsoft",
"version": "9"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 2.7,
"vendor": "microsoft",
"version": "11"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 2.7,
"vendor": "microsoft",
"version": "10"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "adtran",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mikrotik",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "pi hole",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "synology",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "tippingpoint",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ubiquiti",
"version": null
},
{
"model": "",
"scope": null,
"trust": 0.8,
"vendor": "multiple vendors",
"version": null
},
{
"model": "wpad",
"scope": "eq",
"trust": 0.3,
"vendor": "wpad",
"version": "0"
},
{
"model": "skynas",
"scope": "eq",
"trust": 0.3,
"vendor": "synology",
"version": "0"
},
{
"model": "router manager",
"scope": "eq",
"trust": 0.3,
"vendor": "synology",
"version": "1.1"
},
{
"model": "dsm",
"scope": "eq",
"trust": 0.3,
"vendor": "synology",
"version": "6.2"
},
{
"model": "dsm",
"scope": "eq",
"trust": 0.3,
"vendor": "synology",
"version": "6.1"
},
{
"model": "dsm",
"scope": "eq",
"trust": 0.3,
"vendor": "synology",
"version": "5.2"
},
{
"model": "total access 900/900e series",
"scope": "eq",
"trust": 0.3,
"vendor": "adtran",
"version": "0"
},
{
"model": "sdx 810-rg",
"scope": "eq",
"trust": 0.3,
"vendor": "adtran",
"version": "0"
},
{
"model": "netvanta",
"scope": "eq",
"trust": 0.3,
"vendor": "adtran",
"version": "60000"
},
{
"model": "netvanta series",
"scope": "eq",
"trust": 0.3,
"vendor": "adtran",
"version": "6000"
},
{
"model": "netvanta series",
"scope": "eq",
"trust": 0.3,
"vendor": "adtran",
"version": "5000"
},
{
"model": "netvanta series",
"scope": "eq",
"trust": 0.3,
"vendor": "adtran",
"version": "4000"
},
{
"model": "netvanta series",
"scope": "eq",
"trust": 0.3,
"vendor": "adtran",
"version": "3000"
},
{
"model": "netvanta series",
"scope": "eq",
"trust": 0.3,
"vendor": "adtran",
"version": "10000"
},
{
"model": "aos r13.2.2",
"scope": null,
"trust": 0.3,
"vendor": "adtran",
"version": null
},
{
"model": "434rg ont",
"scope": "eq",
"trust": 0.3,
"vendor": "adtran",
"version": "0"
},
{
"model": "424rg ont",
"scope": "eq",
"trust": 0.3,
"vendor": "adtran",
"version": "0"
},
{
"model": "414rg ont",
"scope": "eq",
"trust": 0.3,
"vendor": "adtran",
"version": "0"
},
{
"model": "router manager",
"scope": "ne",
"trust": 0.3,
"vendor": "synology",
"version": "1.1.7-6941-2"
},
{
"model": "dsm",
"scope": "ne",
"trust": 0.3,
"vendor": "synology",
"version": "6.2.1-23824"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#598349"
},
{
"db": "BID",
"id": "105298"
},
{
"db": "BID",
"id": "102082"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014029"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011095"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-398"
},
{
"db": "NVD",
"id": "CVE-2017-11890"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-11890"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ossi Salmi, Mika Seppanen, Marko Laakso and Kasper Kyllonen of Arctic Security",
"sources": [
{
"db": "BID",
"id": "105298"
}
],
"trust": 0.3
},
"cve": "CVE-2017-11890",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "CVE-2017-11890",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 1.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-11890",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 1.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-11890",
"trust": 1.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201712-398",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2017-11890",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-11890"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011095"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-398"
},
{
"db": "NVD",
"id": "CVE-2017-11890"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to how Internet Explorer handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930. Automatic DNS registration and autodiscovery functionality provides an opportunity for the misconfiguration of networks, resulting in a loss of confidentiality and integrity of the network if an attacker on the network adds a specially configured proxy device. Router DNS The dynamic registration / update function is enabled and the client PC In the network where the auto-detection function is enabled in \"wpad\" If a device with the host name is added to the network, the contents of the communication may be obtained or altered. Used in home and office (Google WiFi And Ubiquiti UniFi General including etc. ) In routers, often DNS Dynamic registration / update function is used. DNS Dynamic registration / update function DHCP Use the host name sent from the client side in the request as it is A Records are automatically registered / updated. An attacker with access to the network \"wpad\" And \"isatap\" A device with a host name of DNS By registering with, you may attract access to the device and attack it. Also, the discoverer mDNS Clients in the network without using a router PC In \"wpad\" And \"isatap\" It is confirmed that it can be accessed in combination with the automatic detection function. WPAD About proxy auto-configuration by so-called Nora DHCP Server or higher DNS On the server \u003ca href=\"https://googleprojectzero.blogspot.fi/2017/12/apacolypse-now-exploiting-windows-10-in_18.html\"target=\"blank\"\u003e Has been considered a problem \u003c/a\u003e But, LAN/WLAN There was no mention of the internal auto-configuration function. This problem, Arctic Security Company Ossi Salmi , Mika Seppanen , Marko Laakso , Kasper Kyllonen Discovered and verified by NCSC-FI Made adjustments.In an internal network, an attacker \"wpad\" If a device with the host name is added to the network, the device can be used as an attack proxy, and as a result, the contents of the communication may be obtained or altered. Internet Explorer Contains a vulnerability in the execution of arbitrary code in the context of the current user due to a flaw in handling objects in memory. Vendors have scripted this vulnerability It has been released as \u201cEngine Memory Corruption Vulnerability\u201d. This vulnerability CVE-2017-11886 , CVE-2017-11889 , CVE-2017-11893 , CVE-2017-11894 , CVE-2017-11895 , CVE-2017-11901 , CVE-2017-11903 , CVE-2017-11905 , CVE-2017-11907 , CVE-2017-11908 , CVE-2017-11909 , CVE-2017-11910 , CVE-2017-11911 , CVE-2017-11912 , CVE-2017-11913 , CVE-2017-11914 , CVE-2017-11916 , CVE-2017-11918 and CVE-2017-11930 Is a different vulnerability.An attacker could execute arbitrary code in the context of the current user. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. Microsoft Internet Explorer are prone to a remote memory-corruption vulnerability. \nAttackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page. Failed attacks will cause denial of service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-11890"
},
{
"db": "CERT/CC",
"id": "VU#598349"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014029"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011095"
},
{
"db": "BID",
"id": "105298"
},
{
"db": "BID",
"id": "102082"
},
{
"db": "VULMON",
"id": "CVE-2017-11890"
}
],
"trust": 3.69
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=43369",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-11890"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-11890",
"trust": 2.8
},
{
"db": "CERT/CC",
"id": "VU#598349",
"trust": 2.0
},
{
"db": "BID",
"id": "102082",
"trust": 1.4
},
{
"db": "SECTRACK",
"id": "1039991",
"trust": 1.1
},
{
"db": "EXPLOIT-DB",
"id": "43369",
"trust": 1.1
},
{
"db": "EXPLOIT-DB",
"id": "43367",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU99302544",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014029",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011095",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201712-398",
"trust": 0.6
},
{
"db": "BID",
"id": "105298",
"trust": 0.3
},
{
"db": "VULMON",
"id": "CVE-2017-11890",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#598349"
},
{
"db": "VULMON",
"id": "CVE-2017-11890"
},
{
"db": "BID",
"id": "105298"
},
{
"db": "BID",
"id": "102082"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014029"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011095"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-398"
},
{
"db": "NVD",
"id": "CVE-2017-11890"
}
]
},
"id": "VAR-201712-0172",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.1625
},
"last_update_date": "2022-05-06T12:59:16.716000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2017-11890 | Scripting Engine Memory Corruption Vulnerability",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2017-11890"
},
{
"title": "CVE-2017-11890 | \u30b9\u30af\u30ea\u30d7\u30c8 \u30a8\u30f3\u30b8\u30f3\u306e\u30e1\u30e2\u30ea\u7834\u640d\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/cve-2017-11890"
},
{
"title": "Microsoft Windows Internet Explorer scripting Repair measures for engine security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=77108"
},
{
"title": "js-vuln-db",
"trust": 0.1,
"url": "https://github.com/tunz/js-vuln-db "
},
{
"title": "Exp101tsArchiv30thers",
"trust": 0.1,
"url": "https://github.com/nu11secur1ty/exp101tsarchiv30thers "
},
{
"title": "awesome-cve-poc_qazbnm456",
"trust": 0.1,
"url": "https://github.com/xbl3/awesome-cve-poc_qazbnm456 "
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/project-zero-chains-bugs-for-apacolypse-now-attack-on-windows-10/129193/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-11890"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011095"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-398"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011095"
},
{
"db": "NVD",
"id": "CVE-2017-11890"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2017-11890"
},
{
"trust": 1.6,
"url": "https://googleprojectzero.blogspot.fi/2017/12/apacolypse-now-exploiting-windows-10-in_18.html"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/102082"
},
{
"trust": 1.2,
"url": "https://www.exploit-db.com/exploits/43369/"
},
{
"trust": 1.2,
"url": "https://www.kb.cert.org/vuls/id/598349"
},
{
"trust": 1.1,
"url": "https://supportforums.adtran.com/docs/doc-9269"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1039991"
},
{
"trust": 0.8,
"url": "https://www.exploit-db.com/exploits/43367/"
},
{
"trust": 0.8,
"url": "https://community.ubnt.com/t5/unifi-updates-blog/usg-firmware-v4-4-28-now-available/ba-p/2482349"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu99302544/"
},
{
"trust": 0.8,
"url": "https://www.viestintavirasto.fi/en/cybersecurity/vulnerabilities/2018/haavoittuvuus-2018-019.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-11890"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20171213-ms.html"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2017/at170048.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-11890"
},
{
"trust": 0.3,
"url": "https://googleprojectzero.blogspot.com/2017/12/apacolypse-now-exploiting-windows-10-in_18.html"
},
{
"trust": 0.3,
"url": "https://www.synology.com/en-global/support/security/synology_sa_18_53"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=56135"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://threatpost.com/project-zero-chains-bugs-for-apacolypse-now-attack-on-windows-10/129193/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#598349"
},
{
"db": "VULMON",
"id": "CVE-2017-11890"
},
{
"db": "BID",
"id": "105298"
},
{
"db": "BID",
"id": "102082"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014029"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011095"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-398"
},
{
"db": "NVD",
"id": "CVE-2017-11890"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#598349"
},
{
"db": "VULMON",
"id": "CVE-2017-11890"
},
{
"db": "BID",
"id": "105298"
},
{
"db": "BID",
"id": "102082"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014029"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011095"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-398"
},
{
"db": "NVD",
"id": "CVE-2017-11890"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-05T00:00:00",
"db": "CERT/CC",
"id": "VU#598349"
},
{
"date": "2017-12-12T00:00:00",
"db": "VULMON",
"id": "CVE-2017-11890"
},
{
"date": "2018-09-05T00:00:00",
"db": "BID",
"id": "105298"
},
{
"date": "2017-12-12T00:00:00",
"db": "BID",
"id": "102082"
},
{
"date": "2018-09-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014029"
},
{
"date": "2018-01-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011095"
},
{
"date": "2017-12-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-398"
},
{
"date": "2017-12-12T21:29:00",
"db": "NVD",
"id": "CVE-2017-11890"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-23T00:00:00",
"db": "CERT/CC",
"id": "VU#598349"
},
{
"date": "2017-12-26T00:00:00",
"db": "VULMON",
"id": "CVE-2017-11890"
},
{
"date": "2018-09-05T00:00:00",
"db": "BID",
"id": "105298"
},
{
"date": "2017-12-19T22:38:00",
"db": "BID",
"id": "102082"
},
{
"date": "2018-09-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014029"
},
{
"date": "2018-01-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011095"
},
{
"date": "2017-12-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-398"
},
{
"date": "2017-12-26T14:56:00",
"db": "NVD",
"id": "CVE-2017-11890"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "105298"
},
{
"db": "BID",
"id": "102082"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Automatic DNS registration and proxy autodiscovery allow spoofing of network services",
"sources": [
{
"db": "CERT/CC",
"id": "VU#598349"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-398"
}
],
"trust": 0.6
}
}