Vulnerabilites related to netapp - hci_compute_node
CVE-2022-30594 (GCVE-0-2022-30594)
Vulnerability from cvelistv5
Published
2022-05-12 00:00
Modified
2024-08-03 06:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:56:13.169Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.2"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2276"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/ee1fee900537b5d9560e9f937402de5ddc8412f3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee1fee900537b5d9560e9f937402de5ddc8412f3"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/167386/Kernel-Live-Patch-Security-Notice-LSN-0086-1.html"
},
{
"name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html"
},
{
"name": "DSA-5173",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5173"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220707-0001/"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/170362/Linux-PT_SUSPEND_SECCOMP-Permission-Bypass-Ptracer-Death-Race.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-03T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.2"
},
{
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2276"
},
{
"url": "https://github.com/torvalds/linux/commit/ee1fee900537b5d9560e9f937402de5ddc8412f3"
},
{
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee1fee900537b5d9560e9f937402de5ddc8412f3"
},
{
"url": "http://packetstormsecurity.com/files/167386/Kernel-Live-Patch-Security-Notice-LSN-0086-1.html"
},
{
"name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html"
},
{
"name": "DSA-5173",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5173"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220707-0001/"
},
{
"url": "http://packetstormsecurity.com/files/170362/Linux-PT_SUSPEND_SECCOMP-Permission-Bypass-Ptracer-Death-Race.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-30594",
"datePublished": "2022-05-12T00:00:00",
"dateReserved": "2022-05-12T00:00:00",
"dateUpdated": "2024-08-03T06:56:13.169Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19060 (GCVE-0-2019-19060)
Vulnerability from cvelistv5
Published
2019-11-18 05:24
Modified
2024-08-05 02:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-ab612b1daf41.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9 | x_refsource_MISC | |
| https://github.com/torvalds/linux/commit/ab612b1daf415b62c58e130cb3d0f30b255a14d0 | x_refsource_MISC | |
| https://usn.ubuntu.com/4208-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://usn.ubuntu.com/4210-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://security.netapp.com/advisory/ntap-20191205-0001/ | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html | vendor-advisory, x_refsource_SUSE | |
| https://usn.ubuntu.com/4226-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://usn.ubuntu.com/4364-1/ | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:09:39.600Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/ab612b1daf415b62c58e130cb3d0f30b255a14d0"
},
{
"name": "USN-4208-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4208-1/"
},
{
"name": "USN-4210-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4210-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20191205-0001/"
},
{
"name": "openSUSE-SU-2019:2675",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html"
},
{
"name": "USN-4226-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4226-1/"
},
{
"name": "USN-4364-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4364-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-ab612b1daf41."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-21T02:06:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torvalds/linux/commit/ab612b1daf415b62c58e130cb3d0f30b255a14d0"
},
{
"name": "USN-4208-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4208-1/"
},
{
"name": "USN-4210-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4210-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20191205-0001/"
},
{
"name": "openSUSE-SU-2019:2675",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html"
},
{
"name": "USN-4226-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4226-1/"
},
{
"name": "USN-4364-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4364-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19060",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-ab612b1daf41."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9",
"refsource": "MISC",
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9"
},
{
"name": "https://github.com/torvalds/linux/commit/ab612b1daf415b62c58e130cb3d0f30b255a14d0",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/ab612b1daf415b62c58e130cb3d0f30b255a14d0"
},
{
"name": "USN-4208-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4208-1/"
},
{
"name": "USN-4210-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4210-1/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20191205-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20191205-0001/"
},
{
"name": "openSUSE-SU-2019:2675",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html"
},
{
"name": "USN-4226-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4226-1/"
},
{
"name": "USN-4364-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4364-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19060",
"datePublished": "2019-11-18T05:24:01",
"dateReserved": "2019-11-18T00:00:00",
"dateUpdated": "2024-08-05T02:09:39.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22897 (GCVE-0-2021-22897)
Vulnerability from cvelistv5
Published
2021-06-11 15:49
Modified
2024-08-03 18:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-840 - Business Logic Errors ()
Summary
curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising side-effect that if an application sets up multiple concurrent transfers, the last one that sets the ciphers will accidentally control the set used by all transfers. In a worst-case scenario, this weakens transport security significantly.
References
| ▼ | URL | Tags |
|---|---|---|
| https://hackerone.com/reports/1172857 | x_refsource_MISC | |
| https://curl.se/docs/CVE-2021-22897.html | x_refsource_MISC | |
| https://github.com/curl/curl/commit/bbb71507b7bab52002f9b1e0880bed6a32834511 | x_refsource_MISC | |
| https://www.oracle.com//security-alerts/cpujul2021.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpujan2022.html | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210727-0007/ | x_refsource_CONFIRM | |
| https://www.oracle.com/security-alerts/cpuapr2022.html | x_refsource_MISC | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/curl/curl |
Version: 7.61.0 through 7.76.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:58:24.782Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/1172857"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://curl.se/docs/CVE-2021-22897.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/curl/curl/commit/bbb71507b7bab52002f9b1e0880bed6a32834511"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210727-0007/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "https://github.com/curl/curl",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "7.61.0 through 7.76.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single \"static\" variable in the library, which has the surprising side-effect that if an application sets up multiple concurrent transfers, the last one that sets the ciphers will accidentally control the set used by all transfers. In a worst-case scenario, this weakens transport security significantly."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-840",
"description": "Business Logic Errors (CWE-840)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T23:53:46",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/1172857"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://curl.se/docs/CVE-2021-22897.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/curl/curl/commit/bbb71507b7bab52002f9b1e0880bed6a32834511"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210727-0007/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2021-22897",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "https://github.com/curl/curl",
"version": {
"version_data": [
{
"version_value": "7.61.0 through 7.76.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single \"static\" variable in the library, which has the surprising side-effect that if an application sets up multiple concurrent transfers, the last one that sets the ciphers will accidentally control the set used by all transfers. In a worst-case scenario, this weakens transport security significantly."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Business Logic Errors (CWE-840)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/1172857",
"refsource": "MISC",
"url": "https://hackerone.com/reports/1172857"
},
{
"name": "https://curl.se/docs/CVE-2021-22897.html",
"refsource": "MISC",
"url": "https://curl.se/docs/CVE-2021-22897.html"
},
{
"name": "https://github.com/curl/curl/commit/bbb71507b7bab52002f9b1e0880bed6a32834511",
"refsource": "MISC",
"url": "https://github.com/curl/curl/commit/bbb71507b7bab52002f9b1e0880bed6a32834511"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210727-0007/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210727-0007/"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2021-22897",
"datePublished": "2021-06-11T15:49:38",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-08-03T18:58:24.782Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-25032 (GCVE-0-2018-25032)
Vulnerability from cvelistv5
Published
2022-03-25 00:00
Modified
2025-05-06 14:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:26:39.599Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2022/03/24/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531"
},
{
"name": "[oss-security] 20220325 Re: zlib memory corruption on deflate (i.e. compress)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/03/25/2"
},
{
"name": "[oss-security] 20220326 Re: zlib memory corruption on deflate (i.e. compress)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/03/26/1"
},
{
"name": "DSA-5111",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5111"
},
{
"name": "[debian-lts-announce] 20220402 [SECURITY] [DLA 2968-1] zlib security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html"
},
{
"name": "FEDORA-2022-413a80a102",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/"
},
{
"name": "FEDORA-2022-dbd2935e44",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/"
},
{
"name": "FEDORA-2022-12b89e2aad",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/"
},
{
"name": "[debian-lts-announce] 20220507 [SECURITY] [DLA 2993-1] libz-mingw-w64 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html"
},
{
"name": "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/May/33"
},
{
"name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/May/35"
},
{
"name": "20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/May/38"
},
{
"name": "FEDORA-2022-61cf1c64f6",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2022/03/28/3"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2022/03/28/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/madler/zlib/compare/v1.2.11...v1.2.12"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/madler/zlib/issues/605"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213257"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213256"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213255"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220526-0009/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220729-0004/"
},
{
"name": "FEDORA-2022-3a92250fd5",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZZPTWRYQULAOL3AW7RZJNVZ2UONXCV4/"
},
{
"name": "FEDORA-2022-b58a85e167",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DCZFIJBJTZ7CL5QXBFKTQ22Q26VINRUF/"
},
{
"name": "[debian-lts-announce] 20220916 [SECURITY] [DLA 3114-1] mariadb-10.3 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html"
},
{
"name": "GLSA-202210-42",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202210-42"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2018-25032",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:30:25.795648Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-06T14:19:53.894Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.openwall.com/lists/oss-security/2022/03/24/1"
},
{
"url": "https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531"
},
{
"name": "[oss-security] 20220325 Re: zlib memory corruption on deflate (i.e. compress)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/03/25/2"
},
{
"name": "[oss-security] 20220326 Re: zlib memory corruption on deflate (i.e. compress)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/03/26/1"
},
{
"name": "DSA-5111",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5111"
},
{
"name": "[debian-lts-announce] 20220402 [SECURITY] [DLA 2968-1] zlib security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html"
},
{
"name": "FEDORA-2022-413a80a102",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/"
},
{
"name": "FEDORA-2022-dbd2935e44",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/"
},
{
"name": "FEDORA-2022-12b89e2aad",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/"
},
{
"name": "[debian-lts-announce] 20220507 [SECURITY] [DLA 2993-1] libz-mingw-w64 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html"
},
{
"name": "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/May/33"
},
{
"name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/May/35"
},
{
"name": "20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/May/38"
},
{
"name": "FEDORA-2022-61cf1c64f6",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"url": "https://www.openwall.com/lists/oss-security/2022/03/28/3"
},
{
"url": "https://www.openwall.com/lists/oss-security/2022/03/28/1"
},
{
"url": "https://github.com/madler/zlib/compare/v1.2.11...v1.2.12"
},
{
"url": "https://github.com/madler/zlib/issues/605"
},
{
"url": "https://support.apple.com/kb/HT213257"
},
{
"url": "https://support.apple.com/kb/HT213256"
},
{
"url": "https://support.apple.com/kb/HT213255"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220526-0009/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220729-0004/"
},
{
"name": "FEDORA-2022-3a92250fd5",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZZPTWRYQULAOL3AW7RZJNVZ2UONXCV4/"
},
{
"name": "FEDORA-2022-b58a85e167",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DCZFIJBJTZ7CL5QXBFKTQ22Q26VINRUF/"
},
{
"name": "[debian-lts-announce] 20220916 [SECURITY] [DLA 3114-1] mariadb-10.3 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html"
},
{
"name": "GLSA-202210-42",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202210-42"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-25032",
"datePublished": "2022-03-25T00:00:00.000Z",
"dateReserved": "2022-03-25T00:00:00.000Z",
"dateUpdated": "2025-05-06T14:19:53.894Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-13631 (GCVE-0-2020-13631)
Vulnerability from cvelistv5
Published
2020-05-27 14:42
Modified
2024-08-04 12:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:25:16.415Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2020-0477f8840e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/"
},
{
"name": "USN-4394-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4394-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/chromium/issues/detail?id=1080459"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200608-0002/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sqlite.org/src/info/eca0ba2cf4c0fdf7"
},
{
"name": "GLSA-202007-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202007-26"
},
{
"name": "FreeBSD-SA-20:22",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT211843"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT211850"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT211844"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT211931"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT211952"
},
{
"name": "20201115 APPLE-SA-2020-11-13-4 Additional information for APPLE-SA-2020-09-16-2 tvOS 14.0",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Nov/19"
},
{
"name": "20201115 APPLE-SA-2020-11-13-3 Additional information for APPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Nov/20"
},
{
"name": "20201115 APPLE-SA-2020-11-13-6 Additional information for APPLE-SA-2020-09-16-4 watchOS 7.0",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Nov/22"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT211935"
},
{
"name": "20201215 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Dec/32"
},
{
"name": "[guacamole-issues] 20210618 [jira] [Created] (GUACAMOLE-1368) Latest docker image fails security scans.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3Cissues.guacamole.apache.org%3E"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-08T14:08:36",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2020-0477f8840e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/"
},
{
"name": "USN-4394-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4394-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/chromium/issues/detail?id=1080459"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200608-0002/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sqlite.org/src/info/eca0ba2cf4c0fdf7"
},
{
"name": "GLSA-202007-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202007-26"
},
{
"name": "FreeBSD-SA-20:22",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT211843"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT211850"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT211844"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT211931"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT211952"
},
{
"name": "20201115 APPLE-SA-2020-11-13-4 Additional information for APPLE-SA-2020-09-16-2 tvOS 14.0",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Nov/19"
},
{
"name": "20201115 APPLE-SA-2020-11-13-3 Additional information for APPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Nov/20"
},
{
"name": "20201115 APPLE-SA-2020-11-13-6 Additional information for APPLE-SA-2020-09-16-4 watchOS 7.0",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Nov/22"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT211935"
},
{
"name": "20201215 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Dec/32"
},
{
"name": "[guacamole-issues] 20210618 [jira] [Created] (GUACAMOLE-1368) Latest docker image fails security scans.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3Cissues.guacamole.apache.org%3E"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13631",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2020-0477f8840e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/"
},
{
"name": "USN-4394-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4394-1/"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://bugs.chromium.org/p/chromium/issues/detail?id=1080459",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/chromium/issues/detail?id=1080459"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200608-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200608-0002/"
},
{
"name": "https://sqlite.org/src/info/eca0ba2cf4c0fdf7",
"refsource": "MISC",
"url": "https://sqlite.org/src/info/eca0ba2cf4c0fdf7"
},
{
"name": "GLSA-202007-26",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202007-26"
},
{
"name": "FreeBSD-SA-20:22",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc"
},
{
"name": "https://support.apple.com/kb/HT211843",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT211843"
},
{
"name": "https://support.apple.com/kb/HT211850",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT211850"
},
{
"name": "https://support.apple.com/kb/HT211844",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT211844"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "https://support.apple.com/kb/HT211931",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT211931"
},
{
"name": "https://support.apple.com/kb/HT211952",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT211952"
},
{
"name": "20201115 APPLE-SA-2020-11-13-4 Additional information for APPLE-SA-2020-09-16-2 tvOS 14.0",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/Nov/19"
},
{
"name": "20201115 APPLE-SA-2020-11-13-3 Additional information for APPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/Nov/20"
},
{
"name": "20201115 APPLE-SA-2020-11-13-6 Additional information for APPLE-SA-2020-09-16-4 watchOS 7.0",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/Nov/22"
},
{
"name": "https://support.apple.com/kb/HT211935",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT211935"
},
{
"name": "20201215 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/Dec/32"
},
{
"name": "[guacamole-issues] 20210618 [jira] [Created] (GUACAMOLE-1368) Latest docker image fails security scans.",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13631",
"datePublished": "2020-05-27T14:42:28",
"dateReserved": "2020-05-27T00:00:00",
"dateUpdated": "2024-08-04T12:25:16.415Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21502 (GCVE-0-2025-21502)
Vulnerability from cvelistv5
Published
2025-01-21 20:52
Modified
2025-02-07 11:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u431-perf, 11.0.25, 17.0.13, 21.0.5, 23.0.1; Oracle GraalVM for JDK: 17.0.13, 21.0.5, 23.0.1; Oracle GraalVM Enterprise Edition: 20.3.16 and 21.3.12. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.oracle.com/security-alerts/cpujan2025.html | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Oracle Java SE |
Version: Oracle Java SE:8u431-perf Version: Oracle Java SE:11.0.25 Version: Oracle Java SE:17.0.13 Version: Oracle Java SE:21.0.5 Version: Oracle Java SE:23.0.1 Version: Oracle GraalVM for JDK:17.0.13 Version: Oracle GraalVM for JDK:21.0.5 Version: Oracle GraalVM for JDK:23.0.1 Version: Oracle GraalVM Enterprise Edition:20.3.16 Version: Oracle GraalVM Enterprise Edition:21.3.12 cpe:2.3:a:oracle:java_se:8u431:*:*:*:enterprise_performance:*:*:* cpe:2.3:a:oracle:java_se:11.0.25:*:*:*:*:*:*:* cpe:2.3:a:oracle:java_se:17.0.13:*:*:*:*:*:*:* cpe:2.3:a:oracle:java_se:21.0.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:java_se:23.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:graalvm_for_jdk:17.0.13:*:*:*:*:*:*:* cpe:2.3:a:oracle:graalvm_for_jdk:21.0.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:graalvm_for_jdk:23.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:graalvm:20.3.16:*:*:*:enterprise:*:*:* cpe:2.3:a:oracle:graalvm:21.3.12:*:*:*:enterprise:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21502",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-23T16:29:12.677151Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-23T16:37:41.331Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-02-07T11:02:33.310Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250124-0009/"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/01/25/6"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00031.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00004.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:oracle:java_se:8u431:*:*:*:enterprise_performance:*:*:*",
"cpe:2.3:a:oracle:java_se:11.0.25:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:java_se:17.0.13:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:java_se:21.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:java_se:23.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:graalvm_for_jdk:17.0.13:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:graalvm_for_jdk:21.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:graalvm_for_jdk:23.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:graalvm:20.3.16:*:*:*:enterprise:*:*:*",
"cpe:2.3:a:oracle:graalvm:21.3.12:*:*:*:enterprise:*:*:*"
],
"product": "Oracle Java SE",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "Oracle Java SE:8u431-perf"
},
{
"status": "affected",
"version": "Oracle Java SE:11.0.25"
},
{
"status": "affected",
"version": "Oracle Java SE:17.0.13"
},
{
"status": "affected",
"version": "Oracle Java SE:21.0.5"
},
{
"status": "affected",
"version": "Oracle Java SE:23.0.1"
},
{
"status": "affected",
"version": "Oracle GraalVM for JDK:17.0.13"
},
{
"status": "affected",
"version": "Oracle GraalVM for JDK:21.0.5"
},
{
"status": "affected",
"version": "Oracle GraalVM for JDK:23.0.1"
},
{
"status": "affected",
"version": "Oracle GraalVM Enterprise Edition:20.3.16"
},
{
"status": "affected",
"version": "Oracle GraalVM Enterprise Edition:21.3.12"
}
]
}
],
"descriptions": [
{
"lang": "en-US",
"value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u431-perf, 11.0.25, 17.0.13, 21.0.5, 23.0.1; Oracle GraalVM for JDK: 17.0.13, 21.0.5, 23.0.1; Oracle GraalVM Enterprise Edition: 20.3.16 and 21.3.12. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T20:52:56.446Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2025.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2025-21502",
"datePublished": "2025-01-21T20:52:56.446Z",
"dateReserved": "2024-12-24T23:18:54.763Z",
"dateUpdated": "2025-02-07T11:02:33.310Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38202 (GCVE-0-2021-38202)
Vulnerability from cvelistv5
Published
2021-08-08 19:25
Modified
2024-08-04 01:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
fs/nfsd/trace.h in the Linux kernel before 5.13.4 might allow remote attackers to cause a denial of service (out-of-bounds read in strlen) by sending NFS traffic when the trace event framework is being used for nfsd.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4 | x_refsource_MISC | |
| https://github.com/torvalds/linux/commit/7b08cf62b1239a4322427d677ea9363f0ab677c6 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210902-0010/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:37:16.361Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/7b08cf62b1239a4322427d677ea9363f0ab677c6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210902-0010/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "fs/nfsd/trace.h in the Linux kernel before 5.13.4 might allow remote attackers to cause a denial of service (out-of-bounds read in strlen) by sending NFS traffic when the trace event framework is being used for nfsd."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-02T08:06:49",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torvalds/linux/commit/7b08cf62b1239a4322427d677ea9363f0ab677c6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210902-0010/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-38202",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "fs/nfsd/trace.h in the Linux kernel before 5.13.4 might allow remote attackers to cause a denial of service (out-of-bounds read in strlen) by sending NFS traffic when the trace event framework is being used for nfsd."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4",
"refsource": "MISC",
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4"
},
{
"name": "https://github.com/torvalds/linux/commit/7b08cf62b1239a4322427d677ea9363f0ab677c6",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/7b08cf62b1239a4322427d677ea9363f0ab677c6"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210902-0010/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210902-0010/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-38202",
"datePublished": "2021-08-08T19:25:59",
"dateReserved": "2021-08-08T00:00:00",
"dateUpdated": "2024-08-04T01:37:16.361Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-17006 (GCVE-0-2019-17006)
Vulnerability from cvelistv5
Published
2020-10-22 20:24
Modified
2024-08-05 01:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- missing length checks for cryptographic primitives
Summary
In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow.
References
| ▼ | URL | Tags |
|---|---|---|
| https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes | x_refsource_MISC | |
| https://bugzilla.mozilla.org/show_bug.cgi?id=1539788 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210129-0001/ | x_refsource_CONFIRM | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf | x_refsource_CONFIRM | |
| https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:24:48.804Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1539788"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210129-0001/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NSS",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "3.46",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "missing length checks for cryptographic primitives",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-12T06:05:28",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1539788"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210129-0001/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2019-17006",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NSS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.46"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "missing length checks for cryptographic primitives"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes",
"refsource": "MISC",
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1539788",
"refsource": "MISC",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1539788"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210129-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210129-0001/"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2019-17006",
"datePublished": "2020-10-22T20:24:25",
"dateReserved": "2019-09-30T00:00:00",
"dateUpdated": "2024-08-05T01:24:48.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2048 (GCVE-0-2022-2048)
Vulnerability from cvelistv5
Published
2022-07-07 20:35
Modified
2024-08-03 00:24
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j | x_refsource_CONFIRM | |
| https://www.debian.org/security/2022/dsa-5198 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html | mailing-list, x_refsource_MLIST | |
| https://security.netapp.com/advisory/ntap-20220901-0006/ | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2022/09/09/2 | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The Eclipse Foundation | Eclipse Jetty |
Version: 9.4.0 < unspecified Version: unspecified < Version: 10.0.0 < unspecified Version: unspecified < Version: 11.0.0 < unspecified Version: unspecified < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:43.964Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j"
},
{
"name": "DSA-5198",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5198"
},
{
"name": "[debian-lts-announce] 20220821 [SECURITY] [DLA 3079-1] jetty9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220901-0006/"
},
{
"name": "[oss-security] 20220909 Vulnerability in Jenkins",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/09/09/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Eclipse Jetty",
"vendor": "The Eclipse Foundation",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "9.4.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.4.46",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "10.0.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "11.0.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "11.0.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-410",
"description": "CWE-410",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-664",
"description": "CWE-664",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-09T14:06:11",
"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"shortName": "eclipse"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j"
},
{
"name": "DSA-5198",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2022/dsa-5198"
},
{
"name": "[debian-lts-announce] 20220821 [SECURITY] [DLA 3079-1] jetty9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220901-0006/"
},
{
"name": "[oss-security] 20220909 Vulnerability in Jenkins",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2022/09/09/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@eclipse.org",
"ID": "CVE-2022-2048",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Eclipse Jetty",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "9.4.0"
},
{
"version_affected": "\u003c=",
"version_value": "9.4.46"
},
{
"version_affected": "\u003e=",
"version_value": "10.0.0"
},
{
"version_affected": "\u003c=",
"version_value": "10.0.9"
},
{
"version_affected": "\u003e=",
"version_value": "11.0.0"
},
{
"version_affected": "\u003c=",
"version_value": "11.0.9"
}
]
}
}
]
},
"vendor_name": "The Eclipse Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests."
}
]
},
"impact": {
"cvss": {
"baseScore": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-410"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-664"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j",
"refsource": "CONFIRM",
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j"
},
{
"name": "DSA-5198",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2022/dsa-5198"
},
{
"name": "[debian-lts-announce] 20220821 [SECURITY] [DLA 3079-1] jetty9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220901-0006/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220901-0006/"
},
{
"name": "[oss-security] 20220909 Vulnerability in Jenkins",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/09/09/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"assignerShortName": "eclipse",
"cveId": "CVE-2022-2048",
"datePublished": "2022-07-07T20:35:09",
"dateReserved": "2022-06-09T00:00:00",
"dateUpdated": "2024-08-03T00:24:43.964Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-21540 (GCVE-0-2022-21540)
Vulnerability from cvelistv5
Published
2022-07-19 00:00
Modified
2024-08-03 02:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java SE JDK and JRE |
Version: Oracle Java SE:7u343 Version: Oracle Java SE:8u333 Version: Oracle Java SE:11.0.15.1 Version: Oracle Java SE:17.0.3.1 Version: Oracle Java SE:18.0.1.1 Version: Oracle GraalVM Enterprise Edition:20.3.6 Version: Oracle GraalVM Enterprise Edition:21.3.2 Version: Oracle GraalVM Enterprise Edition:22.1.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:46:39.111Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "DSA-5188",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5188"
},
{
"name": "DSA-5192",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5192"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220729-0009/"
},
{
"name": "FEDORA-2022-19b6f21746",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/"
},
{
"name": "FEDORA-2022-ae563934f7",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/"
},
{
"name": "FEDORA-2022-e573851f56",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/"
},
{
"name": "FEDORA-2022-d26586b419",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/"
},
{
"name": "FEDORA-2022-80afe2304a",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/"
},
{
"name": "FEDORA-2022-b76ab52e73",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/"
},
{
"name": "GLSA-202401-25",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202401-25"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Java SE JDK and JRE",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "Oracle Java SE:7u343"
},
{
"status": "affected",
"version": "Oracle Java SE:8u333"
},
{
"status": "affected",
"version": "Oracle Java SE:11.0.15.1"
},
{
"status": "affected",
"version": "Oracle Java SE:17.0.3.1"
},
{
"status": "affected",
"version": "Oracle Java SE:18.0.1.1"
},
{
"status": "affected",
"version": "Oracle GraalVM Enterprise Edition:20.3.6"
},
{
"status": "affected",
"version": "Oracle GraalVM Enterprise Edition:21.3.2"
},
{
"status": "affected",
"version": "Oracle GraalVM Enterprise Edition:22.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-17T15:06:26.613438",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "DSA-5188",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5188"
},
{
"name": "DSA-5192",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5192"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220729-0009/"
},
{
"name": "FEDORA-2022-19b6f21746",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/"
},
{
"name": "FEDORA-2022-ae563934f7",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/"
},
{
"name": "FEDORA-2022-e573851f56",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/"
},
{
"name": "FEDORA-2022-d26586b419",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/"
},
{
"name": "FEDORA-2022-80afe2304a",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/"
},
{
"name": "FEDORA-2022-b76ab52e73",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/"
},
{
"name": "GLSA-202401-25",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202401-25"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2022-21540",
"datePublished": "2022-07-19T00:00:00",
"dateReserved": "2021-11-15T00:00:00",
"dateUpdated": "2024-08-03T02:46:39.111Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38199 (GCVE-0-2021-38199)
Vulnerability from cvelistv5
Published
2021-08-08 19:27
Modified
2024-08-04 01:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which allows operators of remote NFSv4 servers to cause a denial of service (hanging of mounts) by arranging for those servers to be unreachable during trunking detection.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4 | x_refsource_MISC | |
| https://github.com/torvalds/linux/commit/dd99e9f98fbf423ff6d365b37a98e8879170f17c | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210902-0010/ | x_refsource_CONFIRM | |
| https://www.debian.org/security/2021/dsa-4978 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:37:16.290Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/dd99e9f98fbf423ff6d365b37a98e8879170f17c"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210902-0010/"
},
{
"name": "DSA-4978",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4978"
},
{
"name": "[debian-lts-announce] 20211015 [SECURITY] [DLA 2785-1] linux-4.19 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html"
},
{
"name": "[debian-lts-announce] 20211216 [SECURITY] [DLA 2843-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which allows operators of remote NFSv4 servers to cause a denial of service (hanging of mounts) by arranging for those servers to be unreachable during trunking detection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-17T00:06:23",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torvalds/linux/commit/dd99e9f98fbf423ff6d365b37a98e8879170f17c"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210902-0010/"
},
{
"name": "DSA-4978",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-4978"
},
{
"name": "[debian-lts-announce] 20211015 [SECURITY] [DLA 2785-1] linux-4.19 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html"
},
{
"name": "[debian-lts-announce] 20211216 [SECURITY] [DLA 2843-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-38199",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which allows operators of remote NFSv4 servers to cause a denial of service (hanging of mounts) by arranging for those servers to be unreachable during trunking detection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4",
"refsource": "MISC",
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4"
},
{
"name": "https://github.com/torvalds/linux/commit/dd99e9f98fbf423ff6d365b37a98e8879170f17c",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/dd99e9f98fbf423ff6d365b37a98e8879170f17c"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210902-0010/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210902-0010/"
},
{
"name": "DSA-4978",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4978"
},
{
"name": "[debian-lts-announce] 20211015 [SECURITY] [DLA 2785-1] linux-4.19 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html"
},
{
"name": "[debian-lts-announce] 20211216 [SECURITY] [DLA 2843-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-38199",
"datePublished": "2021-08-08T19:27:50",
"dateReserved": "2021-08-08T00:00:00",
"dateUpdated": "2024-08-04T01:37:16.290Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-13630 (GCVE-0-2020-13630)
Vulnerability from cvelistv5
Published
2020-05-27 14:42
Modified
2024-08-04 12:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:25:16.317Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2020-0477f8840e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/"
},
{
"name": "USN-4394-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4394-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/chromium/issues/detail?id=1080459"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sqlite.org/src/info/0d69f76f0865f962"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200608-0002/"
},
{
"name": "GLSA-202007-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202007-26"
},
{
"name": "FreeBSD-SA-20:22",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc"
},
{
"name": "[debian-lts-announce] 20200822 [SECURITY] [DLA 2340-1] sqlite3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT211843"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT211850"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT211844"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT211931"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT211952"
},
{
"name": "20201115 APPLE-SA-2020-11-13-4 Additional information for APPLE-SA-2020-09-16-2 tvOS 14.0",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Nov/19"
},
{
"name": "20201115 APPLE-SA-2020-11-13-3 Additional information for APPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Nov/20"
},
{
"name": "20201115 APPLE-SA-2020-11-13-6 Additional information for APPLE-SA-2020-09-16-4 watchOS 7.0",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Nov/22"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT211935"
},
{
"name": "20201215 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Dec/32"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-08T14:07:03",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2020-0477f8840e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/"
},
{
"name": "USN-4394-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4394-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/chromium/issues/detail?id=1080459"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sqlite.org/src/info/0d69f76f0865f962"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200608-0002/"
},
{
"name": "GLSA-202007-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202007-26"
},
{
"name": "FreeBSD-SA-20:22",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc"
},
{
"name": "[debian-lts-announce] 20200822 [SECURITY] [DLA 2340-1] sqlite3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT211843"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT211850"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT211844"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT211931"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT211952"
},
{
"name": "20201115 APPLE-SA-2020-11-13-4 Additional information for APPLE-SA-2020-09-16-2 tvOS 14.0",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Nov/19"
},
{
"name": "20201115 APPLE-SA-2020-11-13-3 Additional information for APPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Nov/20"
},
{
"name": "20201115 APPLE-SA-2020-11-13-6 Additional information for APPLE-SA-2020-09-16-4 watchOS 7.0",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Nov/22"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT211935"
},
{
"name": "20201215 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Dec/32"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13630",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2020-0477f8840e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/"
},
{
"name": "USN-4394-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4394-1/"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://bugs.chromium.org/p/chromium/issues/detail?id=1080459",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/chromium/issues/detail?id=1080459"
},
{
"name": "https://sqlite.org/src/info/0d69f76f0865f962",
"refsource": "MISC",
"url": "https://sqlite.org/src/info/0d69f76f0865f962"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200608-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200608-0002/"
},
{
"name": "GLSA-202007-26",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202007-26"
},
{
"name": "FreeBSD-SA-20:22",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc"
},
{
"name": "[debian-lts-announce] 20200822 [SECURITY] [DLA 2340-1] sqlite3 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html"
},
{
"name": "https://support.apple.com/kb/HT211843",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT211843"
},
{
"name": "https://support.apple.com/kb/HT211850",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT211850"
},
{
"name": "https://support.apple.com/kb/HT211844",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT211844"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "https://support.apple.com/kb/HT211931",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT211931"
},
{
"name": "https://support.apple.com/kb/HT211952",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT211952"
},
{
"name": "20201115 APPLE-SA-2020-11-13-4 Additional information for APPLE-SA-2020-09-16-2 tvOS 14.0",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/Nov/19"
},
{
"name": "20201115 APPLE-SA-2020-11-13-3 Additional information for APPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/Nov/20"
},
{
"name": "20201115 APPLE-SA-2020-11-13-6 Additional information for APPLE-SA-2020-09-16-4 watchOS 7.0",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/Nov/22"
},
{
"name": "https://support.apple.com/kb/HT211935",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT211935"
},
{
"name": "20201215 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/Dec/32"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13630",
"datePublished": "2020-05-27T14:42:44",
"dateReserved": "2020-05-27T00:00:00",
"dateUpdated": "2024-08-04T12:25:16.317Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-21476 (GCVE-0-2022-21476)
Vulnerability from cvelistv5
Published
2022-04-19 20:38
Modified
2024-08-03 02:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.oracle.com/security-alerts/cpuapr2022.html | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20220429-0006/ | x_refsource_CONFIRM | |
| https://www.debian.org/security/2022/dsa-5128 | vendor-advisory, x_refsource_DEBIAN | |
| https://www.debian.org/security/2022/dsa-5131 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java SE JDK and JRE |
Version: Oracle Java SE:7u331 Version: Oracle Java SE:8u321 Version: Oracle Java SE:11.0.14 Version: Oracle Java SE:17.0.2 Version: Oracle Java SE:18 Version: Oracle GraalVM Enterprise Edition:20.3.5 Version: Oracle GraalVM Enterprise Edition:21.3.1 Version: Oracle GraalVM Enterprise Edition:22.0.0.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:38:56.676Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220429-0006/"
},
{
"name": "DSA-5128",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5128"
},
{
"name": "DSA-5131",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5131"
},
{
"name": "[debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Java SE JDK and JRE",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "Oracle Java SE:7u331"
},
{
"status": "affected",
"version": "Oracle Java SE:8u321"
},
{
"status": "affected",
"version": "Oracle Java SE:11.0.14"
},
{
"status": "affected",
"version": "Oracle Java SE:17.0.2"
},
{
"status": "affected",
"version": "Oracle Java SE:18"
},
{
"status": "affected",
"version": "Oracle GraalVM Enterprise Edition:20.3.5"
},
{
"status": "affected",
"version": "Oracle GraalVM Enterprise Edition:21.3.1"
},
{
"status": "affected",
"version": "Oracle GraalVM Enterprise Edition:22.0.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-14T11:06:05",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220429-0006/"
},
{
"name": "DSA-5128",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2022/dsa-5128"
},
{
"name": "DSA-5131",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2022/dsa-5131"
},
{
"name": "[debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2022-21476",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Java SE JDK and JRE",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Oracle Java SE:7u331"
},
{
"version_affected": "=",
"version_value": "Oracle Java SE:8u321"
},
{
"version_affected": "=",
"version_value": "Oracle Java SE:11.0.14"
},
{
"version_affected": "=",
"version_value": "Oracle Java SE:17.0.2"
},
{
"version_affected": "=",
"version_value": "Oracle Java SE:18"
},
{
"version_affected": "=",
"version_value": "Oracle GraalVM Enterprise Edition:20.3.5"
},
{
"version_affected": "=",
"version_value": "Oracle GraalVM Enterprise Edition:21.3.1"
},
{
"version_affected": "=",
"version_value": "Oracle GraalVM Enterprise Edition:22.0.0.2"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."
}
]
},
"impact": {
"cvss": {
"baseScore": "7.5",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220429-0006/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220429-0006/"
},
{
"name": "DSA-5128",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2022/dsa-5128"
},
{
"name": "DSA-5131",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2022/dsa-5131"
},
{
"name": "[debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2022-21476",
"datePublished": "2022-04-19T20:38:20",
"dateReserved": "2021-11-15T00:00:00",
"dateUpdated": "2024-08-03T02:38:56.676Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-13632 (GCVE-0-2020-13632)
Vulnerability from cvelistv5
Published
2020-05-27 14:42
Modified
2024-08-04 12:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/ | vendor-advisory, x_refsource_FEDORA | |
| https://usn.ubuntu.com/4394-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://www.oracle.com/security-alerts/cpujul2020.html | x_refsource_MISC | |
| https://bugs.chromium.org/p/chromium/issues/detail?id=1080459 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20200608-0002/ | x_refsource_CONFIRM | |
| https://sqlite.org/src/info/a4dd148928ea65bd | x_refsource_MISC | |
| https://security.gentoo.org/glsa/202007-26 | vendor-advisory, x_refsource_GENTOO | |
| https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc | vendor-advisory, x_refsource_FREEBSD | |
| https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html | mailing-list, x_refsource_MLIST | |
| https://www.oracle.com/security-alerts/cpuoct2020.html | x_refsource_MISC | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:25:16.387Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2020-0477f8840e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/"
},
{
"name": "USN-4394-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4394-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/chromium/issues/detail?id=1080459"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200608-0002/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sqlite.org/src/info/a4dd148928ea65bd"
},
{
"name": "GLSA-202007-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202007-26"
},
{
"name": "FreeBSD-SA-20:22",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc"
},
{
"name": "[debian-lts-announce] 20200822 [SECURITY] [DLA 2340-1] sqlite3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-08T14:07:05",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2020-0477f8840e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/"
},
{
"name": "USN-4394-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4394-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/chromium/issues/detail?id=1080459"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200608-0002/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sqlite.org/src/info/a4dd148928ea65bd"
},
{
"name": "GLSA-202007-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202007-26"
},
{
"name": "FreeBSD-SA-20:22",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc"
},
{
"name": "[debian-lts-announce] 20200822 [SECURITY] [DLA 2340-1] sqlite3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13632",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2020-0477f8840e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/"
},
{
"name": "USN-4394-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4394-1/"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://bugs.chromium.org/p/chromium/issues/detail?id=1080459",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/chromium/issues/detail?id=1080459"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200608-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200608-0002/"
},
{
"name": "https://sqlite.org/src/info/a4dd148928ea65bd",
"refsource": "MISC",
"url": "https://sqlite.org/src/info/a4dd148928ea65bd"
},
{
"name": "GLSA-202007-26",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202007-26"
},
{
"name": "FreeBSD-SA-20:22",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc"
},
{
"name": "[debian-lts-announce] 20200822 [SECURITY] [DLA 2340-1] sqlite3 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13632",
"datePublished": "2020-05-27T14:42:17",
"dateReserved": "2020-05-27T00:00:00",
"dateUpdated": "2024-08-04T12:25:16.387Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12770 (GCVE-0-2020-12770)
Vulnerability from cvelistv5
Published
2020-05-09 20:16
Modified
2024-08-04 12:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:04:22.871Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://lkml.org/lkml/2020/4/13/870"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=83c6f2390040f188cc25b270b4befeb5628c1aee"
},
{
"name": "FEDORA-2020-4c69987c40",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R54VC7B6MDYKP57AWC2HN7AUJYH62RKI/"
},
{
"name": "FEDORA-2020-c6b9fff7f8",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ES5C6ZCMALBEBMKNNCTBSLLSYGFZG3FF/"
},
{
"name": "FEDORA-2020-5a69decc0c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IO5XIQSRI747P4RVVTNX7TUPEOCF4OPU/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
},
{
"name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
},
{
"name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
},
{
"name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
},
{
"name": "DSA-4698",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4698"
},
{
"name": "DSA-4699",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4699"
},
{
"name": "USN-4413-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4413-1/"
},
{
"name": "USN-4411-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4411-1/"
},
{
"name": "USN-4412-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4412-1/"
},
{
"name": "USN-4419-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4419-1/"
},
{
"name": "USN-4414-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4414-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-29T18:06:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://lkml.org/lkml/2020/4/13/870"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=83c6f2390040f188cc25b270b4befeb5628c1aee"
},
{
"name": "FEDORA-2020-4c69987c40",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R54VC7B6MDYKP57AWC2HN7AUJYH62RKI/"
},
{
"name": "FEDORA-2020-c6b9fff7f8",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ES5C6ZCMALBEBMKNNCTBSLLSYGFZG3FF/"
},
{
"name": "FEDORA-2020-5a69decc0c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IO5XIQSRI747P4RVVTNX7TUPEOCF4OPU/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
},
{
"name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
},
{
"name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
},
{
"name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
},
{
"name": "DSA-4698",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4698"
},
{
"name": "DSA-4699",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4699"
},
{
"name": "USN-4413-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4413-1/"
},
{
"name": "USN-4411-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4411-1/"
},
{
"name": "USN-4412-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4412-1/"
},
{
"name": "USN-4419-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4419-1/"
},
{
"name": "USN-4414-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4414-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-12770",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lkml.org/lkml/2020/4/13/870",
"refsource": "CONFIRM",
"url": "https://lkml.org/lkml/2020/4/13/870"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=83c6f2390040f188cc25b270b4befeb5628c1aee",
"refsource": "CONFIRM",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=83c6f2390040f188cc25b270b4befeb5628c1aee"
},
{
"name": "FEDORA-2020-4c69987c40",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R54VC7B6MDYKP57AWC2HN7AUJYH62RKI/"
},
{
"name": "FEDORA-2020-c6b9fff7f8",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ES5C6ZCMALBEBMKNNCTBSLLSYGFZG3FF/"
},
{
"name": "FEDORA-2020-5a69decc0c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IO5XIQSRI747P4RVVTNX7TUPEOCF4OPU/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200608-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
},
{
"name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
},
{
"name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
},
{
"name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
},
{
"name": "DSA-4698",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4698"
},
{
"name": "DSA-4699",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4699"
},
{
"name": "USN-4413-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4413-1/"
},
{
"name": "USN-4411-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4411-1/"
},
{
"name": "USN-4412-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4412-1/"
},
{
"name": "USN-4419-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4419-1/"
},
{
"name": "USN-4414-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4414-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-12770",
"datePublished": "2020-05-09T20:16:36",
"dateReserved": "2020-05-09T00:00:00",
"dateUpdated": "2024-08-04T12:04:22.871Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12888 (GCVE-0-2020-12888)
Vulnerability from cvelistv5
Published
2020-05-15 17:02
Modified
2024-08-04 12:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:11:18.700Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lore.kernel.org/kvm/158871570274.15589.10563806532874116326.stgit%40gimli.home/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lore.kernel.org/kvm/158871401328.15589.17598154478222071285.stgit%40gimli.home/"
},
{
"name": "[oss-security] 20200519 CVE-2020-12888 Kernel: vfio: access to disabled MMIO space of some devices may lead to DoS scenario",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/05/19/6"
},
{
"name": "FEDORA-2020-57bf620276",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXGMJHWTMQI34NJZ4BHL3ZVF264AWBF2/"
},
{
"name": "FEDORA-2020-5436586091",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBEHRQQZTKJTPQFPY3JAO7MQ4JAFEQNW/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
},
{
"name": "openSUSE-SU-2020:0935",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html"
},
{
"name": "openSUSE-SU-2020:1153",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html"
},
{
"name": "USN-4526-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4526-1/"
},
{
"name": "USN-4525-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4525-1/"
},
{
"name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2385-1] linux-4.19 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html"
},
{
"name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html"
},
{
"name": "[debian-lts-announce] 20201031 [SECURITY] [DLA 2420-2] linux regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-31T17:06:22",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lore.kernel.org/kvm/158871570274.15589.10563806532874116326.stgit%40gimli.home/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lore.kernel.org/kvm/158871401328.15589.17598154478222071285.stgit%40gimli.home/"
},
{
"name": "[oss-security] 20200519 CVE-2020-12888 Kernel: vfio: access to disabled MMIO space of some devices may lead to DoS scenario",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/05/19/6"
},
{
"name": "FEDORA-2020-57bf620276",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXGMJHWTMQI34NJZ4BHL3ZVF264AWBF2/"
},
{
"name": "FEDORA-2020-5436586091",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBEHRQQZTKJTPQFPY3JAO7MQ4JAFEQNW/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
},
{
"name": "openSUSE-SU-2020:0935",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html"
},
{
"name": "openSUSE-SU-2020:1153",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html"
},
{
"name": "USN-4526-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4526-1/"
},
{
"name": "USN-4525-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4525-1/"
},
{
"name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2385-1] linux-4.19 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html"
},
{
"name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html"
},
{
"name": "[debian-lts-announce] 20201031 [SECURITY] [DLA 2420-2] linux regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-12888",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lore.kernel.org/kvm/158871570274.15589.10563806532874116326.stgit@gimli.home/",
"refsource": "MISC",
"url": "https://lore.kernel.org/kvm/158871570274.15589.10563806532874116326.stgit@gimli.home/"
},
{
"name": "https://lore.kernel.org/kvm/158871401328.15589.17598154478222071285.stgit@gimli.home/",
"refsource": "MISC",
"url": "https://lore.kernel.org/kvm/158871401328.15589.17598154478222071285.stgit@gimli.home/"
},
{
"name": "[oss-security] 20200519 CVE-2020-12888 Kernel: vfio: access to disabled MMIO space of some devices may lead to DoS scenario",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/05/19/6"
},
{
"name": "FEDORA-2020-57bf620276",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NXGMJHWTMQI34NJZ4BHL3ZVF264AWBF2/"
},
{
"name": "FEDORA-2020-5436586091",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CBEHRQQZTKJTPQFPY3JAO7MQ4JAFEQNW/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200608-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
},
{
"name": "openSUSE-SU-2020:0935",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html"
},
{
"name": "openSUSE-SU-2020:1153",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html"
},
{
"name": "USN-4526-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4526-1/"
},
{
"name": "USN-4525-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4525-1/"
},
{
"name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2385-1] linux-4.19 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html"
},
{
"name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html"
},
{
"name": "[debian-lts-announce] 20201031 [SECURITY] [DLA 2420-2] linux regression update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-12888",
"datePublished": "2020-05-15T17:02:20",
"dateReserved": "2020-05-15T00:00:00",
"dateUpdated": "2024-08-04T12:11:18.700Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-21496 (GCVE-0-2022-21496)
Vulnerability from cvelistv5
Published
2022-04-19 20:38
Modified
2024-09-24 20:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java SE JDK and JRE |
Version: Oracle Java SE:7u331 Version: Oracle Java SE:8u321 Version: Oracle Java SE:11.0.14 Version: Oracle Java SE:17.0.2 Version: Oracle Java SE:18 Version: Oracle GraalVM Enterprise Edition:20.3.5 Version: Oracle GraalVM Enterprise Edition:21.3.1 Version: Oracle GraalVM Enterprise Edition:22.0.0.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:46:38.681Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220429-0006/"
},
{
"name": "DSA-5128",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5128"
},
{
"name": "DSA-5131",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5131"
},
{
"name": "[debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-21496",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T13:53:50.783083Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T20:05:36.664Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Java SE JDK and JRE",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "Oracle Java SE:7u331"
},
{
"status": "affected",
"version": "Oracle Java SE:8u321"
},
{
"status": "affected",
"version": "Oracle Java SE:11.0.14"
},
{
"status": "affected",
"version": "Oracle Java SE:17.0.2"
},
{
"status": "affected",
"version": "Oracle Java SE:18"
},
{
"status": "affected",
"version": "Oracle GraalVM Enterprise Edition:20.3.5"
},
{
"status": "affected",
"version": "Oracle GraalVM Enterprise Edition:21.3.1"
},
{
"status": "affected",
"version": "Oracle GraalVM Enterprise Edition:22.0.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T19:06:40.368882",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220429-0006/"
},
{
"name": "DSA-5128",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5128"
},
{
"name": "DSA-5131",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5131"
},
{
"name": "[debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2022-21496",
"datePublished": "2022-04-19T20:38:50",
"dateReserved": "2021-11-15T00:00:00",
"dateUpdated": "2024-09-24T20:05:36.664Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19061 (GCVE-0-2019-19061)
Vulnerability from cvelistv5
Published
2019-11-18 05:24
Modified
2024-08-05 02:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A memory leak in the adis_update_scan_mode_burst() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-9c0530e898f3.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9 | x_refsource_MISC | |
| https://github.com/torvalds/linux/commit/9c0530e898f384c5d279bfcebd8bb17af1105873 | x_refsource_MISC | |
| https://usn.ubuntu.com/4208-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://security.netapp.com/advisory/ntap-20191205-0001/ | x_refsource_CONFIRM | |
| https://usn.ubuntu.com/4526-1/ | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:09:38.231Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/9c0530e898f384c5d279bfcebd8bb17af1105873"
},
{
"name": "USN-4208-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4208-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20191205-0001/"
},
{
"name": "USN-4526-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4526-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A memory leak in the adis_update_scan_mode_burst() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-9c0530e898f3."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-25T17:06:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torvalds/linux/commit/9c0530e898f384c5d279bfcebd8bb17af1105873"
},
{
"name": "USN-4208-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4208-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20191205-0001/"
},
{
"name": "USN-4526-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4526-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19061",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A memory leak in the adis_update_scan_mode_burst() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-9c0530e898f3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9",
"refsource": "MISC",
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9"
},
{
"name": "https://github.com/torvalds/linux/commit/9c0530e898f384c5d279bfcebd8bb17af1105873",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/9c0530e898f384c5d279bfcebd8bb17af1105873"
},
{
"name": "USN-4208-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4208-1/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20191205-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20191205-0001/"
},
{
"name": "USN-4526-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4526-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19061",
"datePublished": "2019-11-18T05:24:03",
"dateReserved": "2019-11-18T00:00:00",
"dateUpdated": "2024-08-05T02:09:38.231Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10690 (GCVE-0-2020-10690)
Vulnerability from cvelistv5
Published
2020-05-08 13:48
Modified
2024-08-04 11:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10690 | x_refsource_CONFIRM | |
| https://security.netapp.com/advisory/ntap-20200608-0001/ | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html | mailing-list, x_refsource_MLIST | |
| http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html | vendor-advisory, x_refsource_SUSE | |
| https://usn.ubuntu.com/4419-1/ | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:06:11.142Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10690"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
},
{
"name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
},
{
"name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
},
{
"name": "openSUSE-SU-2020:0801",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html"
},
{
"name": "USN-4419-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4419-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "kernel",
"vendor": "Red Hat",
"versions": [
{
"status": "affected",
"version": "all kernel versions before 5.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-22T06:06:33",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10690"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
},
{
"name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
},
{
"name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
},
{
"name": "openSUSE-SU-2020:0801",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html"
},
{
"name": "USN-4419-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4419-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-10690",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "all kernel versions before 5.5"
}
]
}
}
]
},
"vendor_name": "Red Hat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "6.5/CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10690",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10690"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200608-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
},
{
"name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
},
{
"name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
},
{
"name": "openSUSE-SU-2020:0801",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html"
},
{
"name": "USN-4419-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4419-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-10690",
"datePublished": "2020-05-08T13:48:30",
"dateReserved": "2020-03-20T00:00:00",
"dateUpdated": "2024-08-04T11:06:11.142Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-32207 (GCVE-0-2022-32207)
Vulnerability from cvelistv5
Published
2022-07-07 00:00
Modified
2025-04-23 18:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-840 - Business Logic Errors ()
Summary
When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/curl/curl |
Version: Fixed in 7.84.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:32:56.011Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://hackerone.com/reports/1573634"
},
{
"name": "FEDORA-2022-1b3d7f6973",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/"
},
{
"name": "DSA-5197",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5197"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220915-0003/"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "GLSA-202212-01",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202212-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-32207",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:31:36.720075Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T18:04:31.119Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "https://github.com/curl/curl",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in 7.84.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "When curl \u003c 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-840",
"description": "Business Logic Errors (CWE-840)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-19T00:00:00.000Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/1573634"
},
{
"name": "FEDORA-2022-1b3d7f6973",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/"
},
{
"name": "DSA-5197",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5197"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220915-0003/"
},
{
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "GLSA-202212-01",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202212-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2022-32207",
"datePublished": "2022-07-07T00:00:00.000Z",
"dateReserved": "2022-06-01T00:00:00.000Z",
"dateUpdated": "2025-04-23T18:04:31.119Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5188 (GCVE-0-2019-5188)
Vulnerability from cvelistv5
Published
2020-01-08 15:45
Modified
2025-05-30 19:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write
Summary
A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/ | vendor-advisory, x_refsource_FEDORA | |
| https://usn.ubuntu.com/4249-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/ | vendor-advisory, x_refsource_FEDORA | |
| http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html | vendor-advisory, x_refsource_SUSE | |
| https://lists.debian.org/debian-lts-announce/2020/03/msg00030.html | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2020/07/msg00021.html | mailing-list, x_refsource_MLIST | |
| https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973 | x_refsource_CONFIRM | |
| https://security.netapp.com/advisory/ntap-20220506-0001/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:47:56.785Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2020-a724cc7926",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/"
},
{
"name": "USN-4249-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4249-1/"
},
{
"name": "FEDORA-2020-01ed02451f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/"
},
{
"name": "openSUSE-SU-2020:0166",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html"
},
{
"name": "[debian-lts-announce] 20200324 [SECURITY] [DLA 2156-1] e2fsprogs security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00030.html"
},
{
"name": "[debian-lts-announce] 20200726 [SECURITY] [DLA 2290-1] e2fsprogs security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00021.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220506-0001/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-5188",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-30T19:18:31.503746Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-30T19:48:23.229Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "E2fsprogs",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "1.43.3 - 1.45.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-06T13:06:14.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "FEDORA-2020-a724cc7926",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/"
},
{
"name": "USN-4249-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4249-1/"
},
{
"name": "FEDORA-2020-01ed02451f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/"
},
{
"name": "openSUSE-SU-2020:0166",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html"
},
{
"name": "[debian-lts-announce] 20200324 [SECURITY] [DLA 2156-1] e2fsprogs security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00030.html"
},
{
"name": "[debian-lts-announce] 20200726 [SECURITY] [DLA 2290-1] e2fsprogs security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00021.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220506-0001/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2019-5188",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "E2fsprogs",
"version": {
"version_data": [
{
"version_value": "1.43.3 - 1.45.4"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 7.5,
"baseSeverity": "High",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787: Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2020-a724cc7926",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/"
},
{
"name": "USN-4249-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4249-1/"
},
{
"name": "FEDORA-2020-01ed02451f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/"
},
{
"name": "openSUSE-SU-2020:0166",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html"
},
{
"name": "[debian-lts-announce] 20200324 [SECURITY] [DLA 2156-1] e2fsprogs security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00030.html"
},
{
"name": "[debian-lts-announce] 20200726 [SECURITY] [DLA 2290-1] e2fsprogs security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00021.html"
},
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973",
"refsource": "CONFIRM",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220506-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220506-0001/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2019-5188",
"datePublished": "2020-01-08T15:45:09.000Z",
"dateReserved": "2019-01-04T00:00:00.000Z",
"dateUpdated": "2025-05-30T19:48:23.229Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-32206 (GCVE-0-2022-32206)
Vulnerability from cvelistv5
Published
2022-07-07 00:00
Modified
2025-05-05 16:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling ()
Summary
curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/curl/curl |
Version: Fixed in 7.84.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:32:56.021Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://hackerone.com/reports/1570651"
},
{
"name": "FEDORA-2022-1b3d7f6973",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/"
},
{
"name": "DSA-5197",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5197"
},
{
"name": "[debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220915-0003/"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf"
},
{
"name": "GLSA-202212-01",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202212-01"
},
{
"name": "[oss-security] 20230215 curl: CVE-2023-23916: HTTP multi-header compression denial of service",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/02/15/3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-32206",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:30:52.597184Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T16:16:54.022Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "https://github.com/curl/curl",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in 7.84.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "curl \u003c 7.84.0 supports \"chained\" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable \"links\" in this \"decompression chain\" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a \"malloc bomb\", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "Allocation of Resources Without Limits or Throttling (CWE-770)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-15T00:00:00.000Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/1570651"
},
{
"name": "FEDORA-2022-1b3d7f6973",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/"
},
{
"name": "DSA-5197",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5197"
},
{
"name": "[debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220915-0003/"
},
{
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf"
},
{
"name": "GLSA-202212-01",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202212-01"
},
{
"name": "[oss-security] 20230215 curl: CVE-2023-23916: HTTP multi-header compression denial of service",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/02/15/3"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2022-32206",
"datePublished": "2022-07-07T00:00:00.000Z",
"dateReserved": "2022-06-01T00:00:00.000Z",
"dateUpdated": "2025-05-05T16:16:54.022Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29483 (GCVE-0-2023-29483)
Vulnerability from cvelistv5
Published
2024-04-11 00:00
Modified
2024-08-27 18:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a "TuDoor" attack. In other words, dnspython does not have the preferred behavior in which the DNS name resolution algorithm would proceed, within the full time window, in order to wait for a valid packet. NOTE: dnspython 2.6.0 is unusable for a different reason that was addressed in 2.6.1.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:07:46.291Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.dnspython.org/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/rthalley/dnspython/releases/tag/v2.6.0"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/rthalley/dnspython/issues/1045"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.snyk.io/vuln/SNYK-PYTHON-DNSPYTHON-6241713"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/eventlet/eventlet/issues/913"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/eventlet/eventlet/releases/tag/v0.35.2"
},
{
"name": "FEDORA-2024-930af3332f",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOHJOO3OM65UIUUUVDEXMCTXNM6LXZEH/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240510-0001/"
},
{
"name": "FEDORA-2024-bbd76d7c63",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NLRKR57IFVKQC2GCXZBFLCLBAWBWL3F6/"
},
{
"name": "FEDORA-2024-3b4c7849ab",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3BNSIK5NFYSAP53Y45GOCMOQHHDLGIF/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:eventlet:eventlet:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "eventlet",
"vendor": "eventlet",
"versions": [
{
"lessThan": "0.35.2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "2.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-29483",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-11T17:34:51.471510Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-292",
"description": "CWE-292 DEPRECATED: Trusting Self-reported DNS Name",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-27T18:43:46.973Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a \"TuDoor\" attack. In other words, dnspython does not have the preferred behavior in which the DNS name resolution algorithm would proceed, within the full time window, in order to wait for a valid packet. NOTE: dnspython 2.6.0 is unusable for a different reason that was addressed in 2.6.1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-26T02:06:08.072999",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.dnspython.org/"
},
{
"url": "https://github.com/rthalley/dnspython/releases/tag/v2.6.0"
},
{
"url": "https://github.com/rthalley/dnspython/issues/1045"
},
{
"url": "https://security.snyk.io/vuln/SNYK-PYTHON-DNSPYTHON-6241713"
},
{
"url": "https://github.com/eventlet/eventlet/issues/913"
},
{
"url": "https://github.com/eventlet/eventlet/releases/tag/v0.35.2"
},
{
"name": "FEDORA-2024-930af3332f",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOHJOO3OM65UIUUUVDEXMCTXNM6LXZEH/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240510-0001/"
},
{
"name": "FEDORA-2024-bbd76d7c63",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NLRKR57IFVKQC2GCXZBFLCLBAWBWL3F6/"
},
{
"name": "FEDORA-2024-3b4c7849ab",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3BNSIK5NFYSAP53Y45GOCMOQHHDLGIF/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-29483",
"datePublished": "2024-04-11T00:00:00",
"dateReserved": "2023-04-07T00:00:00",
"dateUpdated": "2024-08-27T18:43:46.973Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-32208 (GCVE-0-2022-32208)
Vulnerability from cvelistv5
Published
2022-07-07 00:00
Modified
2025-05-05 16:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-840 - Business Logic Errors ()
Summary
When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/curl/curl |
Version: Fixed in 7.84.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:32:55.993Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://hackerone.com/reports/1590071"
},
{
"name": "FEDORA-2022-1b3d7f6973",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/"
},
{
"name": "DSA-5197",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5197"
},
{
"name": "[debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220915-0003/"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "GLSA-202212-01",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202212-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-32208",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:30:50.533287Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T16:16:44.842Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "https://github.com/curl/curl",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in 7.84.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "When curl \u003c 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-840",
"description": "Business Logic Errors (CWE-840)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-19T00:00:00.000Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/1590071"
},
{
"name": "FEDORA-2022-1b3d7f6973",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/"
},
{
"name": "DSA-5197",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5197"
},
{
"name": "[debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220915-0003/"
},
{
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "GLSA-202212-01",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202212-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2022-32208",
"datePublished": "2022-07-07T00:00:00.000Z",
"dateReserved": "2022-06-01T00:00:00.000Z",
"dateUpdated": "2025-05-05T16:16:44.842Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22876 (GCVE-0-2021-22876)
Vulnerability from cvelistv5
Published
2021-04-01 17:45
Modified
2025-06-09 14:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-359 - Privacy Violation ()
Summary
curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/curl/curl |
Version: 7.1.1 to and including 7.75.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:51:07.627Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/1101882"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://curl.se/docs/CVE-2021-22876.html"
},
{
"name": "FEDORA-2021-cab5c9befb",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ITVWPVGLFISU5BJC2BXBRYSDXTXE2YGC/"
},
{
"name": "FEDORA-2021-065371f385",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQUIOYX2KUU6FIUZVB5WWZ6JHSSYSQWJ/"
},
{
"name": "FEDORA-2021-26a293c72b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ZC5BMIOKLBQJSFCHEDN2G2C2SH274BP/"
},
{
"name": "[debian-lts-announce] 20210517 [SECURITY] [DLA 2664-1] curl security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00019.html"
},
{
"name": "GLSA-202105-36",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202105-36"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210521-0007/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-22876",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-09T14:54:20.546763Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T14:54:59.891Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "https://github.com/curl/curl",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "7.1.1 to and including 7.75.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "curl 7.1.1 to and including 7.75.0 is vulnerable to an \"Exposure of Private Personal Information to an Unauthorized Actor\" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-359",
"description": "Privacy Violation (CWE-359)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-08T14:06:57.000Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/1101882"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://curl.se/docs/CVE-2021-22876.html"
},
{
"name": "FEDORA-2021-cab5c9befb",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ITVWPVGLFISU5BJC2BXBRYSDXTXE2YGC/"
},
{
"name": "FEDORA-2021-065371f385",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQUIOYX2KUU6FIUZVB5WWZ6JHSSYSQWJ/"
},
{
"name": "FEDORA-2021-26a293c72b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ZC5BMIOKLBQJSFCHEDN2G2C2SH274BP/"
},
{
"name": "[debian-lts-announce] 20210517 [SECURITY] [DLA 2664-1] curl security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00019.html"
},
{
"name": "GLSA-202105-36",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202105-36"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210521-0007/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2021-22876",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "https://github.com/curl/curl",
"version": {
"version_data": [
{
"version_value": "7.1.1 to and including 7.75.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "curl 7.1.1 to and including 7.75.0 is vulnerable to an \"Exposure of Private Personal Information to an Unauthorized Actor\" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privacy Violation (CWE-359)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/1101882",
"refsource": "MISC",
"url": "https://hackerone.com/reports/1101882"
},
{
"name": "https://curl.se/docs/CVE-2021-22876.html",
"refsource": "MISC",
"url": "https://curl.se/docs/CVE-2021-22876.html"
},
{
"name": "FEDORA-2021-cab5c9befb",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITVWPVGLFISU5BJC2BXBRYSDXTXE2YGC/"
},
{
"name": "FEDORA-2021-065371f385",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQUIOYX2KUU6FIUZVB5WWZ6JHSSYSQWJ/"
},
{
"name": "FEDORA-2021-26a293c72b",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZC5BMIOKLBQJSFCHEDN2G2C2SH274BP/"
},
{
"name": "[debian-lts-announce] 20210517 [SECURITY] [DLA 2664-1] curl security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00019.html"
},
{
"name": "GLSA-202105-36",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202105-36"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210521-0007/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210521-0007/"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2021-22876",
"datePublished": "2021-04-01T17:45:18.000Z",
"dateReserved": "2021-01-06T00:00:00.000Z",
"dateUpdated": "2025-06-09T14:54:59.891Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19054 (GCVE-0-2019-19054)
Vulnerability from cvelistv5
Published
2019-11-18 05:23
Modified
2024-08-05 02:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-a7b2df76b42b.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/torvalds/linux/commit/a7b2df76b42bdd026e3106cf2ba97db41345a177 | x_refsource_MISC | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/ | vendor-advisory, x_refsource_FEDORA | |
| https://security.netapp.com/advisory/ntap-20191205-0001/ | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html | vendor-advisory, x_refsource_SUSE | |
| https://usn.ubuntu.com/4527-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://usn.ubuntu.com/4526-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://usn.ubuntu.com/4525-1/ | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:09:39.134Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/a7b2df76b42bdd026e3106cf2ba97db41345a177"
},
{
"name": "FEDORA-2019-021c968423",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/"
},
{
"name": "FEDORA-2019-34a75d7e61",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20191205-0001/"
},
{
"name": "openSUSE-SU-2020:0336",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html"
},
{
"name": "USN-4527-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4527-1/"
},
{
"name": "USN-4526-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4526-1/"
},
{
"name": "USN-4525-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4525-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-a7b2df76b42b."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-25T22:06:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torvalds/linux/commit/a7b2df76b42bdd026e3106cf2ba97db41345a177"
},
{
"name": "FEDORA-2019-021c968423",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/"
},
{
"name": "FEDORA-2019-34a75d7e61",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20191205-0001/"
},
{
"name": "openSUSE-SU-2020:0336",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html"
},
{
"name": "USN-4527-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4527-1/"
},
{
"name": "USN-4526-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4526-1/"
},
{
"name": "USN-4525-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4525-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19054",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-a7b2df76b42b."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/torvalds/linux/commit/a7b2df76b42bdd026e3106cf2ba97db41345a177",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/a7b2df76b42bdd026e3106cf2ba97db41345a177"
},
{
"name": "FEDORA-2019-021c968423",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/"
},
{
"name": "FEDORA-2019-34a75d7e61",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20191205-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20191205-0001/"
},
{
"name": "openSUSE-SU-2020:0336",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html"
},
{
"name": "USN-4527-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4527-1/"
},
{
"name": "USN-4526-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4526-1/"
},
{
"name": "USN-4525-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4525-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19054",
"datePublished": "2019-11-18T05:23:53",
"dateReserved": "2019-11-18T00:00:00",
"dateUpdated": "2024-08-05T02:09:39.134Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-34169 (GCVE-0-2022-34169)
Vulnerability from cvelistv5
Published
2022-07-19 00:00
Modified
2025-02-13 16:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- integer truncation
Summary
The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Xalan-J |
Version: Xalan-J < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T08:16:17.277Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw"
},
{
"name": "[oss-security] 20220719 CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/07/19/5"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "[oss-security] 20220719 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/07/19/6"
},
{
"name": "[oss-security] 20220719 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/07/20/2"
},
{
"name": "[oss-security] 20220720 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/07/20/3"
},
{
"name": "DSA-5188",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5188"
},
{
"name": "DSA-5192",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5192"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220729-0009/"
},
{
"name": "FEDORA-2022-19b6f21746",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/"
},
{
"name": "FEDORA-2022-ae563934f7",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/"
},
{
"name": "FEDORA-2022-e573851f56",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/"
},
{
"name": "FEDORA-2022-d26586b419",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/"
},
{
"name": "FEDORA-2022-80afe2304a",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/"
},
{
"name": "FEDORA-2022-b76ab52e73",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation.html"
},
{
"name": "[oss-security] 20221017 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/10/18/2"
},
{
"name": "[debian-lts-announce] 20221018 [SECURITY] [DLA 3155-1] bcel security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00024.html"
},
{
"name": "DSA-5256",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5256"
},
{
"name": "[oss-security] 20221104 Re: CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/04/8"
},
{
"name": "[oss-security] 20221107 Re: CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/07/2"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202401-25"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Xalan-J",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "2.7.2",
"status": "affected",
"version": "Xalan-J",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Reported by Felix Wilhelm, Google Project Zero"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "integer truncation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T19:07:47.103Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"url": "https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8"
},
{
"url": "https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw"
},
{
"name": "[oss-security] 20220719 CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/07/19/5"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "[oss-security] 20220719 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/07/19/6"
},
{
"name": "[oss-security] 20220719 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/07/20/2"
},
{
"name": "[oss-security] 20220720 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/07/20/3"
},
{
"name": "DSA-5188",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5188"
},
{
"name": "DSA-5192",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5192"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220729-0009/"
},
{
"name": "FEDORA-2022-19b6f21746",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/"
},
{
"name": "FEDORA-2022-ae563934f7",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/"
},
{
"name": "FEDORA-2022-e573851f56",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/"
},
{
"name": "FEDORA-2022-d26586b419",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/"
},
{
"name": "FEDORA-2022-80afe2304a",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/"
},
{
"name": "FEDORA-2022-b76ab52e73",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/"
},
{
"url": "http://packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation.html"
},
{
"name": "[oss-security] 20221017 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/10/18/2"
},
{
"name": "[debian-lts-announce] 20221018 [SECURITY] [DLA 3155-1] bcel security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00024.html"
},
{
"name": "DSA-5256",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5256"
},
{
"name": "[oss-security] 20221104 Re: CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/04/8"
},
{
"name": "[oss-security] 20221107 Re: CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/07/2"
},
{
"url": "https://security.gentoo.org/glsa/202401-25"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2022-34169",
"datePublished": "2022-07-19T00:00:00.000Z",
"dateReserved": "2022-06-21T00:00:00.000Z",
"dateUpdated": "2025-02-13T16:32:44.088Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19069 (GCVE-0-2019-19069)
Vulnerability from cvelistv5
Published
2019-11-18 05:24
Modified
2024-08-05 02:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A memory leak in the fastrpc_dma_buf_attach() function in drivers/misc/fastrpc.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering dma_get_sgtable() failures, aka CID-fc739a058d99.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9 | x_refsource_MISC | |
| https://github.com/torvalds/linux/commit/fc739a058d99c9297ef6bfd923b809d85855b9a9 | x_refsource_MISC | |
| https://usn.ubuntu.com/4208-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://security.netapp.com/advisory/ntap-20191205-0001/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:09:38.170Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/fc739a058d99c9297ef6bfd923b809d85855b9a9"
},
{
"name": "USN-4208-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4208-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20191205-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A memory leak in the fastrpc_dma_buf_attach() function in drivers/misc/fastrpc.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering dma_get_sgtable() failures, aka CID-fc739a058d99."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-05T04:06:18",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torvalds/linux/commit/fc739a058d99c9297ef6bfd923b809d85855b9a9"
},
{
"name": "USN-4208-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4208-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20191205-0001/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19069",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A memory leak in the fastrpc_dma_buf_attach() function in drivers/misc/fastrpc.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering dma_get_sgtable() failures, aka CID-fc739a058d99."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9",
"refsource": "MISC",
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9"
},
{
"name": "https://github.com/torvalds/linux/commit/fc739a058d99c9297ef6bfd923b809d85855b9a9",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/fc739a058d99c9297ef6bfd923b809d85855b9a9"
},
{
"name": "USN-4208-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4208-1/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20191205-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20191205-0001/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19069",
"datePublished": "2019-11-18T05:24:14",
"dateReserved": "2019-11-18T00:00:00",
"dateUpdated": "2024-08-05T02:09:38.170Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22901 (GCVE-0-2021-22901)
Vulnerability from cvelistv5
Published
2021-06-11 15:49
Modified
2024-08-03 18:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - Use After Free ()
Summary
curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use this in rare unfortunate circumstances to potentially reach remote code execution in the client. When libcurl at run-time sets up support for TLS 1.3 session tickets on a connection using OpenSSL, it stores pointers to the transfer in-memory object for later retrieval when a session ticket arrives. If the connection is used by multiple transfers (like with a reused HTTP/1.1 connection or multiplexed HTTP/2 connection) that first transfer object might be freed before the new session is established on that connection and then the function will access a memory buffer that might be freed. When using that memory, libcurl might even call a function pointer in the object, making it possible for a remote code execution if the server could somehow manage to get crafted memory content into the correct place in memory.
References
| ▼ | URL | Tags |
|---|---|---|
| https://hackerone.com/reports/1180380 | x_refsource_MISC | |
| https://curl.se/docs/CVE-2021-22901.html | x_refsource_MISC | |
| https://github.com/curl/curl/commit/7f4a9a9b2a49547eae24d2e19bc5c346e9026479 | x_refsource_MISC | |
| https://www.oracle.com//security-alerts/cpujul2021.html | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210723-0001/ | x_refsource_CONFIRM | |
| https://www.oracle.com/security-alerts/cpujan2022.html | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210727-0007/ | x_refsource_CONFIRM | |
| https://www.oracle.com/security-alerts/cpuapr2022.html | x_refsource_MISC | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf | x_refsource_CONFIRM | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/curl/curl |
Version: 7.75.0 through 7.76.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:58:25.389Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/1180380"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://curl.se/docs/CVE-2021-22901.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/curl/curl/commit/7f4a9a9b2a49547eae24d2e19bc5c346e9026479"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210723-0001/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210727-0007/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "https://github.com/curl/curl",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "7.75.0 through 7.76.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use this in rare unfortunate circumstances to potentially reach remote code execution in the client. When libcurl at run-time sets up support for TLS 1.3 session tickets on a connection using OpenSSL, it stores pointers to the transfer in-memory object for later retrieval when a session ticket arrives. If the connection is used by multiple transfers (like with a reused HTTP/1.1 connection or multiplexed HTTP/2 connection) that first transfer object might be freed before the new session is established on that connection and then the function will access a memory buffer that might be freed. When using that memory, libcurl might even call a function pointer in the object, making it possible for a remote code execution if the server could somehow manage to get crafted memory content into the correct place in memory."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free (CWE-416)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-10T11:06:06",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/1180380"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://curl.se/docs/CVE-2021-22901.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/curl/curl/commit/7f4a9a9b2a49547eae24d2e19bc5c346e9026479"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210723-0001/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210727-0007/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2021-22901",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "https://github.com/curl/curl",
"version": {
"version_data": [
{
"version_value": "7.75.0 through 7.76.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use this in rare unfortunate circumstances to potentially reach remote code execution in the client. When libcurl at run-time sets up support for TLS 1.3 session tickets on a connection using OpenSSL, it stores pointers to the transfer in-memory object for later retrieval when a session ticket arrives. If the connection is used by multiple transfers (like with a reused HTTP/1.1 connection or multiplexed HTTP/2 connection) that first transfer object might be freed before the new session is established on that connection and then the function will access a memory buffer that might be freed. When using that memory, libcurl might even call a function pointer in the object, making it possible for a remote code execution if the server could somehow manage to get crafted memory content into the correct place in memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use After Free (CWE-416)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/1180380",
"refsource": "MISC",
"url": "https://hackerone.com/reports/1180380"
},
{
"name": "https://curl.se/docs/CVE-2021-22901.html",
"refsource": "MISC",
"url": "https://curl.se/docs/CVE-2021-22901.html"
},
{
"name": "https://github.com/curl/curl/commit/7f4a9a9b2a49547eae24d2e19bc5c346e9026479",
"refsource": "MISC",
"url": "https://github.com/curl/curl/commit/7f4a9a9b2a49547eae24d2e19bc5c346e9026479"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210723-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210723-0001/"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210727-0007/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210727-0007/"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2021-22901",
"datePublished": "2021-06-11T15:49:38",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-08-03T18:58:25.389Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27775 (GCVE-0-2022-27775)
Vulnerability from cvelistv5
Published
2022-06-01 00:00
Modified
2024-08-03 05:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Information Disclosure ()
Summary
An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/curl/curl |
Version: curl 7.65.0 to 7.82.0 are vulnerable |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:59.833Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://hackerone.com/reports/1546268"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220609-0008/"
},
{
"name": "DSA-5197",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5197"
},
{
"name": "GLSA-202212-01",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202212-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "https://github.com/curl/curl",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "curl 7.65.0 to 7.82.0 are vulnerable"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Information Disclosure (CWE-200)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-19T00:00:00",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/1546268"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220609-0008/"
},
{
"name": "DSA-5197",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5197"
},
{
"name": "GLSA-202212-01",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202212-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2022-27775",
"datePublished": "2022-06-01T00:00:00",
"dateReserved": "2022-03-23T00:00:00",
"dateUpdated": "2024-08-03T05:32:59.833Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11884 (GCVE-0-2020-11884)
Vulnerability from cvelistv5
Published
2020-04-29 12:07
Modified
2024-08-04 11:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails to protect against a concurrent page table upgrade, aka CID-3f777e19d171. A crash could also occur.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:42:00.533Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3f777e19d171670ab558a6d5e6b1ac7f9b6c574f"
},
{
"name": "DSA-4667",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4667"
},
{
"name": "USN-4343-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4343-1/"
},
{
"name": "FEDORA-2020-64d46a6e29",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKVJMS4GQRH5SO35WM5GINCFAGXQ3ZW6/"
},
{
"name": "FEDORA-2020-16f9239805",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AQUVKC3IPUC5B374VVAZV4J5P3GAUGSW/"
},
{
"name": "FEDORA-2020-b453269c4e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3TZBP2HINNAX7HKHCOUMIFVQPV6GWMCZ/"
},
{
"name": "USN-4345-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4345-1/"
},
{
"name": "USN-4342-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4342-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=215d1f3928713d6eaec67244bcda72105b898000"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails to protect against a concurrent page table upgrade, aka CID-3f777e19d171. A crash could also occur."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-04T22:00:23",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3f777e19d171670ab558a6d5e6b1ac7f9b6c574f"
},
{
"name": "DSA-4667",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4667"
},
{
"name": "USN-4343-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4343-1/"
},
{
"name": "FEDORA-2020-64d46a6e29",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKVJMS4GQRH5SO35WM5GINCFAGXQ3ZW6/"
},
{
"name": "FEDORA-2020-16f9239805",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AQUVKC3IPUC5B374VVAZV4J5P3GAUGSW/"
},
{
"name": "FEDORA-2020-b453269c4e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3TZBP2HINNAX7HKHCOUMIFVQPV6GWMCZ/"
},
{
"name": "USN-4345-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4345-1/"
},
{
"name": "USN-4342-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4342-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=215d1f3928713d6eaec67244bcda72105b898000"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11884",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails to protect against a concurrent page table upgrade, aka CID-3f777e19d171. A crash could also occur."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3f777e19d171670ab558a6d5e6b1ac7f9b6c574f",
"refsource": "CONFIRM",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3f777e19d171670ab558a6d5e6b1ac7f9b6c574f"
},
{
"name": "DSA-4667",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4667"
},
{
"name": "USN-4343-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4343-1/"
},
{
"name": "FEDORA-2020-64d46a6e29",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKVJMS4GQRH5SO35WM5GINCFAGXQ3ZW6/"
},
{
"name": "FEDORA-2020-16f9239805",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQUVKC3IPUC5B374VVAZV4J5P3GAUGSW/"
},
{
"name": "FEDORA-2020-b453269c4e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3TZBP2HINNAX7HKHCOUMIFVQPV6GWMCZ/"
},
{
"name": "USN-4345-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4345-1/"
},
{
"name": "USN-4342-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4342-1/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200608-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=215d1f3928713d6eaec67244bcda72105b898000",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=215d1f3928713d6eaec67244bcda72105b898000"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-11884",
"datePublished": "2020-04-29T12:07:37",
"dateReserved": "2020-04-17T00:00:00",
"dateUpdated": "2024-08-04T11:42:00.533Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27781 (GCVE-0-2022-27781)
Vulnerability from cvelistv5
Published
2022-06-01 00:00
Modified
2024-08-03 05:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-400 - Denial of Service ()
Summary
libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/curl/curl |
Version: Fixed in 7.83.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:33:00.192Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://hackerone.com/reports/1555441"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220609-0009/"
},
{
"name": "DSA-5197",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5197"
},
{
"name": "[debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"
},
{
"name": "GLSA-202212-01",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202212-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "https://github.com/curl/curl",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in 7.83.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server\u0027s certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "Denial of Service (CWE-400)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-19T00:00:00",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/1555441"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220609-0009/"
},
{
"name": "DSA-5197",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5197"
},
{
"name": "[debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"
},
{
"name": "GLSA-202212-01",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202212-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2022-27781",
"datePublished": "2022-06-01T00:00:00",
"dateReserved": "2022-03-23T00:00:00",
"dateUpdated": "2024-08-03T05:33:00.192Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-13817 (GCVE-0-2020-13817)
Vulnerability from cvelistv5
Published
2020-06-04 12:31
Modified
2025-05-05 17:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim's ntpd instance.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html | vendor-advisory, x_refsource_SUSE | |
| https://security.gentoo.org/glsa/202007-12 | vendor-advisory, x_refsource_GENTOO | |
| https://www.oracle.com/security-alerts/cpujan2022.html | x_refsource_MISC | |
| http://support.ntp.org/bin/view/Main/NtpBug3596 | x_refsource_MISC | |
| https://bugs.ntp.org/show_bug.cgi?id=3596 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20200625-0004/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:25:16.566Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2020:0934",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html"
},
{
"name": "openSUSE-SU-2020:1007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html"
},
{
"name": "GLSA-202007-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202007-12"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3596"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.ntp.org/show_bug.cgi?id=3596"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200625-0004/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2020-13817",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:13:39.175323Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-330",
"description": "CWE-330 Use of Insufficiently Random Values",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T17:07:58.872Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim\u0027s ntpd instance."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:H/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-07T14:40:21.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "openSUSE-SU-2020:0934",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html"
},
{
"name": "openSUSE-SU-2020:1007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html"
},
{
"name": "GLSA-202007-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202007-12"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3596"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.ntp.org/show_bug.cgi?id=3596"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200625-0004/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13817",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim\u0027s ntpd instance."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:H/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2020:0934",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html"
},
{
"name": "openSUSE-SU-2020:1007",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html"
},
{
"name": "GLSA-202007-12",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202007-12"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug3596",
"refsource": "MISC",
"url": "http://support.ntp.org/bin/view/Main/NtpBug3596"
},
{
"name": "https://bugs.ntp.org/show_bug.cgi?id=3596",
"refsource": "MISC",
"url": "https://bugs.ntp.org/show_bug.cgi?id=3596"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200625-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200625-0004/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13817",
"datePublished": "2020-06-04T12:31:55.000Z",
"dateReserved": "2020-06-04T00:00:00.000Z",
"dateUpdated": "2025-05-05T17:07:58.872Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25221 (GCVE-0-2020-25221)
Vulnerability from cvelistv5
Published
2020-09-10 13:39
Modified
2024-08-04 15:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
get_gate_page in mm/gup.c in the Linux kernel 5.7.x and 5.8.x before 5.8.7 allows privilege escalation because of incorrect reference counting (caused by gate page mishandling) of the struct page that backs the vsyscall page. The result is a refcount underflow. This can be triggered by any 64-bit process that can use ptrace() or process_vm_readv(), aka CID-9fa2dd946743.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.openwall.com/lists/oss-security/2020/09/08/4 | x_refsource_MISC | |
| https://git.kernel.org/linus/9fa2dd946743ae6f30dc4830da19147bf100a7f2 | x_refsource_MISC | |
| https://git.kernel.org/linus/8891adc61dce2a8a41fc0c23262b681c3ec4b73a | x_refsource_MISC | |
| https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.7 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2020/09/10/4 | mailing-list, x_refsource_MLIST | |
| https://security.netapp.com/advisory/ntap-20201001-0003/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:33:04.432Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2020/09/08/4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.kernel.org/linus/9fa2dd946743ae6f30dc4830da19147bf100a7f2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.kernel.org/linus/8891adc61dce2a8a41fc0c23262b681c3ec4b73a"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.7"
},
{
"name": "[oss-security] 20200910 Re: CVE Request: Linux kernel vsyscall page refcounting error",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/09/10/4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20201001-0003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "get_gate_page in mm/gup.c in the Linux kernel 5.7.x and 5.8.x before 5.8.7 allows privilege escalation because of incorrect reference counting (caused by gate page mishandling) of the struct page that backs the vsyscall page. The result is a refcount underflow. This can be triggered by any 64-bit process that can use ptrace() or process_vm_readv(), aka CID-9fa2dd946743."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-01T13:06:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2020/09/08/4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.kernel.org/linus/9fa2dd946743ae6f30dc4830da19147bf100a7f2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.kernel.org/linus/8891adc61dce2a8a41fc0c23262b681c3ec4b73a"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.7"
},
{
"name": "[oss-security] 20200910 Re: CVE Request: Linux kernel vsyscall page refcounting error",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/09/10/4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20201001-0003/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-25221",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "get_gate_page in mm/gup.c in the Linux kernel 5.7.x and 5.8.x before 5.8.7 allows privilege escalation because of incorrect reference counting (caused by gate page mishandling) of the struct page that backs the vsyscall page. The result is a refcount underflow. This can be triggered by any 64-bit process that can use ptrace() or process_vm_readv(), aka CID-9fa2dd946743."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openwall.com/lists/oss-security/2020/09/08/4",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2020/09/08/4"
},
{
"name": "https://git.kernel.org/linus/9fa2dd946743ae6f30dc4830da19147bf100a7f2",
"refsource": "MISC",
"url": "https://git.kernel.org/linus/9fa2dd946743ae6f30dc4830da19147bf100a7f2"
},
{
"name": "https://git.kernel.org/linus/8891adc61dce2a8a41fc0c23262b681c3ec4b73a",
"refsource": "MISC",
"url": "https://git.kernel.org/linus/8891adc61dce2a8a41fc0c23262b681c3ec4b73a"
},
{
"name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.7",
"refsource": "MISC",
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.7"
},
{
"name": "[oss-security] 20200910 Re: CVE Request: Linux kernel vsyscall page refcounting error",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/09/10/4"
},
{
"name": "https://security.netapp.com/advisory/ntap-20201001-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20201001-0003/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-25221",
"datePublished": "2020-09-10T13:39:59",
"dateReserved": "2020-09-10T00:00:00",
"dateUpdated": "2024-08-04T15:33:04.432Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20322 (GCVE-0-2021-20322)
Vulnerability from cvelistv5
Published
2022-02-18 17:50
Modified
2024-08-03 17:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:37:23.666Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2014230"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.15-rc6\u0026id=4785305c05b25a242e5314cc821f54ade4c18810"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.15-rc6\u0026id=6457378fe796815c973f631a1904e147d6ee33b1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv4/route.c?h=v5.15-rc6\u0026id=67d6d681e15b578c1725bad8ad079e05d1c48a8e"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv6/route.c?h=v5.15-rc6\u0026id=a00df2caffed3883c341d5685f830434312e4a43"
},
{
"name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html"
},
{
"name": "DSA-5096",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5096"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220303-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "kernel",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "kernel 5.15-rc1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-330",
"description": "CWE-330",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-25T16:24:33",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2014230"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.15-rc6\u0026id=4785305c05b25a242e5314cc821f54ade4c18810"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.15-rc6\u0026id=6457378fe796815c973f631a1904e147d6ee33b1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv4/route.c?h=v5.15-rc6\u0026id=67d6d681e15b578c1725bad8ad079e05d1c48a8e"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv6/route.c?h=v5.15-rc6\u0026id=a00df2caffed3883c341d5685f830434312e4a43"
},
{
"name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html"
},
{
"name": "DSA-5096",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2022/dsa-5096"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220303-0002/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-20322",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "kernel 5.15-rc1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-330"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2014230",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2014230"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.15-rc6\u0026id=4785305c05b25a242e5314cc821f54ade4c18810",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.15-rc6\u0026id=4785305c05b25a242e5314cc821f54ade4c18810"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.15-rc6\u0026id=6457378fe796815c973f631a1904e147d6ee33b1",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.15-rc6\u0026id=6457378fe796815c973f631a1904e147d6ee33b1"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv4/route.c?h=v5.15-rc6\u0026id=67d6d681e15b578c1725bad8ad079e05d1c48a8e",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv4/route.c?h=v5.15-rc6\u0026id=67d6d681e15b578c1725bad8ad079e05d1c48a8e"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv6/route.c?h=v5.15-rc6\u0026id=a00df2caffed3883c341d5685f830434312e4a43",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv6/route.c?h=v5.15-rc6\u0026id=a00df2caffed3883c341d5685f830434312e4a43"
},
{
"name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html"
},
{
"name": "DSA-5096",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2022/dsa-5096"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220303-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220303-0002/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-20322",
"datePublished": "2022-02-18T17:50:45",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:37:23.666Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26932 (GCVE-0-2021-26932)
Vulnerability from cvelistv5
Published
2021-02-17 00:00
Modified
2024-08-03 20:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation. Unfortunately, when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively implying their success from the success of related batch elements. In other cases, errors resulting from one batch element lead to further batch elements not being inspected, and hence successful ones to not be possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and drivers/xen/gntdev.c.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:33:41.471Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://xenbits.xen.org/xsa/advisory-361.html"
},
{
"name": "FEDORA-2021-8d45d297c6",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2XQR52ICKRK3GC4HDWLMWF2U55YGAR63/"
},
{
"name": "FEDORA-2021-7143aca8cb",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GWQWPWYZRXVFJI5M3VCM72X27IB7CKOB/"
},
{
"name": "[debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210326-0001/"
},
{
"name": "[debian-lts-announce] 20210330 [SECURITY] [DLA 2610-1] linux-4.19 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ebee0eab08594b2bd5db716288a4f1ae5936e9bc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation. Unfortunately, when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively implying their success from the success of related batch elements. In other cases, errors resulting from one batch element lead to further batch elements not being inspected, and hence successful ones to not be possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and drivers/xen/gntdev.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-25T00:39:41.921830",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://xenbits.xen.org/xsa/advisory-361.html"
},
{
"name": "FEDORA-2021-8d45d297c6",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2XQR52ICKRK3GC4HDWLMWF2U55YGAR63/"
},
{
"name": "FEDORA-2021-7143aca8cb",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GWQWPWYZRXVFJI5M3VCM72X27IB7CKOB/"
},
{
"name": "[debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20210326-0001/"
},
{
"name": "[debian-lts-announce] 20210330 [SECURITY] [DLA 2610-1] linux-4.19 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html"
},
{
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ebee0eab08594b2bd5db716288a4f1ae5936e9bc"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-26932",
"datePublished": "2021-02-17T00:00:00",
"dateReserved": "2021-02-09T00:00:00",
"dateUpdated": "2024-08-03T20:33:41.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28893 (GCVE-0-2022-28893)
Vulnerability from cvelistv5
Published
2022-04-11 04:15
Modified
2024-08-03 06:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state.
References
| ▼ | URL | Tags |
|---|---|---|
| https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1a3b1bba7c7a5eb8a11513cf88427cb9d77bc60a | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2022/04/11/4 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2022/04/11/3 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2022/04/11/5 | mailing-list, x_refsource_MLIST | |
| https://security.netapp.com/advisory/ntap-20220526-0002/ | x_refsource_CONFIRM | |
| https://www.debian.org/security/2022/dsa-5161 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:10:56.796Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1a3b1bba7c7a5eb8a11513cf88427cb9d77bc60a"
},
{
"name": "[oss-security] 20220411 Re: CVE-2022-28893: Linux kernel: Use after free in SUNRPC subsystem",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/04/11/4"
},
{
"name": "[oss-security] 20220411 CVE-2022-28893: Linux kernel: Use after free in SUNRPC subsystem",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/04/11/3"
},
{
"name": "[oss-security] 20220411 Re: CVE-2022-28893: Linux kernel: Use after free in SUNRPC subsystem",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/04/11/5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220526-0002/"
},
{
"name": "DSA-5161",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5161"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-13T10:06:22",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1a3b1bba7c7a5eb8a11513cf88427cb9d77bc60a"
},
{
"name": "[oss-security] 20220411 Re: CVE-2022-28893: Linux kernel: Use after free in SUNRPC subsystem",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2022/04/11/4"
},
{
"name": "[oss-security] 20220411 CVE-2022-28893: Linux kernel: Use after free in SUNRPC subsystem",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2022/04/11/3"
},
{
"name": "[oss-security] 20220411 Re: CVE-2022-28893: Linux kernel: Use after free in SUNRPC subsystem",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2022/04/11/5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220526-0002/"
},
{
"name": "DSA-5161",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2022/dsa-5161"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-28893",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1a3b1bba7c7a5eb8a11513cf88427cb9d77bc60a",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1a3b1bba7c7a5eb8a11513cf88427cb9d77bc60a"
},
{
"name": "[oss-security] 20220411 Re: CVE-2022-28893: Linux kernel: Use after free in SUNRPC subsystem",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/04/11/4"
},
{
"name": "[oss-security] 20220411 CVE-2022-28893: Linux kernel: Use after free in SUNRPC subsystem",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/04/11/3"
},
{
"name": "[oss-security] 20220411 Re: CVE-2022-28893: Linux kernel: Use after free in SUNRPC subsystem",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/04/11/5"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220526-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220526-0002/"
},
{
"name": "DSA-5161",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2022/dsa-5161"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-28893",
"datePublished": "2022-04-11T04:15:06",
"dateReserved": "2022-04-11T00:00:00",
"dateUpdated": "2024-08-03T06:10:56.796Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8285 (GCVE-0-2020-8285)
Vulnerability from cvelistv5
Published
2020-12-14 19:39
Modified
2024-08-04 09:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-674 - Uncontrolled Recursion ()
Summary
curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/curl/curl |
Version: libcurl 7.21.0 to and including 7.73.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:56:28.307Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/1045844"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/curl/curl/issues/6255"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://curl.se/docs/CVE-2020-8285.html"
},
{
"name": "FEDORA-2020-ceaf490686",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/"
},
{
"name": "[debian-lts-announce] 20201219 [SECURITY] [DLA 2500-1] curl security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html"
},
{
"name": "FEDORA-2020-7ab62c73bc",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/"
},
{
"name": "GLSA-202012-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202012-14"
},
{
"name": "DSA-4881",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4881"
},
{
"name": "20210427 APPLE-SA-2021-04-26-3 Security Update 2021-002 Catalina",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Apr/51"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210122-0007/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT212325"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT212326"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT212327"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "https://github.com/curl/curl",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "libcurl 7.21.0 to and including 7.73.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-674",
"description": "Uncontrolled Recursion (CWE-674)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T23:23:28",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/1045844"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/curl/curl/issues/6255"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://curl.se/docs/CVE-2020-8285.html"
},
{
"name": "FEDORA-2020-ceaf490686",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/"
},
{
"name": "[debian-lts-announce] 20201219 [SECURITY] [DLA 2500-1] curl security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html"
},
{
"name": "FEDORA-2020-7ab62c73bc",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/"
},
{
"name": "GLSA-202012-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202012-14"
},
{
"name": "DSA-4881",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-4881"
},
{
"name": "20210427 APPLE-SA-2021-04-26-3 Security Update 2021-002 Catalina",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Apr/51"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210122-0007/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT212325"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT212326"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT212327"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2020-8285",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "https://github.com/curl/curl",
"version": {
"version_data": [
{
"version_value": "libcurl 7.21.0 to and including 7.73.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Uncontrolled Recursion (CWE-674)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/1045844",
"refsource": "MISC",
"url": "https://hackerone.com/reports/1045844"
},
{
"name": "https://github.com/curl/curl/issues/6255",
"refsource": "MISC",
"url": "https://github.com/curl/curl/issues/6255"
},
{
"name": "https://curl.se/docs/CVE-2020-8285.html",
"refsource": "MISC",
"url": "https://curl.se/docs/CVE-2020-8285.html"
},
{
"name": "FEDORA-2020-ceaf490686",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/"
},
{
"name": "[debian-lts-announce] 20201219 [SECURITY] [DLA 2500-1] curl security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html"
},
{
"name": "FEDORA-2020-7ab62c73bc",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/"
},
{
"name": "GLSA-202012-14",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202012-14"
},
{
"name": "DSA-4881",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4881"
},
{
"name": "20210427 APPLE-SA-2021-04-26-3 Security Update 2021-002 Catalina",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Apr/51"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210122-0007/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210122-0007/"
},
{
"name": "https://support.apple.com/kb/HT212325",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT212325"
},
{
"name": "https://support.apple.com/kb/HT212326",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT212326"
},
{
"name": "https://support.apple.com/kb/HT212327",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT212327"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2020-8285",
"datePublished": "2020-12-14T19:39:04",
"dateReserved": "2020-01-28T00:00:00",
"dateUpdated": "2024-08-04T09:56:28.307Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-21549 (GCVE-0-2022-21549)
Vulnerability from cvelistv5
Published
2022-07-19 00:00
Modified
2024-08-03 02:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.3.1; Oracle GraalVM Enterprise Edition: 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java SE JDK and JRE |
Version: Oracle Java SE:17.0.3.1 Version: Oracle GraalVM Enterprise Edition:21.3.2 Version: Oracle GraalVM Enterprise Edition:22.1.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:46:38.909Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "DSA-5192",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5192"
},
{
"name": "FEDORA-2022-34584d4257",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NQICCJXXAYMCCXOO24R4W7Q3RSKCYDMX/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220729-0009/"
},
{
"name": "FEDORA-2022-64431bccec",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKJCLA2GDNF4B7ZRKORQ2TIR56AHJ4VC/"
},
{
"name": "GLSA-202401-25",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202401-25"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Java SE JDK and JRE",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "Oracle Java SE:17.0.3.1"
},
{
"status": "affected",
"version": "Oracle GraalVM Enterprise Edition:21.3.2"
},
{
"status": "affected",
"version": "Oracle GraalVM Enterprise Edition:22.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.3.1; Oracle GraalVM Enterprise Edition: 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-17T15:06:19.501295",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "DSA-5192",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5192"
},
{
"name": "FEDORA-2022-34584d4257",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NQICCJXXAYMCCXOO24R4W7Q3RSKCYDMX/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220729-0009/"
},
{
"name": "FEDORA-2022-64431bccec",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKJCLA2GDNF4B7ZRKORQ2TIR56AHJ4VC/"
},
{
"name": "GLSA-202401-25",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202401-25"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2022-21549",
"datePublished": "2022-07-19T00:00:00",
"dateReserved": "2021-11-15T00:00:00",
"dateUpdated": "2024-08-03T02:46:38.909Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2047 (GCVE-0-2022-2047)
Vulnerability from cvelistv5
Published
2022-07-07 20:45
Modified
2024-08-03 00:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q | x_refsource_CONFIRM | |
| https://www.debian.org/security/2022/dsa-5198 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html | mailing-list, x_refsource_MLIST | |
| https://security.netapp.com/advisory/ntap-20220901-0006/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The Eclipse Foundation | Eclipse Jetty |
Version: 9.4.0 < unspecified Version: unspecified < Version: 10.0.0 < unspecified Version: unspecified < Version: 11.0.0 < unspecified Version: unspecified < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:44.138Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q"
},
{
"name": "DSA-5198",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5198"
},
{
"name": "[debian-lts-announce] 20220821 [SECURITY] [DLA 3079-1] jetty9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220901-0006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Eclipse Jetty",
"vendor": "The Eclipse Foundation",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "9.4.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.4.46",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "10.0.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "11.0.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "11.0.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-01T13:06:30",
"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"shortName": "eclipse"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q"
},
{
"name": "DSA-5198",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2022/dsa-5198"
},
{
"name": "[debian-lts-announce] 20220821 [SECURITY] [DLA 3079-1] jetty9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220901-0006/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@eclipse.org",
"ID": "CVE-2022-2047",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Eclipse Jetty",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "9.4.0"
},
{
"version_affected": "\u003c=",
"version_value": "9.4.46"
},
{
"version_affected": "\u003e=",
"version_value": "10.0.0"
},
{
"version_affected": "\u003c=",
"version_value": "10.0.9"
},
{
"version_affected": "\u003e=",
"version_value": "11.0.0"
},
{
"version_affected": "\u003c=",
"version_value": "11.0.9"
}
]
}
}
]
},
"vendor_name": "The Eclipse Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario."
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q",
"refsource": "CONFIRM",
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q"
},
{
"name": "DSA-5198",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2022/dsa-5198"
},
{
"name": "[debian-lts-announce] 20220821 [SECURITY] [DLA 3079-1] jetty9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220901-0006/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220901-0006/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"assignerShortName": "eclipse",
"cveId": "CVE-2022-2047",
"datePublished": "2022-07-07T20:45:12",
"dateReserved": "2022-06-09T00:00:00",
"dateUpdated": "2024-08-03T00:24:44.138Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27774 (GCVE-0-2022-27774)
Vulnerability from cvelistv5
Published
2022-06-01 00:00
Modified
2024-08-03 05:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-522 - Insufficiently Protected Credentials ()
Summary
An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/curl/curl |
Version: curl 4.9 to and include curl 7.82.0 are affected |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:59.946Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://hackerone.com/reports/1543773"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220609-0008/"
},
{
"name": "DSA-5197",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5197"
},
{
"name": "GLSA-202212-01",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202212-01"
},
{
"name": "[debian-lts-announce] 20230128 [SECURITY] [DLA 3288-1] curl security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "https://github.com/curl/curl",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "curl 4.9 to and include curl 7.82.0 are affected"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "Insufficiently Protected Credentials (CWE-522)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-28T00:00:00",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/1543773"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220609-0008/"
},
{
"name": "DSA-5197",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5197"
},
{
"name": "GLSA-202212-01",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202212-01"
},
{
"name": "[debian-lts-announce] 20230128 [SECURITY] [DLA 3288-1] curl security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2022-27774",
"datePublished": "2022-06-01T00:00:00",
"dateReserved": "2022-03-23T00:00:00",
"dateUpdated": "2024-08-03T05:32:59.946Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8698 (GCVE-0-2020-8698)
Vulnerability from cvelistv5
Published
2020-11-12 18:01
Modified
2024-08-04 10:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- information disclosure
Summary
Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20201113-0006/ | x_refsource_CONFIRM | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MAAGIK5CXKBPGY3R4UR5VO56M7MKLZ43/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.debian.org/debian-lts-announce/2021/02/msg00007.html | mailing-list, x_refsource_MLIST | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-678983.pdf | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Processors |
Version: See references |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:46.326Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20201113-0006/"
},
{
"name": "FEDORA-2020-14fda1bf85",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MAAGIK5CXKBPGY3R4UR5VO56M7MKLZ43/"
},
{
"name": "[debian-lts-announce] 20210205 [SECURITY] [DLA 2546-1] intel-microcode security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-678983.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Intel(R) Processors",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-11T12:06:29",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20201113-0006/"
},
{
"name": "FEDORA-2020-14fda1bf85",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MAAGIK5CXKBPGY3R4UR5VO56M7MKLZ43/"
},
{
"name": "[debian-lts-announce] 20210205 [SECURITY] [DLA 2546-1] intel-microcode security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-678983.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2020-8698",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Intel(R) Processors",
"version": {
"version_data": [
{
"version_value": "See references"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381",
"refsource": "MISC",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381"
},
{
"name": "https://security.netapp.com/advisory/ntap-20201113-0006/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20201113-0006/"
},
{
"name": "FEDORA-2020-14fda1bf85",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MAAGIK5CXKBPGY3R4UR5VO56M7MKLZ43/"
},
{
"name": "[debian-lts-announce] 20210205 [SECURITY] [DLA 2546-1] intel-microcode security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00007.html"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-678983.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-678983.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2020-8698",
"datePublished": "2020-11-12T18:01:55",
"dateReserved": "2020-02-06T00:00:00",
"dateUpdated": "2024-08-04T10:03:46.326Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35493 (GCVE-0-2020-35493)
Vulnerability from cvelistv5
Published
2021-01-04 14:22
Modified
2024-08-04 17:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - ->CWE-122->CWE-125
Summary
A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.34.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1911437 | x_refsource_MISC | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KOK3QWSVOUJWJ54HVGIFWNLWQ5ZY4S6/ | vendor-advisory, x_refsource_FEDORA | |
| https://security.netapp.com/advisory/ntap-20210212-0007/ | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/202107-24 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:02:08.087Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1911437"
},
{
"name": "FEDORA-2020-28c78a6ac3",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KOK3QWSVOUJWJ54HVGIFWNLWQ5ZY4S6/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210212-0007/"
},
{
"name": "GLSA-202107-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202107-24"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "binutils",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "binutils 2.34"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -\u003e out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.34."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20-\u003eCWE-122-\u003eCWE-125",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-10T04:06:45",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1911437"
},
{
"name": "FEDORA-2020-28c78a6ac3",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KOK3QWSVOUJWJ54HVGIFWNLWQ5ZY4S6/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210212-0007/"
},
{
"name": "GLSA-202107-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202107-24"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-35493",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "binutils",
"version": {
"version_data": [
{
"version_value": "binutils 2.34"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -\u003e out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.34."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20-\u003eCWE-122-\u003eCWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1911437",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1911437"
},
{
"name": "FEDORA-2020-28c78a6ac3",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4KOK3QWSVOUJWJ54HVGIFWNLWQ5ZY4S6/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210212-0007/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210212-0007/"
},
{
"name": "GLSA-202107-24",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202107-24"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-35493",
"datePublished": "2021-01-04T14:22:55",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-04T17:02:08.087Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35496 (GCVE-0-2020-35496)
Vulnerability from cvelistv5
Published
2021-01-04 14:24
Modified
2024-08-04 17:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1911444 | x_refsource_MISC | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KOK3QWSVOUJWJ54HVGIFWNLWQ5ZY4S6/ | vendor-advisory, x_refsource_FEDORA | |
| https://security.netapp.com/advisory/ntap-20210212-0007/ | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/202107-24 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:02:08.151Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1911444"
},
{
"name": "FEDORA-2020-28c78a6ac3",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KOK3QWSVOUJWJ54HVGIFWNLWQ5ZY4S6/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210212-0007/"
},
{
"name": "GLSA-202107-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202107-24"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "binutils",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "binutils 2.34"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There\u0027s a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-10T04:06:58",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1911444"
},
{
"name": "FEDORA-2020-28c78a6ac3",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KOK3QWSVOUJWJ54HVGIFWNLWQ5ZY4S6/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210212-0007/"
},
{
"name": "GLSA-202107-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202107-24"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-35496",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "binutils",
"version": {
"version_data": [
{
"version_value": "binutils 2.34"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There\u0027s a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1911444",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1911444"
},
{
"name": "FEDORA-2020-28c78a6ac3",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4KOK3QWSVOUJWJ54HVGIFWNLWQ5ZY4S6/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210212-0007/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210212-0007/"
},
{
"name": "GLSA-202107-24",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202107-24"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-35496",
"datePublished": "2021-01-04T14:24:21",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-04T17:02:08.151Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0391 (GCVE-0-2022-0391)
Vulnerability from cvelistv5
Published
2022-02-09 00:00
Modified
2024-08-02 23:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:40.603Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugs.python.org/issue43882"
},
{
"name": "FEDORA-2022-ef99a016f6",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UDBDBAU6HUPZHISBOARTXZ5GKHF2VH5U/"
},
{
"name": "FEDORA-2022-18ad73aba6",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CSD2YBXP3ZF44E44QMIIAR5VTO35KTRB/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220225-0009/"
},
{
"name": "GLSA-202305-02",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-02"
},
{
"name": "[debian-lts-announce] 20230920 [SECURITY] [DLA 3575-1] python2.7 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "python",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "python 3.10.0b1, python 3.9.5, python 3.8.11, python 3.7.11, python 3.6.14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like \u0027\\r\u0027 and \u0027\\n\u0027 in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-20T21:06:09.930040",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugs.python.org/issue43882"
},
{
"name": "FEDORA-2022-ef99a016f6",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UDBDBAU6HUPZHISBOARTXZ5GKHF2VH5U/"
},
{
"name": "FEDORA-2022-18ad73aba6",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CSD2YBXP3ZF44E44QMIIAR5VTO35KTRB/"
},
{
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220225-0009/"
},
{
"name": "GLSA-202305-02",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-02"
},
{
"name": "[debian-lts-announce] 20230920 [SECURITY] [DLA 3575-1] python2.7 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-0391",
"datePublished": "2022-02-09T00:00:00",
"dateReserved": "2022-01-27T00:00:00",
"dateUpdated": "2024-08-02T23:25:40.603Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22576 (GCVE-0-2022-22576)
Vulnerability from cvelistv5
Published
2022-05-26 00:00
Modified
2024-08-03 03:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-287 - Improper Authentication - Generic ()
Summary
An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/curl/curl |
Version: Fixed in curl 7.83.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:14:55.806Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://hackerone.com/reports/1526328"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220609-0008/"
},
{
"name": "DSA-5197",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5197"
},
{
"name": "[debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"
},
{
"name": "GLSA-202212-01",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202212-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "https://github.com/curl/curl",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in curl 7.83.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only)."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "Improper Authentication - Generic (CWE-287)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-19T00:00:00",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/1526328"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220609-0008/"
},
{
"name": "DSA-5197",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5197"
},
{
"name": "[debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"
},
{
"name": "GLSA-202212-01",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202212-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2022-22576",
"datePublished": "2022-05-26T00:00:00",
"dateReserved": "2022-01-04T00:00:00",
"dateUpdated": "2024-08-03T03:14:55.806Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35495 (GCVE-0-2020-35495)
Vulnerability from cvelistv5
Published
2021-01-04 14:23
Modified
2024-08-04 17:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
There's a flaw in binutils /bfd/pef.c. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat from this flaw is to application availability. This flaw affects binutils versions prior to 2.34.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1911441 | x_refsource_MISC | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KOK3QWSVOUJWJ54HVGIFWNLWQ5ZY4S6/ | vendor-advisory, x_refsource_FEDORA | |
| https://security.netapp.com/advisory/ntap-20210212-0007/ | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/202107-24 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:02:08.152Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1911441"
},
{
"name": "FEDORA-2020-28c78a6ac3",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KOK3QWSVOUJWJ54HVGIFWNLWQ5ZY4S6/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210212-0007/"
},
{
"name": "GLSA-202107-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202107-24"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "binutils",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "binutils 2.34"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There\u0027s a flaw in binutils /bfd/pef.c. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat from this flaw is to application availability. This flaw affects binutils versions prior to 2.34."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-10T04:06:55",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1911441"
},
{
"name": "FEDORA-2020-28c78a6ac3",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KOK3QWSVOUJWJ54HVGIFWNLWQ5ZY4S6/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210212-0007/"
},
{
"name": "GLSA-202107-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202107-24"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-35495",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "binutils",
"version": {
"version_data": [
{
"version_value": "binutils 2.34"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There\u0027s a flaw in binutils /bfd/pef.c. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat from this flaw is to application availability. This flaw affects binutils versions prior to 2.34."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1911441",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1911441"
},
{
"name": "FEDORA-2020-28c78a6ac3",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4KOK3QWSVOUJWJ54HVGIFWNLWQ5ZY4S6/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210212-0007/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210212-0007/"
},
{
"name": "GLSA-202107-24",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202107-24"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-35495",
"datePublished": "2021-01-04T14:23:52",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-04T17:02:08.152Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-21449 (GCVE-0-2022-21449)
Vulnerability from cvelistv5
Published
2022-04-19 20:37
Modified
2024-09-24 20:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.2 and 18; Oracle GraalVM Enterprise Edition: 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java SE JDK and JRE |
Version: Oracle Java SE:17.0.2 Version: Oracle Java SE:18 Version: Oracle GraalVM Enterprise Edition:21.3.1 Version: Oracle GraalVM Enterprise Edition:22.0.0.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:38:56.511Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "[oss-security] 20220428 CVE-2022-21449 and version reporting",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/04/28/2"
},
{
"name": "[oss-security] 20220428 Re: CVE-2022-21449 and version reporting",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/04/28/3"
},
{
"name": "[oss-security] 20220428 Re: CVE-2022-21449 and version reporting",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/04/28/4"
},
{
"name": "[oss-security] 20220428 Re: CVE-2022-21449 and version reporting",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/04/28/5"
},
{
"name": "[oss-security] 20220428 Re: CVE-2022-21449 and version reporting",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/04/28/6"
},
{
"name": "[oss-security] 20220428 Re: CVE-2022-21449 and version reporting",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/04/28/7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220429-0006/"
},
{
"name": "[oss-security] 20220429 Re: CVE-2022-21449 and version reporting",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/04/29/1"
},
{
"name": "[oss-security] 20220430 Re: CVE-2022-21449 and version reporting",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/04/30/1"
},
{
"name": "[oss-security] 20220430 Re: CVE-2022-21449 and version reporting",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/04/30/2"
},
{
"name": "[oss-security] 20220430 Re: CVE-2022-21449 and version reporting",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/04/30/4"
},
{
"name": "[oss-security] 20220430 Re: CVE-2022-21449 and version reporting",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/04/30/3"
},
{
"name": "[oss-security] 20220430 Re: CVE-2022-21449 and version reporting",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/05/01/1"
},
{
"name": "[oss-security] 20220501 Re: CVE-2022-21449 and version reporting",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/05/01/2"
},
{
"name": "[oss-security] 20220502 Re: CVE-2022-21449 and version reporting",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/05/02/1"
},
{
"name": "DSA-5128",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5128"
},
{
"name": "DSA-5131",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5131"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-21449",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T13:53:54.479041Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T20:10:30.389Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Java SE JDK and JRE",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "Oracle Java SE:17.0.2"
},
{
"status": "affected",
"version": "Oracle Java SE:18"
},
{
"status": "affected",
"version": "Oracle GraalVM Enterprise Edition:21.3.1"
},
{
"status": "affected",
"version": "Oracle GraalVM Enterprise Edition:22.0.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.2 and 18; Oracle GraalVM Enterprise Edition: 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-05T22:06:07",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "[oss-security] 20220428 CVE-2022-21449 and version reporting",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2022/04/28/2"
},
{
"name": "[oss-security] 20220428 Re: CVE-2022-21449 and version reporting",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2022/04/28/3"
},
{
"name": "[oss-security] 20220428 Re: CVE-2022-21449 and version reporting",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2022/04/28/4"
},
{
"name": "[oss-security] 20220428 Re: CVE-2022-21449 and version reporting",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2022/04/28/5"
},
{
"name": "[oss-security] 20220428 Re: CVE-2022-21449 and version reporting",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2022/04/28/6"
},
{
"name": "[oss-security] 20220428 Re: CVE-2022-21449 and version reporting",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2022/04/28/7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220429-0006/"
},
{
"name": "[oss-security] 20220429 Re: CVE-2022-21449 and version reporting",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2022/04/29/1"
},
{
"name": "[oss-security] 20220430 Re: CVE-2022-21449 and version reporting",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2022/04/30/1"
},
{
"name": "[oss-security] 20220430 Re: CVE-2022-21449 and version reporting",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2022/04/30/2"
},
{
"name": "[oss-security] 20220430 Re: CVE-2022-21449 and version reporting",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2022/04/30/4"
},
{
"name": "[oss-security] 20220430 Re: CVE-2022-21449 and version reporting",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2022/04/30/3"
},
{
"name": "[oss-security] 20220430 Re: CVE-2022-21449 and version reporting",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2022/05/01/1"
},
{
"name": "[oss-security] 20220501 Re: CVE-2022-21449 and version reporting",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2022/05/01/2"
},
{
"name": "[oss-security] 20220502 Re: CVE-2022-21449 and version reporting",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2022/05/02/1"
},
{
"name": "DSA-5128",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2022/dsa-5128"
},
{
"name": "DSA-5131",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2022/dsa-5131"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2022-21449",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Java SE JDK and JRE",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Oracle Java SE:17.0.2"
},
{
"version_affected": "=",
"version_value": "Oracle Java SE:18"
},
{
"version_affected": "=",
"version_value": "Oracle GraalVM Enterprise Edition:21.3.1"
},
{
"version_affected": "=",
"version_value": "Oracle GraalVM Enterprise Edition:22.0.0.2"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.2 and 18; Oracle GraalVM Enterprise Edition: 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)."
}
]
},
"impact": {
"cvss": {
"baseScore": "7.5",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "[oss-security] 20220428 CVE-2022-21449 and version reporting",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/04/28/2"
},
{
"name": "[oss-security] 20220428 Re: CVE-2022-21449 and version reporting",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/04/28/3"
},
{
"name": "[oss-security] 20220428 Re: CVE-2022-21449 and version reporting",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/04/28/4"
},
{
"name": "[oss-security] 20220428 Re: CVE-2022-21449 and version reporting",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/04/28/5"
},
{
"name": "[oss-security] 20220428 Re: CVE-2022-21449 and version reporting",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/04/28/6"
},
{
"name": "[oss-security] 20220428 Re: CVE-2022-21449 and version reporting",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/04/28/7"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220429-0006/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220429-0006/"
},
{
"name": "[oss-security] 20220429 Re: CVE-2022-21449 and version reporting",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/04/29/1"
},
{
"name": "[oss-security] 20220430 Re: CVE-2022-21449 and version reporting",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/04/30/1"
},
{
"name": "[oss-security] 20220430 Re: CVE-2022-21449 and version reporting",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/04/30/2"
},
{
"name": "[oss-security] 20220430 Re: CVE-2022-21449 and version reporting",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/04/30/4"
},
{
"name": "[oss-security] 20220430 Re: CVE-2022-21449 and version reporting",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/04/30/3"
},
{
"name": "[oss-security] 20220430 Re: CVE-2022-21449 and version reporting",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/05/01/1"
},
{
"name": "[oss-security] 20220501 Re: CVE-2022-21449 and version reporting",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/05/01/2"
},
{
"name": "[oss-security] 20220502 Re: CVE-2022-21449 and version reporting",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/05/02/1"
},
{
"name": "DSA-5128",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2022/dsa-5128"
},
{
"name": "DSA-5131",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2022/dsa-5131"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2022-21449",
"datePublished": "2022-04-19T20:37:39",
"dateReserved": "2021-11-15T00:00:00",
"dateUpdated": "2024-09-24T20:10:30.389Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-21443 (GCVE-0-2022-21443)
Vulnerability from cvelistv5
Published
2022-04-19 20:37
Modified
2024-08-03 02:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java SE JDK and JRE |
Version: Oracle Java SE:7u331 Version: Oracle Java SE:8u321 Version: Oracle Java SE:11.0.14 Version: Oracle Java SE:17.0.2 Version: Oracle Java SE:18 Version: Oracle GraalVM Enterprise Edition:20.3.5 Version: Oracle GraalVM Enterprise Edition:21.3.1 Version: Oracle GraalVM Enterprise Edition:22.0.0.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-21443",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-24T15:31:25.581438Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-24T15:31:36.356Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:38:56.379Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220429-0006/"
},
{
"name": "DSA-5128",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5128"
},
{
"name": "DSA-5131",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5131"
},
{
"name": "[debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Java SE JDK and JRE",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "Oracle Java SE:7u331"
},
{
"status": "affected",
"version": "Oracle Java SE:8u321"
},
{
"status": "affected",
"version": "Oracle Java SE:11.0.14"
},
{
"status": "affected",
"version": "Oracle Java SE:17.0.2"
},
{
"status": "affected",
"version": "Oracle Java SE:18"
},
{
"status": "affected",
"version": "Oracle GraalVM Enterprise Edition:20.3.5"
},
{
"status": "affected",
"version": "Oracle GraalVM Enterprise Edition:21.3.1"
},
{
"status": "affected",
"version": "Oracle GraalVM Enterprise Edition:22.0.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T19:06:38.587068",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220429-0006/"
},
{
"name": "DSA-5128",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5128"
},
{
"name": "DSA-5131",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5131"
},
{
"name": "[debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2022-21443",
"datePublished": "2022-04-19T20:37:30",
"dateReserved": "2021-11-15T00:00:00",
"dateUpdated": "2024-08-03T02:38:56.379Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37434 (GCVE-0-2022-37434)
Vulnerability from cvelistv5
Published
2022-08-05 00:00
Modified
2025-05-30 19:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:29:21.032Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ivd38/zlib_overflow"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/madler/zlib/blob/21767c654d31d2dccdde4330529775c6c5fd5389/zlib.h#L1062-L1063"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/nodejs/node/blob/75b68c6e4db515f76df73af476eccf382bbcb00a/deps/zlib/inflate.c#L762-L764"
},
{
"name": "[oss-security] 20220805 zlib buffer overflow",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/08/05/2"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/curl/curl/issues/9271"
},
{
"name": "[oss-security] 20220808 Re: zlib buffer overflow",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/08/09/1"
},
{
"name": "FEDORA-2022-25e4dbedf9",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YRQAI7H4M4RQZ2IWZUEEXECBE5D56BH2/"
},
{
"name": "DSA-5218",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5218"
},
{
"name": "FEDORA-2022-15da0cf165",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMBOJ77A7T7PQCARMDUK75TE6LLESZ3O/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220901-0005/"
},
{
"name": "FEDORA-2022-b8232d1cca",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWN4VE3JQR4O2SOUS5TXNLANRPMHWV4I/"
},
{
"name": "[debian-lts-announce] 20220912 [SECURITY] [DLA 3103-1] zlib security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00012.html"
},
{
"name": "FEDORA-2022-3c28ae0cd8",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X5U7OTKZSHY2I3ZFJSR2SHFHW72RKGDK/"
},
{
"name": "FEDORA-2022-0b517a5397",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAVPQNCG3XRLCLNSQRM3KAN5ZFMVXVTY/"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213489"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213488"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213494"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213493"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213491"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213490"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-27-2 Additional information for APPLE-SA-2022-10-24-1 iOS 16.1 and iPadOS 16",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/38"
},
{
"name": "20221030 APPLE-SA-2022-10-27-1 iOS 15.7.1 and iPadOS 15.7.1",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/37"
},
{
"name": "20221030 APPLE-SA-2022-10-27-6 Additional information for APPLE-SA-2022-10-24-3 macOS Monterey 12.6.1",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/42"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230427-0007/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-37434",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-30T19:09:35.264575Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-30T19:47:26.322Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/curl/curl/issues/9271"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "unknown",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-02T17:08:24.912Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/ivd38/zlib_overflow"
},
{
"url": "https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1"
},
{
"url": "https://github.com/madler/zlib/blob/21767c654d31d2dccdde4330529775c6c5fd5389/zlib.h#L1062-L1063"
},
{
"url": "https://github.com/nodejs/node/blob/75b68c6e4db515f76df73af476eccf382bbcb00a/deps/zlib/inflate.c#L762-L764"
},
{
"name": "[oss-security] 20220805 zlib buffer overflow",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/08/05/2"
},
{
"url": "https://github.com/curl/curl/issues/9271"
},
{
"name": "[oss-security] 20220808 Re: zlib buffer overflow",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/08/09/1"
},
{
"name": "FEDORA-2022-25e4dbedf9",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YRQAI7H4M4RQZ2IWZUEEXECBE5D56BH2/"
},
{
"name": "DSA-5218",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5218"
},
{
"name": "FEDORA-2022-15da0cf165",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMBOJ77A7T7PQCARMDUK75TE6LLESZ3O/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220901-0005/"
},
{
"name": "FEDORA-2022-b8232d1cca",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWN4VE3JQR4O2SOUS5TXNLANRPMHWV4I/"
},
{
"name": "[debian-lts-announce] 20220912 [SECURITY] [DLA 3103-1] zlib security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00012.html"
},
{
"name": "FEDORA-2022-3c28ae0cd8",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X5U7OTKZSHY2I3ZFJSR2SHFHW72RKGDK/"
},
{
"name": "FEDORA-2022-0b517a5397",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAVPQNCG3XRLCLNSQRM3KAN5ZFMVXVTY/"
},
{
"url": "https://support.apple.com/kb/HT213489"
},
{
"url": "https://support.apple.com/kb/HT213488"
},
{
"url": "https://support.apple.com/kb/HT213494"
},
{
"url": "https://support.apple.com/kb/HT213493"
},
{
"url": "https://support.apple.com/kb/HT213491"
},
{
"url": "https://support.apple.com/kb/HT213490"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-27-2 Additional information for APPLE-SA-2022-10-24-1 iOS 16.1 and iPadOS 16",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/38"
},
{
"name": "20221030 APPLE-SA-2022-10-27-1 iOS 15.7.1 and iPadOS 15.7.1",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/37"
},
{
"name": "20221030 APPLE-SA-2022-10-27-6 Additional information for APPLE-SA-2022-10-24-3 macOS Monterey 12.6.1",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/42"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230427-0007/"
},
{
"url": "https://github.com/madler/zlib/commit/1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-37434",
"datePublished": "2022-08-05T00:00:00.000Z",
"dateReserved": "2022-08-05T00:00:00.000Z",
"dateUpdated": "2025-05-30T19:47:26.322Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-13143 (GCVE-0-2020-13143)
Vulnerability from cvelistv5
Published
2020-05-18 17:50
Modified
2024-08-04 12:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal '\0' value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:11:19.057Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=15753588bcd4bbffae1cca33c8ced5722477fe1f"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.spinics.net/lists/linux-usb/msg194331.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
},
{
"name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
},
{
"name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
},
{
"name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
},
{
"name": "DSA-4698",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4698"
},
{
"name": "DSA-4699",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4699"
},
{
"name": "openSUSE-SU-2020:0801",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html"
},
{
"name": "openSUSE-SU-2020:0935",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html"
},
{
"name": "USN-4413-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4413-1/"
},
{
"name": "USN-4411-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4411-1/"
},
{
"name": "USN-4412-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4412-1/"
},
{
"name": "USN-4419-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4419-1/"
},
{
"name": "USN-4414-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4414-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=d126cf46f829d146dde3e6a8963e095ac6cfcd1c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal \u0027\\0\u0027 value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-04T22:50:50",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=15753588bcd4bbffae1cca33c8ced5722477fe1f"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.spinics.net/lists/linux-usb/msg194331.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
},
{
"name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
},
{
"name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
},
{
"name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
},
{
"name": "DSA-4698",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4698"
},
{
"name": "DSA-4699",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4699"
},
{
"name": "openSUSE-SU-2020:0801",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html"
},
{
"name": "openSUSE-SU-2020:0935",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html"
},
{
"name": "USN-4413-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4413-1/"
},
{
"name": "USN-4411-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4411-1/"
},
{
"name": "USN-4412-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4412-1/"
},
{
"name": "USN-4419-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4419-1/"
},
{
"name": "USN-4414-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4414-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=d126cf46f829d146dde3e6a8963e095ac6cfcd1c"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13143",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal \u0027\\0\u0027 value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=15753588bcd4bbffae1cca33c8ced5722477fe1f",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=15753588bcd4bbffae1cca33c8ced5722477fe1f"
},
{
"name": "https://www.spinics.net/lists/linux-usb/msg194331.html",
"refsource": "MISC",
"url": "https://www.spinics.net/lists/linux-usb/msg194331.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200608-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
},
{
"name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
},
{
"name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
},
{
"name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
},
{
"name": "DSA-4698",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4698"
},
{
"name": "DSA-4699",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4699"
},
{
"name": "openSUSE-SU-2020:0801",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html"
},
{
"name": "openSUSE-SU-2020:0935",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html"
},
{
"name": "USN-4413-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4413-1/"
},
{
"name": "USN-4411-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4411-1/"
},
{
"name": "USN-4412-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4412-1/"
},
{
"name": "USN-4419-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4419-1/"
},
{
"name": "USN-4414-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4414-1/"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=d126cf46f829d146dde3e6a8963e095ac6cfcd1c",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=d126cf46f829d146dde3e6a8963e095ac6cfcd1c"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13143",
"datePublished": "2020-05-18T17:50:53",
"dateReserved": "2020-05-18T00:00:00",
"dateUpdated": "2024-08-04T12:11:19.057Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-30691 (GCVE-0-2025-30691)
Vulnerability from cvelistv5
Published
2025-04-15 20:31
Modified
2025-04-19 00:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE accessible data as well as unauthorized read access to a subset of Oracle Java SE accessible data.
Summary
Vulnerability in Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle Java SE: 21.0.6, 24; Oracle GraalVM for JDK: 21.0.6 and 24. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE accessible data as well as unauthorized read access to a subset of Oracle Java SE accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.oracle.com/security-alerts/cpuapr2025.html | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Oracle Java SE |
Version: 21.0.6 Version: 24 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30691",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T14:24:18.373918Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T15:42:34.656Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-04-19T00:11:10.891Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250418-0004/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Oracle Java SE",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "21.0.6"
},
{
"status": "affected",
"version": "24"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:java_se:21.0.6:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:java_se:24:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en-US",
"value": "Vulnerability in Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle Java SE: 21.0.6, 24; Oracle GraalVM for JDK: 21.0.6 and 24. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE accessible data as well as unauthorized read access to a subset of Oracle Java SE accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE accessible data as well as unauthorized read access to a subset of Oracle Java SE accessible data.",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T20:31:03.084Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2025.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2025-30691",
"datePublished": "2025-04-15T20:31:03.084Z",
"dateReserved": "2025-03-25T20:11:18.262Z",
"dateUpdated": "2025-04-19T00:11:10.891Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15778 (GCVE-0-2020-15778)
Vulnerability from cvelistv5
Published
2020-07-24 00:00
Modified
2024-08-04 13:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows."
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "openssh",
"vendor": "openbsd",
"versions": [
{
"lessThanOrEqual": "8.3p1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2020-15778",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-01T14:59:02.714297Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:12:18.895Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:22:30.831Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.openssh.com/security.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cpandya2909/CVE-2020-15778/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200731-0007/"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=25005567"
},
{
"name": "GLSA-202212-06",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202212-06"
},
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3166"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of \"anomalous argument transfers\" because that could \"stand a great chance of breaking existing workflows.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T16:53:15.270364",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.openssh.com/security.html"
},
{
"url": "https://github.com/cpandya2909/CVE-2020-15778/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20200731-0007/"
},
{
"url": "https://news.ycombinator.com/item?id=25005567"
},
{
"name": "GLSA-202212-06",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202212-06"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:3166"
}
],
"tags": [
"disputed"
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-15778",
"datePublished": "2020-07-24T00:00:00",
"dateReserved": "2020-07-15T00:00:00",
"dateUpdated": "2024-08-04T13:22:30.831Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-20836 (GCVE-0-2018-20836)
Vulnerability from cvelistv5
Published
2019-05-07 13:04
Modified
2024-08-05 12:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:27.403Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/b90cd6f2b905905fb42671009dc0e27c310a16ae"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b90cd6f2b905905fb42671009dc0e27c310a16ae"
},
{
"name": "108196",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108196"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K11225249"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190719-0003/"
},
{
"name": "openSUSE-SU-2019:1716",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html"
},
{
"name": "openSUSE-SU-2019:1757",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html"
},
{
"name": "USN-4076-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4076-1/"
},
{
"name": "DSA-4495",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4495"
},
{
"name": "20190812 [SECURITY] [DSA 4495-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Aug/13"
},
{
"name": "20190813 [SECURITY] [DSA 4497-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Aug/18"
},
{
"name": "DSA-4497",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4497"
},
{
"name": "[debian-lts-announce] 20190814 [SECURITY] [DLA 1884-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00016.html"
},
{
"name": "[debian-lts-announce] 20190814 [SECURITY] [DLA 1885-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-14T13:06:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torvalds/linux/commit/b90cd6f2b905905fb42671009dc0e27c310a16ae"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b90cd6f2b905905fb42671009dc0e27c310a16ae"
},
{
"name": "108196",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108196"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K11225249"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190719-0003/"
},
{
"name": "openSUSE-SU-2019:1716",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html"
},
{
"name": "openSUSE-SU-2019:1757",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html"
},
{
"name": "USN-4076-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4076-1/"
},
{
"name": "DSA-4495",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4495"
},
{
"name": "20190812 [SECURITY] [DSA 4495-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Aug/13"
},
{
"name": "20190813 [SECURITY] [DSA 4497-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Aug/18"
},
{
"name": "DSA-4497",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4497"
},
{
"name": "[debian-lts-announce] 20190814 [SECURITY] [DLA 1884-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00016.html"
},
{
"name": "[debian-lts-announce] 20190814 [SECURITY] [DLA 1885-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00017.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20836",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/torvalds/linux/commit/b90cd6f2b905905fb42671009dc0e27c310a16ae",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/b90cd6f2b905905fb42671009dc0e27c310a16ae"
},
{
"name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b90cd6f2b905905fb42671009dc0e27c310a16ae",
"refsource": "MISC",
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b90cd6f2b905905fb42671009dc0e27c310a16ae"
},
{
"name": "108196",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108196"
},
{
"name": "https://support.f5.com/csp/article/K11225249",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K11225249"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190719-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190719-0003/"
},
{
"name": "openSUSE-SU-2019:1716",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html"
},
{
"name": "openSUSE-SU-2019:1757",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html"
},
{
"name": "USN-4076-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4076-1/"
},
{
"name": "DSA-4495",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4495"
},
{
"name": "20190812 [SECURITY] [DSA 4495-1] linux security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Aug/13"
},
{
"name": "20190813 [SECURITY] [DSA 4497-1] linux security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Aug/18"
},
{
"name": "DSA-4497",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4497"
},
{
"name": "[debian-lts-announce] 20190814 [SECURITY] [DLA 1884-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00016.html"
},
{
"name": "[debian-lts-announce] 20190814 [SECURITY] [DLA 1885-1] linux-4.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00017.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20836",
"datePublished": "2019-05-07T13:04:44",
"dateReserved": "2019-05-07T00:00:00",
"dateUpdated": "2024-08-05T12:12:27.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-29370 (GCVE-0-2020-29370)
Vulnerability from cvelistv5
Published
2020-11-28 06:20
Modified
2024-08-04 16:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.11 | x_refsource_MISC | |
| https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fd4d9c7d0c71866ec0c2825189ebd2ce35bd95b8 | x_refsource_MISC | |
| https://bugs.chromium.org/p/project-zero/issues/detail?id=2022 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20201218-0001/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:48:01.662Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.11"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fd4d9c7d0c71866ec0c2825189ebd2ce35bd95b8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2022"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20201218-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-18T10:06:21",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.11"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fd4d9c7d0c71866ec0c2825189ebd2ce35bd95b8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2022"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20201218-0001/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-29370",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.11",
"refsource": "MISC",
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.11"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fd4d9c7d0c71866ec0c2825189ebd2ce35bd95b8",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fd4d9c7d0c71866ec0c2825189ebd2ce35bd95b8"
},
{
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2022",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2022"
},
{
"name": "https://security.netapp.com/advisory/ntap-20201218-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20201218-0001/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-29370",
"datePublished": "2020-11-28T06:20:02",
"dateReserved": "2020-11-28T00:00:00",
"dateUpdated": "2024-08-04T16:48:01.662Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21147 (GCVE-0-2024-21147)
Vulnerability from cvelistv5
Published
2024-07-16 22:39
Modified
2025-02-13 17:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java SE JDK and JRE |
Version: Oracle Java SE:8u411 Version: Oracle Java SE:8u411-perf Version: Oracle Java SE:11.0.23 Version: Oracle Java SE:17.0.11 Version: Oracle Java SE:21.0.3 Version: Oracle Java SE:22.0.1 Version: Oracle GraalVM for JDK:17.0.11 Version: Oracle GraalVM for JDK:21.0.3 Version: Oracle GraalVM for JDK:22.0.1 Version: Oracle GraalVM Enterprise Edition:20.3.14 Version: Oracle GraalVM Enterprise Edition:21.3.10 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:oracle:java_se:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "java_se",
"vendor": "oracle",
"versions": [
{
"status": "affected",
"version": "8u411"
},
{
"status": "affected",
"version": "8u411-perf"
},
{
"status": "affected",
"version": "11.0.23"
},
{
"status": "affected",
"version": "17.0.11"
},
{
"status": "affected",
"version": "21.0.3"
},
{
"status": "affected",
"version": "22.0.1"
}
]
},
{
"cpes": [
"cpe:2.3:a:oracle:graalvm_for_jdk:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "graalvm_for_jdk",
"vendor": "oracle",
"versions": [
{
"status": "affected",
"version": "17.0.11"
},
{
"status": "affected",
"version": "21.0.3"
},
{
"status": "affected",
"version": "22.0.1"
}
]
},
{
"cpes": [
"cpe:2.3:a:oracle:graalvm_enterprise_edition:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "graalvm_enterprise_edition",
"vendor": "oracle",
"versions": [
{
"status": "affected",
"version": "20.3.14"
},
{
"status": "affected",
"version": "21.3.10"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21147",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-18T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-19T03:55:25.572Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:13:42.691Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2024.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240719-0008/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Java SE JDK and JRE",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "Oracle Java SE:8u411"
},
{
"status": "affected",
"version": "Oracle Java SE:8u411-perf"
},
{
"status": "affected",
"version": "Oracle Java SE:11.0.23"
},
{
"status": "affected",
"version": "Oracle Java SE:17.0.11"
},
{
"status": "affected",
"version": "Oracle Java SE:21.0.3"
},
{
"status": "affected",
"version": "Oracle Java SE:22.0.1"
},
{
"status": "affected",
"version": "Oracle GraalVM for JDK:17.0.11"
},
{
"status": "affected",
"version": "Oracle GraalVM for JDK:21.0.3"
},
{
"status": "affected",
"version": "Oracle GraalVM for JDK:22.0.1"
},
{
"status": "affected",
"version": "Oracle GraalVM Enterprise Edition:20.3.14"
},
{
"status": "affected",
"version": "Oracle GraalVM Enterprise Edition:21.3.10"
}
]
}
],
"descriptions": [
{
"lang": "en-US",
"value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-19T13:06:13.008Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2024.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240719-0008/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2024-21147",
"datePublished": "2024-07-16T22:39:59.298Z",
"dateReserved": "2023-12-07T22:28:10.683Z",
"dateUpdated": "2025-02-13T17:33:14.325Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-29569 (GCVE-0-2020-29569)
Vulnerability from cvelistv5
Published
2020-12-15 17:00
Modified
2024-08-04 16:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.
References
| ▼ | URL | Tags |
|---|---|---|
| https://xenbits.xenproject.org/xsa/advisory-350.html | x_refsource_MISC | |
| https://www.debian.org/security/2021/dsa-4843 | vendor-advisory, x_refsource_DEBIAN | |
| https://security.netapp.com/advisory/ntap-20210205-0001/ | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/202107-30 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:55:10.494Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://xenbits.xenproject.org/xsa/advisory-350.html"
},
{
"name": "DSA-4843",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4843"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210205-0001/"
},
{
"name": "[debian-lts-announce] 20210212 [SECURITY] [DLA 2557-1] linux-4.19 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html"
},
{
"name": "[debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html"
},
{
"name": "GLSA-202107-30",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202107-30"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring-\u003exenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-12T04:06:41",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://xenbits.xenproject.org/xsa/advisory-350.html"
},
{
"name": "DSA-4843",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-4843"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210205-0001/"
},
{
"name": "[debian-lts-announce] 20210212 [SECURITY] [DLA 2557-1] linux-4.19 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html"
},
{
"name": "[debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html"
},
{
"name": "GLSA-202107-30",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202107-30"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-29569",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring-\u003exenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://xenbits.xenproject.org/xsa/advisory-350.html",
"refsource": "MISC",
"url": "https://xenbits.xenproject.org/xsa/advisory-350.html"
},
{
"name": "DSA-4843",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4843"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210205-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210205-0001/"
},
{
"name": "[debian-lts-announce] 20210212 [SECURITY] [DLA 2557-1] linux-4.19 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html"
},
{
"name": "[debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html"
},
{
"name": "GLSA-202107-30",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202107-30"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-29569",
"datePublished": "2020-12-15T17:00:36",
"dateReserved": "2020-12-04T00:00:00",
"dateUpdated": "2024-08-04T16:55:10.494Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-2163 (GCVE-0-2021-2163)
Vulnerability from cvelistv5
Published
2021-04-22 21:53
Modified
2024-09-26 15:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data.
Summary
Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java SE JDK and JRE |
Version: Java SE:7u291 Version: Java SE:8u281 Version: Java SE:11.0.10 Version: Java SE:16 Version: Java SE Embedded:8u281 Version: Oracle GraalVM Enterprise Edition:19.3.5 Version: Oracle GraalVM Enterprise Edition:20.3.1.2 Version: Oracle GraalVM Enterprise Edition:21.0.0.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:32:03.140Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"name": "[debian-lts-announce] 20210423 [SECURITY] [DLA 2634-1] openjdk-8 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00021.html"
},
{
"name": "DSA-4899",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4899"
},
{
"name": "FEDORA-2021-6eb9bbbf0c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MAULPCQFLAMBJIS27YLNNX6IHRFJMVP4/"
},
{
"name": "FEDORA-2021-65aa196c14",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MVDY4T5XMSYDQT6RRKPMRCV4MVGS7KXF/"
},
{
"name": "FEDORA-2021-25b47f16af",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5ACX4JEVYH6H4PSMGMYWTGABPOFPH3TS/"
},
{
"name": "FEDORA-2021-8b80ef64f1",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CFXOKM2233JVGYDOWW77BN54X3GZTIBK/"
},
{
"name": "FEDORA-2021-f71b592e07",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CG7EWXSO6JUCVHP7R3SOZQ7WPNBOISJH/"
},
{
"name": "FEDORA-2021-b88e86b753",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UD3JEP4HPLK7MNZHVUMKIJPBP74M3A2V/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210513-0001/"
},
{
"name": "GLSA-202209-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202209-05"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-2163",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T14:44:06.976321Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T15:33:21.760Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Java SE JDK and JRE",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "Java SE:7u291"
},
{
"status": "affected",
"version": "Java SE:8u281"
},
{
"status": "affected",
"version": "Java SE:11.0.10"
},
{
"status": "affected",
"version": "Java SE:16"
},
{
"status": "affected",
"version": "Java SE Embedded:8u281"
},
{
"status": "affected",
"version": "Oracle GraalVM Enterprise Edition:19.3.5"
},
{
"status": "affected",
"version": "Oracle GraalVM Enterprise Edition:20.3.1.2"
},
{
"status": "affected",
"version": "Oracle GraalVM Enterprise Edition:21.0.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-07T04:07:16",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"name": "[debian-lts-announce] 20210423 [SECURITY] [DLA 2634-1] openjdk-8 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00021.html"
},
{
"name": "DSA-4899",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-4899"
},
{
"name": "FEDORA-2021-6eb9bbbf0c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MAULPCQFLAMBJIS27YLNNX6IHRFJMVP4/"
},
{
"name": "FEDORA-2021-65aa196c14",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MVDY4T5XMSYDQT6RRKPMRCV4MVGS7KXF/"
},
{
"name": "FEDORA-2021-25b47f16af",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5ACX4JEVYH6H4PSMGMYWTGABPOFPH3TS/"
},
{
"name": "FEDORA-2021-8b80ef64f1",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CFXOKM2233JVGYDOWW77BN54X3GZTIBK/"
},
{
"name": "FEDORA-2021-f71b592e07",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CG7EWXSO6JUCVHP7R3SOZQ7WPNBOISJH/"
},
{
"name": "FEDORA-2021-b88e86b753",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UD3JEP4HPLK7MNZHVUMKIJPBP74M3A2V/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210513-0001/"
},
{
"name": "GLSA-202209-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202209-05"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2021-2163",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Java SE JDK and JRE",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Java SE:7u291"
},
{
"version_affected": "=",
"version_value": "Java SE:8u281"
},
{
"version_affected": "=",
"version_value": "Java SE:11.0.10"
},
{
"version_affected": "=",
"version_value": "Java SE:16"
},
{
"version_affected": "=",
"version_value": "Java SE Embedded:8u281"
},
{
"version_affected": "=",
"version_value": "Oracle GraalVM Enterprise Edition:19.3.5"
},
{
"version_affected": "=",
"version_value": "Oracle GraalVM Enterprise Edition:20.3.1.2"
},
{
"version_affected": "=",
"version_value": "Oracle GraalVM Enterprise Edition:21.0.0.2"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N)."
}
]
},
"impact": {
"cvss": {
"baseScore": "5.3",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.oracle.com/security-alerts/cpuapr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"name": "[debian-lts-announce] 20210423 [SECURITY] [DLA 2634-1] openjdk-8 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00021.html"
},
{
"name": "DSA-4899",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4899"
},
{
"name": "FEDORA-2021-6eb9bbbf0c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MAULPCQFLAMBJIS27YLNNX6IHRFJMVP4/"
},
{
"name": "FEDORA-2021-65aa196c14",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MVDY4T5XMSYDQT6RRKPMRCV4MVGS7KXF/"
},
{
"name": "FEDORA-2021-25b47f16af",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5ACX4JEVYH6H4PSMGMYWTGABPOFPH3TS/"
},
{
"name": "FEDORA-2021-8b80ef64f1",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFXOKM2233JVGYDOWW77BN54X3GZTIBK/"
},
{
"name": "FEDORA-2021-f71b592e07",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CG7EWXSO6JUCVHP7R3SOZQ7WPNBOISJH/"
},
{
"name": "FEDORA-2021-b88e86b753",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UD3JEP4HPLK7MNZHVUMKIJPBP74M3A2V/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210513-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210513-0001/"
},
{
"name": "GLSA-202209-05",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202209-05"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2021-2163",
"datePublished": "2021-04-22T21:53:46",
"dateReserved": "2020-12-09T00:00:00",
"dateUpdated": "2024-09-26T15:33:21.760Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6119 (GCVE-0-2024-6119)
Vulnerability from cvelistv5
Published
2024-09-03 15:58
Modified
2024-09-12 16:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')
Summary
Issue summary: Applications performing certificate name checks (e.g., TLS
clients checking server certificates) may attempt to read an invalid memory
address resulting in abnormal termination of the application process.
Impact summary: Abnormal termination of an application can a cause a denial of
service.
Applications performing certificate name checks (e.g., TLS clients checking
server certificates) may attempt to read an invalid memory address when
comparing the expected name with an `otherName` subject alternative name of an
X.509 certificate. This may result in an exception that terminates the
application program.
Note that basic certificate chain validation (signatures, dates, ...) is not
affected, the denial of service can occur only when the application also
specifies an expected DNS name, Email address or IP address.
TLS servers rarely solicit client certificates, and even when they do, they
generally don't perform a name check against a reference identifier (expected
identity), but rather extract the presented identity after checking the
certificate chain. So TLS servers are generally not affected and the severity
of the issue is Moderate.
The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-09-12T16:03:01.704Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/09/03/4"
},
{
"url": "https://lists.freebsd.org/archives/freebsd-security/2024-September/000303.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240912-0001/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "openssl",
"vendor": "openssl",
"versions": [
{
"lessThan": "3.3.2",
"status": "affected",
"version": "3.3.0",
"versionType": "custom"
},
{
"lessThan": "3.2.3",
"status": "affected",
"version": "3.2.0",
"versionType": "custom"
},
{
"lessThan": "3.1.7",
"status": "affected",
"version": "3.1.0",
"versionType": "custom"
},
{
"lessThan": "3.0.15",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-6119",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-03T20:20:39.935362Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T20:25:47.056Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenSSL",
"vendor": "OpenSSL",
"versions": [
{
"lessThan": "3.3.2",
"status": "affected",
"version": "3.3.0",
"versionType": "semver"
},
{
"lessThan": "3.2.3",
"status": "affected",
"version": "3.2.0",
"versionType": "semver"
},
{
"lessThan": "3.1.7",
"status": "affected",
"version": "3.1.0",
"versionType": "semver"
},
{
"lessThan": "3.0.15",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "David Benjamin (Google)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Viktor Dukhovni"
}
],
"datePublic": "2024-09-03T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Issue summary: Applications performing certificate name checks (e.g., TLS\u003cbr\u003eclients checking server certificates) may attempt to read an invalid memory\u003cbr\u003eaddress resulting in abnormal termination of the application process.\u003cbr\u003e\u003cbr\u003eImpact summary: Abnormal termination of an application can a cause a denial of\u003cbr\u003eservice.\u003cbr\u003e\u003cbr\u003eApplications performing certificate name checks (e.g., TLS clients checking\u003cbr\u003eserver certificates) may attempt to read an invalid memory address when\u003cbr\u003ecomparing the expected name with an `otherName` subject alternative name of an\u003cbr\u003eX.509 certificate. This may result in an exception that terminates the\u003cbr\u003eapplication program.\u003cbr\u003e\u003cbr\u003eNote that basic certificate chain validation (signatures, dates, ...) is not\u003cbr\u003eaffected, the denial of service can occur only when the application also\u003cbr\u003especifies an expected DNS name, Email address or IP address.\u003cbr\u003e\u003cbr\u003eTLS servers rarely solicit client certificates, and even when they do, they\u003cbr\u003egenerally don\u0027t perform a name check against a reference identifier (expected\u003cbr\u003eidentity), but rather extract the presented identity after checking the\u003cbr\u003ecertificate chain. So TLS servers are generally not affected and the severity\u003cbr\u003eof the issue is Moderate.\u003cbr\u003e\u003cbr\u003eThe FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue."
}
],
"value": "Issue summary: Applications performing certificate name checks (e.g., TLS\nclients checking server certificates) may attempt to read an invalid memory\naddress resulting in abnormal termination of the application process.\n\nImpact summary: Abnormal termination of an application can a cause a denial of\nservice.\n\nApplications performing certificate name checks (e.g., TLS clients checking\nserver certificates) may attempt to read an invalid memory address when\ncomparing the expected name with an `otherName` subject alternative name of an\nX.509 certificate. This may result in an exception that terminates the\napplication program.\n\nNote that basic certificate chain validation (signatures, dates, ...) is not\naffected, the denial of service can occur only when the application also\nspecifies an expected DNS name, Email address or IP address.\n\nTLS servers rarely solicit client certificates, and even when they do, they\ngenerally don\u0027t perform a name check against a reference identifier (expected\nidentity), but rather extract the presented identity after checking the\ncertificate chain. So TLS servers are generally not affected and the severity\nof the issue is Moderate.\n\nThe FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue."
}
],
"metrics": [
{
"format": "other",
"other": {
"content": {
"text": "Moderate"
},
"type": "https://www.openssl.org/policies/secpolicy.html"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-843",
"description": "CWE-843 Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T15:58:06.970Z",
"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"shortName": "openssl"
},
"references": [
{
"name": "OpenSSL Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://openssl-library.org/news/secadv/20240903.txt"
},
{
"name": "3.3.2 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/7dfcee2cd2a63b2c64b9b4b0850be64cb695b0a0"
},
{
"name": "3.2.3 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/05f360d9e849a1b277db628f1f13083a7f8dd04f"
},
{
"name": "3.1.7 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/621f3729831b05ee828a3203eddb621d014ff2b2"
},
{
"name": "3.0.15 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/06d1dc3fa96a2ba5a3e22735a033012aadc9f0d6"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Possible denial of service in X.509 name checks",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"assignerShortName": "openssl",
"cveId": "CVE-2024-6119",
"datePublished": "2024-09-03T15:58:06.970Z",
"dateReserved": "2024-06-18T09:24:11.739Z",
"dateUpdated": "2024-09-12T16:03:01.704Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19052 (GCVE-0-2019-19052)
Vulnerability from cvelistv5
Published
2019-11-18 05:23
Modified
2024-08-05 02:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-fb5be6a7b486.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:09:38.573Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2019:2675",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html"
},
{
"name": "USN-4228-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4228-1/"
},
{
"name": "USN-4227-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4227-1/"
},
{
"name": "USN-4226-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4226-1/"
},
{
"name": "USN-4225-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4225-1/"
},
{
"name": "USN-4228-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4228-2/"
},
{
"name": "USN-4227-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4227-2/"
},
{
"name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
},
{
"name": "USN-4225-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4225-2/"
},
{
"name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20191205-0001/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/fb5be6a7b4863ecc44963bb80ca614584b6c7817"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-fb5be6a7b486."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-14T17:20:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "openSUSE-SU-2019:2675",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html"
},
{
"name": "USN-4228-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4228-1/"
},
{
"name": "USN-4227-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4227-1/"
},
{
"name": "USN-4226-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4226-1/"
},
{
"name": "USN-4225-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4225-1/"
},
{
"name": "USN-4228-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4228-2/"
},
{
"name": "USN-4227-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4227-2/"
},
{
"name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
},
{
"name": "USN-4225-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4225-2/"
},
{
"name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20191205-0001/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torvalds/linux/commit/fb5be6a7b4863ecc44963bb80ca614584b6c7817"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19052",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-fb5be6a7b486."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2019:2675",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html"
},
{
"name": "USN-4228-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4228-1/"
},
{
"name": "USN-4227-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4227-1/"
},
{
"name": "USN-4226-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4226-1/"
},
{
"name": "USN-4225-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4225-1/"
},
{
"name": "USN-4228-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4228-2/"
},
{
"name": "USN-4227-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4227-2/"
},
{
"name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
},
{
"name": "USN-4225-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4225-2/"
},
{
"name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20191205-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20191205-0001/"
},
{
"name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11",
"refsource": "MISC",
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11"
},
{
"name": "https://github.com/torvalds/linux/commit/fb5be6a7b4863ecc44963bb80ca614584b6c7817",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/fb5be6a7b4863ecc44963bb80ca614584b6c7817"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19052",
"datePublished": "2019-11-18T05:23:50",
"dateReserved": "2019-11-18T00:00:00",
"dateUpdated": "2024-08-05T02:09:38.573Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38201 (GCVE-0-2021-38201)
Vulnerability from cvelistv5
Published
2021-08-08 19:26
Modified
2024-08-04 01:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
net/sunrpc/xdr.c in the Linux kernel before 5.13.4 allows remote attackers to cause a denial of service (xdr_set_page_base slab-out-of-bounds access) by performing many NFS 4.2 READ_PLUS operations.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4 | x_refsource_MISC | |
| https://github.com/torvalds/linux/commit/6d1c0f3d28f98ea2736128ed3e46821496dc3a8c | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210902-0010/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:37:16.300Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/6d1c0f3d28f98ea2736128ed3e46821496dc3a8c"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210902-0010/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "net/sunrpc/xdr.c in the Linux kernel before 5.13.4 allows remote attackers to cause a denial of service (xdr_set_page_base slab-out-of-bounds access) by performing many NFS 4.2 READ_PLUS operations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-02T08:06:44",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torvalds/linux/commit/6d1c0f3d28f98ea2736128ed3e46821496dc3a8c"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210902-0010/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-38201",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "net/sunrpc/xdr.c in the Linux kernel before 5.13.4 allows remote attackers to cause a denial of service (xdr_set_page_base slab-out-of-bounds access) by performing many NFS 4.2 READ_PLUS operations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4",
"refsource": "MISC",
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4"
},
{
"name": "https://github.com/torvalds/linux/commit/6d1c0f3d28f98ea2736128ed3e46821496dc3a8c",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/6d1c0f3d28f98ea2736128ed3e46821496dc3a8c"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210902-0010/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210902-0010/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-38201",
"datePublished": "2021-08-08T19:26:54",
"dateReserved": "2021-08-08T00:00:00",
"dateUpdated": "2024-08-04T01:37:16.300Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-21541 (GCVE-0-2022-21541)
Vulnerability from cvelistv5
Published
2022-07-19 00:00
Modified
2024-09-23 19:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java SE JDK and JRE |
Version: Oracle Java SE:7u343 Version: Oracle Java SE:8u333 Version: Oracle Java SE:11.0.15.1 Version: Oracle Java SE:17.0.3.1 Version: Oracle Java SE:18.0.1.1 Version: Oracle GraalVM Enterprise Edition:20.3.6 Version: Oracle GraalVM Enterprise Edition:21.3.2 Version: Oracle GraalVM Enterprise Edition:22.1.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:46:38.300Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "DSA-5188",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5188"
},
{
"name": "DSA-5192",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5192"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220729-0009/"
},
{
"name": "FEDORA-2022-19b6f21746",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/"
},
{
"name": "FEDORA-2022-ae563934f7",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/"
},
{
"name": "FEDORA-2022-e573851f56",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/"
},
{
"name": "FEDORA-2022-d26586b419",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/"
},
{
"name": "FEDORA-2022-80afe2304a",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/"
},
{
"name": "FEDORA-2022-b76ab52e73",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/"
},
{
"name": "GLSA-202401-25",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202401-25"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-21541",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-11T20:42:01.658119Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-23T19:22:48.866Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Java SE JDK and JRE",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "Oracle Java SE:7u343"
},
{
"status": "affected",
"version": "Oracle Java SE:8u333"
},
{
"status": "affected",
"version": "Oracle Java SE:11.0.15.1"
},
{
"status": "affected",
"version": "Oracle Java SE:17.0.3.1"
},
{
"status": "affected",
"version": "Oracle Java SE:18.0.1.1"
},
{
"status": "affected",
"version": "Oracle GraalVM Enterprise Edition:20.3.6"
},
{
"status": "affected",
"version": "Oracle GraalVM Enterprise Edition:21.3.2"
},
{
"status": "affected",
"version": "Oracle GraalVM Enterprise Edition:22.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-17T15:06:44.119587",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "DSA-5188",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5188"
},
{
"name": "DSA-5192",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5192"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220729-0009/"
},
{
"name": "FEDORA-2022-19b6f21746",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/"
},
{
"name": "FEDORA-2022-ae563934f7",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/"
},
{
"name": "FEDORA-2022-e573851f56",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/"
},
{
"name": "FEDORA-2022-d26586b419",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/"
},
{
"name": "FEDORA-2022-80afe2304a",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/"
},
{
"name": "FEDORA-2022-b76ab52e73",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/"
},
{
"name": "GLSA-202401-25",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202401-25"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2022-21541",
"datePublished": "2022-07-19T00:00:00",
"dateReserved": "2021-11-15T00:00:00",
"dateUpdated": "2024-09-23T19:22:48.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-30115 (GCVE-0-2022-30115)
Vulnerability from cvelistv5
Published
2022-06-01 00:00
Modified
2024-08-03 06:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-325 - Missing Required Cryptographic Step ()
Summary
Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. This mechanism could be bypassed if the host name in the given URL used atrailing dot while not using one when it built the HSTS cache. Or the otherway around - by having the trailing dot in the HSTS cache and *not* using thetrailing dot in the URL.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/curl/curl |
Version: Fixed in 7.83.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:40:47.498Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://hackerone.com/reports/1557449"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220609-0009/"
},
{
"name": "[oss-security] 20221026 [SECURITY ADVISORY] CVE-2022-42916: HSTS bypass via IDN (curl)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/10/26/4"
},
{
"name": "GLSA-202212-01",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202212-01"
},
{
"name": "[oss-security] 20221221 curl: CVE-2022-43551: Another HSTS bypass via IDN",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/12/21/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "https://github.com/curl/curl",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in 7.83.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. This mechanism could be bypassed if the host name in the given URL used atrailing dot while not using one when it built the HSTS cache. Or the otherway around - by having the trailing dot in the HSTS cache and *not* using thetrailing dot in the URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-325",
"description": "Missing Required Cryptographic Step (CWE-325)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-21T00:00:00",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/1557449"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220609-0009/"
},
{
"name": "[oss-security] 20221026 [SECURITY ADVISORY] CVE-2022-42916: HSTS bypass via IDN (curl)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/10/26/4"
},
{
"name": "GLSA-202212-01",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202212-01"
},
{
"name": "[oss-security] 20221221 curl: CVE-2022-43551: Another HSTS bypass via IDN",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/12/21/1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2022-30115",
"datePublished": "2022-06-01T00:00:00",
"dateReserved": "2022-05-02T00:00:00",
"dateUpdated": "2024-08-03T06:40:47.498Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23308 (GCVE-0-2022-23308)
Vulnerability from cvelistv5
Published
2022-02-26 00:00
Modified
2025-05-05 16:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:36:20.420Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2022-050c712ed7",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LA3MWWAYZADWJ5F6JOUBX65UZAMQB7RF/"
},
{
"name": "[debian-lts-announce] 20220408 [SECURITY] [DLA 2972-1] libxml2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html"
},
{
"name": "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/May/33"
},
{
"name": "20220516 APPLE-SA-2022-05-16-6 tvOS 15.5",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/May/37"
},
{
"name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/May/35"
},
{
"name": "20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/May/38"
},
{
"name": "20220516 APPLE-SA-2022-05-16-5 watchOS 8.6",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/May/36"
},
{
"name": "20220516 APPLE-SA-2022-05-16-1 iOS 15.5 and iPadOS 15.5",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/May/34"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213257"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213256"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213255"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/blob/v2.9.13/NEWS"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/GNOME/libxml2/commit/652dd12a858989b14eed4e84e453059cd3ba340e"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220331-0008/"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213253"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213258"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213254"
},
{
"name": "GLSA-202210-03",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202210-03"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-23308",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:27:14.908557Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T16:26:56.501Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-16T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2022-050c712ed7",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LA3MWWAYZADWJ5F6JOUBX65UZAMQB7RF/"
},
{
"name": "[debian-lts-announce] 20220408 [SECURITY] [DLA 2972-1] libxml2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html"
},
{
"name": "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/May/33"
},
{
"name": "20220516 APPLE-SA-2022-05-16-6 tvOS 15.5",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/May/37"
},
{
"name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/May/35"
},
{
"name": "20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/May/38"
},
{
"name": "20220516 APPLE-SA-2022-05-16-5 watchOS 8.6",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/May/36"
},
{
"name": "20220516 APPLE-SA-2022-05-16-1 iOS 15.5 and iPadOS 15.5",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/May/34"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"url": "https://support.apple.com/kb/HT213257"
},
{
"url": "https://support.apple.com/kb/HT213256"
},
{
"url": "https://support.apple.com/kb/HT213255"
},
{
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/blob/v2.9.13/NEWS"
},
{
"url": "https://github.com/GNOME/libxml2/commit/652dd12a858989b14eed4e84e453059cd3ba340e"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220331-0008/"
},
{
"url": "https://support.apple.com/kb/HT213253"
},
{
"url": "https://support.apple.com/kb/HT213258"
},
{
"url": "https://support.apple.com/kb/HT213254"
},
{
"name": "GLSA-202210-03",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202210-03"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-23308",
"datePublished": "2022-02-26T00:00:00.000Z",
"dateReserved": "2022-01-17T00:00:00.000Z",
"dateUpdated": "2025-05-05T16:26:56.501Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-0201 (GCVE-0-2019-0201)
Vulnerability from cvelistv5
Published
2019-05-23 13:42
Modified
2024-08-04 17:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information Disclosure
Summary
An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper’s getACL() command doesn’t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuthenticationProvider overloads the Id field with the hash value that is used for user authentication. As a consequence, if Digest Authentication is in use, the unsalted hash value will be disclosed by getACL() request for unauthenticated or unprivileged users.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache ZooKeeper |
Version: 1.0.0 to 3.4.13 Version: 3.5.0-alpha to 3.5.4-beta |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:44:14.871Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "108427",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108427"
},
{
"name": "[debian-lts-announce] 20190524 [SECURITY] [DLA 1801-1] zookeeper security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00033.html"
},
{
"name": "[bookkeeper-issues] 20190531 [GitHub] [bookkeeper] eolivelli opened a new issue #2106: Update ZookKeeper dependency to 3.5.5",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/f6112882e30a31992a79e0a8c31ac179e9d0de7c708de3a9258d4391%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[accumulo-commits] 20190605 [accumulo] branch 2.0 updated: Update ZooKeeper (CVE-2019-0201)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/5d9a1cf41a5880557bf680b7321b4ab9a4d206c601ffb15fef6f196a%40%3Ccommits.accumulo.apache.org%3E"
},
{
"name": "DSA-4461",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4461"
},
{
"name": "20190612 [SECURITY] [DSA 4461-1] zookeeper security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jun/13"
},
{
"name": "[activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E"
},
{
"name": "RHSA-2019:3140",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3140"
},
{
"name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
},
{
"name": "RHSA-2019:3892",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3892"
},
{
"name": "RHSA-2019:4352",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4352"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://issues.apache.org/jira/browse/ZOOKEEPER-1392"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://zookeeper.apache.org/security.html#CVE-2019-0201"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190619-0001/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "[hadoop-common-issues] 20210816 [GitHub] [hadoop] iwasakims opened a new pull request #3308: HADOOP-17850. Upgrade ZooKeeper to 3.4.14 in branch-3.2.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r40f32125c1d97ad82404cc918171d9e0fcf78e534256674e9da1eb4b%40%3Ccommon-issues.hadoop.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache ZooKeeper",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "1.0.0 to 3.4.13"
},
{
"status": "affected",
"version": "3.5.0-alpha to 3.5.4-beta"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper\u2019s getACL() command doesn\u2019t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuthenticationProvider overloads the Id field with the hash value that is used for user authentication. As a consequence, if Digest Authentication is in use, the unsalted hash value will be disclosed by getACL() request for unauthenticated or unprivileged users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-16T12:06:09",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "108427",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108427"
},
{
"name": "[debian-lts-announce] 20190524 [SECURITY] [DLA 1801-1] zookeeper security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00033.html"
},
{
"name": "[bookkeeper-issues] 20190531 [GitHub] [bookkeeper] eolivelli opened a new issue #2106: Update ZookKeeper dependency to 3.5.5",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/f6112882e30a31992a79e0a8c31ac179e9d0de7c708de3a9258d4391%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[accumulo-commits] 20190605 [accumulo] branch 2.0 updated: Update ZooKeeper (CVE-2019-0201)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/5d9a1cf41a5880557bf680b7321b4ab9a4d206c601ffb15fef6f196a%40%3Ccommits.accumulo.apache.org%3E"
},
{
"name": "DSA-4461",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4461"
},
{
"name": "20190612 [SECURITY] [DSA 4461-1] zookeeper security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Jun/13"
},
{
"name": "[activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E"
},
{
"name": "RHSA-2019:3140",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3140"
},
{
"name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
},
{
"name": "RHSA-2019:3892",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3892"
},
{
"name": "RHSA-2019:4352",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4352"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://issues.apache.org/jira/browse/ZOOKEEPER-1392"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://zookeeper.apache.org/security.html#CVE-2019-0201"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190619-0001/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "[hadoop-common-issues] 20210816 [GitHub] [hadoop] iwasakims opened a new pull request #3308: HADOOP-17850. Upgrade ZooKeeper to 3.4.14 in branch-3.2.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r40f32125c1d97ad82404cc918171d9e0fcf78e534256674e9da1eb4b%40%3Ccommon-issues.hadoop.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2019-0201",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache ZooKeeper",
"version": {
"version_data": [
{
"version_value": "1.0.0 to 3.4.13"
},
{
"version_value": "3.5.0-alpha to 3.5.4-beta"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper\u2019s getACL() command doesn\u2019t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuthenticationProvider overloads the Id field with the hash value that is used for user authentication. As a consequence, if Digest Authentication is in use, the unsalted hash value will be disclosed by getACL() request for unauthenticated or unprivileged users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "108427",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108427"
},
{
"name": "[debian-lts-announce] 20190524 [SECURITY] [DLA 1801-1] zookeeper security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00033.html"
},
{
"name": "[bookkeeper-issues] 20190531 [GitHub] [bookkeeper] eolivelli opened a new issue #2106: Update ZookKeeper dependency to 3.5.5",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/f6112882e30a31992a79e0a8c31ac179e9d0de7c708de3a9258d4391@%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[accumulo-commits] 20190605 [accumulo] branch 2.0 updated: Update ZooKeeper (CVE-2019-0201)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/5d9a1cf41a5880557bf680b7321b4ab9a4d206c601ffb15fef6f196a@%3Ccommits.accumulo.apache.org%3E"
},
{
"name": "DSA-4461",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4461"
},
{
"name": "20190612 [SECURITY] [DSA 4461-1] zookeeper security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Jun/13"
},
{
"name": "[activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E"
},
{
"name": "RHSA-2019:3140",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3140"
},
{
"name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
},
{
"name": "RHSA-2019:3892",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3892"
},
{
"name": "RHSA-2019:4352",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:4352"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://issues.apache.org/jira/browse/ZOOKEEPER-1392",
"refsource": "MISC",
"url": "https://issues.apache.org/jira/browse/ZOOKEEPER-1392"
},
{
"name": "https://zookeeper.apache.org/security.html#CVE-2019-0201",
"refsource": "CONFIRM",
"url": "https://zookeeper.apache.org/security.html#CVE-2019-0201"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190619-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190619-0001/"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "[hadoop-common-issues] 20210816 [GitHub] [hadoop] iwasakims opened a new pull request #3308: HADOOP-17850. Upgrade ZooKeeper to 3.4.14 in branch-3.2.",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r40f32125c1d97ad82404cc918171d9e0fcf78e534256674e9da1eb4b@%3Ccommon-issues.hadoop.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2019-0201",
"datePublished": "2019-05-23T13:42:47",
"dateReserved": "2018-11-14T00:00:00",
"dateUpdated": "2024-08-04T17:44:14.871Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-36516 (GCVE-0-2020-36516)
Vulnerability from cvelistv5
Published
2022-02-26 03:14
Modified
2024-08-04 17:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session.
References
| ▼ | URL | Tags |
|---|---|---|
| https://dl.acm.org/doi/10.1145/3372297.3417884 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20220331-0003/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:30:08.304Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://dl.acm.org/doi/10.1145/3372297.3417884"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220331-0003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim\u0027s TCP session or terminate that session."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-31T08:06:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://dl.acm.org/doi/10.1145/3372297.3417884"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220331-0003/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-36516",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim\u0027s TCP session or terminate that session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://dl.acm.org/doi/10.1145/3372297.3417884",
"refsource": "MISC",
"url": "https://dl.acm.org/doi/10.1145/3372297.3417884"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220331-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220331-0003/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-36516",
"datePublished": "2022-02-26T03:14:46",
"dateReserved": "2022-02-26T00:00:00",
"dateUpdated": "2024-08-04T17:30:08.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-2161 (GCVE-0-2021-2161)
Vulnerability from cvelistv5
Published
2021-04-22 21:53
Modified
2024-09-26 15:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data.
Summary
Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. It can also be exploited by supplying untrusted data to APIs in the specified Component. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java SE JDK and JRE |
Version: Java SE:7u291 Version: Java SE:8u281 Version: Java SE:11.0.10 Version: Java SE:16 Version: Java SE Embedded:8u281 Version: Oracle GraalVM Enterprise Edition:19.3.5 Version: Oracle GraalVM Enterprise Edition:20.3.1.2 Version: Oracle GraalVM Enterprise Edition:21.0.0.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:32:03.135Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"name": "[debian-lts-announce] 20210423 [SECURITY] [DLA 2634-1] openjdk-8 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00021.html"
},
{
"name": "DSA-4899",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4899"
},
{
"name": "FEDORA-2021-6eb9bbbf0c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MAULPCQFLAMBJIS27YLNNX6IHRFJMVP4/"
},
{
"name": "FEDORA-2021-65aa196c14",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MVDY4T5XMSYDQT6RRKPMRCV4MVGS7KXF/"
},
{
"name": "FEDORA-2021-25b47f16af",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5ACX4JEVYH6H4PSMGMYWTGABPOFPH3TS/"
},
{
"name": "FEDORA-2021-8b80ef64f1",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CFXOKM2233JVGYDOWW77BN54X3GZTIBK/"
},
{
"name": "FEDORA-2021-f71b592e07",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CG7EWXSO6JUCVHP7R3SOZQ7WPNBOISJH/"
},
{
"name": "FEDORA-2021-b88e86b753",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UD3JEP4HPLK7MNZHVUMKIJPBP74M3A2V/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210513-0001/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.azul.com/core/zulu-openjdk/release-notes/april-2021.html#fixed-common-vulnerabilities-and-exposures"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10366"
},
{
"name": "GLSA-202209-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202209-05"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-2161",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T14:44:10.262858Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T15:33:42.318Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Java SE JDK and JRE",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "Java SE:7u291"
},
{
"status": "affected",
"version": "Java SE:8u281"
},
{
"status": "affected",
"version": "Java SE:11.0.10"
},
{
"status": "affected",
"version": "Java SE:16"
},
{
"status": "affected",
"version": "Java SE Embedded:8u281"
},
{
"status": "affected",
"version": "Oracle GraalVM Enterprise Edition:19.3.5"
},
{
"status": "affected",
"version": "Oracle GraalVM Enterprise Edition:20.3.1.2"
},
{
"status": "affected",
"version": "Oracle GraalVM Enterprise Edition:21.0.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. It can also be exploited by supplying untrusted data to APIs in the specified Component. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-07T04:06:40",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"name": "[debian-lts-announce] 20210423 [SECURITY] [DLA 2634-1] openjdk-8 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00021.html"
},
{
"name": "DSA-4899",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-4899"
},
{
"name": "FEDORA-2021-6eb9bbbf0c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MAULPCQFLAMBJIS27YLNNX6IHRFJMVP4/"
},
{
"name": "FEDORA-2021-65aa196c14",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MVDY4T5XMSYDQT6RRKPMRCV4MVGS7KXF/"
},
{
"name": "FEDORA-2021-25b47f16af",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5ACX4JEVYH6H4PSMGMYWTGABPOFPH3TS/"
},
{
"name": "FEDORA-2021-8b80ef64f1",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CFXOKM2233JVGYDOWW77BN54X3GZTIBK/"
},
{
"name": "FEDORA-2021-f71b592e07",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CG7EWXSO6JUCVHP7R3SOZQ7WPNBOISJH/"
},
{
"name": "FEDORA-2021-b88e86b753",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UD3JEP4HPLK7MNZHVUMKIJPBP74M3A2V/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210513-0001/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.azul.com/core/zulu-openjdk/release-notes/april-2021.html#fixed-common-vulnerabilities-and-exposures"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10366"
},
{
"name": "GLSA-202209-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202209-05"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2021-2161",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Java SE JDK and JRE",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Java SE:7u291"
},
{
"version_affected": "=",
"version_value": "Java SE:8u281"
},
{
"version_affected": "=",
"version_value": "Java SE:11.0.10"
},
{
"version_affected": "=",
"version_value": "Java SE:16"
},
{
"version_affected": "=",
"version_value": "Java SE Embedded:8u281"
},
{
"version_affected": "=",
"version_value": "Oracle GraalVM Enterprise Edition:19.3.5"
},
{
"version_affected": "=",
"version_value": "Oracle GraalVM Enterprise Edition:20.3.1.2"
},
{
"version_affected": "=",
"version_value": "Oracle GraalVM Enterprise Edition:21.0.0.2"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. It can also be exploited by supplying untrusted data to APIs in the specified Component. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)."
}
]
},
"impact": {
"cvss": {
"baseScore": "5.9",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.oracle.com/security-alerts/cpuapr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"name": "[debian-lts-announce] 20210423 [SECURITY] [DLA 2634-1] openjdk-8 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00021.html"
},
{
"name": "DSA-4899",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4899"
},
{
"name": "FEDORA-2021-6eb9bbbf0c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MAULPCQFLAMBJIS27YLNNX6IHRFJMVP4/"
},
{
"name": "FEDORA-2021-65aa196c14",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MVDY4T5XMSYDQT6RRKPMRCV4MVGS7KXF/"
},
{
"name": "FEDORA-2021-25b47f16af",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5ACX4JEVYH6H4PSMGMYWTGABPOFPH3TS/"
},
{
"name": "FEDORA-2021-8b80ef64f1",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFXOKM2233JVGYDOWW77BN54X3GZTIBK/"
},
{
"name": "FEDORA-2021-f71b592e07",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CG7EWXSO6JUCVHP7R3SOZQ7WPNBOISJH/"
},
{
"name": "FEDORA-2021-b88e86b753",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UD3JEP4HPLK7MNZHVUMKIJPBP74M3A2V/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210513-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210513-0001/"
},
{
"name": "https://docs.azul.com/core/zulu-openjdk/release-notes/april-2021.html#fixed-common-vulnerabilities-and-exposures",
"refsource": "MISC",
"url": "https://docs.azul.com/core/zulu-openjdk/release-notes/april-2021.html#fixed-common-vulnerabilities-and-exposures"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10366",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10366"
},
{
"name": "GLSA-202209-05",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202209-05"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2021-2161",
"datePublished": "2021-04-22T21:53:46",
"dateReserved": "2020-12-09T00:00:00",
"dateUpdated": "2024-09-26T15:33:42.318Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28041 (GCVE-0-2021-28041)
Vulnerability from cvelistv5
Published
2021-03-05 19:07
Modified
2024-08-03 21:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.openssh.com/security.html | x_refsource_MISC | |
| https://www.openwall.com/lists/oss-security/2021/03/03/1 | x_refsource_MISC | |
| https://github.com/openssh/openssh-portable/commit/e04fd6dde16de1cdc5a4d9946397ff60d96568db | x_refsource_MISC | |
| https://www.openssh.com/txt/release-8.5 | x_refsource_MISC | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXST2CML2MWY3PNVUXX7FFJE3ATJMNVZ/ | vendor-advisory, x_refsource_FEDORA | |
| https://security.gentoo.org/glsa/202105-35 | vendor-advisory, x_refsource_GENTOO | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQWGII3LQR4AOTPPFXGMTYE7UDEWIUKI/ | vendor-advisory, x_refsource_FEDORA | |
| https://www.oracle.com//security-alerts/cpujul2021.html | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210416-0002/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:33:17.327Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openssh.com/security.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2021/03/03/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/openssh/openssh-portable/commit/e04fd6dde16de1cdc5a4d9946397ff60d96568db"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openssh.com/txt/release-8.5"
},
{
"name": "FEDORA-2021-f68a5a75ba",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXST2CML2MWY3PNVUXX7FFJE3ATJMNVZ/"
},
{
"name": "GLSA-202105-35",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202105-35"
},
{
"name": "FEDORA-2021-1d3698089d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQWGII3LQR4AOTPPFXGMTYE7UDEWIUKI/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210416-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-20T22:56:32",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openssh.com/security.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2021/03/03/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openssh/openssh-portable/commit/e04fd6dde16de1cdc5a4d9946397ff60d96568db"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openssh.com/txt/release-8.5"
},
{
"name": "FEDORA-2021-f68a5a75ba",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXST2CML2MWY3PNVUXX7FFJE3ATJMNVZ/"
},
{
"name": "GLSA-202105-35",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202105-35"
},
{
"name": "FEDORA-2021-1d3698089d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQWGII3LQR4AOTPPFXGMTYE7UDEWIUKI/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210416-0002/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-28041",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openssh.com/security.html",
"refsource": "MISC",
"url": "https://www.openssh.com/security.html"
},
{
"name": "https://www.openwall.com/lists/oss-security/2021/03/03/1",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2021/03/03/1"
},
{
"name": "https://github.com/openssh/openssh-portable/commit/e04fd6dde16de1cdc5a4d9946397ff60d96568db",
"refsource": "MISC",
"url": "https://github.com/openssh/openssh-portable/commit/e04fd6dde16de1cdc5a4d9946397ff60d96568db"
},
{
"name": "https://www.openssh.com/txt/release-8.5",
"refsource": "MISC",
"url": "https://www.openssh.com/txt/release-8.5"
},
{
"name": "FEDORA-2021-f68a5a75ba",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXST2CML2MWY3PNVUXX7FFJE3ATJMNVZ/"
},
{
"name": "GLSA-202105-35",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202105-35"
},
{
"name": "FEDORA-2021-1d3698089d",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQWGII3LQR4AOTPPFXGMTYE7UDEWIUKI/"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210416-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210416-0002/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-28041",
"datePublished": "2021-03-05T19:07:34",
"dateReserved": "2021-03-05T00:00:00",
"dateUpdated": "2024-08-03T21:33:17.327Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-45061 (GCVE-0-2022-45061)
Vulnerability from cvelistv5
Published
2022-11-09 00:00
Modified
2025-05-01 14:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:01:31.434Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/python/cpython/issues/98433"
},
{
"name": "FEDORA-2022-45d2cfdfa4",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O67LRHDTJWH544KXB6KY4HMHQLYDXFPK/"
},
{
"name": "FEDORA-2022-3e859b6bc6",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4WBZJNSALFGMPYTINIF57HAAK46U72WQ/"
},
{
"name": "FEDORA-2022-e1ce71ff40",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTPVDZDATRQFE6KAT6B4BQIQ4GRHIIIJ/"
},
{
"name": "FEDORA-2022-fdb2739feb",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTN2OOLKYTG34DODUEJGT5MLC2PFGPBA/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20221209-0007/"
},
{
"name": "FEDORA-2022-6f4e6120d7",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB5YCMIRVX35RUB6XPOWKENCVCJEVDRK/"
},
{
"name": "FEDORA-2022-e6d0495206",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PLQ2BNZVBBAQPV3SPRU24ZD37UYJJS7W/"
},
{
"name": "FEDORA-2022-6d51289820",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMDX6IFKLOA3NXUQEV524L5LHTPI2JI/"
},
{
"name": "FEDORA-2022-50deb53896",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63FS6VHY4DCS74HBTEINUDOECQ2X6ZCH/"
},
{
"name": "FEDORA-2022-93c6916349",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORVCQGJCCAVLN4DJDTWGREFCUWXKQRML/"
},
{
"name": "FEDORA-2022-18b234c18b",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T3D5TX4TDJPXHXD2QICKTY3OCQC3JARP/"
},
{
"name": "FEDORA-2022-de755fd092",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JCDJXNBHWXNYUTOEV4H2HCFSRKV3SYL3/"
},
{
"name": "FEDORA-2022-fd3771db30",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RH57BNT4VQERGEJ5SXNXSVMDYP66YD4H/"
},
{
"name": "FEDORA-2022-6b8b96f883",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKWAMPURWUV3DCCT4J7VHRF4NT2CFVBR/"
},
{
"name": "FEDORA-2022-3d7e44dbd5",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/35YDIWCUMWTMDBWFRAVENFH6BLB65D6S/"
},
{
"name": "FEDORA-2022-b2f06fbb62",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPNWZKXPKTNHS5FVMN7UQZ2UPCSEFJUK/"
},
{
"name": "FEDORA-2022-6ba889e0e3",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B3YI6JYARWU6GULWOHNUROSACT54XFFS/"
},
{
"name": "FEDORA-2022-dbb811d203",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KNE4GMD45RGC2HWUAAIGTDHT5VJ2E4O4/"
},
{
"name": "FEDORA-2022-e699dd5247",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTYVESWVBPD57ZJC35G5722Q6TS37WSB/"
},
{
"name": "FEDORA-2022-fbf6a320fe",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UHVW73QZJMHA4MK7JBT7CXX7XSNYQEGF/"
},
{
"name": "FEDORA-2022-bcf089dd07",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2AOUKI72ACV6CHY2QUFO6VK2DNMVJ2MB/"
},
{
"name": "FEDORA-2023-a990c93ed0",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3EJ6J7PXVQOULBQZQGBXCXY6LFF6LZD/"
},
{
"name": "FEDORA-2023-78b4ce2f23",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XXZJL3CNAFS5PAIR7K4RL62S3Y7THR7O/"
},
{
"name": "FEDORA-2023-af5206f71d",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QLUGZSEAO3MBWGKCUSMKQIRYJZKJCIOB/"
},
{
"name": "FEDORA-2023-943556a733",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN26PWZTYG6IF3APLRXQJBVACQHZUPT2/"
},
{
"name": "FEDORA-2023-097dd40685",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDK3ZZBRYFO47ET3N4BNTKVXN47U6ICY/"
},
{
"name": "FEDORA-2023-f1381c83af",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WQPHKGNXUJC3TC3BDW5RKGROWRJVSFR/"
},
{
"name": "GLSA-202305-02",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-02"
},
{
"name": "[debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html"
},
{
"name": "[debian-lts-announce] 20230630 [SECURITY] [DLA 3477-1] python3.7 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html"
},
{
"name": "FEDORA-2023-129178fd27",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QCKD4AFBHXIMHS64ZER2U7QRT33HNE7L/"
},
{
"name": "FEDORA-2023-c43a940a93",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BWJREJHWVRBYDP43YB5WRL3QC7UBA7BR/"
},
{
"name": "FEDORA-2023-5460cf6dfb",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4MYQ3IV6NWA4CKSXEHW45CH2YNDHEPH/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-45061",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-01T14:24:06.327776Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-407",
"description": "CWE-407 Inefficient Algorithmic Complexity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-01T14:24:40.478Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-15T21:07:33.878Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/python/cpython/issues/98433"
},
{
"name": "FEDORA-2022-45d2cfdfa4",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O67LRHDTJWH544KXB6KY4HMHQLYDXFPK/"
},
{
"name": "FEDORA-2022-3e859b6bc6",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4WBZJNSALFGMPYTINIF57HAAK46U72WQ/"
},
{
"name": "FEDORA-2022-e1ce71ff40",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTPVDZDATRQFE6KAT6B4BQIQ4GRHIIIJ/"
},
{
"name": "FEDORA-2022-fdb2739feb",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTN2OOLKYTG34DODUEJGT5MLC2PFGPBA/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20221209-0007/"
},
{
"name": "FEDORA-2022-6f4e6120d7",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB5YCMIRVX35RUB6XPOWKENCVCJEVDRK/"
},
{
"name": "FEDORA-2022-e6d0495206",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PLQ2BNZVBBAQPV3SPRU24ZD37UYJJS7W/"
},
{
"name": "FEDORA-2022-6d51289820",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMDX6IFKLOA3NXUQEV524L5LHTPI2JI/"
},
{
"name": "FEDORA-2022-50deb53896",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63FS6VHY4DCS74HBTEINUDOECQ2X6ZCH/"
},
{
"name": "FEDORA-2022-93c6916349",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORVCQGJCCAVLN4DJDTWGREFCUWXKQRML/"
},
{
"name": "FEDORA-2022-18b234c18b",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T3D5TX4TDJPXHXD2QICKTY3OCQC3JARP/"
},
{
"name": "FEDORA-2022-de755fd092",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JCDJXNBHWXNYUTOEV4H2HCFSRKV3SYL3/"
},
{
"name": "FEDORA-2022-fd3771db30",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RH57BNT4VQERGEJ5SXNXSVMDYP66YD4H/"
},
{
"name": "FEDORA-2022-6b8b96f883",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKWAMPURWUV3DCCT4J7VHRF4NT2CFVBR/"
},
{
"name": "FEDORA-2022-3d7e44dbd5",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/35YDIWCUMWTMDBWFRAVENFH6BLB65D6S/"
},
{
"name": "FEDORA-2022-b2f06fbb62",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPNWZKXPKTNHS5FVMN7UQZ2UPCSEFJUK/"
},
{
"name": "FEDORA-2022-6ba889e0e3",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B3YI6JYARWU6GULWOHNUROSACT54XFFS/"
},
{
"name": "FEDORA-2022-dbb811d203",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KNE4GMD45RGC2HWUAAIGTDHT5VJ2E4O4/"
},
{
"name": "FEDORA-2022-e699dd5247",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTYVESWVBPD57ZJC35G5722Q6TS37WSB/"
},
{
"name": "FEDORA-2022-fbf6a320fe",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UHVW73QZJMHA4MK7JBT7CXX7XSNYQEGF/"
},
{
"name": "FEDORA-2022-bcf089dd07",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2AOUKI72ACV6CHY2QUFO6VK2DNMVJ2MB/"
},
{
"name": "FEDORA-2023-a990c93ed0",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3EJ6J7PXVQOULBQZQGBXCXY6LFF6LZD/"
},
{
"name": "FEDORA-2023-78b4ce2f23",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XXZJL3CNAFS5PAIR7K4RL62S3Y7THR7O/"
},
{
"name": "FEDORA-2023-af5206f71d",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QLUGZSEAO3MBWGKCUSMKQIRYJZKJCIOB/"
},
{
"name": "FEDORA-2023-943556a733",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN26PWZTYG6IF3APLRXQJBVACQHZUPT2/"
},
{
"name": "FEDORA-2023-097dd40685",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDK3ZZBRYFO47ET3N4BNTKVXN47U6ICY/"
},
{
"name": "FEDORA-2023-f1381c83af",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WQPHKGNXUJC3TC3BDW5RKGROWRJVSFR/"
},
{
"name": "GLSA-202305-02",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-02"
},
{
"name": "[debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html"
},
{
"name": "[debian-lts-announce] 20230630 [SECURITY] [DLA 3477-1] python3.7 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html"
},
{
"name": "FEDORA-2023-129178fd27",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QCKD4AFBHXIMHS64ZER2U7QRT33HNE7L/"
},
{
"name": "FEDORA-2023-c43a940a93",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BWJREJHWVRBYDP43YB5WRL3QC7UBA7BR/"
},
{
"name": "FEDORA-2023-5460cf6dfb",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4MYQ3IV6NWA4CKSXEHW45CH2YNDHEPH/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-45061",
"datePublished": "2022-11-09T00:00:00.000Z",
"dateReserved": "2022-11-09T00:00:00.000Z",
"dateUpdated": "2025-05-01T14:24:40.478Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38160 (GCVE-0-2021-38160)
Vulnerability from cvelistv5
Published
2021-08-07 03:31
Modified
2024-08-04 01:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size. NOTE: the vendor indicates that the cited data corruption is not a vulnerability in any existing use case; the length validation was added solely for robustness in the face of anomalous host OS behavior
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/torvalds/linux/commit/d00d8da5869a2608e97cfede094dfc5e11462a46 | x_refsource_MISC | |
| https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4 | x_refsource_MISC | |
| https://access.redhat.com/security/cve/cve-2021-38160 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210902-0010/ | x_refsource_CONFIRM | |
| https://www.debian.org/security/2021/dsa-4978 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:37:16.213Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/d00d8da5869a2608e97cfede094dfc5e11462a46"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2021-38160"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210902-0010/"
},
{
"name": "DSA-4978",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4978"
},
{
"name": "[debian-lts-announce] 20211015 [SECURITY] [DLA 2785-1] linux-4.19 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html"
},
{
"name": "[debian-lts-announce] 20211216 [SECURITY] [DLA 2843-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf-\u003elen value exceeding the buffer size. NOTE: the vendor indicates that the cited data corruption is not a vulnerability in any existing use case; the length validation was added solely for robustness in the face of anomalous host OS behavior"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-17T00:06:39",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torvalds/linux/commit/d00d8da5869a2608e97cfede094dfc5e11462a46"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2021-38160"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210902-0010/"
},
{
"name": "DSA-4978",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-4978"
},
{
"name": "[debian-lts-announce] 20211015 [SECURITY] [DLA 2785-1] linux-4.19 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html"
},
{
"name": "[debian-lts-announce] 20211216 [SECURITY] [DLA 2843-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-38160",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf-\u003elen value exceeding the buffer size. NOTE: the vendor indicates that the cited data corruption is not a vulnerability in any existing use case; the length validation was added solely for robustness in the face of anomalous host OS behavior."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/torvalds/linux/commit/d00d8da5869a2608e97cfede094dfc5e11462a46",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/d00d8da5869a2608e97cfede094dfc5e11462a46"
},
{
"name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4",
"refsource": "MISC",
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4"
},
{
"name": "https://access.redhat.com/security/cve/cve-2021-38160",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/cve-2021-38160"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210902-0010/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210902-0010/"
},
{
"name": "DSA-4978",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4978"
},
{
"name": "[debian-lts-announce] 20211015 [SECURITY] [DLA 2785-1] linux-4.19 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html"
},
{
"name": "[debian-lts-announce] 20211216 [SECURITY] [DLA 2843-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-38160",
"datePublished": "2021-08-07T03:31:12",
"dateReserved": "2021-08-07T00:00:00",
"dateUpdated": "2024-08-04T01:37:16.213Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12771 (GCVE-0-2020-12771)
Vulnerability from cvelistv5
Published
2020-05-09 20:16
Modified
2024-08-04 12:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in the Linux kernel through 5.6.11. btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:04:22.892Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2020:1062",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00071.html"
},
{
"name": "openSUSE-SU-2020:1153",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html"
},
{
"name": "[debian-lts-announce] 20200812 [SECURITY] [DLA 2323-1] linux-4.19 new package",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00019.html"
},
{
"name": "USN-4463-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4463-1/"
},
{
"name": "USN-4465-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4465-1/"
},
{
"name": "USN-4462-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4462-1/"
},
{
"name": "USN-4483-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4483-1/"
},
{
"name": "USN-4485-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4485-1/"
},
{
"name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html"
},
{
"name": "[debian-lts-announce] 20201031 [SECURITY] [DLA 2420-2] linux regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://lkml.org/lkml/2020/4/26/87"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Linux kernel through 5.6.11. btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-14T17:20:15",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "openSUSE-SU-2020:1062",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00071.html"
},
{
"name": "openSUSE-SU-2020:1153",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html"
},
{
"name": "[debian-lts-announce] 20200812 [SECURITY] [DLA 2323-1] linux-4.19 new package",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00019.html"
},
{
"name": "USN-4463-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4463-1/"
},
{
"name": "USN-4465-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4465-1/"
},
{
"name": "USN-4462-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4462-1/"
},
{
"name": "USN-4483-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4483-1/"
},
{
"name": "USN-4485-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4485-1/"
},
{
"name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html"
},
{
"name": "[debian-lts-announce] 20201031 [SECURITY] [DLA 2420-2] linux regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://lkml.org/lkml/2020/4/26/87"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-12771",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the Linux kernel through 5.6.11. btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2020:1062",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00071.html"
},
{
"name": "openSUSE-SU-2020:1153",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html"
},
{
"name": "[debian-lts-announce] 20200812 [SECURITY] [DLA 2323-1] linux-4.19 new package",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00019.html"
},
{
"name": "USN-4463-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4463-1/"
},
{
"name": "USN-4465-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4465-1/"
},
{
"name": "USN-4462-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4462-1/"
},
{
"name": "USN-4483-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4483-1/"
},
{
"name": "USN-4485-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4485-1/"
},
{
"name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html"
},
{
"name": "[debian-lts-announce] 20201031 [SECURITY] [DLA 2420-2] linux regression update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200608-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
},
{
"name": "https://lkml.org/lkml/2020/4/26/87",
"refsource": "CONFIRM",
"url": "https://lkml.org/lkml/2020/4/26/87"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-12771",
"datePublished": "2020-05-09T20:16:20",
"dateReserved": "2020-05-09T00:00:00",
"dateUpdated": "2024-08-04T12:04:22.892Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38203 (GCVE-0-2021-38203)
Vulnerability from cvelistv5
Published
2021-08-08 19:25
Modified
2024-08-04 01:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
btrfs in the Linux kernel before 5.13.4 allows attackers to cause a denial of service (deadlock) via processes that trigger allocation of new system chunks during times when there is a shortage of free space in the system space_info.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4 | x_refsource_MISC | |
| https://github.com/torvalds/linux/commit/1cb3db1cf383a3c7dbda1aa0ce748b0958759947 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210902-0010/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:37:16.305Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/1cb3db1cf383a3c7dbda1aa0ce748b0958759947"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210902-0010/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "btrfs in the Linux kernel before 5.13.4 allows attackers to cause a denial of service (deadlock) via processes that trigger allocation of new system chunks during times when there is a shortage of free space in the system space_info."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-02T08:06:42",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torvalds/linux/commit/1cb3db1cf383a3c7dbda1aa0ce748b0958759947"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210902-0010/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-38203",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "btrfs in the Linux kernel before 5.13.4 allows attackers to cause a denial of service (deadlock) via processes that trigger allocation of new system chunks during times when there is a shortage of free space in the system space_info."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4",
"refsource": "MISC",
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4"
},
{
"name": "https://github.com/torvalds/linux/commit/1cb3db1cf383a3c7dbda1aa0ce748b0958759947",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/1cb3db1cf383a3c7dbda1aa0ce748b0958759947"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210902-0010/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210902-0010/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-38203",
"datePublished": "2021-08-08T19:25:31",
"dateReserved": "2021-08-08T00:00:00",
"dateUpdated": "2024-08-04T01:37:16.305Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5715 (GCVE-0-2017-5715)
Vulnerability from cvelistv5
Published
2018-01-04 13:00
Modified
2025-05-06 14:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information Disclosure
Summary
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Intel Corporation | Microprocessors with Speculative Execution |
Version: All |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:11:48.456Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4609"
},
{
"name": "USN-3560-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3560-1/"
},
{
"name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html"
},
{
"name": "DSA-4187",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4187"
},
{
"name": "USN-3542-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3542-2/"
},
{
"name": "GLSA-201810-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201810-06"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name": "USN-3540-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3540-2/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://access.redhat.com/security/vulnerabilities/speculativeexecution"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "USN-3597-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3597-1/"
},
{
"name": "[debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html"
},
{
"name": "SUSE-SU-2018:0012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html"
},
{
"name": "SUSE-SU-2018:0011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4611"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html"
},
{
"name": "DSA-4213",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4213"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2018-002"
},
{
"name": "DSA-4120",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4120"
},
{
"name": "openSUSE-SU-2018:0013",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00009.html"
},
{
"name": "USN-3580-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3580-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K91229003"
},
{
"name": "USN-3531-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3531-3/"
},
{
"name": "USN-3620-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3620-2/"
},
{
"name": "openSUSE-SU-2018:0022",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html"
},
{
"name": "USN-3582-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3582-1/"
},
{
"name": "DSA-4188",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4188"
},
{
"name": "RHSA-2018:0292",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0292"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://xenbits.xen.org/xsa/advisory-254.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20180104-0001/"
},
{
"name": "SUSE-SU-2018:0019",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00012.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.synology.com/support/security/Synology_SA_18_01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/145645/Spectre-Information-Disclosure-Proof-Of-Concept.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt"
},
{
"name": "102376",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102376"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
},
{
"name": "USN-3594-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3594-1/"
},
{
"name": "VU#584653",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/584653"
},
{
"name": "VU#180049",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/180049"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2018-003"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes"
},
{
"name": "SUSE-SU-2018:0009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00005.html"
},
{
"name": "USN-3690-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3690-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03871en_us"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/us/security/advisories/VMSA-2018-0004.html"
},
{
"name": "USN-3549-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3549-1/"
},
{
"name": "SUSE-SU-2018:0007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00003.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX231399"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://spectreattack.com/"
},
{
"name": "USN-3531-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3531-1/"
},
{
"name": "FreeBSD-SA-18:03",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:03.speculative_execution.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/"
},
{
"name": "SUSE-SU-2018:0006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00002.html"
},
{
"name": "USN-3581-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3581-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/"
},
{
"name": "1040071",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040071"
},
{
"name": "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088\u0026languageid=en-fr"
},
{
"name": "USN-3597-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3597-2/"
},
{
"name": "USN-3581-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3581-2/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4614"
},
{
"name": "SUSE-SU-2018:0010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html"
},
{
"name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
},
{
"name": "20180104 CPU Side-Channel Information Disclosure Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel"
},
{
"name": "USN-3516-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/usn/usn-3516-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html"
},
{
"name": "43427",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/43427/"
},
{
"name": "SUSE-SU-2018:0020",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00013.html"
},
{
"name": "USN-3541-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3541-2/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-18282"
},
{
"name": "USN-3777-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3777-3/"
},
{
"name": "openSUSE-SU-2018:0023",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0007.html"
},
{
"name": "SUSE-SU-2018:0008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4613"
},
{
"name": "USN-3561-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3561-1/"
},
{
"name": "USN-3582-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3582-2/"
},
{
"name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jun/36"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
},
{
"name": "FreeBSD-SA-19:26",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:26.mcu.asc"
},
{
"name": "20191112 FreeBSD Security Advisory FreeBSD-SA-19:26.mcu",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Nov/16"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2017-5715"
},
{
"name": "[debian-lts-announce] 20200320 [SECURITY] [DLA 2148-1] amd64-microcode security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00025.html"
},
{
"name": "[debian-lts-announce] 20210816 [SECURITY] [DLA 2743-1] amd64-microcode security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00019.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2017-5715",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:31:09.657900Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203 Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-06T14:59:36.405Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Microprocessors with Speculative Execution",
"vendor": "Intel Corporation",
"versions": [
{
"status": "affected",
"version": "All"
}
]
}
],
"datePublic": "2018-01-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-16T08:06:27.000Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4609"
},
{
"name": "USN-3560-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3560-1/"
},
{
"name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html"
},
{
"name": "DSA-4187",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4187"
},
{
"name": "USN-3542-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3542-2/"
},
{
"name": "GLSA-201810-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201810-06"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name": "USN-3540-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3540-2/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://access.redhat.com/security/vulnerabilities/speculativeexecution"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "USN-3597-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3597-1/"
},
{
"name": "[debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html"
},
{
"name": "SUSE-SU-2018:0012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html"
},
{
"name": "SUSE-SU-2018:0011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4611"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html"
},
{
"name": "DSA-4213",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4213"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2018-002"
},
{
"name": "DSA-4120",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4120"
},
{
"name": "openSUSE-SU-2018:0013",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00009.html"
},
{
"name": "USN-3580-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3580-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K91229003"
},
{
"name": "USN-3531-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3531-3/"
},
{
"name": "USN-3620-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3620-2/"
},
{
"name": "openSUSE-SU-2018:0022",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html"
},
{
"name": "USN-3582-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3582-1/"
},
{
"name": "DSA-4188",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4188"
},
{
"name": "RHSA-2018:0292",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0292"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://xenbits.xen.org/xsa/advisory-254.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20180104-0001/"
},
{
"name": "SUSE-SU-2018:0019",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00012.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.synology.com/support/security/Synology_SA_18_01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/145645/Spectre-Information-Disclosure-Proof-Of-Concept.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt"
},
{
"name": "102376",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102376"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
},
{
"name": "USN-3594-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3594-1/"
},
{
"name": "VU#584653",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/584653"
},
{
"name": "VU#180049",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/180049"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2018-003"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes"
},
{
"name": "SUSE-SU-2018:0009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00005.html"
},
{
"name": "USN-3690-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3690-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03871en_us"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/us/security/advisories/VMSA-2018-0004.html"
},
{
"name": "USN-3549-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3549-1/"
},
{
"name": "SUSE-SU-2018:0007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00003.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.citrix.com/article/CTX231399"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://spectreattack.com/"
},
{
"name": "USN-3531-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3531-1/"
},
{
"name": "FreeBSD-SA-18:03",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:03.speculative_execution.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/"
},
{
"name": "SUSE-SU-2018:0006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00002.html"
},
{
"name": "USN-3581-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3581-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/"
},
{
"name": "1040071",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040071"
},
{
"name": "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088\u0026languageid=en-fr"
},
{
"name": "USN-3597-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3597-2/"
},
{
"name": "USN-3581-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3581-2/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4614"
},
{
"name": "SUSE-SU-2018:0010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html"
},
{
"name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
},
{
"name": "20180104 CPU Side-Channel Information Disclosure Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel"
},
{
"name": "USN-3516-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/usn/usn-3516-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html"
},
{
"name": "43427",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/43427/"
},
{
"name": "SUSE-SU-2018:0020",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00013.html"
},
{
"name": "USN-3541-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3541-2/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-18282"
},
{
"name": "USN-3777-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3777-3/"
},
{
"name": "openSUSE-SU-2018:0023",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0007.html"
},
{
"name": "SUSE-SU-2018:0008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4613"
},
{
"name": "USN-3561-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3561-1/"
},
{
"name": "USN-3582-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3582-2/"
},
{
"name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Jun/36"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
},
{
"name": "FreeBSD-SA-19:26",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:26.mcu.asc"
},
{
"name": "20191112 FreeBSD Security Advisory FreeBSD-SA-19:26.mcu",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Nov/16"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.paloaltonetworks.com/CVE-2017-5715"
},
{
"name": "[debian-lts-announce] 20200320 [SECURITY] [DLA 2148-1] amd64-microcode security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00025.html"
},
{
"name": "[debian-lts-announce] 20210816 [SECURITY] [DLA 2743-1] amd64-microcode security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00019.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"DATE_PUBLIC": "2018-01-03T00:00:00",
"ID": "CVE-2017-5715",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microprocessors with Speculative Execution",
"version": {
"version_data": [
{
"version_value": "All"
}
]
}
}
]
},
"vendor_name": "Intel Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4609",
"refsource": "CONFIRM",
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4609"
},
{
"name": "USN-3560-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3560-1/"
},
{
"name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html"
},
{
"name": "DSA-4187",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4187"
},
{
"name": "USN-3542-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3542-2/"
},
{
"name": "GLSA-201810-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201810-06"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name": "USN-3540-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3540-2/"
},
{
"name": "https://access.redhat.com/security/vulnerabilities/speculativeexecution",
"refsource": "CONFIRM",
"url": "https://access.redhat.com/security/vulnerabilities/speculativeexecution"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "USN-3597-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3597-1/"
},
{
"name": "[debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html"
},
{
"name": "SUSE-SU-2018:0012",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html"
},
{
"name": "SUSE-SU-2018:0011",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html"
},
{
"name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4611",
"refsource": "CONFIRM",
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4611"
},
{
"name": "https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html",
"refsource": "MISC",
"url": "https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html"
},
{
"name": "DSA-4213",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4213"
},
{
"name": "https://cert.vde.com/en-us/advisories/vde-2018-002",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en-us/advisories/vde-2018-002"
},
{
"name": "DSA-4120",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4120"
},
{
"name": "openSUSE-SU-2018:0013",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00009.html"
},
{
"name": "USN-3580-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3580-1/"
},
{
"name": "https://support.f5.com/csp/article/K91229003",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K91229003"
},
{
"name": "USN-3531-3",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3531-3/"
},
{
"name": "USN-3620-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3620-2/"
},
{
"name": "openSUSE-SU-2018:0022",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html"
},
{
"name": "USN-3582-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3582-1/"
},
{
"name": "DSA-4188",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4188"
},
{
"name": "RHSA-2018:0292",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0292"
},
{
"name": "http://xenbits.xen.org/xsa/advisory-254.html",
"refsource": "CONFIRM",
"url": "http://xenbits.xen.org/xsa/advisory-254.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180104-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180104-0001/"
},
{
"name": "SUSE-SU-2018:0019",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00012.html"
},
{
"name": "https://www.synology.com/support/security/Synology_SA_18_01",
"refsource": "CONFIRM",
"url": "https://www.synology.com/support/security/Synology_SA_18_01"
},
{
"name": "http://packetstormsecurity.com/files/145645/Spectre-Information-Disclosure-Proof-Of-Concept.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/145645/Spectre-Information-Disclosure-Proof-Of-Concept.html"
},
{
"name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt",
"refsource": "CONFIRM",
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt"
},
{
"name": "102376",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102376"
},
{
"name": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability",
"refsource": "CONFIRM",
"url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
},
{
"name": "USN-3594-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3594-1/"
},
{
"name": "VU#584653",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/584653"
},
{
"name": "VU#180049",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/180049"
},
{
"name": "https://cert.vde.com/en-us/advisories/vde-2018-003",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en-us/advisories/vde-2018-003"
},
{
"name": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes",
"refsource": "CONFIRM",
"url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes"
},
{
"name": "SUSE-SU-2018:0009",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00005.html"
},
{
"name": "USN-3690-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3690-1/"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us"
},
{
"name": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001",
"refsource": "CONFIRM",
"url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03871en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03871en_us"
},
{
"name": "https://www.vmware.com/us/security/advisories/VMSA-2018-0004.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/us/security/advisories/VMSA-2018-0004.html"
},
{
"name": "USN-3549-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3549-1/"
},
{
"name": "SUSE-SU-2018:0007",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00003.html"
},
{
"name": "https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/",
"refsource": "CONFIRM",
"url": "https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/"
},
{
"name": "https://support.citrix.com/article/CTX231399",
"refsource": "CONFIRM",
"url": "https://support.citrix.com/article/CTX231399"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "https://spectreattack.com/",
"refsource": "MISC",
"url": "https://spectreattack.com/"
},
{
"name": "USN-3531-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3531-1/"
},
{
"name": "FreeBSD-SA-18:03",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:03.speculative_execution.asc"
},
{
"name": "https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/",
"refsource": "CONFIRM",
"url": "https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/"
},
{
"name": "SUSE-SU-2018:0006",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00002.html"
},
{
"name": "USN-3581-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3581-1/"
},
{
"name": "https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/",
"refsource": "CONFIRM",
"url": "https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/"
},
{
"name": "1040071",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040071"
},
{
"name": "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
},
{
"name": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088\u0026languageid=en-fr",
"refsource": "CONFIRM",
"url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088\u0026languageid=en-fr"
},
{
"name": "USN-3597-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3597-2/"
},
{
"name": "USN-3581-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3581-2/"
},
{
"name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4614",
"refsource": "CONFIRM",
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4614"
},
{
"name": "SUSE-SU-2018:0010",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html"
},
{
"name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
},
{
"name": "20180104 CPU Side-Channel Information Disclosure Vulnerabilities",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel"
},
{
"name": "USN-3516-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/usn/usn-3516-1/"
},
{
"name": "https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html"
},
{
"name": "43427",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43427/"
},
{
"name": "SUSE-SU-2018:0020",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00013.html"
},
{
"name": "USN-3541-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3541-2/"
},
{
"name": "https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html",
"refsource": "MISC",
"url": "https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html"
},
{
"name": "https://support.lenovo.com/us/en/solutions/LEN-18282",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/solutions/LEN-18282"
},
{
"name": "USN-3777-3",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3777-3/"
},
{
"name": "openSUSE-SU-2018:0023",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html"
},
{
"name": "https://www.vmware.com/security/advisories/VMSA-2018-0007.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0007.html"
},
{
"name": "SUSE-SU-2018:0008",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00004.html"
},
{
"name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4613",
"refsource": "CONFIRM",
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4613"
},
{
"name": "USN-3561-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3561-1/"
},
{
"name": "USN-3582-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3582-2/"
},
{
"name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Jun/36"
},
{
"name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt",
"refsource": "CONFIRM",
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
},
{
"name": "FreeBSD-SA-19:26",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:26.mcu.asc"
},
{
"name": "20191112 FreeBSD Security Advisory FreeBSD-SA-19:26.mcu",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Nov/16"
},
{
"name": "http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html"
},
{
"name": "https://security.paloaltonetworks.com/CVE-2017-5715",
"refsource": "CONFIRM",
"url": "https://security.paloaltonetworks.com/CVE-2017-5715"
},
{
"name": "[debian-lts-announce] 20200320 [SECURITY] [DLA 2148-1] amd64-microcode security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00025.html"
},
{
"name": "[debian-lts-announce] 20210816 [SECURITY] [DLA 2743-1] amd64-microcode security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00019.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2017-5715",
"datePublished": "2018-01-04T13:00:00.000Z",
"dateReserved": "2017-02-01T00:00:00.000Z",
"dateUpdated": "2025-05-06T14:59:36.405Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35507 (GCVE-0-2020-35507)
Vulnerability from cvelistv5
Published
2021-01-04 14:24
Modified
2024-08-04 17:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1911691 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210212-0007/ | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/202107-24 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:02:08.104Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1911691"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210212-0007/"
},
{
"name": "GLSA-202107-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202107-24"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "binutils",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "binutils 2.34"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There\u0027s a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-10T04:06:32",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1911691"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210212-0007/"
},
{
"name": "GLSA-202107-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202107-24"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-35507",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "binutils",
"version": {
"version_data": [
{
"version_value": "binutils 2.34"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There\u0027s a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1911691",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1911691"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210212-0007/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210212-0007/"
},
{
"name": "GLSA-202107-24",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202107-24"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-35507",
"datePublished": "2021-01-04T14:24:56",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-04T17:02:08.104Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19053 (GCVE-0-2019-19053)
Vulnerability from cvelistv5
Published
2019-11-18 05:23
Modified
2024-08-05 02:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A memory leak in the rpmsg_eptdev_write_iter() function in drivers/rpmsg/rpmsg_char.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering copy_from_iter_full() failures, aka CID-bbe692e349e2.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/torvalds/linux/commit/bbe692e349e2a1edf3fe0a29a0e05899c9c94d51 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20191205-0001/ | x_refsource_CONFIRM | |
| https://usn.ubuntu.com/4300-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://usn.ubuntu.com/4301-1/ | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:09:38.802Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/bbe692e349e2a1edf3fe0a29a0e05899c9c94d51"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20191205-0001/"
},
{
"name": "USN-4300-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4300-1/"
},
{
"name": "USN-4301-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4301-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A memory leak in the rpmsg_eptdev_write_iter() function in drivers/rpmsg/rpmsg_char.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering copy_from_iter_full() failures, aka CID-bbe692e349e2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-02T23:06:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torvalds/linux/commit/bbe692e349e2a1edf3fe0a29a0e05899c9c94d51"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20191205-0001/"
},
{
"name": "USN-4300-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4300-1/"
},
{
"name": "USN-4301-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4301-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19053",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A memory leak in the rpmsg_eptdev_write_iter() function in drivers/rpmsg/rpmsg_char.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering copy_from_iter_full() failures, aka CID-bbe692e349e2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/torvalds/linux/commit/bbe692e349e2a1edf3fe0a29a0e05899c9c94d51",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/bbe692e349e2a1edf3fe0a29a0e05899c9c94d51"
},
{
"name": "https://security.netapp.com/advisory/ntap-20191205-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20191205-0001/"
},
{
"name": "USN-4300-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4300-1/"
},
{
"name": "USN-4301-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4301-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19053",
"datePublished": "2019-11-18T05:23:51",
"dateReserved": "2019-11-18T00:00:00",
"dateUpdated": "2024-08-05T02:09:38.802Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-36946 (GCVE-0-2022-36946)
Vulnerability from cvelistv5
Published
2022-07-27 00:00
Modified
2025-05-05 16:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.314Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://marc.info/?l=netfilter-devel\u0026m=165883202007292\u0026w=2"
},
{
"name": "DSA-5207",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5207"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220901-0007/"
},
{
"name": "[debian-lts-announce] 20220911 [SECURITY] [DLA 3102-1] linux-5.10 new package",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00011.html"
},
{
"name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=99a63d36cb3ed5ca3aa6fcb64cffbeaf3b0fb164"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-36946",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:27:06.847869Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T16:13:27.647Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb-\u003elen."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-25T00:40:11.457Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://marc.info/?l=netfilter-devel\u0026m=165883202007292\u0026w=2"
},
{
"name": "DSA-5207",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5207"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220901-0007/"
},
{
"name": "[debian-lts-announce] 20220911 [SECURITY] [DLA 3102-1] linux-5.10 new package",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00011.html"
},
{
"name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html"
},
{
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=99a63d36cb3ed5ca3aa6fcb64cffbeaf3b0fb164"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36946",
"datePublished": "2022-07-27T00:00:00.000Z",
"dateReserved": "2022-07-27T00:00:00.000Z",
"dateUpdated": "2025-05-05T16:13:27.647Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2068 (GCVE-0-2022-2068)
Vulnerability from cvelistv5
Published
2022-06-21 14:45
Modified
2025-05-05 16:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Command injection
Summary
In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:44.279Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.openssl.org/news/secadv/20220621.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2c9c35870601b4a44d86ddbf512b38df38285cfa"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9639817dac8bbbaa64d09efad7464ccc405527c7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=7a9c027159fe9e1bbc2cd38a8a2914bff0d5abd9"
},
{
"name": "DSA-5169",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5169"
},
{
"name": "FEDORA-2022-3b7d0abd0b",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WZZBKUHQFGSKGNXXKICSRPL7AMVW5M5/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220707-0008/"
},
{
"name": "FEDORA-2022-41890e9e44",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-2068",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:27:34.326774Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T16:20:40.016Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "OpenSSL",
"vendor": "OpenSSL",
"versions": [
{
"status": "affected",
"version": "Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3)"
},
{
"status": "affected",
"version": "Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o)"
},
{
"status": "affected",
"version": "Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze)"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Chancen (Qingteng 73lab)"
}
],
"datePublic": "2022-06-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze)."
}
],
"metrics": [
{
"other": {
"content": {
"lang": "eng",
"url": "https://www.openssl.org/policies/secpolicy.html#Moderate",
"value": "Moderate"
},
"type": "unknown"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Command injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-10T00:00:00.000Z",
"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"shortName": "openssl"
},
"references": [
{
"url": "https://www.openssl.org/news/secadv/20220621.txt"
},
{
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2c9c35870601b4a44d86ddbf512b38df38285cfa"
},
{
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9639817dac8bbbaa64d09efad7464ccc405527c7"
},
{
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=7a9c027159fe9e1bbc2cd38a8a2914bff0d5abd9"
},
{
"name": "DSA-5169",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5169"
},
{
"name": "FEDORA-2022-3b7d0abd0b",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WZZBKUHQFGSKGNXXKICSRPL7AMVW5M5/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220707-0008/"
},
{
"name": "FEDORA-2022-41890e9e44",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf"
}
],
"title": "The c_rehash script allows command injection"
}
},
"cveMetadata": {
"assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"assignerShortName": "openssl",
"cveId": "CVE-2022-2068",
"datePublished": "2022-06-21T14:45:20.597Z",
"dateReserved": "2022-06-13T00:00:00.000Z",
"dateUpdated": "2025-05-05T16:20:40.016Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28796 (GCVE-0-2022-28796)
Vulnerability from cvelistv5
Published
2022-04-08 04:11
Modified
2024-08-03 06:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.1 | x_refsource_MISC | |
| https://github.com/torvalds/linux/commit/cc16eecae687912238ee6efbff71ad31e2bc414e | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20220506-0006/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:03:52.967Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/cc16eecae687912238ee6efbff71ad31e2bc414e"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220506-0006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-06T13:06:19",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torvalds/linux/commit/cc16eecae687912238ee6efbff71ad31e2bc414e"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220506-0006/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-28796",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.1",
"refsource": "MISC",
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.1"
},
{
"name": "https://github.com/torvalds/linux/commit/cc16eecae687912238ee6efbff71ad31e2bc414e",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/cc16eecae687912238ee6efbff71ad31e2bc414e"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220506-0006/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220506-0006/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-28796",
"datePublished": "2022-04-08T04:11:51",
"dateReserved": "2022-04-08T00:00:00",
"dateUpdated": "2024-08-03T06:03:52.967Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-35252 (GCVE-0-2022-35252)
Vulnerability from cvelistv5
Published
2022-09-23 00:00
Modified
2025-05-05 16:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation ()
Summary
When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/curl/curl |
Version: Fixed in curl 7.85.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:29:17.455Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://hackerone.com/reports/1613943"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220930-0005/"
},
{
"name": "GLSA-202212-01",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202212-01"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213603"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213604"
},
{
"name": "20230123 APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Jan/20"
},
{
"name": "20230123 APPLE-SA-2023-01-23-6 macOS Big Sur 11.7.3",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Jan/21"
},
{
"name": "[debian-lts-announce] 20230128 [SECURITY] [DLA 3288-1] curl security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-35252",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:30:42.952225Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T16:14:44.468Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "https://github.com/curl/curl",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in curl 7.85.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a\"sister site\" to deny service to all siblings."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Improper Input Validation (CWE-20)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-28T00:00:00.000Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/1613943"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220930-0005/"
},
{
"name": "GLSA-202212-01",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202212-01"
},
{
"url": "https://support.apple.com/kb/HT213603"
},
{
"url": "https://support.apple.com/kb/HT213604"
},
{
"name": "20230123 APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2023/Jan/20"
},
{
"name": "20230123 APPLE-SA-2023-01-23-6 macOS Big Sur 11.7.3",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2023/Jan/21"
},
{
"name": "[debian-lts-announce] 20230128 [SECURITY] [DLA 3288-1] curl security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2022-35252",
"datePublished": "2022-09-23T00:00:00.000Z",
"dateReserved": "2022-07-06T00:00:00.000Z",
"dateUpdated": "2025-05-05T16:14:44.468Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1678 (GCVE-0-2022-1678)
Vulnerability from cvelistv5
Published
2022-05-25 14:49
Modified
2024-08-03 00:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-911 - Improper Update of Reference Count
Summary
An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.openanolis.cn/show_bug.cgi?id=61 | x_refsource_CONFIRM | |
| https://lore.kernel.org/all/20200602080425.93712-1-kerneljasonxing%40gmail.com/ | x_refsource_MISC | |
| https://github.com/torvalds/linux/commit/0a70f118475e037732557796accd0878a00fc25a | x_refsource_MISC | |
| https://gitee.com/anolis/cloud-kernel/commit/bed537da691b | x_refsource_MISC | |
| https://anas.openanolis.cn/cves/detail/CVE-2022-1678 | x_refsource_MISC | |
| https://anas.openanolis.cn/errata/detail/ANSA-2022:0143 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20220715-0001/ | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:03.820Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=61"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lore.kernel.org/all/20200602080425.93712-1-kerneljasonxing%40gmail.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/0a70f118475e037732557796accd0878a00fc25a"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitee.com/anolis/cloud-kernel/commit/bed537da691b"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://anas.openanolis.cn/cves/detail/CVE-2022-1678"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://anas.openanolis.cn/errata/detail/ANSA-2022:0143"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220715-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "kernel",
"vendor": "n/a",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "4.18",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.19",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-911",
"description": "CWE-911 Improper Update of Reference Count",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-15T15:06:58",
"orgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e",
"shortName": "Anolis"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=61"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lore.kernel.org/all/20200602080425.93712-1-kerneljasonxing%40gmail.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torvalds/linux/commit/0a70f118475e037732557796accd0878a00fc25a"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitee.com/anolis/cloud-kernel/commit/bed537da691b"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://anas.openanolis.cn/cves/detail/CVE-2022-1678"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://anas.openanolis.cn/errata/detail/ANSA-2022:0143"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220715-0001/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@openanolis.org",
"ID": "CVE-2022-1678",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "kernel",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "4.18"
},
{
"version_affected": "\u003c=",
"version_value": "4.19"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-911 Improper Update of Reference Count"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.openanolis.cn/show_bug.cgi?id=61",
"refsource": "CONFIRM",
"url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=61"
},
{
"name": "https://lore.kernel.org/all/20200602080425.93712-1-kerneljasonxing@gmail.com/",
"refsource": "MISC",
"url": "https://lore.kernel.org/all/20200602080425.93712-1-kerneljasonxing@gmail.com/"
},
{
"name": "https://github.com/torvalds/linux/commit/0a70f118475e037732557796accd0878a00fc25a",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/0a70f118475e037732557796accd0878a00fc25a"
},
{
"name": "https://gitee.com/anolis/cloud-kernel/commit/bed537da691b",
"refsource": "MISC",
"url": "https://gitee.com/anolis/cloud-kernel/commit/bed537da691b"
},
{
"name": "https://anas.openanolis.cn/cves/detail/CVE-2022-1678",
"refsource": "MISC",
"url": "https://anas.openanolis.cn/cves/detail/CVE-2022-1678"
},
{
"name": "https://anas.openanolis.cn/errata/detail/ANSA-2022:0143",
"refsource": "MISC",
"url": "https://anas.openanolis.cn/errata/detail/ANSA-2022:0143"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220715-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220715-0001/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e",
"assignerShortName": "Anolis",
"cveId": "CVE-2022-1678",
"datePublished": "2022-05-25T14:49:30",
"dateReserved": "2022-05-12T00:00:00",
"dateUpdated": "2024-08-03T00:10:03.820Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21211 (GCVE-0-2024-21211)
Vulnerability from cvelistv5
Published
2024-10-15 19:52
Modified
2024-10-31 12:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle Java SE: 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.oracle.com/security-alerts/cpuoct2024.html | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Oracle Corporation | GraalVM |
Version: Oracle Java SE:23 Version: Oracle GraalVM for JDK:17.0.12 Version: Oracle GraalVM for JDK:21.0.4 Version: Oracle GraalVM for JDK:23 Version: Oracle GraalVM Enterprise Edition:20.3.15 Version: Oracle GraalVM Enterprise Edition:21.3.11 cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:* cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:*:*:*:*:*:*:* cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:graalvm_for_jdk:23:*:*:*:*:*:*:* cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:enterprise:*:*:* cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:enterprise:*:*:* |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21211",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T13:26:03.882463Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-922",
"description": "CWE-922 Insecure Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-31T12:58:57.038Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-10-18T13:07:36.569Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20241018-0008/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:graalvm_for_jdk:23:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:enterprise:*:*:*",
"cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:enterprise:*:*:*"
],
"product": "GraalVM",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "Oracle Java SE:23"
},
{
"status": "affected",
"version": "Oracle GraalVM for JDK:17.0.12"
},
{
"status": "affected",
"version": "Oracle GraalVM for JDK:21.0.4"
},
{
"status": "affected",
"version": "Oracle GraalVM for JDK:23"
},
{
"status": "affected",
"version": "Oracle GraalVM Enterprise Edition:20.3.15"
},
{
"status": "affected",
"version": "Oracle GraalVM Enterprise Edition:21.3.11"
}
]
},
{
"cpes": [
"cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:graalvm_for_jdk:23:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:enterprise:*:*:*",
"cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:enterprise:*:*:*"
],
"product": "Oracle Java SE",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "Oracle Java SE:23"
},
{
"status": "affected",
"version": "Oracle GraalVM for JDK:17.0.12"
},
{
"status": "affected",
"version": "Oracle GraalVM for JDK:21.0.4"
},
{
"status": "affected",
"version": "Oracle GraalVM for JDK:23"
},
{
"status": "affected",
"version": "Oracle GraalVM Enterprise Edition:20.3.15"
},
{
"status": "affected",
"version": "Oracle GraalVM Enterprise Edition:21.3.11"
}
]
}
],
"descriptions": [
{
"lang": "en-US",
"value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle Java SE: 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T19:52:41.883Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2024.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2024-21211",
"datePublished": "2024-10-15T19:52:41.883Z",
"dateReserved": "2023-12-07T22:28:10.690Z",
"dateUpdated": "2024-10-31T12:58:57.038Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19050 (GCVE-0-2019-19050)
Vulnerability from cvelistv5
Published
2019-11-18 05:23
Modified
2024-08-05 02:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A memory leak in the crypto_reportstat() function in crypto/crypto_user_stat.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_reportstat_alg() failures, aka CID-c03b04dcdba1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/torvalds/linux/commit/c03b04dcdba1da39903e23cc4d072abf8f68f2dd | x_refsource_MISC | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/ | vendor-advisory, x_refsource_FEDORA | |
| https://security.netapp.com/advisory/ntap-20191205-0001/ | x_refsource_CONFIRM | |
| https://usn.ubuntu.com/4258-1/ | vendor-advisory, x_refsource_UBUNTU | |
| http://packetstormsecurity.com/files/156455/Kernel-Live-Patch-Security-Notice-LSN-0063-1.html | x_refsource_MISC | |
| https://usn.ubuntu.com/4284-1/ | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:09:38.133Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/c03b04dcdba1da39903e23cc4d072abf8f68f2dd"
},
{
"name": "FEDORA-2019-021c968423",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/"
},
{
"name": "FEDORA-2019-34a75d7e61",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20191205-0001/"
},
{
"name": "USN-4258-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4258-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/156455/Kernel-Live-Patch-Security-Notice-LSN-0063-1.html"
},
{
"name": "USN-4284-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4284-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A memory leak in the crypto_reportstat() function in crypto/crypto_user_stat.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_reportstat_alg() failures, aka CID-c03b04dcdba1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-02T20:06:19",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torvalds/linux/commit/c03b04dcdba1da39903e23cc4d072abf8f68f2dd"
},
{
"name": "FEDORA-2019-021c968423",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/"
},
{
"name": "FEDORA-2019-34a75d7e61",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20191205-0001/"
},
{
"name": "USN-4258-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4258-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/156455/Kernel-Live-Patch-Security-Notice-LSN-0063-1.html"
},
{
"name": "USN-4284-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4284-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19050",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A memory leak in the crypto_reportstat() function in crypto/crypto_user_stat.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_reportstat_alg() failures, aka CID-c03b04dcdba1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/torvalds/linux/commit/c03b04dcdba1da39903e23cc4d072abf8f68f2dd",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/c03b04dcdba1da39903e23cc4d072abf8f68f2dd"
},
{
"name": "FEDORA-2019-021c968423",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/"
},
{
"name": "FEDORA-2019-34a75d7e61",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20191205-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20191205-0001/"
},
{
"name": "USN-4258-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4258-1/"
},
{
"name": "http://packetstormsecurity.com/files/156455/Kernel-Live-Patch-Security-Notice-LSN-0063-1.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/156455/Kernel-Live-Patch-Security-Notice-LSN-0063-1.html"
},
{
"name": "USN-4284-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4284-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19050",
"datePublished": "2019-11-18T05:23:47",
"dateReserved": "2019-11-18T00:00:00",
"dateUpdated": "2024-08-05T02:09:38.133Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-43680 (GCVE-0-2022-43680)
Vulnerability from cvelistv5
Published
2022-10-24 00:00
Modified
2025-05-30 19:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:40:06.144Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/libexpat/libexpat/pull/650"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/libexpat/libexpat/issues/649"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/libexpat/libexpat/pull/616"
},
{
"name": "[debian-lts-announce] 20221028 [SECURITY] [DLA 3165-1] expat security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00033.html"
},
{
"name": "DSA-5266",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5266"
},
{
"name": "GLSA-202210-38",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202210-38"
},
{
"name": "FEDORA-2022-ae2559a8f4",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BY4OPSIB33ETNUXZY2UPZ4NGQ3OKDY4D/"
},
{
"name": "FEDORA-2022-3cf0e7ebc7",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AJ5VY2VYXE4WTRGQ6LMGLF6FV3SY37YE/"
},
{
"name": "FEDORA-2022-f3a939e960",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUJ2BULJTZ2BMSKQHB6US674P55UCWWS/"
},
{
"name": "FEDORA-2022-5f1e2e9016",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG5XOOB7CD55CEE6OJYKSACSIMQ4RWQ6/"
},
{
"name": "FEDORA-2022-49db80f821",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DPQVIF6TOJNY2T3ZZETFKR4G34FFREBQ/"
},
{
"name": "FEDORA-2022-c43235716e",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FFCOMBSOJKLIKCGCJWHLJXO4EVYBG7AR/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20221118-0007/"
},
{
"name": "[oss-security] 20231228 CVE-2022-43680: Apache OpenOffice: \"Use after free\" fixed in libexpat",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/28/5"
},
{
"name": "[oss-security] 20240103 CVE-2022-43680: Apache OpenOffice: \"Use after free\" fixed in libexpat",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/01/03/5"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-43680",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-30T19:19:46.789242Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-30T19:20:52.533Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-03T12:06:22.913Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/libexpat/libexpat/pull/650"
},
{
"url": "https://github.com/libexpat/libexpat/issues/649"
},
{
"url": "https://github.com/libexpat/libexpat/pull/616"
},
{
"name": "[debian-lts-announce] 20221028 [SECURITY] [DLA 3165-1] expat security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00033.html"
},
{
"name": "DSA-5266",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5266"
},
{
"name": "GLSA-202210-38",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202210-38"
},
{
"name": "FEDORA-2022-ae2559a8f4",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BY4OPSIB33ETNUXZY2UPZ4NGQ3OKDY4D/"
},
{
"name": "FEDORA-2022-3cf0e7ebc7",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AJ5VY2VYXE4WTRGQ6LMGLF6FV3SY37YE/"
},
{
"name": "FEDORA-2022-f3a939e960",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUJ2BULJTZ2BMSKQHB6US674P55UCWWS/"
},
{
"name": "FEDORA-2022-5f1e2e9016",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG5XOOB7CD55CEE6OJYKSACSIMQ4RWQ6/"
},
{
"name": "FEDORA-2022-49db80f821",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DPQVIF6TOJNY2T3ZZETFKR4G34FFREBQ/"
},
{
"name": "FEDORA-2022-c43235716e",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FFCOMBSOJKLIKCGCJWHLJXO4EVYBG7AR/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20221118-0007/"
},
{
"name": "[oss-security] 20231228 CVE-2022-43680: Apache OpenOffice: \"Use after free\" fixed in libexpat",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/28/5"
},
{
"name": "[oss-security] 20240103 CVE-2022-43680: Apache OpenOffice: \"Use after free\" fixed in libexpat",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2024/01/03/5"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-43680",
"datePublished": "2022-10-24T00:00:00.000Z",
"dateReserved": "2022-10-24T00:00:00.000Z",
"dateUpdated": "2025-05-30T19:20:52.533Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0492 (GCVE-0-2022-0492)
Vulnerability from cvelistv5
Published
2022-03-03 00:00
Modified
2024-08-02 23:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:45.292Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2051505"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=24f6008564183aa120d07c03d9289519c2fe02af"
},
{
"name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2940-1] linux security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html"
},
{
"name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html"
},
{
"name": "DSA-5095",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5095"
},
{
"name": "DSA-5096",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5096"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/166444/Kernel-Live-Patch-Security-Notice-LSN-0085-1.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220419-0002/"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/167386/Kernel-Live-Patch-Security-Notice-LSN-0086-1.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/176099/Docker-cgroups-Container-Escape.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "kernel",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "kernel 5.17 rc3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in the Linux kernel\u2019s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-07T15:06:18.421771",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2051505"
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=24f6008564183aa120d07c03d9289519c2fe02af"
},
{
"name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2940-1] linux security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html"
},
{
"name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html"
},
{
"name": "DSA-5095",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5095"
},
{
"name": "DSA-5096",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5096"
},
{
"url": "http://packetstormsecurity.com/files/166444/Kernel-Live-Patch-Security-Notice-LSN-0085-1.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220419-0002/"
},
{
"url": "http://packetstormsecurity.com/files/167386/Kernel-Live-Patch-Security-Notice-LSN-0086-1.html"
},
{
"url": "http://packetstormsecurity.com/files/176099/Docker-cgroups-Container-Escape.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-0492",
"datePublished": "2022-03-03T00:00:00",
"dateReserved": "2022-02-04T00:00:00",
"dateUpdated": "2024-08-02T23:32:45.292Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3753 (GCVE-0-2021-3753)
Vulnerability from cvelistv5
Published
2022-02-16 00:00
Modified
2024-08-03 17:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel, which may cause an out of bounds read in vt as the write access to vc_mode is not protected by lock-in vt_ioctl (KDSETMDE). The highest threat from this vulnerability is to data confidentiality.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:08.286Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999589"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/2287a51ba822384834dafc1c798453375d1107c7"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2021/09/01/4"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20221028-0003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "kernel",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Linux kernel 5.15-rc1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel, which may cause an out of bounds read in vt as the write access to vc_mode is not protected by lock-in vt_ioctl (KDSETMDE). The highest threat from this vulnerability is to data confidentiality."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-28T00:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999589"
},
{
"url": "https://github.com/torvalds/linux/commit/2287a51ba822384834dafc1c798453375d1107c7"
},
{
"url": "https://www.openwall.com/lists/oss-security/2021/09/01/4"
},
{
"url": "https://security.netapp.com/advisory/ntap-20221028-0003/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3753",
"datePublished": "2022-02-16T00:00:00",
"dateReserved": "2021-08-31T00:00:00",
"dateUpdated": "2024-08-03T17:09:08.286Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27776 (GCVE-0-2022-27776)
Vulnerability from cvelistv5
Published
2022-06-01 00:00
Modified
2024-11-20 15:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-522 - Insufficiently Protected Credentials ()
Summary
A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/curl/curl |
Version: fixed in curl 7.83.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:59.926Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://hackerone.com/reports/1547048"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220609-0008/"
},
{
"name": "DSA-5197",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5197"
},
{
"name": "[debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"
},
{
"name": "FEDORA-2022-f83aec6d57",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7N5ZBWLNNPZKFK7Q4KEHGCJ2YELQEUJP/"
},
{
"name": "FEDORA-2022-bca2c95559",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKKOQXPYLMBSEVDHFS32BPBR3ZQJKY5B/"
},
{
"name": "GLSA-202212-01",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202212-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-27776",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-20T15:23:04.795275Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T15:23:17.772Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "https://github.com/curl/curl",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "fixed in curl 7.83.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "Insufficiently Protected Credentials (CWE-522)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-19T00:00:00",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/1547048"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220609-0008/"
},
{
"name": "DSA-5197",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5197"
},
{
"name": "[debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"
},
{
"name": "FEDORA-2022-f83aec6d57",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7N5ZBWLNNPZKFK7Q4KEHGCJ2YELQEUJP/"
},
{
"name": "FEDORA-2022-bca2c95559",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKKOQXPYLMBSEVDHFS32BPBR3ZQJKY5B/"
},
{
"name": "GLSA-202212-01",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202212-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2022-27776",
"datePublished": "2022-06-01T00:00:00",
"dateReserved": "2022-03-23T00:00:00",
"dateUpdated": "2024-11-20T15:23:17.772Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-17498 (GCVE-0-2019-17498)
Vulnerability from cvelistv5
Published
2019-10-21 00:00
Modified
2024-08-05 01:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:40:15.913Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/libssh2/libssh2/blob/42d37aa63129a1b2644bf6495198923534322d64/src/packet.c#L480"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.semmle.com/libssh2-integer-overflow-CVE-2019-17498/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/kevinbackhouse/SecurityExploits/tree/8cbdbbe6363510f7d9ceec685373da12e6fc752d/libssh2/out_of_bounds_read_disconnect_CVE-2019-17498"
},
{
"name": "FEDORA-2019-91529f19e4",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TY7EEE34RFKCTXTMBQQWWSLXZWSCXNDB/"
},
{
"name": "openSUSE-SU-2019:2483",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00026.html"
},
{
"name": "[debian-lts-announce] 20191113 [SECURITY] [DLA 1991-1] libssh2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00010.html"
},
{
"name": "FEDORA-2019-ec04c34768",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22H4Q5XMGS3QNSA7OCL3U7UQZ4NXMR5O/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/libssh2/libssh2/commit/dedcbd106f8e52d5586b0205bc7677e4c9868f9c"
},
{
"name": "[debian-lts-announce] 20211217 [SECURITY] [DLA 2848-1] libssh2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00013.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220909-0004/"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/172835/libssh2-1.9.0-Out-Of-Bounds-Read.html"
},
{
"name": "[debian-lts-announce] 20230908 [SECURITY] [DLA 3559-1] libssh2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00006.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-08T13:06:20.499920",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/libssh2/libssh2/blob/42d37aa63129a1b2644bf6495198923534322d64/src/packet.c#L480"
},
{
"url": "https://blog.semmle.com/libssh2-integer-overflow-CVE-2019-17498/"
},
{
"url": "https://github.com/kevinbackhouse/SecurityExploits/tree/8cbdbbe6363510f7d9ceec685373da12e6fc752d/libssh2/out_of_bounds_read_disconnect_CVE-2019-17498"
},
{
"name": "FEDORA-2019-91529f19e4",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TY7EEE34RFKCTXTMBQQWWSLXZWSCXNDB/"
},
{
"name": "openSUSE-SU-2019:2483",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00026.html"
},
{
"name": "[debian-lts-announce] 20191113 [SECURITY] [DLA 1991-1] libssh2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00010.html"
},
{
"name": "FEDORA-2019-ec04c34768",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22H4Q5XMGS3QNSA7OCL3U7UQZ4NXMR5O/"
},
{
"url": "https://github.com/libssh2/libssh2/commit/dedcbd106f8e52d5586b0205bc7677e4c9868f9c"
},
{
"name": "[debian-lts-announce] 20211217 [SECURITY] [DLA 2848-1] libssh2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00013.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220909-0004/"
},
{
"url": "http://packetstormsecurity.com/files/172835/libssh2-1.9.0-Out-Of-Bounds-Read.html"
},
{
"name": "[debian-lts-announce] 20230908 [SECURITY] [DLA 3559-1] libssh2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00006.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-17498",
"datePublished": "2019-10-21T00:00:00",
"dateReserved": "2019-10-11T00:00:00",
"dateUpdated": "2024-08-05T01:40:15.913Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18805 (GCVE-0-2019-18805)
Vulnerability from cvelistv5
Published
2019-11-07 13:08
Modified
2024-08-05 02:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact, aka CID-19fad20d15a6.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.11 | x_refsource_MISC | |
| https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19fad20d15a6494f47f85d869f00b11343ee5c78 | x_refsource_MISC | |
| http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00039.html | vendor-advisory, x_refsource_SUSE | |
| https://security.netapp.com/advisory/ntap-20191205-0001/ | x_refsource_CONFIRM | |
| https://access.redhat.com/errata/RHSA-2020:0740 | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:02:39.538Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.11"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19fad20d15a6494f47f85d869f00b11343ee5c78"
},
{
"name": "openSUSE-SU-2019:2503",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html"
},
{
"name": "openSUSE-SU-2019:2507",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00039.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20191205-0001/"
},
{
"name": "RHSA-2020:0740",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0740"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact, aka CID-19fad20d15a6."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-11T11:06:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.11"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19fad20d15a6494f47f85d869f00b11343ee5c78"
},
{
"name": "openSUSE-SU-2019:2503",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html"
},
{
"name": "openSUSE-SU-2019:2507",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00039.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20191205-0001/"
},
{
"name": "RHSA-2020:0740",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0740"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18805",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact, aka CID-19fad20d15a6."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.11",
"refsource": "MISC",
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.11"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19fad20d15a6494f47f85d869f00b11343ee5c78",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19fad20d15a6494f47f85d869f00b11343ee5c78"
},
{
"name": "openSUSE-SU-2019:2503",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html"
},
{
"name": "openSUSE-SU-2019:2507",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00039.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20191205-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20191205-0001/"
},
{
"name": "RHSA-2020:0740",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0740"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18805",
"datePublished": "2019-11-07T13:08:05",
"dateReserved": "2019-11-07T00:00:00",
"dateUpdated": "2024-08-05T02:02:39.538Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19462 (GCVE-0-2019-19462)
Vulnerability from cvelistv5
Published
2019-11-30 00:57
Modified
2024-08-05 02:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:16:47.410Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://syzkaller-ppc64.appspot.com/bug?id=1c09906c83a8ea811a9e318c2a4f8e243becc6f8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://syzkaller-ppc64.appspot.com/bug?id=b05b4d005191cc375cdf848c3d4d980308d50531"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://syzkaller.appspot.com/bug?id=e4265490d26d6c01cd9bc79dc915ef0a1bf15046"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://syzkaller.appspot.com/bug?id=f4d1cb4330bd3ddf4a628332b4285407b2eedd7b"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lore.kernel.org/lkml/20191129013745.7168-1-dja%40axtens.net/"
},
{
"name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
},
{
"name": "DSA-4698",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4698"
},
{
"name": "DSA-4699",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4699"
},
{
"name": "openSUSE-SU-2020:0801",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html"
},
{
"name": "openSUSE-SU-2020:0935",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html"
},
{
"name": "USN-4414-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4414-1/"
},
{
"name": "USN-4425-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4425-1/"
},
{
"name": "USN-4439-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4439-1/"
},
{
"name": "USN-4440-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4440-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210129-0004/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-29T06:06:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://syzkaller-ppc64.appspot.com/bug?id=1c09906c83a8ea811a9e318c2a4f8e243becc6f8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://syzkaller-ppc64.appspot.com/bug?id=b05b4d005191cc375cdf848c3d4d980308d50531"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://syzkaller.appspot.com/bug?id=e4265490d26d6c01cd9bc79dc915ef0a1bf15046"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://syzkaller.appspot.com/bug?id=f4d1cb4330bd3ddf4a628332b4285407b2eedd7b"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lore.kernel.org/lkml/20191129013745.7168-1-dja%40axtens.net/"
},
{
"name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
},
{
"name": "DSA-4698",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4698"
},
{
"name": "DSA-4699",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4699"
},
{
"name": "openSUSE-SU-2020:0801",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html"
},
{
"name": "openSUSE-SU-2020:0935",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html"
},
{
"name": "USN-4414-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4414-1/"
},
{
"name": "USN-4425-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4425-1/"
},
{
"name": "USN-4439-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4439-1/"
},
{
"name": "USN-4440-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4440-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210129-0004/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19462",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://syzkaller-ppc64.appspot.com/bug?id=1c09906c83a8ea811a9e318c2a4f8e243becc6f8",
"refsource": "MISC",
"url": "https://syzkaller-ppc64.appspot.com/bug?id=1c09906c83a8ea811a9e318c2a4f8e243becc6f8"
},
{
"name": "https://syzkaller-ppc64.appspot.com/bug?id=b05b4d005191cc375cdf848c3d4d980308d50531",
"refsource": "MISC",
"url": "https://syzkaller-ppc64.appspot.com/bug?id=b05b4d005191cc375cdf848c3d4d980308d50531"
},
{
"name": "https://syzkaller.appspot.com/bug?id=e4265490d26d6c01cd9bc79dc915ef0a1bf15046",
"refsource": "MISC",
"url": "https://syzkaller.appspot.com/bug?id=e4265490d26d6c01cd9bc79dc915ef0a1bf15046"
},
{
"name": "https://syzkaller.appspot.com/bug?id=f4d1cb4330bd3ddf4a628332b4285407b2eedd7b",
"refsource": "MISC",
"url": "https://syzkaller.appspot.com/bug?id=f4d1cb4330bd3ddf4a628332b4285407b2eedd7b"
},
{
"name": "https://lore.kernel.org/lkml/20191129013745.7168-1-dja@axtens.net/",
"refsource": "MISC",
"url": "https://lore.kernel.org/lkml/20191129013745.7168-1-dja@axtens.net/"
},
{
"name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
},
{
"name": "DSA-4698",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4698"
},
{
"name": "DSA-4699",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4699"
},
{
"name": "openSUSE-SU-2020:0801",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html"
},
{
"name": "openSUSE-SU-2020:0935",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html"
},
{
"name": "USN-4414-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4414-1/"
},
{
"name": "USN-4425-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4425-1/"
},
{
"name": "USN-4439-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4439-1/"
},
{
"name": "USN-4440-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4440-1/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210129-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210129-0004/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19462",
"datePublished": "2019-11-30T00:57:13",
"dateReserved": "2019-11-30T00:00:00",
"dateUpdated": "2024-08-05T02:16:47.410Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-4203 (GCVE-0-2021-4203)
Vulnerability from cvelistv5
Published
2022-03-25 00:00
Modified
2024-08-03 17:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-362 - ->CWE-416
Summary
A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:16:04.262Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2036934"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2230\u0026can=7\u0026q=modified-after%3Atoday-30\u0026sort=-modified\u0026colspec=ID%20Type%20Status%20Priority%20Milestone%20Owner%20Summary%20Modified%20Cve\u0026cells=tiles\u0026redir=1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=35306eb23814"
},
{
"tags": [
"x_transferred"
],
"url": "https://lore.kernel.org/netdev/20210929225750.2548112-1-eric.dumazet%40gmail.com/T/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20221111-0003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "kernel",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "kernel 5.15 rc4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362-\u003eCWE-416",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-14T00:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2036934"
},
{
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2230\u0026can=7\u0026q=modified-after%3Atoday-30\u0026sort=-modified\u0026colspec=ID%20Type%20Status%20Priority%20Milestone%20Owner%20Summary%20Modified%20Cve\u0026cells=tiles\u0026redir=1"
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=35306eb23814"
},
{
"url": "https://lore.kernel.org/netdev/20210929225750.2548112-1-eric.dumazet%40gmail.com/T/"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20221111-0003/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-4203",
"datePublished": "2022-03-25T00:00:00",
"dateReserved": "2022-01-10T00:00:00",
"dateUpdated": "2024-08-03T17:16:04.262Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13272 (GCVE-0-2019-13272)
Vulnerability from cvelistv5
Published
2019-07-17 12:32
Modified
2025-02-04 20:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:24.327Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153663/Linux-PTRACE_TRACEME-Broken-Permission-Object-Lifetime-Handling.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1903"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.17"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/6994eefb0053799d2e07cd140df6c2ea106c41ee"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6994eefb0053799d2e07cd140df6c2ea106c41ee"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1140671"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730895"
},
{
"name": "FEDORA-2019-a95015e60f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OGRK5LYWBJ4E4SRI4DKX367NHYSI3VOH/"
},
{
"name": "DSA-4484",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4484"
},
{
"name": "20190722 [SECURITY] [DSA 4484-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jul/30"
},
{
"name": "20190722 [slackware-security] Slackware 14.2 kernel (SSA:2019-202-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jul/33"
},
{
"name": "[debian-lts-announce] 20190723 [SECURITY] [DLA 1862-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00022.html"
},
{
"name": "[debian-lts-announce] 20190723 [SECURITY] [DLA 1863-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00023.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190806-0001/"
},
{
"name": "RHSA-2019:2405",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2405"
},
{
"name": "RHSA-2019:2411",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2411"
},
{
"name": "USN-4093-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4093-1/"
},
{
"name": "USN-4094-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4094-1/"
},
{
"name": "USN-4095-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4095-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K91025336"
},
{
"name": "USN-4117-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4117-1/"
},
{
"name": "USN-4118-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4118-1/"
},
{
"name": "RHSA-2019:2809",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2809"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K91025336?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154957/Linux-Polkit-pkexec-Helper-PTRACE_TRACEME-Local-Root.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/156929/Linux-PTRACE_TRACEME-Local-Root.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165051/Linux-Kernel-5.1.x-PTRACE_TRACEME-pkexec-Local-Privilege-Escalation.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2019-13272",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T20:35:06.511512Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2021-12-10",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-13272"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T20:35:33.942Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit\u0027s pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-23T18:06:10.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153663/Linux-PTRACE_TRACEME-Broken-Permission-Object-Lifetime-Handling.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1903"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.17"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torvalds/linux/commit/6994eefb0053799d2e07cd140df6c2ea106c41ee"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6994eefb0053799d2e07cd140df6c2ea106c41ee"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1140671"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730895"
},
{
"name": "FEDORA-2019-a95015e60f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OGRK5LYWBJ4E4SRI4DKX367NHYSI3VOH/"
},
{
"name": "DSA-4484",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4484"
},
{
"name": "20190722 [SECURITY] [DSA 4484-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Jul/30"
},
{
"name": "20190722 [slackware-security] Slackware 14.2 kernel (SSA:2019-202-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Jul/33"
},
{
"name": "[debian-lts-announce] 20190723 [SECURITY] [DLA 1862-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00022.html"
},
{
"name": "[debian-lts-announce] 20190723 [SECURITY] [DLA 1863-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00023.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190806-0001/"
},
{
"name": "RHSA-2019:2405",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2405"
},
{
"name": "RHSA-2019:2411",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2411"
},
{
"name": "USN-4093-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4093-1/"
},
{
"name": "USN-4094-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4094-1/"
},
{
"name": "USN-4095-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4095-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K91025336"
},
{
"name": "USN-4117-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4117-1/"
},
{
"name": "USN-4118-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4118-1/"
},
{
"name": "RHSA-2019:2809",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2809"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K91025336?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154957/Linux-Polkit-pkexec-Helper-PTRACE_TRACEME-Local-Root.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/156929/Linux-PTRACE_TRACEME-Local-Root.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/165051/Linux-Kernel-5.1.x-PTRACE_TRACEME-pkexec-Local-Privilege-Escalation.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13272",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit\u0027s pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/153663/Linux-PTRACE_TRACEME-Broken-Permission-Object-Lifetime-Handling.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153663/Linux-PTRACE_TRACEME-Broken-Permission-Object-Lifetime-Handling.html"
},
{
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1903",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1903"
},
{
"name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.17",
"refsource": "MISC",
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.17"
},
{
"name": "https://github.com/torvalds/linux/commit/6994eefb0053799d2e07cd140df6c2ea106c41ee",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/6994eefb0053799d2e07cd140df6c2ea106c41ee"
},
{
"name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6994eefb0053799d2e07cd140df6c2ea106c41ee",
"refsource": "MISC",
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6994eefb0053799d2e07cd140df6c2ea106c41ee"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1140671",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1140671"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1730895",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730895"
},
{
"name": "FEDORA-2019-a95015e60f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OGRK5LYWBJ4E4SRI4DKX367NHYSI3VOH/"
},
{
"name": "DSA-4484",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4484"
},
{
"name": "20190722 [SECURITY] [DSA 4484-1] linux security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Jul/30"
},
{
"name": "20190722 [slackware-security] Slackware 14.2 kernel (SSA:2019-202-01)",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Jul/33"
},
{
"name": "[debian-lts-announce] 20190723 [SECURITY] [DLA 1862-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00022.html"
},
{
"name": "[debian-lts-announce] 20190723 [SECURITY] [DLA 1863-1] linux-4.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00023.html"
},
{
"name": "http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190806-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190806-0001/"
},
{
"name": "RHSA-2019:2405",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2405"
},
{
"name": "RHSA-2019:2411",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2411"
},
{
"name": "USN-4093-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4093-1/"
},
{
"name": "USN-4094-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4094-1/"
},
{
"name": "USN-4095-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4095-1/"
},
{
"name": "http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html"
},
{
"name": "https://support.f5.com/csp/article/K91025336",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K91025336"
},
{
"name": "USN-4117-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4117-1/"
},
{
"name": "USN-4118-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4118-1/"
},
{
"name": "RHSA-2019:2809",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2809"
},
{
"name": "https://support.f5.com/csp/article/K91025336?utm_source=f5support\u0026amp;utm_medium=RSS",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K91025336?utm_source=f5support\u0026amp;utm_medium=RSS"
},
{
"name": "http://packetstormsecurity.com/files/154957/Linux-Polkit-pkexec-Helper-PTRACE_TRACEME-Local-Root.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154957/Linux-Polkit-pkexec-Helper-PTRACE_TRACEME-Local-Root.html"
},
{
"name": "http://packetstormsecurity.com/files/156929/Linux-PTRACE_TRACEME-Local-Root.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/156929/Linux-PTRACE_TRACEME-Local-Root.html"
},
{
"name": "http://packetstormsecurity.com/files/165051/Linux-Kernel-5.1.x-PTRACE_TRACEME-pkexec-Local-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/165051/Linux-Kernel-5.1.x-PTRACE_TRACEME-pkexec-Local-Privilege-Escalation.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13272",
"datePublished": "2019-07-17T12:32:55.000Z",
"dateReserved": "2019-07-04T00:00:00.000Z",
"dateUpdated": "2025-02-04T20:35:33.942Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27779 (GCVE-0-2022-27779)
Vulnerability from cvelistv5
Published
2022-06-01 00:00
Modified
2024-08-03 05:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-201 - Information Exposure Through Sent Data ()
Summary
libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. curl's "cookie engine" can bebuilt with or without [Public Suffix List](https://publicsuffix.org/)awareness. If PSL support not provided, a more rudimentary check exists to atleast prevent cookies from being set on TLDs. This check was broken if thehost name in the URL uses a trailing dot.This can allow arbitrary sites to set cookies that then would get sent to adifferent and unrelated site or domain.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/curl/curl |
Version: Fixed in 7.83.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:33:00.476Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://hackerone.com/reports/1553301"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220609-0009/"
},
{
"name": "GLSA-202212-01",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202212-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "https://github.com/curl/curl",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in 7.83.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. curl\u0027s \"cookie engine\" can bebuilt with or without [Public Suffix List](https://publicsuffix.org/)awareness. If PSL support not provided, a more rudimentary check exists to atleast prevent cookies from being set on TLDs. This check was broken if thehost name in the URL uses a trailing dot.This can allow arbitrary sites to set cookies that then would get sent to adifferent and unrelated site or domain."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-201",
"description": "Information Exposure Through Sent Data (CWE-201)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-19T00:00:00",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/1553301"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220609-0009/"
},
{
"name": "GLSA-202212-01",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202212-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2022-27779",
"datePublished": "2022-06-01T00:00:00",
"dateReserved": "2022-03-23T00:00:00",
"dateUpdated": "2024-08-03T05:33:00.476Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27780 (GCVE-0-2022-27780)
Vulnerability from cvelistv5
Published
2022-06-01 00:00
Modified
2024-08-07 19:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-177 - Improper Handling of URL Encoding (Hex Encoding) ()
Summary
The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later retrieved.For example, a URL like `http://example.com%2F127.0.0.1/`, would be allowed bythe parser and get transposed into `http://example.com/127.0.0.1/`. This flawcan be used to circumvent filters, checks and more.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/curl/curl |
Version: Fixed in 7.83.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:59.992Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://hackerone.com/reports/1553841"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220609-0009/"
},
{
"name": "GLSA-202212-01",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202212-01"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "curl",
"vendor": "haxx",
"versions": [
{
"lessThan": "7.86.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:netapp:solidfire_\\\u0026_hci_storage_node:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "solidfire_\\\u0026_hci_storage_node",
"vendor": "netapp",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:a:netapp:ontap_9:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ontap_9",
"vendor": "netapp",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:a:netapp:hci_baseboard_management_controller:h300s:*:*:*:*:*:*:*",
"cpe:2.3:a:netapp:hci_baseboard_management_controller:h410s:*:*:*:*:*:*:*",
"cpe:2.3:a:netapp:hci_baseboard_management_controller:h500s:*:*:*:*:*:*:*",
"cpe:2.3:a:netapp:hci_baseboard_management_controller:h700s:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "solidfire_\\\u0026_hci_management_node",
"vendor": "netapp",
"versions": [
{
"status": "affected",
"version": "h300s"
},
{
"status": "affected",
"version": "h410s"
},
{
"status": "affected",
"version": "h500s"
},
{
"status": "affected",
"version": "h700s"
}
]
},
{
"cpes": [
"cpe:2.3:o:netapp:hci_bootstrap_os:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "hci_bootstrap_os",
"vendor": "netapp",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:a:netapp:solidfire_\\\u0026_hci_management_node:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "solidfire_\\\u0026_hci_management_node",
"vendor": "netapp",
"versions": [
{
"status": "affected",
"version": "0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-27780",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-26T20:10:43.314256Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-07T19:09:34.290Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "https://github.com/curl/curl",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in 7.83.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The curl URL parser wrongly accepts percent-encoded URL separators like \u0027/\u0027when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later retrieved.For example, a URL like `http://example.com%2F127.0.0.1/`, would be allowed bythe parser and get transposed into `http://example.com/127.0.0.1/`. This flawcan be used to circumvent filters, checks and more."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-177",
"description": "Improper Handling of URL Encoding (Hex Encoding) (CWE-177)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-19T00:00:00",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/1553841"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220609-0009/"
},
{
"name": "GLSA-202212-01",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202212-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2022-27780",
"datePublished": "2022-06-01T00:00:00",
"dateReserved": "2022-03-23T00:00:00",
"dateUpdated": "2024-08-07T19:09:34.290Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12769 (GCVE-0-2020-12769)
Vulnerability from cvelistv5
Published
2020-05-09 20:16
Modified
2024-08-04 12:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one, aka CID-19b61392c5a8.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lkml.org/lkml/2020/2/3/559 | x_refsource_CONFIRM | |
| https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19b61392c5a852b4e8a0bf35aecb969983c5932d | x_refsource_CONFIRM | |
| https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.17 | x_refsource_CONFIRM | |
| https://security.netapp.com/advisory/ntap-20200608-0001/ | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html | mailing-list, x_refsource_MLIST | |
| http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html | vendor-advisory, x_refsource_SUSE | |
| https://usn.ubuntu.com/4391-1/ | vendor-advisory, x_refsource_UBUNTU | |
| http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html | vendor-advisory, x_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:04:22.954Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://lkml.org/lkml/2020/2/3/559"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19b61392c5a852b4e8a0bf35aecb969983c5932d"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.17"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
},
{
"name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
},
{
"name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
},
{
"name": "openSUSE-SU-2020:0801",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html"
},
{
"name": "USN-4391-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4391-1/"
},
{
"name": "openSUSE-SU-2020:0935",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one, aka CID-19b61392c5a8."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-07T05:06:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://lkml.org/lkml/2020/2/3/559"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19b61392c5a852b4e8a0bf35aecb969983c5932d"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.17"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
},
{
"name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
},
{
"name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
},
{
"name": "openSUSE-SU-2020:0801",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html"
},
{
"name": "USN-4391-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4391-1/"
},
{
"name": "openSUSE-SU-2020:0935",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-12769",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one, aka CID-19b61392c5a8."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lkml.org/lkml/2020/2/3/559",
"refsource": "CONFIRM",
"url": "https://lkml.org/lkml/2020/2/3/559"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19b61392c5a852b4e8a0bf35aecb969983c5932d",
"refsource": "CONFIRM",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19b61392c5a852b4e8a0bf35aecb969983c5932d"
},
{
"name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.17",
"refsource": "CONFIRM",
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.17"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200608-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
},
{
"name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
},
{
"name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
},
{
"name": "openSUSE-SU-2020:0801",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html"
},
{
"name": "USN-4391-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4391-1/"
},
{
"name": "openSUSE-SU-2020:0935",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-12769",
"datePublished": "2020-05-09T20:16:45",
"dateReserved": "2020-05-09T00:00:00",
"dateUpdated": "2024-08-04T12:04:22.954Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12465 (GCVE-0-2020-12465)
Vulnerability from cvelistv5
Published
2020-04-29 18:52
Modified
2024-08-04 11:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An array overflow was discovered in mt76_add_fragment in drivers/net/wireless/mediatek/mt76/dma.c in the Linux kernel before 5.5.10, aka CID-b102f0c522cf. An oversized packet with too many rx fragments can corrupt memory of adjacent pages.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/torvalds/linux/commit/b102f0c522cf668c8382c56a4f771b37d011cda2 | x_refsource_MISC | |
| https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b102f0c522cf668c8382c56a4f771b37d011cda2 | x_refsource_MISC | |
| https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.10 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20200608-0001/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:56:52.066Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/b102f0c522cf668c8382c56a4f771b37d011cda2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b102f0c522cf668c8382c56a4f771b37d011cda2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.10"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An array overflow was discovered in mt76_add_fragment in drivers/net/wireless/mediatek/mt76/dma.c in the Linux kernel before 5.5.10, aka CID-b102f0c522cf. An oversized packet with too many rx fragments can corrupt memory of adjacent pages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-08T12:06:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torvalds/linux/commit/b102f0c522cf668c8382c56a4f771b37d011cda2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b102f0c522cf668c8382c56a4f771b37d011cda2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.10"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-12465",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An array overflow was discovered in mt76_add_fragment in drivers/net/wireless/mediatek/mt76/dma.c in the Linux kernel before 5.5.10, aka CID-b102f0c522cf. An oversized packet with too many rx fragments can corrupt memory of adjacent pages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/torvalds/linux/commit/b102f0c522cf668c8382c56a4f771b37d011cda2",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/b102f0c522cf668c8382c56a4f771b37d011cda2"
},
{
"name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b102f0c522cf668c8382c56a4f771b37d011cda2",
"refsource": "MISC",
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b102f0c522cf668c8382c56a4f771b37d011cda2"
},
{
"name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.10",
"refsource": "MISC",
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.10"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200608-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-12465",
"datePublished": "2020-04-29T18:52:38",
"dateReserved": "2020-04-29T00:00:00",
"dateUpdated": "2024-08-04T11:56:52.066Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12653 (GCVE-0-2020-12653)
Vulnerability from cvelistv5
Published
2020-05-05 04:47
Modified
2024-08-04 12:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.4 | x_refsource_MISC | |
| https://github.com/torvalds/linux/commit/b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d | x_refsource_MISC | |
| https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2020/05/08/2 | mailing-list, x_refsource_MLIST | |
| https://security.netapp.com/advisory/ntap-20200608-0001/ | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html | mailing-list, x_refsource_MLIST | |
| https://www.debian.org/security/2020/dsa-4698 | vendor-advisory, x_refsource_DEBIAN | |
| http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html | vendor-advisory, x_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:04:22.557Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d"
},
{
"name": "[oss-security] 20200508 Linux kernel: two buffer overflow in the marvell wifi driver",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/05/08/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
},
{
"name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
},
{
"name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
},
{
"name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
},
{
"name": "DSA-4698",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4698"
},
{
"name": "openSUSE-SU-2020:0801",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-13T08:12:48",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torvalds/linux/commit/b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d"
},
{
"name": "[oss-security] 20200508 Linux kernel: two buffer overflow in the marvell wifi driver",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/05/08/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
},
{
"name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
},
{
"name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
},
{
"name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
},
{
"name": "DSA-4698",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4698"
},
{
"name": "openSUSE-SU-2020:0801",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-12653",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.4",
"refsource": "MISC",
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.4"
},
{
"name": "https://github.com/torvalds/linux/commit/b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d"
},
{
"name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d",
"refsource": "MISC",
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d"
},
{
"name": "[oss-security] 20200508 Linux kernel: two buffer overflow in the marvell wifi driver",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/05/08/2"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200608-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
},
{
"name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
},
{
"name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
},
{
"name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
},
{
"name": "DSA-4698",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4698"
},
{
"name": "openSUSE-SU-2020:0801",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-12653",
"datePublished": "2020-05-05T04:47:35",
"dateReserved": "2020-05-05T00:00:00",
"dateUpdated": "2024-08-04T12:04:22.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14145 (GCVE-0-2020-14145)
Vulnerability from cvelistv5
Published
2020-06-29 17:33
Modified
2024-08-04 12:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/openssh/openssh-portable/compare/V_8_3_P1...V_8_4_P1 | x_refsource_MISC | |
| https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients/ | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20200709-0004/ | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2020/12/02/1 | mailing-list, x_refsource_MLIST | |
| https://anongit.mindrot.org/openssh.git/commit/?id=b3855ff053f5078ec3d3c653cdaedefaa5fc362d | x_refsource_MISC | |
| https://docs.ssh-mitm.at/CVE-2020-14145.html | x_refsource_MISC | |
| https://github.com/ssh-mitm/ssh-mitm/blob/master/ssh_proxy_server/plugins/session/cve202014145.py | x_refsource_MISC | |
| https://security.gentoo.org/glsa/202105-35 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:36.101Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/openssh/openssh-portable/compare/V_8_3_P1...V_8_4_P1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200709-0004/"
},
{
"name": "[oss-security] 20201202 Some mitigation for openssh CVE-2020-14145",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/12/02/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://anongit.mindrot.org/openssh.git/commit/?id=b3855ff053f5078ec3d3c653cdaedefaa5fc362d"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.ssh-mitm.at/CVE-2020-14145.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ssh-mitm/ssh-mitm/blob/master/ssh_proxy_server/plugins/session/cve202014145.py"
},
{
"name": "GLSA-202105-35",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202105-35"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-26T13:06:15",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openssh/openssh-portable/compare/V_8_3_P1...V_8_4_P1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200709-0004/"
},
{
"name": "[oss-security] 20201202 Some mitigation for openssh CVE-2020-14145",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/12/02/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://anongit.mindrot.org/openssh.git/commit/?id=b3855ff053f5078ec3d3c653cdaedefaa5fc362d"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.ssh-mitm.at/CVE-2020-14145.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ssh-mitm/ssh-mitm/blob/master/ssh_proxy_server/plugins/session/cve202014145.py"
},
{
"name": "GLSA-202105-35",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202105-35"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-14145",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/openssh/openssh-portable/compare/V_8_3_P1...V_8_4_P1",
"refsource": "MISC",
"url": "https://github.com/openssh/openssh-portable/compare/V_8_3_P1...V_8_4_P1"
},
{
"name": "https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients/",
"refsource": "MISC",
"url": "https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200709-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200709-0004/"
},
{
"name": "[oss-security] 20201202 Some mitigation for openssh CVE-2020-14145",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/12/02/1"
},
{
"name": "https://anongit.mindrot.org/openssh.git/commit/?id=b3855ff053f5078ec3d3c653cdaedefaa5fc362d",
"refsource": "MISC",
"url": "https://anongit.mindrot.org/openssh.git/commit/?id=b3855ff053f5078ec3d3c653cdaedefaa5fc362d"
},
{
"name": "https://docs.ssh-mitm.at/CVE-2020-14145.html",
"refsource": "MISC",
"url": "https://docs.ssh-mitm.at/CVE-2020-14145.html"
},
{
"name": "https://github.com/ssh-mitm/ssh-mitm/blob/master/ssh_proxy_server/plugins/session/cve202014145.py",
"refsource": "MISC",
"url": "https://github.com/ssh-mitm/ssh-mitm/blob/master/ssh_proxy_server/plugins/session/cve202014145.py"
},
{
"name": "GLSA-202105-35",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202105-35"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-14145",
"datePublished": "2020-06-29T17:33:36",
"dateReserved": "2020-06-15T00:00:00",
"dateUpdated": "2024-08-04T12:39:36.101Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8284 (GCVE-0-2020-8284)
Vulnerability from cvelistv5
Published
2020-12-14 19:38
Modified
2024-08-04 09:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Information Disclosure ()
Summary
A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/curl/curl |
Version: 7.73.0 and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:56:28.316Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/1040166"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://curl.se/docs/CVE-2020-8284.html"
},
{
"name": "FEDORA-2020-ceaf490686",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/"
},
{
"name": "[debian-lts-announce] 20201219 [SECURITY] [DLA 2500-1] curl security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html"
},
{
"name": "FEDORA-2020-7ab62c73bc",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/"
},
{
"name": "GLSA-202012-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202012-14"
},
{
"name": "DSA-4881",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4881"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210122-0007/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT212325"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT212326"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT212327"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "https://github.com/curl/curl",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "7.73.0 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Information Disclosure (CWE-200)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T23:23:26",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/1040166"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://curl.se/docs/CVE-2020-8284.html"
},
{
"name": "FEDORA-2020-ceaf490686",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/"
},
{
"name": "[debian-lts-announce] 20201219 [SECURITY] [DLA 2500-1] curl security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html"
},
{
"name": "FEDORA-2020-7ab62c73bc",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/"
},
{
"name": "GLSA-202012-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202012-14"
},
{
"name": "DSA-4881",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-4881"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210122-0007/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT212325"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT212326"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT212327"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2020-8284",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "https://github.com/curl/curl",
"version": {
"version_data": [
{
"version_value": "7.73.0 and earlier"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure (CWE-200)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/1040166",
"refsource": "MISC",
"url": "https://hackerone.com/reports/1040166"
},
{
"name": "https://curl.se/docs/CVE-2020-8284.html",
"refsource": "MISC",
"url": "https://curl.se/docs/CVE-2020-8284.html"
},
{
"name": "FEDORA-2020-ceaf490686",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/"
},
{
"name": "[debian-lts-announce] 20201219 [SECURITY] [DLA 2500-1] curl security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html"
},
{
"name": "FEDORA-2020-7ab62c73bc",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/"
},
{
"name": "GLSA-202012-14",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202012-14"
},
{
"name": "DSA-4881",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4881"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210122-0007/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210122-0007/"
},
{
"name": "https://support.apple.com/kb/HT212325",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT212325"
},
{
"name": "https://support.apple.com/kb/HT212326",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT212326"
},
{
"name": "https://support.apple.com/kb/HT212327",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT212327"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2020-8284",
"datePublished": "2020-12-14T19:38:26",
"dateReserved": "2020-01-28T00:00:00",
"dateUpdated": "2024-08-04T09:56:28.316Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-26116 (GCVE-0-2020-26116)
Vulnerability from cvelistv5
Published
2020-09-27 00:00
Modified
2024-08-04 15:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:49:07.209Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://python-security.readthedocs.io/vuln/http-header-injection-method.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugs.python.org/issue39603"
},
{
"name": "FEDORA-2020-221823ebdd",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BW4GCLQISJCOEGQNIMVUZDQMIY6RR6CC/"
},
{
"name": "FEDORA-2020-887d3fa26f",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWMAVY4T4257AZHTF2RZJKNJNSJFY24O/"
},
{
"name": "FEDORA-2020-d30881c970",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OXI72HIHMXCQFWTULUXDG7VDA2BCYL4Y/"
},
{
"name": "USN-4581-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4581-1/"
},
{
"name": "FEDORA-2020-e33acdea18",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HDQ2THWU4GPV4Y5H5WW5PFMSWXL2CRFD/"
},
{
"name": "openSUSE-SU-2020:1859",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00027.html"
},
{
"name": "FEDORA-2020-d42cb01973",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QOX7DGMMWWL6POCRYGAUCISOLR2IG3XV/"
},
{
"name": "[debian-lts-announce] 20201119 [SECURITY] [DLA 2456-1] python3.5 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00032.html"
},
{
"name": "GLSA-202101-18",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202101-18"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20201023-0001/"
},
{
"name": "[debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-24T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://python-security.readthedocs.io/vuln/http-header-injection-method.html"
},
{
"url": "https://bugs.python.org/issue39603"
},
{
"name": "FEDORA-2020-221823ebdd",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BW4GCLQISJCOEGQNIMVUZDQMIY6RR6CC/"
},
{
"name": "FEDORA-2020-887d3fa26f",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWMAVY4T4257AZHTF2RZJKNJNSJFY24O/"
},
{
"name": "FEDORA-2020-d30881c970",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OXI72HIHMXCQFWTULUXDG7VDA2BCYL4Y/"
},
{
"name": "USN-4581-1",
"tags": [
"vendor-advisory"
],
"url": "https://usn.ubuntu.com/4581-1/"
},
{
"name": "FEDORA-2020-e33acdea18",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HDQ2THWU4GPV4Y5H5WW5PFMSWXL2CRFD/"
},
{
"name": "openSUSE-SU-2020:1859",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00027.html"
},
{
"name": "FEDORA-2020-d42cb01973",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QOX7DGMMWWL6POCRYGAUCISOLR2IG3XV/"
},
{
"name": "[debian-lts-announce] 20201119 [SECURITY] [DLA 2456-1] python3.5 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00032.html"
},
{
"name": "GLSA-202101-18",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202101-18"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20201023-0001/"
},
{
"name": "[debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-26116",
"datePublished": "2020-09-27T00:00:00",
"dateReserved": "2020-09-27T00:00:00",
"dateUpdated": "2024-08-04T15:49:07.209Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12464 (GCVE-0-2020-12464)
Vulnerability from cvelistv5
Published
2020-04-29 17:59
Modified
2024-08-04 11:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has a use-after-free because a transfer occurs without a reference, aka CID-056ad39ee925.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:56:52.059Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://patchwork.kernel.org/patch/11463781/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lkml.org/lkml/2020/3/23/52"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/056ad39ee9253873522f6469c3364964a322912b"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=056ad39ee9253873522f6469c3364964a322912b"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.8"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
},
{
"name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
},
{
"name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
},
{
"name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
},
{
"name": "DSA-4698",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4698"
},
{
"name": "DSA-4699",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4699"
},
{
"name": "openSUSE-SU-2020:0801",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html"
},
{
"name": "USN-4388-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4388-1/"
},
{
"name": "USN-4389-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4389-1/"
},
{
"name": "USN-4387-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4387-1/"
},
{
"name": "USN-4390-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4390-1/"
},
{
"name": "USN-4391-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4391-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has a use-after-free because a transfer occurs without a reference, aka CID-056ad39ee925."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-22T21:06:23",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://patchwork.kernel.org/patch/11463781/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lkml.org/lkml/2020/3/23/52"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torvalds/linux/commit/056ad39ee9253873522f6469c3364964a322912b"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=056ad39ee9253873522f6469c3364964a322912b"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.8"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
},
{
"name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
},
{
"name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
},
{
"name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
},
{
"name": "DSA-4698",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4698"
},
{
"name": "DSA-4699",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4699"
},
{
"name": "openSUSE-SU-2020:0801",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html"
},
{
"name": "USN-4388-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4388-1/"
},
{
"name": "USN-4389-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4389-1/"
},
{
"name": "USN-4387-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4387-1/"
},
{
"name": "USN-4390-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4390-1/"
},
{
"name": "USN-4391-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4391-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-12464",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has a use-after-free because a transfer occurs without a reference, aka CID-056ad39ee925."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://patchwork.kernel.org/patch/11463781/",
"refsource": "MISC",
"url": "https://patchwork.kernel.org/patch/11463781/"
},
{
"name": "https://lkml.org/lkml/2020/3/23/52",
"refsource": "MISC",
"url": "https://lkml.org/lkml/2020/3/23/52"
},
{
"name": "https://github.com/torvalds/linux/commit/056ad39ee9253873522f6469c3364964a322912b",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/056ad39ee9253873522f6469c3364964a322912b"
},
{
"name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=056ad39ee9253873522f6469c3364964a322912b",
"refsource": "MISC",
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=056ad39ee9253873522f6469c3364964a322912b"
},
{
"name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.8",
"refsource": "MISC",
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.8"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200608-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
},
{
"name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
},
{
"name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
},
{
"name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
},
{
"name": "DSA-4698",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4698"
},
{
"name": "DSA-4699",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4699"
},
{
"name": "openSUSE-SU-2020:0801",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html"
},
{
"name": "USN-4388-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4388-1/"
},
{
"name": "USN-4389-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4389-1/"
},
{
"name": "USN-4387-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4387-1/"
},
{
"name": "USN-4390-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4390-1/"
},
{
"name": "USN-4391-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4391-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-12464",
"datePublished": "2020-04-29T17:59:51",
"dateReserved": "2020-04-29T00:00:00",
"dateUpdated": "2024-08-04T11:56:52.059Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19057 (GCVE-0-2019-19057)
Vulnerability from cvelistv5
Published
2019-11-18 05:23
Modified
2024-08-05 02:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID-d10dcb615c8e.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:09:39.338Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/d10dcb615c8e29d403a24d35f8310a7a53e3050c"
},
{
"name": "FEDORA-2019-021c968423",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/"
},
{
"name": "FEDORA-2019-34a75d7e61",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20191205-0001/"
},
{
"name": "openSUSE-SU-2019:2675",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html"
},
{
"name": "20200109 [slackware-security] Slackware 14.2 kernel (SSA:2020-008-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2020/Jan/10"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
},
{
"name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
},
{
"name": "USN-4254-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4254-1/"
},
{
"name": "USN-4254-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4254-2/"
},
{
"name": "USN-4285-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4285-1/"
},
{
"name": "USN-4287-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4287-1/"
},
{
"name": "USN-4287-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4287-2/"
},
{
"name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
},
{
"name": "USN-4284-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4284-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID-d10dcb615c8e."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-02T20:06:22",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torvalds/linux/commit/d10dcb615c8e29d403a24d35f8310a7a53e3050c"
},
{
"name": "FEDORA-2019-021c968423",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/"
},
{
"name": "FEDORA-2019-34a75d7e61",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20191205-0001/"
},
{
"name": "openSUSE-SU-2019:2675",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html"
},
{
"name": "20200109 [slackware-security] Slackware 14.2 kernel (SSA:2020-008-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2020/Jan/10"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
},
{
"name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
},
{
"name": "USN-4254-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4254-1/"
},
{
"name": "USN-4254-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4254-2/"
},
{
"name": "USN-4285-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4285-1/"
},
{
"name": "USN-4287-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4287-1/"
},
{
"name": "USN-4287-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4287-2/"
},
{
"name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
},
{
"name": "USN-4284-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4284-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19057",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID-d10dcb615c8e."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/torvalds/linux/commit/d10dcb615c8e29d403a24d35f8310a7a53e3050c",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/d10dcb615c8e29d403a24d35f8310a7a53e3050c"
},
{
"name": "FEDORA-2019-021c968423",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/"
},
{
"name": "FEDORA-2019-34a75d7e61",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20191205-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20191205-0001/"
},
{
"name": "openSUSE-SU-2019:2675",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html"
},
{
"name": "20200109 [slackware-security] Slackware 14.2 kernel (SSA:2020-008-01)",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2020/Jan/10"
},
{
"name": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
},
{
"name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
},
{
"name": "USN-4254-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4254-1/"
},
{
"name": "USN-4254-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4254-2/"
},
{
"name": "USN-4285-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4285-1/"
},
{
"name": "USN-4287-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4287-1/"
},
{
"name": "USN-4287-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4287-2/"
},
{
"name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
},
{
"name": "USN-4284-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4284-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19057",
"datePublished": "2019-11-18T05:23:57",
"dateReserved": "2019-11-18T00:00:00",
"dateUpdated": "2024-08-05T02:09:39.338Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8286 (GCVE-0-2020-8286)
Vulnerability from cvelistv5
Published
2020-12-14 19:39
Modified
2024-11-15 15:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-295 - Improper Certificate Validation ()
Summary
curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/curl/curl |
Version: 7.41.0 to and including 7.73.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:56:28.324Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/1048457"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://curl.se/docs/CVE-2020-8286.html"
},
{
"name": "FEDORA-2020-ceaf490686",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/"
},
{
"name": "[debian-lts-announce] 20201219 [SECURITY] [DLA 2500-1] curl security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html"
},
{
"name": "FEDORA-2020-7ab62c73bc",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/"
},
{
"name": "GLSA-202012-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202012-14"
},
{
"name": "DSA-4881",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4881"
},
{
"name": "20210427 APPLE-SA-2021-04-26-3 Security Update 2021-002 Catalina",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Apr/51"
},
{
"name": "20210427 APPLE-SA-2021-04-26-2 macOS Big Sur 11.3",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Apr/50"
},
{
"name": "20210427 APPLE-SA-2021-04-26-4 Security Update 2021-003 Mojave",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Apr/54"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210122-0007/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT212325"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT212326"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT212327"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-200951.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-8286",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T15:29:39.778689Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T15:30:03.757Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "https://github.com/curl/curl",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "7.41.0 to and including 7.73.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "Improper Certificate Validation (CWE-295)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T23:23:30",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/1048457"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://curl.se/docs/CVE-2020-8286.html"
},
{
"name": "FEDORA-2020-ceaf490686",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/"
},
{
"name": "[debian-lts-announce] 20201219 [SECURITY] [DLA 2500-1] curl security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html"
},
{
"name": "FEDORA-2020-7ab62c73bc",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/"
},
{
"name": "GLSA-202012-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202012-14"
},
{
"name": "DSA-4881",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-4881"
},
{
"name": "20210427 APPLE-SA-2021-04-26-3 Security Update 2021-002 Catalina",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Apr/51"
},
{
"name": "20210427 APPLE-SA-2021-04-26-2 macOS Big Sur 11.3",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Apr/50"
},
{
"name": "20210427 APPLE-SA-2021-04-26-4 Security Update 2021-003 Mojave",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Apr/54"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210122-0007/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT212325"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT212326"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT212327"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-200951.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2020-8286",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "https://github.com/curl/curl",
"version": {
"version_data": [
{
"version_value": "7.41.0 to and including 7.73.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Certificate Validation (CWE-295)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/1048457",
"refsource": "MISC",
"url": "https://hackerone.com/reports/1048457"
},
{
"name": "https://curl.se/docs/CVE-2020-8286.html",
"refsource": "MISC",
"url": "https://curl.se/docs/CVE-2020-8286.html"
},
{
"name": "FEDORA-2020-ceaf490686",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/"
},
{
"name": "[debian-lts-announce] 20201219 [SECURITY] [DLA 2500-1] curl security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html"
},
{
"name": "FEDORA-2020-7ab62c73bc",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/"
},
{
"name": "GLSA-202012-14",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202012-14"
},
{
"name": "DSA-4881",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4881"
},
{
"name": "20210427 APPLE-SA-2021-04-26-3 Security Update 2021-002 Catalina",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Apr/51"
},
{
"name": "20210427 APPLE-SA-2021-04-26-2 macOS Big Sur 11.3",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Apr/50"
},
{
"name": "20210427 APPLE-SA-2021-04-26-4 Security Update 2021-003 Mojave",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Apr/54"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210122-0007/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210122-0007/"
},
{
"name": "https://support.apple.com/kb/HT212325",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT212325"
},
{
"name": "https://support.apple.com/kb/HT212326",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT212326"
},
{
"name": "https://support.apple.com/kb/HT212327",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT212327"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-200951.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-200951.pdf"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2020-8286",
"datePublished": "2020-12-14T19:39:28",
"dateReserved": "2020-01-28T00:00:00",
"dateUpdated": "2024-11-15T15:30:03.757Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-4209 (GCVE-0-2021-4209)
Vulnerability from cvelistv5
Published
2022-08-24 15:07
Modified
2024-08-03 17:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-476 - - NULL Pointer Dereference
Summary
A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.
References
| ▼ | URL | Tags |
|---|---|---|
| https://gitlab.com/gnutls/gnutls/-/issues/1306 | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2044156 | x_refsource_MISC | |
| https://access.redhat.com/security/cve/CVE-2021-4209 | x_refsource_MISC | |
| https://gitlab.com/gnutls/gnutls/-/merge_requests/1503 | x_refsource_MISC | |
| https://gitlab.com/gnutls/gnutls/-/commit/3db352734472d851318944db13be73da61300568 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20220915-0005/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:16:04.444Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/gnutls/gnutls/-/issues/1306"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044156"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-4209"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/gnutls/gnutls/-/merge_requests/1503"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/gnutls/gnutls/-/commit/3db352734472d851318944db13be73da61300568"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220915-0005/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GnuTLS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in gnutls v3.7.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A NULL pointer dereference flaw was found in GnuTLS. As Nettle\u0027s hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 - NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-15T17:06:40",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/gnutls/gnutls/-/issues/1306"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044156"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-4209"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/gnutls/gnutls/-/merge_requests/1503"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/gnutls/gnutls/-/commit/3db352734472d851318944db13be73da61300568"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220915-0005/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-4209",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GnuTLS",
"version": {
"version_data": [
{
"version_value": "Fixed in gnutls v3.7.3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A NULL pointer dereference flaw was found in GnuTLS. As Nettle\u0027s hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476 - NULL Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gnutls/gnutls/-/issues/1306",
"refsource": "MISC",
"url": "https://gitlab.com/gnutls/gnutls/-/issues/1306"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2044156",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044156"
},
{
"name": "https://access.redhat.com/security/cve/CVE-2021-4209",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/CVE-2021-4209"
},
{
"name": "https://gitlab.com/gnutls/gnutls/-/merge_requests/1503",
"refsource": "MISC",
"url": "https://gitlab.com/gnutls/gnutls/-/merge_requests/1503"
},
{
"name": "https://gitlab.com/gnutls/gnutls/-/commit/3db352734472d851318944db13be73da61300568",
"refsource": "MISC",
"url": "https://gitlab.com/gnutls/gnutls/-/commit/3db352734472d851318944db13be73da61300568"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220915-0005/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220915-0005/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-4209",
"datePublished": "2022-08-24T15:07:31",
"dateReserved": "2022-01-24T00:00:00",
"dateUpdated": "2024-08-03T17:16:04.444Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3772 (GCVE-0-2021-3772)
Vulnerability from cvelistv5
Published
2022-03-02 00:00
Modified
2024-08-03 17:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-354 - - Improper Validation of Integrity Check Value
Summary
A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:08.707Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2000694"
},
{
"tags": [
"x_transferred"
],
"url": "https://ubuntu.com/security/CVE-2021-3772"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=32f8807a48ae55be0e76880cfe8607a18b5bb0df"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/32f8807a48ae55be0e76880cfe8607a18b5bb0df"
},
{
"name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html"
},
{
"name": "DSA-5096",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5096"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20221007-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "kernel",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in linux kernel v5.15 and above"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-354",
"description": "CWE-354 - Improper Validation of Integrity Check Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-07T00:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2000694"
},
{
"url": "https://ubuntu.com/security/CVE-2021-3772"
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=32f8807a48ae55be0e76880cfe8607a18b5bb0df"
},
{
"url": "https://github.com/torvalds/linux/commit/32f8807a48ae55be0e76880cfe8607a18b5bb0df"
},
{
"name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html"
},
{
"name": "DSA-5096",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5096"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20221007-0001/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3772",
"datePublished": "2022-03-02T00:00:00",
"dateReserved": "2021-09-06T00:00:00",
"dateUpdated": "2024-08-03T17:09:08.707Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1971 (GCVE-0-2020-1971)
Vulnerability from cvelistv5
Published
2020-12-08 15:30
Modified
2024-09-17 02:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- NULL pointer dereference
Summary
The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the "-crl_download" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w).
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:54:00.529Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.openssl.org/news/secadv/20201208.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=f960d81215ebf3f65e03d4d5d857fb9b666d6920"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2154ab83e14ede338d2ede9bbe5cdfce5d5a6c9e"
},
{
"name": "DSA-4807",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4807"
},
{
"name": "FreeBSD-SA-20:33",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:33.openssl.asc"
},
{
"name": "[debian-lts-announce] 20201214 [SECURITY] [DLA 2493-1] openssl1.0 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00021.html"
},
{
"name": "[debian-lts-announce] 20201214 [SECURITY] [DLA 2492-1] openssl security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00020.html"
},
{
"name": "FEDORA-2020-ef1870065a",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DGSI34Y5LQ5RYXN4M2I5ZQT65LFVDOUU/"
},
{
"name": "[pulsar-commits] 20201216 [GitHub] [pulsar] phijohns-tibco opened a new issue #8978: OpenSSL needs to be updated to 1.1.1i current version is unsupported.",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rbb769f771711fb274e0a4acb1b5911c8aab544a6ac5e8c12d40c5143%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "FEDORA-2020-a31b01e945",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PWPSSZNZOBJU2YR6Z4TGHXKYW3YP5QG7/"
},
{
"name": "GLSA-202012-13",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202012-13"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2020-11"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20201218-0005/"
},
{
"tags": [
"x_transferred"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44676"
},
{
"name": "[tomcat-dev] 20210207 [Bug 65126] New: A security vulnerability cve-2020-1971 in Tomcat dependency Library in version 9.0.40.",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r63c6f2dd363d9b514d0a4bcf624580616a679898cc14c109a49b750c%40%3Cdev.tomcat.apache.org%3E"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2021-10"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2021-09"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210513-0002/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "[oss-security] 20210914 Re: Oracle Solaris membership in the distros list",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/09/14/2"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenSSL",
"vendor": "OpenSSL",
"versions": [
{
"status": "affected",
"version": "Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h)"
},
{
"status": "affected",
"version": "Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w)"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "David Benjamin (Google)"
}
],
"datePublic": "2020-12-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL\u0027s s_server, s_client and verify tools have support for the \"-crl_download\" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL\u0027s parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w)."
}
],
"metrics": [
{
"other": {
"content": {
"lang": "eng",
"url": "https://www.openssl.org/policies/secpolicy.html#High",
"value": "High"
},
"type": "unknown"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "NULL pointer dereference",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T19:06:11.147749",
"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"shortName": "openssl"
},
"references": [
{
"url": "https://www.openssl.org/news/secadv/20201208.txt"
},
{
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=f960d81215ebf3f65e03d4d5d857fb9b666d6920"
},
{
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2154ab83e14ede338d2ede9bbe5cdfce5d5a6c9e"
},
{
"name": "DSA-4807",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4807"
},
{
"name": "FreeBSD-SA-20:33",
"tags": [
"vendor-advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:33.openssl.asc"
},
{
"name": "[debian-lts-announce] 20201214 [SECURITY] [DLA 2493-1] openssl1.0 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00021.html"
},
{
"name": "[debian-lts-announce] 20201214 [SECURITY] [DLA 2492-1] openssl security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00020.html"
},
{
"name": "FEDORA-2020-ef1870065a",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DGSI34Y5LQ5RYXN4M2I5ZQT65LFVDOUU/"
},
{
"name": "[pulsar-commits] 20201216 [GitHub] [pulsar] phijohns-tibco opened a new issue #8978: OpenSSL needs to be updated to 1.1.1i current version is unsupported.",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rbb769f771711fb274e0a4acb1b5911c8aab544a6ac5e8c12d40c5143%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "FEDORA-2020-a31b01e945",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PWPSSZNZOBJU2YR6Z4TGHXKYW3YP5QG7/"
},
{
"name": "GLSA-202012-13",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202012-13"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"url": "https://www.tenable.com/security/tns-2020-11"
},
{
"url": "https://security.netapp.com/advisory/ntap-20201218-0005/"
},
{
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44676"
},
{
"name": "[tomcat-dev] 20210207 [Bug 65126] New: A security vulnerability cve-2020-1971 in Tomcat dependency Library in version 9.0.40.",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r63c6f2dd363d9b514d0a4bcf624580616a679898cc14c109a49b750c%40%3Cdev.tomcat.apache.org%3E"
},
{
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"url": "https://www.tenable.com/security/tns-2021-10"
},
{
"url": "https://www.tenable.com/security/tns-2021-09"
},
{
"url": "https://security.netapp.com/advisory/ntap-20210513-0002/"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "[oss-security] 20210914 Re: Oracle Solaris membership in the distros list",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2021/09/14/2"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
}
],
"title": "EDIPARTYNAME NULL pointer dereference"
}
},
"cveMetadata": {
"assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"assignerShortName": "openssl",
"cveId": "CVE-2020-1971",
"datePublished": "2020-12-08T15:30:16.835255Z",
"dateReserved": "2019-12-03T00:00:00",
"dateUpdated": "2024-09-17T02:57:20.238Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-45485 (GCVE-0-2021-45485)
Vulnerability from cvelistv5
Published
2021-12-25 01:05
Modified
2024-08-04 04:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3 | x_refsource_MISC | |
| https://arxiv.org/pdf/2112.09604.pdf | x_refsource_MISC | |
| https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=62f20e068ccc50d6ab66fdb72ba90da2b9418c99 | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpujul2022.html | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20220121-0001/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:39:21.141Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://arxiv.org/pdf/2112.09604.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=62f20e068ccc50d6ab66fdb72ba90da2b9418c99"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220121-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn\u0027t properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-25T16:42:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://arxiv.org/pdf/2112.09604.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=62f20e068ccc50d6ab66fdb72ba90da2b9418c99"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220121-0001/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-45485",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn\u0027t properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3",
"refsource": "MISC",
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3"
},
{
"name": "https://arxiv.org/pdf/2112.09604.pdf",
"refsource": "MISC",
"url": "https://arxiv.org/pdf/2112.09604.pdf"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=62f20e068ccc50d6ab66fdb72ba90da2b9418c99",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=62f20e068ccc50d6ab66fdb72ba90da2b9418c99"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220121-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220121-0001/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-45485",
"datePublished": "2021-12-25T01:05:07",
"dateReserved": "2021-12-25T00:00:00",
"dateUpdated": "2024-08-04T04:39:21.141Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19063 (GCVE-0-2019-19063)
Vulnerability from cvelistv5
Published
2019-11-18 05:24
Modified
2024-08-05 02:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption), aka CID-3f9361695113.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:09:39.242Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2019-021c968423",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/"
},
{
"name": "FEDORA-2019-34a75d7e61",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/"
},
{
"name": "openSUSE-SU-2019:2675",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html"
},
{
"name": "20200109 [slackware-security] Slackware 14.2 kernel (SSA:2020-008-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2020/Jan/10"
},
{
"name": "USN-4254-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4254-1/"
},
{
"name": "USN-4254-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4254-2/"
},
{
"name": "USN-4285-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4285-1/"
},
{
"name": "USN-4287-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4287-1/"
},
{
"name": "USN-4287-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4287-2/"
},
{
"name": "USN-4284-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4284-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20191205-0001/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/3f93616951138a598d930dcaec40f2bfd9ce43bb"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption), aka CID-3f9361695113."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-14T17:20:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2019-021c968423",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/"
},
{
"name": "FEDORA-2019-34a75d7e61",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/"
},
{
"name": "openSUSE-SU-2019:2675",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html"
},
{
"name": "20200109 [slackware-security] Slackware 14.2 kernel (SSA:2020-008-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2020/Jan/10"
},
{
"name": "USN-4254-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4254-1/"
},
{
"name": "USN-4254-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4254-2/"
},
{
"name": "USN-4285-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4285-1/"
},
{
"name": "USN-4287-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4287-1/"
},
{
"name": "USN-4287-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4287-2/"
},
{
"name": "USN-4284-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4284-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20191205-0001/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torvalds/linux/commit/3f93616951138a598d930dcaec40f2bfd9ce43bb"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19063",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption), aka CID-3f9361695113."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2019-021c968423",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/"
},
{
"name": "FEDORA-2019-34a75d7e61",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/"
},
{
"name": "openSUSE-SU-2019:2675",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html"
},
{
"name": "20200109 [slackware-security] Slackware 14.2 kernel (SSA:2020-008-01)",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2020/Jan/10"
},
{
"name": "USN-4254-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4254-1/"
},
{
"name": "USN-4254-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4254-2/"
},
{
"name": "USN-4285-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4285-1/"
},
{
"name": "USN-4287-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4287-1/"
},
{
"name": "USN-4287-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4287-2/"
},
{
"name": "USN-4284-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4284-1/"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20191205-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20191205-0001/"
},
{
"name": "https://github.com/torvalds/linux/commit/3f93616951138a598d930dcaec40f2bfd9ce43bb",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/3f93616951138a598d930dcaec40f2bfd9ce43bb"
},
{
"name": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19063",
"datePublished": "2019-11-18T05:24:05",
"dateReserved": "2019-11-18T00:00:00",
"dateUpdated": "2024-08-05T02:09:39.242Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-29369 (GCVE-0-2020-29369)
Vulnerability from cvelistv5
Published
2020-11-28 06:20
Modified
2024-08-04 16:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11. There is a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.11 | x_refsource_MISC | |
| https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=246c320a8cfe0b11d81a4af38fa9985ef0cc9a4c | x_refsource_MISC | |
| https://bugs.chromium.org/p/project-zero/issues/detail?id=2056 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210115-0001/ | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2021/02/10/6 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2021/02/19/8 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:48:01.675Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.11"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=246c320a8cfe0b11d81a4af38fa9985ef0cc9a4c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2056"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210115-0001/"
},
{
"name": "[oss-security] 20210210 Re: CVE-2021-20200: Linux kernel: close race between munmap() and expand_upwards()/downwards()",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/02/10/6"
},
{
"name": "[oss-security] 20210219 Re: CVE-2021-20200: Linux kernel: close race between munmap() and expand_upwards()/downwards()",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/02/19/8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11. There is a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-19T21:06:07",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.11"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=246c320a8cfe0b11d81a4af38fa9985ef0cc9a4c"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2056"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210115-0001/"
},
{
"name": "[oss-security] 20210210 Re: CVE-2021-20200: Linux kernel: close race between munmap() and expand_upwards()/downwards()",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/02/10/6"
},
{
"name": "[oss-security] 20210219 Re: CVE-2021-20200: Linux kernel: close race between munmap() and expand_upwards()/downwards()",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/02/19/8"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-29369",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11. There is a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.11",
"refsource": "MISC",
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.11"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=246c320a8cfe0b11d81a4af38fa9985ef0cc9a4c",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=246c320a8cfe0b11d81a4af38fa9985ef0cc9a4c"
},
{
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2056",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2056"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210115-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210115-0001/"
},
{
"name": "[oss-security] 20210210 Re: CVE-2021-20200: Linux kernel: close race between munmap() and expand_upwards()/downwards()",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/02/10/6"
},
{
"name": "[oss-security] 20210219 Re: CVE-2021-20200: Linux kernel: close race between munmap() and expand_upwards()/downwards()",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/02/19/8"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-29369",
"datePublished": "2020-11-28T06:20:14",
"dateReserved": "2020-11-28T00:00:00",
"dateUpdated": "2024-08-04T16:48:01.675Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25645 (GCVE-0-2020-25645)
Vulnerability from cvelistv5
Published
2020-10-13 19:52
Modified
2024-08-04 15:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1883988 | x_refsource_MISC | |
| http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00035.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00042.html | vendor-advisory, x_refsource_SUSE | |
| https://www.debian.org/security/2020/dsa-4774 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.debian.org/debian-lts-announce/2020/10/msg00028.html | mailing-list, x_refsource_MLIST | |
| https://security.netapp.com/advisory/ntap-20201103-0004/ | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html | mailing-list, x_refsource_MLIST | |
| http://packetstormsecurity.com/files/161229/Kernel-Live-Patch-Security-Notice-LSN-0074-1.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:40:36.536Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1883988"
},
{
"name": "openSUSE-SU-2020:1682",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00035.html"
},
{
"name": "openSUSE-SU-2020:1698",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00042.html"
},
{
"name": "DSA-4774",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4774"
},
{
"name": "[debian-lts-announce] 20201028 [SECURITY] [DLA 2417-1] linux-4.19 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00028.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20201103-0004/"
},
{
"name": "[debian-lts-announce] 20201218 [SECURITY] [DLA 2494-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/161229/Kernel-Live-Patch-Security-Notice-LSN-0074-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "kernel",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Linux kernel versions before 5.9-rc7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-01T18:06:18",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1883988"
},
{
"name": "openSUSE-SU-2020:1682",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00035.html"
},
{
"name": "openSUSE-SU-2020:1698",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00042.html"
},
{
"name": "DSA-4774",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4774"
},
{
"name": "[debian-lts-announce] 20201028 [SECURITY] [DLA 2417-1] linux-4.19 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00028.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20201103-0004/"
},
{
"name": "[debian-lts-announce] 20201218 [SECURITY] [DLA 2494-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/161229/Kernel-Live-Patch-Security-Notice-LSN-0074-1.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-25645",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "Linux kernel versions before 5.9-rc7"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-319"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1883988",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1883988"
},
{
"name": "openSUSE-SU-2020:1682",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00035.html"
},
{
"name": "openSUSE-SU-2020:1698",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00042.html"
},
{
"name": "DSA-4774",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4774"
},
{
"name": "[debian-lts-announce] 20201028 [SECURITY] [DLA 2417-1] linux-4.19 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00028.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20201103-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20201103-0004/"
},
{
"name": "[debian-lts-announce] 20201218 [SECURITY] [DLA 2494-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html"
},
{
"name": "http://packetstormsecurity.com/files/161229/Kernel-Live-Patch-Security-Notice-LSN-0074-1.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/161229/Kernel-Live-Patch-Security-Notice-LSN-0074-1.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-25645",
"datePublished": "2020-10-13T19:52:35",
"dateReserved": "2020-09-16T00:00:00",
"dateUpdated": "2024-08-04T15:40:36.536Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-1559 (GCVE-0-2019-1559)
Vulnerability from cvelistv5
Published
2019-02-27 23:00
Modified
2024-09-17 04:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Padding Oracle
Summary
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:20:27.982Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "107174",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107174"
},
{
"name": "GLSA-201903-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201903-10"
},
{
"name": "USN-3899-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3899-1/"
},
{
"name": "[debian-lts-announce] 20190301 [SECURITY] [DLA 1701-1] openssl security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html"
},
{
"name": "DSA-4400",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4400"
},
{
"name": "openSUSE-SU-2019:1076",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html"
},
{
"name": "openSUSE-SU-2019:1105",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html"
},
{
"name": "openSUSE-SU-2019:1173",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html"
},
{
"name": "openSUSE-SU-2019:1175",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html"
},
{
"name": "openSUSE-SU-2019:1432",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html"
},
{
"name": "openSUSE-SU-2019:1637",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html"
},
{
"name": "RHSA-2019:2304",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2304"
},
{
"name": "RHSA-2019:2439",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2439"
},
{
"name": "RHSA-2019:2437",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2437"
},
{
"name": "RHSA-2019:2471",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2471"
},
{
"name": "FEDORA-2019-db06efdea1",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/"
},
{
"name": "FEDORA-2019-00c25b9379",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/"
},
{
"name": "FEDORA-2019-9a0a7c0986",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/"
},
{
"name": "RHSA-2019:3929",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3929"
},
{
"name": "RHSA-2019:3931",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3931"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"name": "USN-4376-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4376-2/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190301-0001/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190301-0002/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.openssl.org/news/secadv/20190226.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K18549143"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2019-02"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190423-0002/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2019-03"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10282"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K18549143?utm_source=f5support\u0026amp%3Butm_medium=RSS"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenSSL",
"vendor": "OpenSSL",
"versions": [
{
"status": "affected",
"version": "Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q)"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Juraj Somorovsky, Robert Merget and Nimrod Aviram, with additional investigation by Steven Collison and Andrew Hourselt"
}
],
"datePublic": "2019-02-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q)."
}
],
"metrics": [
{
"other": {
"content": {
"lang": "eng",
"url": "https://www.openssl.org/policies/secpolicy.html#Moderate",
"value": "Moderate"
},
"type": "unknown"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Padding Oracle",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-20T14:42:01",
"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"shortName": "openssl"
},
"references": [
{
"name": "107174",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107174"
},
{
"name": "GLSA-201903-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201903-10"
},
{
"name": "USN-3899-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3899-1/"
},
{
"name": "[debian-lts-announce] 20190301 [SECURITY] [DLA 1701-1] openssl security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html"
},
{
"name": "DSA-4400",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4400"
},
{
"name": "openSUSE-SU-2019:1076",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html"
},
{
"name": "openSUSE-SU-2019:1105",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html"
},
{
"name": "openSUSE-SU-2019:1173",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html"
},
{
"name": "openSUSE-SU-2019:1175",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html"
},
{
"name": "openSUSE-SU-2019:1432",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html"
},
{
"name": "openSUSE-SU-2019:1637",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html"
},
{
"name": "RHSA-2019:2304",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2304"
},
{
"name": "RHSA-2019:2439",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2439"
},
{
"name": "RHSA-2019:2437",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2437"
},
{
"name": "RHSA-2019:2471",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2471"
},
{
"name": "FEDORA-2019-db06efdea1",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/"
},
{
"name": "FEDORA-2019-00c25b9379",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/"
},
{
"name": "FEDORA-2019-9a0a7c0986",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/"
},
{
"name": "RHSA-2019:3929",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3929"
},
{
"name": "RHSA-2019:3931",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3931"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"name": "USN-4376-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4376-2/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190301-0001/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190301-0002/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.openssl.org/news/secadv/20190226.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K18549143"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tenable.com/security/tns-2019-02"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190423-0002/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tenable.com/security/tns-2019-03"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10282"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K18549143?utm_source=f5support\u0026amp%3Butm_medium=RSS"
}
],
"title": "0-byte record padding oracle",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "openssl-security@openssl.org",
"DATE_PUBLIC": "2019-02-26",
"ID": "CVE-2019-1559",
"STATE": "PUBLIC",
"TITLE": "0-byte record padding oracle"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenSSL",
"version": {
"version_data": [
{
"version_value": "Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q)"
}
]
}
}
]
},
"vendor_name": "OpenSSL"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Juraj Somorovsky, Robert Merget and Nimrod Aviram, with additional investigation by Steven Collison and Andrew Hourselt"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q)."
}
]
},
"impact": [
{
"lang": "eng",
"url": "https://www.openssl.org/policies/secpolicy.html#Moderate",
"value": "Moderate"
}
],
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Padding Oracle"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "107174",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107174"
},
{
"name": "GLSA-201903-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201903-10"
},
{
"name": "USN-3899-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3899-1/"
},
{
"name": "[debian-lts-announce] 20190301 [SECURITY] [DLA 1701-1] openssl security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html"
},
{
"name": "DSA-4400",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4400"
},
{
"name": "openSUSE-SU-2019:1076",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html"
},
{
"name": "openSUSE-SU-2019:1105",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html"
},
{
"name": "openSUSE-SU-2019:1173",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html"
},
{
"name": "openSUSE-SU-2019:1175",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html"
},
{
"name": "openSUSE-SU-2019:1432",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html"
},
{
"name": "openSUSE-SU-2019:1637",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html"
},
{
"name": "RHSA-2019:2304",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2304"
},
{
"name": "RHSA-2019:2439",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2439"
},
{
"name": "RHSA-2019:2437",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2437"
},
{
"name": "RHSA-2019:2471",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2471"
},
{
"name": "FEDORA-2019-db06efdea1",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/"
},
{
"name": "FEDORA-2019-00c25b9379",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/"
},
{
"name": "FEDORA-2019-9a0a7c0986",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/"
},
{
"name": "RHSA-2019:3929",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3929"
},
{
"name": "RHSA-2019:3931",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3931"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"name": "USN-4376-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4376-2/"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190301-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190301-0001/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190301-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190301-0002/"
},
{
"name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e",
"refsource": "CONFIRM",
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e"
},
{
"name": "https://www.openssl.org/news/secadv/20190226.txt",
"refsource": "CONFIRM",
"url": "https://www.openssl.org/news/secadv/20190226.txt"
},
{
"name": "https://support.f5.com/csp/article/K18549143",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K18549143"
},
{
"name": "https://www.tenable.com/security/tns-2019-02",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2019-02"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190423-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190423-0002/"
},
{
"name": "https://www.tenable.com/security/tns-2019-03",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2019-03"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10282",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10282"
},
{
"name": "https://support.f5.com/csp/article/K18549143?utm_source=f5support\u0026amp;utm_medium=RSS",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K18549143?utm_source=f5support\u0026amp;utm_medium=RSS"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"assignerShortName": "openssl",
"cveId": "CVE-2019-1559",
"datePublished": "2019-02-27T23:00:00Z",
"dateReserved": "2018-11-28T00:00:00",
"dateUpdated": "2024-09-17T04:20:35.057Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-50379 (GCVE-0-2024-50379)
Vulnerability from cvelistv5
Published
2024-12-17 12:34
Modified
2025-03-20 03:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Summary
Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration).
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97.
Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread/y6lj6q1xnp822g6ro70tn19sgtjmr80r | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Tomcat |
Version: 11.0.0-M1 ≤ 11.0.1 Version: 10.1.0-M1 ≤ 10.1.33 Version: 9.0.0.M1 ≤ 9.0.97 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-50379",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-19T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-20T03:55:50.524Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-01-03T12:04:28.838Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/12/17/4"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/12/18/2"
},
{
"url": "https://security.netapp.com/advisory/ntap-20250103-0003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Tomcat",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "11.0.1",
"status": "affected",
"version": "11.0.0-M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.1.33",
"status": "affected",
"version": "10.1.0-M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.0.97",
"status": "affected",
"version": "9.0.0.M1",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nacl, WHOAMI, Yemoli and Ruozhi"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eTime-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration).\u003c/p\u003e\u003cp\u003eThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.\u003c/p\u003e"
}
],
"value": "Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration).\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97.\n\nUsers are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "important"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-19T17:34:04.877Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/y6lj6q1xnp822g6ro70tn19sgtjmr80r"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache Tomcat: RCE due to TOCTOU issue in JSP compilation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-50379",
"datePublished": "2024-12-17T12:34:54.827Z",
"dateReserved": "2024-10-23T13:31:10.241Z",
"dateUpdated": "2025-03-20T03:55:50.524Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-54677 (GCVE-0-2024-54677)
Vulnerability from cvelistv5
Published
2024-12-17 12:35
Modified
2025-01-31 15:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-400 - Uncontrolled Resource Consumption
Summary
Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.9.97.
Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread/tdtbbxpg5trdwc2wnopcth9ccvdftq2n | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Tomcat |
Version: 11.0.0-M1 ≤ 11.0.1 Version: 10.1.0-M1 ≤ 10.1.33 Version: 9.0.0.M1 ≤ 9.0.97 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-54677",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-17T16:41:40.093839Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-17T16:45:33.335Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-01-31T15:02:50.435Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/12/17/5"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/12/17/6"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/12/18/1"
},
{
"url": "https://security.netapp.com/advisory/ntap-20250131-0006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Tomcat",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "11.0.1",
"status": "affected",
"version": "11.0.0-M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.1.33",
"status": "affected",
"version": "10.1.0-M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.0.97",
"status": "affected",
"version": "9.0.0.M1",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service.\u003c/p\u003e\u003cp\u003eThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.9.97.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.\u003c/p\u003e"
}
],
"value": "Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.9.97.\n\nUsers are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "low"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-18T07:08:30.439Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/tdtbbxpg5trdwc2wnopcth9ccvdftq2n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache Tomcat: DoS in examples web application",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-54677",
"datePublished": "2024-12-17T12:35:50.948Z",
"dateReserved": "2024-12-05T07:31:33.851Z",
"dateUpdated": "2025-01-31T15:02:50.435Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27778 (GCVE-0-2022-27778)
Vulnerability from cvelistv5
Published
2022-06-01 19:03
Modified
2024-08-03 05:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-706 - Use of Incorrectly-Resolved Name or Reference ()
Summary
A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`.
References
| ▼ | URL | Tags |
|---|---|---|
| https://hackerone.com/reports/1553598 | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpujul2022.html | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20220609-0009/ | x_refsource_CONFIRM | |
| https://security.netapp.com/advisory/ntap-20220729-0004/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/curl/curl |
Version: fixed in 7.83.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:59.845Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/1553598"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220609-0009/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220729-0004/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "https://github.com/curl/curl",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "fixed in 7.83.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-706",
"description": "Use of Incorrectly-Resolved Name or Reference (CWE-706)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-29T19:09:59",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/1553598"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220609-0009/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220729-0004/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2022-27778",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "https://github.com/curl/curl",
"version": {
"version_data": [
{
"version_value": "fixed in 7.83.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of Incorrectly-Resolved Name or Reference (CWE-706)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/1553598",
"refsource": "MISC",
"url": "https://hackerone.com/reports/1553598"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220609-0009/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220609-0009/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220729-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220729-0004/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2022-27778",
"datePublished": "2022-06-01T19:03:32",
"dateReserved": "2022-03-23T00:00:00",
"dateUpdated": "2024-08-03T05:32:59.845Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11815 (GCVE-0-2019-11815)
Vulnerability from cvelistv5
Published
2019-05-08 13:36
Modified
2024-08-04 23:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:03:32.885Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/cb66ddd156203daefb8d71158036b27b0e2caf63"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cb66ddd156203daefb8d71158036b27b0e2caf63"
},
{
"name": "108283",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108283"
},
{
"name": "openSUSE-SU-2019:1404",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00037.html"
},
{
"name": "openSUSE-SU-2019:1407",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00043.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K32019083"
},
{
"name": "openSUSE-SU-2019:1479",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html"
},
{
"name": "USN-4008-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4008-1/"
},
{
"name": "USN-4005-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4005-1/"
},
{
"name": "USN-4008-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4008-3/"
},
{
"name": "DSA-4465",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4465"
},
{
"name": "[debian-lts-announce] 20190618 [SECURITY] [DLA 1824-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00011.html"
},
{
"name": "20190618 [SECURITY] [DSA 4465-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jun/26"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190719-0003/"
},
{
"name": "USN-4068-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4068-1/"
},
{
"name": "USN-4068-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4068-2/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153799/Kernel-Live-Patch-Security-Notice-LSN-0053-1.html"
},
{
"name": "USN-4118-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4118-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-02T23:06:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torvalds/linux/commit/cb66ddd156203daefb8d71158036b27b0e2caf63"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cb66ddd156203daefb8d71158036b27b0e2caf63"
},
{
"name": "108283",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108283"
},
{
"name": "openSUSE-SU-2019:1404",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00037.html"
},
{
"name": "openSUSE-SU-2019:1407",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00043.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K32019083"
},
{
"name": "openSUSE-SU-2019:1479",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html"
},
{
"name": "USN-4008-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4008-1/"
},
{
"name": "USN-4005-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4005-1/"
},
{
"name": "USN-4008-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4008-3/"
},
{
"name": "DSA-4465",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4465"
},
{
"name": "[debian-lts-announce] 20190618 [SECURITY] [DLA 1824-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00011.html"
},
{
"name": "20190618 [SECURITY] [DSA 4465-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Jun/26"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190719-0003/"
},
{
"name": "USN-4068-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4068-1/"
},
{
"name": "USN-4068-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4068-2/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153799/Kernel-Live-Patch-Security-Notice-LSN-0053-1.html"
},
{
"name": "USN-4118-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4118-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11815",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.8",
"refsource": "MISC",
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.8"
},
{
"name": "https://github.com/torvalds/linux/commit/cb66ddd156203daefb8d71158036b27b0e2caf63",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/cb66ddd156203daefb8d71158036b27b0e2caf63"
},
{
"name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cb66ddd156203daefb8d71158036b27b0e2caf63",
"refsource": "MISC",
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cb66ddd156203daefb8d71158036b27b0e2caf63"
},
{
"name": "108283",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108283"
},
{
"name": "openSUSE-SU-2019:1404",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00037.html"
},
{
"name": "openSUSE-SU-2019:1407",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00043.html"
},
{
"name": "https://support.f5.com/csp/article/K32019083",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K32019083"
},
{
"name": "openSUSE-SU-2019:1479",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html"
},
{
"name": "USN-4008-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4008-1/"
},
{
"name": "USN-4005-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4005-1/"
},
{
"name": "USN-4008-3",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4008-3/"
},
{
"name": "DSA-4465",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4465"
},
{
"name": "[debian-lts-announce] 20190618 [SECURITY] [DLA 1824-1] linux-4.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00011.html"
},
{
"name": "20190618 [SECURITY] [DSA 4465-1] linux security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Jun/26"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190719-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190719-0003/"
},
{
"name": "USN-4068-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4068-1/"
},
{
"name": "USN-4068-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4068-2/"
},
{
"name": "http://packetstormsecurity.com/files/153799/Kernel-Live-Patch-Security-Notice-LSN-0053-1.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153799/Kernel-Live-Patch-Security-Notice-LSN-0053-1.html"
},
{
"name": "USN-4118-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4118-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11815",
"datePublished": "2019-05-08T13:36:39",
"dateReserved": "2019-05-08T00:00:00",
"dateUpdated": "2024-08-04T23:03:32.885Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21140 (GCVE-0-2024-21140)
Vulnerability from cvelistv5
Published
2024-07-16 22:39
Modified
2025-02-13 17:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java SE JDK and JRE |
Version: Oracle Java SE:8u411 Version: Oracle Java SE:8u411-perf Version: Oracle Java SE:11.0.23 Version: Oracle Java SE:17.0.11 Version: Oracle Java SE:21.0.3 Version: Oracle Java SE:22.0.1 Version: Oracle GraalVM for JDK:17.0.11 Version: Oracle GraalVM for JDK:21.0.3 Version: Oracle GraalVM for JDK:22.0.1 Version: Oracle GraalVM Enterprise Edition:20.3.14 Version: Oracle GraalVM Enterprise Edition:21.3.10 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:oracle:java_se:8u411:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "java_se",
"vendor": "oracle",
"versions": [
{
"status": "affected",
"version": "8u411"
}
]
},
{
"cpes": [
"cpe:2.3:a:oracle:java_se:8u411-perf:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "java_se",
"vendor": "oracle",
"versions": [
{
"status": "affected",
"version": "8u411-perf"
}
]
},
{
"cpes": [
"cpe:2.3:a:oracle:java_se:11.0.23:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "java_se",
"vendor": "oracle",
"versions": [
{
"status": "affected",
"version": "11.0.23"
}
]
},
{
"cpes": [
"cpe:2.3:a:oracle:java_se:17.0.11:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "java_se",
"vendor": "oracle",
"versions": [
{
"status": "affected",
"version": "17.0.11"
}
]
},
{
"cpes": [
"cpe:2.3:a:oracle:java_se:21.0.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "java_se",
"vendor": "oracle",
"versions": [
{
"status": "affected",
"version": "21.0.3"
}
]
},
{
"cpes": [
"cpe:2.3:a:oracle:java_se:22.0.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "java_se",
"vendor": "oracle",
"versions": [
{
"status": "affected",
"version": "22.0.1"
}
]
},
{
"cpes": [
"cpe:2.3:a:oracle:jdk:17.0.11:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "jdk",
"vendor": "oracle",
"versions": [
{
"status": "affected",
"version": "17.0.11"
}
]
},
{
"cpes": [
"cpe:2.3:a:oracle:jdk:21.0.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "jdk",
"vendor": "oracle",
"versions": [
{
"status": "affected",
"version": "21.0.3"
}
]
},
{
"cpes": [
"cpe:2.3:a:oracle:jdk:22.0.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "jdk",
"vendor": "oracle",
"versions": [
{
"status": "affected",
"version": "22.0.1"
}
]
},
{
"cpes": [
"cpe:2.3:a:oracle:jre:20.3.14:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "jre",
"vendor": "oracle",
"versions": [
{
"status": "affected",
"version": "20.3.14"
}
]
},
{
"cpes": [
"cpe:2.3:a:oracle:jre:21.3.10:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "jre",
"vendor": "oracle",
"versions": [
{
"status": "affected",
"version": "21.3.10"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21140",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-17T13:27:50.068398Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-18T15:24:58.364Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:13:42.666Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2024.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240719-0008/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Java SE JDK and JRE",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "Oracle Java SE:8u411"
},
{
"status": "affected",
"version": "Oracle Java SE:8u411-perf"
},
{
"status": "affected",
"version": "Oracle Java SE:11.0.23"
},
{
"status": "affected",
"version": "Oracle Java SE:17.0.11"
},
{
"status": "affected",
"version": "Oracle Java SE:21.0.3"
},
{
"status": "affected",
"version": "Oracle Java SE:22.0.1"
},
{
"status": "affected",
"version": "Oracle GraalVM for JDK:17.0.11"
},
{
"status": "affected",
"version": "Oracle GraalVM for JDK:21.0.3"
},
{
"status": "affected",
"version": "Oracle GraalVM for JDK:22.0.1"
},
{
"status": "affected",
"version": "Oracle GraalVM Enterprise Edition:20.3.14"
},
{
"status": "affected",
"version": "Oracle GraalVM Enterprise Edition:21.3.10"
}
]
}
],
"descriptions": [
{
"lang": "en-US",
"value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-19T13:06:09.873Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2024.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240719-0008/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2024-21140",
"datePublished": "2024-07-16T22:39:56.895Z",
"dateReserved": "2023-12-07T22:28:10.682Z",
"dateUpdated": "2025-02-13T17:33:12.509Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35494 (GCVE-0-2020-35494)
Vulnerability from cvelistv5
Published
2021-01-04 14:23
Modified
2024-08-04 17:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
There's a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is able to submit a crafted input file to be processed by binutils could cause usage of uninitialized memory. The highest threat is to application availability with a lower threat to data confidentiality. This flaw affects binutils versions prior to 2.34.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1911439 | x_refsource_MISC | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KOK3QWSVOUJWJ54HVGIFWNLWQ5ZY4S6/ | vendor-advisory, x_refsource_FEDORA | |
| https://security.netapp.com/advisory/ntap-20210212-0007/ | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/202107-24 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:02:08.273Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1911439"
},
{
"name": "FEDORA-2020-28c78a6ac3",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KOK3QWSVOUJWJ54HVGIFWNLWQ5ZY4S6/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210212-0007/"
},
{
"name": "GLSA-202107-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202107-24"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "binutils",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "binutils 2.34"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There\u0027s a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is able to submit a crafted input file to be processed by binutils could cause usage of uninitialized memory. The highest threat is to application availability with a lower threat to data confidentiality. This flaw affects binutils versions prior to 2.34."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-908",
"description": "CWE-908",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-10T04:06:34",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1911439"
},
{
"name": "FEDORA-2020-28c78a6ac3",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KOK3QWSVOUJWJ54HVGIFWNLWQ5ZY4S6/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210212-0007/"
},
{
"name": "GLSA-202107-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202107-24"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-35494",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "binutils",
"version": {
"version_data": [
{
"version_value": "binutils 2.34"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There\u0027s a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is able to submit a crafted input file to be processed by binutils could cause usage of uninitialized memory. The highest threat is to application availability with a lower threat to data confidentiality. This flaw affects binutils versions prior to 2.34."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-908"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1911439",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1911439"
},
{
"name": "FEDORA-2020-28c78a6ac3",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4KOK3QWSVOUJWJ54HVGIFWNLWQ5ZY4S6/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210212-0007/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210212-0007/"
},
{
"name": "GLSA-202107-24",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202107-24"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-35494",
"datePublished": "2021-01-04T14:23:23",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-04T17:02:08.273Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19044 (GCVE-0-2019-19044)
Vulnerability from cvelistv5
Published
2019-11-18 05:23
Modified
2024-08-05 02:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Two memory leaks in the v3d_submit_cl_ioctl() function in drivers/gpu/drm/v3d/v3d_gem.c in the Linux kernel before 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering kcalloc() or v3d_job_init() failures, aka CID-29cd13cfd762.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11 | x_refsource_MISC | |
| https://github.com/torvalds/linux/commit/29cd13cfd7624726d9e6becbae9aa419ef35af7f | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20191205-0001/ | x_refsource_CONFIRM | |
| https://usn.ubuntu.com/4225-1/ | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:09:38.256Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/29cd13cfd7624726d9e6becbae9aa419ef35af7f"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20191205-0001/"
},
{
"name": "USN-4225-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4225-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Two memory leaks in the v3d_submit_cl_ioctl() function in drivers/gpu/drm/v3d/v3d_gem.c in the Linux kernel before 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering kcalloc() or v3d_job_init() failures, aka CID-29cd13cfd762."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-07T05:06:54",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torvalds/linux/commit/29cd13cfd7624726d9e6becbae9aa419ef35af7f"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20191205-0001/"
},
{
"name": "USN-4225-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4225-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19044",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Two memory leaks in the v3d_submit_cl_ioctl() function in drivers/gpu/drm/v3d/v3d_gem.c in the Linux kernel before 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering kcalloc() or v3d_job_init() failures, aka CID-29cd13cfd762."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11",
"refsource": "MISC",
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11"
},
{
"name": "https://github.com/torvalds/linux/commit/29cd13cfd7624726d9e6becbae9aa419ef35af7f",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/29cd13cfd7624726d9e6becbae9aa419ef35af7f"
},
{
"name": "https://security.netapp.com/advisory/ntap-20191205-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20191205-0001/"
},
{
"name": "USN-4225-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4225-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19044",
"datePublished": "2019-11-18T05:23:39",
"dateReserved": "2019-11-18T00:00:00",
"dateUpdated": "2024-08-05T02:09:38.256Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-29368 (GCVE-0-2020-29368)
Vulnerability from cvelistv5
Published
2020-11-28 06:20
Modified
2024-08-04 16:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.5 | x_refsource_MISC | |
| https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c444eb564fb16645c172d550359cb3d75fe8a040 | x_refsource_MISC | |
| https://bugs.chromium.org/p/project-zero/issues/detail?id=2045 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210108-0002/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:48:01.651Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c444eb564fb16645c172d550359cb3d75fe8a040"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2045"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210108-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-08T11:06:18",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c444eb564fb16645c172d550359cb3d75fe8a040"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2045"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210108-0002/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-29368",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.5",
"refsource": "MISC",
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.5"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c444eb564fb16645c172d550359cb3d75fe8a040",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c444eb564fb16645c172d550359cb3d75fe8a040"
},
{
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2045",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2045"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210108-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210108-0002/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-29368",
"datePublished": "2020-11-28T06:20:26",
"dateReserved": "2020-11-28T00:00:00",
"dateUpdated": "2024-08-04T16:48:01.651Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-32487 (GCVE-0-2024-32487)
Vulnerability from cvelistv5
Published
2024-04-13 00:00
Modified
2024-08-02 02:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:netapp:less:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "less",
"vendor": "netapp",
"versions": [
{
"lessThanOrEqual": "653",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-32487",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-17T18:38:36.239380Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-96",
"description": "CWE-96 Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-03T16:31:29.695Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:13:39.027Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2024/04/13/2"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2024/04/12/5"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/gwsw/less/commit/007521ac3c95bc76e3d59c6dbfe75d06c8075c33"
},
{
"name": "[oss-security] 20240415 Re: less(1) with LESSOPEN mishandles \\n in paths",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/15/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240605-0009/"
},
{
"name": "[debian-lts-announce] 20240527 [SECURITY] [DLA 3823-1] less security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00018.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T17:11:52.179329",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.openwall.com/lists/oss-security/2024/04/13/2"
},
{
"url": "https://www.openwall.com/lists/oss-security/2024/04/12/5"
},
{
"url": "https://github.com/gwsw/less/commit/007521ac3c95bc76e3d59c6dbfe75d06c8075c33"
},
{
"name": "[oss-security] 20240415 Re: less(1) with LESSOPEN mishandles \\n in paths",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/15/1"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240605-0009/"
},
{
"name": "[debian-lts-announce] 20240527 [SECURITY] [DLA 3823-1] less security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00018.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-32487",
"datePublished": "2024-04-13T00:00:00",
"dateReserved": "2024-04-13T00:00:00",
"dateUpdated": "2024-08-02T02:13:39.027Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2022-04-19 21:15
Modified
2024-11-21 06:44
Severity ?
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:graalvm:20.3.5:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "079F2588-2746-408B-9BB0-9A569289985B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:graalvm:21.3.1:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "51600424-E294-41E0-9C8B-12D0C3456027",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:graalvm:22.0.0.2:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "C3D12B98-032F-49A6-B237-E0CAD32D9A25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdk:7.0:update_331:*:*:*:*:*:*",
"matchCriteriaId": "AC99AA10-93C5-4B27-A991-FD29496FDF1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdk:8.0:update_321:*:*:*:*:*:*",
"matchCriteriaId": "C66D72B5-055F-45BD-AD02-C5E086AB5B63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdk:11.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "681BFE5C-6F33-4084-8F0D-2DD573782004",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdk:17.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A29CF53D-7DDC-4B60-8232-6C173083101F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdk:18:*:*:*:*:*:*:*",
"matchCriteriaId": "FBA091EC-B5A9-468D-B99C-BB6F333E7B64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
"matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF971916-C526-43A9-BD80-985BCC476569",
"versionEndIncluding": "11.70.1",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
"matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:azul:zulu:7.52:*:*:*:*:*:*:*",
"matchCriteriaId": "5522AD81-A23E-47D3-82E4-6D71ECEB1DBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azul:zulu:8.60:*:*:*:*:*:*:*",
"matchCriteriaId": "6AC61C25-871B-4F6F-A5F0-77359F373681",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azul:zulu:11.54:*:*:*:*:*:*:*",
"matchCriteriaId": "12A59E25-5ED3-4A6D-95F6-45750866E0D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azul:zulu:13.46:*:*:*:*:*:*:*",
"matchCriteriaId": "FC0DC492-706E-42FE-8757-71873B53C417",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azul:zulu:15.38:*:*:*:*:*:*:*",
"matchCriteriaId": "C1441FE9-45C5-46C4-BF78-FD5D30F9C80C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azul:zulu:17.32:*:*:*:*:*:*:*",
"matchCriteriaId": "28D25E37-5479-4876-B46C-28FF87384852",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C0D3169-24B4-4733-BD40-59D0BB5DAC13",
"versionEndIncluding": "11.0.14",
"versionStartIncluding": "11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D1D003C0-042E-4126-AEDA-F85863FEAB45",
"versionEndIncluding": "13.0.10",
"versionStartIncluding": "13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC2C87EC-6234-482F-B597-962E3C52D01B",
"versionEndIncluding": "15.0.6",
"versionStartIncluding": "15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "38F4BE82-B2A6-4E48-B1E0-100ACF94B9CD",
"versionEndIncluding": "17.0.2",
"versionStartIncluding": "17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*",
"matchCriteriaId": "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*",
"matchCriteriaId": "02011EDC-20A7-4A16-A592-7C76E0037997",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*",
"matchCriteriaId": "AC6D4652-1226-4C60-BEDF-01EBF8AC0849",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:*",
"matchCriteriaId": "3C1F9ED7-7D93-41F4-9130-15BA734420AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*",
"matchCriteriaId": "1CF9CDF1-95D3-4125-A73F-396D2280FC4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:*",
"matchCriteriaId": "A13266DC-F8D9-4F30-987F-65BBEAF8D3A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:*",
"matchCriteriaId": "C28388AB-CFC9-4749-A90F-383F5B905EA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*",
"matchCriteriaId": "DA1B00F9-A81C-48B7-8DAA-F394DDF323F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:*",
"matchCriteriaId": "CA7AD457-6CE6-4925-8D94-A907B40233D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:*",
"matchCriteriaId": "A6F3FDD1-7CAC-4B84-ABB7-64E9D3FBD708",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*",
"matchCriteriaId": "5480E5AD-DB46-474A-9B57-84ED088A75FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*",
"matchCriteriaId": "881A4AE9-6012-4E91-98BE-0A352CC20703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*",
"matchCriteriaId": "7E1E1079-57D9-473B-A017-964F4745F329",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*",
"matchCriteriaId": "B8D6446E-2915-4F12-87BE-E7420BC2626E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*",
"matchCriteriaId": "564EDCE3-16E6-401D-8A43-032D1F8875E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*",
"matchCriteriaId": "08278802-D31B-488A-BA6A-EBC816DF883A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*",
"matchCriteriaId": "72BDA05A-C8BD-472E-8465-EE1F3E5D8CF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*",
"matchCriteriaId": "7BBB0969-565E-43E2-B067-A10AAA5F1958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*",
"matchCriteriaId": "D78BE95D-6270-469A-8035-FCDDB398F952",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*",
"matchCriteriaId": "88C24F40-3150-4584-93D9-8307DE04EEE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*",
"matchCriteriaId": "E0FC5A03-FF11-4787-BBF1-3ACF93A21F2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*",
"matchCriteriaId": "19626B36-62FC-4497-A2E1-7D6CD9839B19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*",
"matchCriteriaId": "5713AEBD-35F6-44E8-A0CC-A42830D7AE20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*",
"matchCriteriaId": "8BE0C04B-440E-4B35-ACC8-6264514F764C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:*",
"matchCriteriaId": "555EC2A6-0475-48ED-AE0C-B306714A9333",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*",
"matchCriteriaId": "EC1CF2AD-3F7A-4EF3-BD41-117A21553A9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update261:*:*:*:*:*:*",
"matchCriteriaId": "02C55E2E-AEDE-455C-B128-168C918B5D97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update271:*:*:*:*:*:*",
"matchCriteriaId": "81831D37-6597-441B-87DE-38F7191BEA42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update281:*:*:*:*:*:*",
"matchCriteriaId": "EEA1594D-0AB5-436D-9E60-C26EE2175753",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update291:*:*:*:*:*:*",
"matchCriteriaId": "B868FA41-C71B-491C-880B-484740B30C72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*",
"matchCriteriaId": "C242D3BE-9114-4A9E-BB78-45754C7CC450",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update301:*:*:*:*:*:*",
"matchCriteriaId": "95954182-9541-4181-9647-B17FA5A79F9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update311:*:*:*:*:*:*",
"matchCriteriaId": "9F6F0137-F91F-4028-BED2-C29640D52C23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update321:*:*:*:*:*:*",
"matchCriteriaId": "EAFB6B15-4AE6-47FC-8847-9DFADB7AE253",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update331:*:*:*:*:*:*",
"matchCriteriaId": "A8971E08-2CA2-46F4-8C26-12D2AFAC3B04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update4:*:*:*:*:*:*",
"matchCriteriaId": "D61068FE-18EE-4ADB-BC69-A3ECE8724575",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update40:*:*:*:*:*:*",
"matchCriteriaId": "EFB59E80-4EC4-4399-BF40-6733E4E475A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update45:*:*:*:*:*:*",
"matchCriteriaId": "84E31265-22E1-4E91-BFCB-D2AFF445926A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update5:*:*:*:*:*:*",
"matchCriteriaId": "AB3A58C3-94BB-4120-BE1D-AAF8BBF7F22B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update51:*:*:*:*:*:*",
"matchCriteriaId": "50319E52-8739-47C5-B61E-3CA9B6A9A48F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update55:*:*:*:*:*:*",
"matchCriteriaId": "7ED515B9-DC74-4DC5-B98A-08D87D85E11E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update6:*:*:*:*:*:*",
"matchCriteriaId": "6D1D4868-1F9F-43F7-968C-6469B67D3F1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update60:*:*:*:*:*:*",
"matchCriteriaId": "568F1AC4-B0D7-4438-82E5-0E61500F2240",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update65:*:*:*:*:*:*",
"matchCriteriaId": "F5E99B4A-EDAD-4471-81C4-7E9C775C9D9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update67:*:*:*:*:*:*",
"matchCriteriaId": "14E9133E-9FF3-40DB-9A11-7469EF5FD265",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update7:*:*:*:*:*:*",
"matchCriteriaId": "94834710-3FA9-49D9-8600-B514CBCA4270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update72:*:*:*:*:*:*",
"matchCriteriaId": "4228D9E1-7D82-4B49-9669-9CDAD7187432",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update76:*:*:*:*:*:*",
"matchCriteriaId": "F6231F48-2936-4F7D-96D5-4BA11F78EBE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*",
"matchCriteriaId": "D96D5061-4A81-497E-9AD6-A8381B3B454C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*",
"matchCriteriaId": "5345C21E-A01B-43B9-9A20-F2783D921C60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update9:*:*:*:*:*:*",
"matchCriteriaId": "B219F360-83BD-4111-AB59-C9D4F55AF4C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update91:*:*:*:*:*:*",
"matchCriteriaId": "D25377EA-8E8F-4C76-8EA9-3BBDFB352815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update95:*:*:*:*:*:*",
"matchCriteriaId": "59FEFE05-269A-4EAF-A80F-E4C2107B1197",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update97:*:*:*:*:*:*",
"matchCriteriaId": "E7E2AA7C-F602-4DB7-9EC1-0708C46C253C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update99:*:*:*:*:*:*",
"matchCriteriaId": "FB70E154-A304-429E-80F5-8D87B00E32D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*",
"matchCriteriaId": "70892D06-6E75-4425-BBF0-4B684EC62A1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone1:*:*:*:*:*:*",
"matchCriteriaId": "7A165D71-71CC-4E6A-AA4F-FF8DB5B9A5AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone2:*:*:*:*:*:*",
"matchCriteriaId": "7417B2BB-9AC2-4AF4-A828-C89A0735AD92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone3:*:*:*:*:*:*",
"matchCriteriaId": "6A0A57B5-6F88-4288-9CDE-F6613FE068D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone4:*:*:*:*:*:*",
"matchCriteriaId": "67ED8559-C348-4932-B7CE-CB96976A30EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone5:*:*:*:*:*:*",
"matchCriteriaId": "40AC3D91-263F-4345-9FAA-0E573EA64590",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone6:*:*:*:*:*:*",
"matchCriteriaId": "DD92AFA9-81F8-48D4-B79A-E7F066F69A99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone7:*:*:*:*:*:*",
"matchCriteriaId": "2C4B2F24-A730-4818-90C8-A2D90C081F03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone8:*:*:*:*:*:*",
"matchCriteriaId": "464087F2-C285-4574-957E-CE0663F07DE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone9:*:*:*:*:*:*",
"matchCriteriaId": "3E9BB880-A4F6-4887-8BB9-47AA298753D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*",
"matchCriteriaId": "18DCFF53-B298-4534-AB5C-8A5EF59C616F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*",
"matchCriteriaId": "083419F8-FDDF-4E36-88F8-857DB317C1D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*",
"matchCriteriaId": "D7A74F65-57E8-4C9A-BA96-5EF401504F13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*",
"matchCriteriaId": "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*",
"matchCriteriaId": "07812576-3C35-404C-A7D7-9BE9E3D76E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*",
"matchCriteriaId": "00C52B1C-5447-4282-9667-9EBE0720B423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*",
"matchCriteriaId": "92BB9EB0-0C12-4E77-89EE-FB77097841B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*",
"matchCriteriaId": "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*",
"matchCriteriaId": "ABC0E7BB-F8B7-4369-9910-71240E4073A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*",
"matchCriteriaId": "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*",
"matchCriteriaId": "0AE30779-48FB-451E-8CE1-F469F93B8772",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*",
"matchCriteriaId": "60590FDE-7156-4314-A012-AA38BD2ADDC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*",
"matchCriteriaId": "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*",
"matchCriteriaId": "F24F6122-2256-41B6-9033-794C6424ED99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*",
"matchCriteriaId": "0EAFA79E-8C7A-48CF-8868-11378FE4B26F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*",
"matchCriteriaId": "D1D6F19F-59B5-4BB6-AD35-013384025970",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*",
"matchCriteriaId": "E7BA97BC-3ADA-465A-835B-6C3C5F416B56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*",
"matchCriteriaId": "B71F77A4-B7EB-47A1-AAFD-431A7D040B86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*",
"matchCriteriaId": "91D6BEA9-5943-44A4-946D-CEAA9BA99376",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*",
"matchCriteriaId": "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*",
"matchCriteriaId": "2CB74086-14B8-4237-8357-E0C6B5BB8313",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*",
"matchCriteriaId": "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*",
"matchCriteriaId": "00C2B9C9-1177-4DA6-96CE-55F37F383F99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*",
"matchCriteriaId": "435CF189-0BD8-40DF-A0DC-99862CDEAF8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*",
"matchCriteriaId": "12A3F367-33AD-47C3-BFDC-871A17E72C94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*",
"matchCriteriaId": "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*",
"matchCriteriaId": "78261932-7373-4F16-91E0-1A72ADBEBC3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update242:*:*:*:*:*:*",
"matchCriteriaId": "9BD90D3D-9B3A-4101-9A8A-5090F0A9719F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*",
"matchCriteriaId": "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update252:*:*:*:*:*:*",
"matchCriteriaId": "F5A40B8A-D428-4008-9F21-AF21394C51D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update262:*:*:*:*:*:*",
"matchCriteriaId": "FEC5B777-01E1-45EE-AF95-C3BD1F098B2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update271:*:*:*:*:*:*",
"matchCriteriaId": "3B504718-5DCE-43B4-B19A-C6B6E7444BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update281:*:*:*:*:*:*",
"matchCriteriaId": "3102AA10-99A8-49A9-867E-7EEC56865680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update282:*:*:*:*:*:*",
"matchCriteriaId": "5A55CBC7-A7B2-4B89-8AB5-ED30DBE6814E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update291:*:*:*:*:*:*",
"matchCriteriaId": "15BA8A26-2CDA-442B-A549-6BE92DCCD205",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*",
"matchCriteriaId": "56F2883B-6A1B-4081-8877-07AF3A73F6CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update302:*:*:*:*:*:*",
"matchCriteriaId": "98C0742E-ACDD-4DB4-8A4C-B96702C8976C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*",
"matchCriteriaId": "F8483034-DD5A-445D-892F-CDE90A7D58EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update312:*:*:*:*:*:*",
"matchCriteriaId": "1716A5CD-1C32-4F19-9DDE-F9C7CCB6B420",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update322:*:*:*:*:*:*",
"matchCriteriaId": "DAB4F663-BCAF-43DB-BCC3-24C060B0CBAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*",
"matchCriteriaId": "8279718F-878F-4868-8859-1728D13CD0D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*",
"matchCriteriaId": "2C024E1A-FD2C-42E8-B227-C2AFD3040436",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*",
"matchCriteriaId": "4F24389D-DDD0-4204-AA24-31C920A4F47E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*",
"matchCriteriaId": "966979BE-1F21-4729-B6B8-610F74648344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*",
"matchCriteriaId": "F8534265-33BF-460D-BF74-5F55FDE50F29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*",
"matchCriteriaId": "F77AFC25-1466-4E56-9D5F-6988F3288E16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*",
"matchCriteriaId": "A650BEB8-E56F-4E42-9361-8D2DB083F0F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*",
"matchCriteriaId": "799FFECD-E80A-44B3-953D-CDB5E195F3AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*",
"matchCriteriaId": "A7047507-7CAF-4A14-AA9A-5CEF806EDE98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*",
"matchCriteriaId": "CFC7B179-95D3-4F94-84F6-73F1034A1AF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*",
"matchCriteriaId": "9FB28526-9385-44CA-AF08-1899E6C3AE4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*",
"matchCriteriaId": "E26B69E4-0B43-415F-A82B-52FDCB262B3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*",
"matchCriteriaId": "27BC4150-70EC-462B-8FC5-20B3442CBB31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*",
"matchCriteriaId": "02646989-ECD9-40AE-A83E-EFF4080C69B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:18:*:*:*:*:*:*:*",
"matchCriteriaId": "56CBFC1F-C120-44F2-877A-C1C880AA89C4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Libraries). Las versiones afectadas son Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 y 22.0.0.2. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante no autenticado con acceso a la red por medio de m\u00faltiples protocolos comprometer Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en un acceso no autorizado a datos cr\u00edticos o el acceso completo a todos los datos accesibles de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad es aplicada a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start con sandbox o applets Java con sandbox, que cargan y ejecutan c\u00f3digo que no es confiable (por ejemplo, c\u00f3digo que viene de Internet) y dependen del sandbox de Java para la seguridad. Esta vulnerabilidad tambi\u00e9n puede ser explotada mediante el uso de APIs en el componente especificado, por ejemplo, mediante un servicio web que suministra datos a las APIs. CVSS 3.1, Puntuaci\u00f3n Base 7.5 (impactos en la Confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)"
}
],
"id": "CVE-2022-21476",
"lastModified": "2024-11-21T06:44:47.470",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "secalert_us@oracle.com",
"type": "Secondary"
}
]
},
"published": "2022-04-19T21:15:17.503",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220429-0006/"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5128"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5131"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220429-0006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5128"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5131"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-02-16 19:15
Modified
2024-11-21 06:22
Severity ?
Summary
A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel, which may cause an out of bounds read in vt as the write access to vc_mode is not protected by lock-in vt_ioctl (KDSETMDE). The highest threat from this vulnerability is to data confidentiality.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_linux | 8.0 | |
| netapp | active_iq_unified_manager | - | |
| netapp | element_software | - | |
| netapp | hci_management_node | - | |
| netapp | solidfire | - | |
| netapp | bootstrap_os | - | |
| netapp | hci_compute_node | - | |
| netapp | h300s_firmware | - | |
| netapp | h300s | - | |
| netapp | h500s_firmware | - | |
| netapp | h500s | - | |
| netapp | h700s_firmware | - | |
| netapp | h700s | - | |
| netapp | h410s_firmware | - | |
| netapp | h410s | - | |
| netapp | h410c_firmware | - | |
| netapp | h410c | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "037A6DFB-B41D-4CC7-86C1-A201809B79C4",
"versionEndExcluding": "5.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel, which may cause an out of bounds read in vt as the write access to vc_mode is not protected by lock-in vt_ioctl (KDSETMDE). The highest threat from this vulnerability is to data confidentiality."
},
{
"lang": "es",
"value": "Se observ\u00f3 un problema de carrera en el la funci\u00f3n vt_k_ioctl en el archivo drivers/tty/vt/vt_ioctl.c en el kernel de Linux, que puede causar una lectura fuera de l\u00edmites en vt ya que el acceso de escritura a vc_mode no est\u00e1 protegido por el bloqueo de vt_ioctl (KDSETMDE). La mayor amenaza de esta vulnerabilidad es para la confidencialidad de los datos"
}
],
"id": "CVE-2021-3753",
"lastModified": "2024-11-21T06:22:20.623",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-16T19:15:08.647",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999589"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/torvalds/linux/commit/2287a51ba822384834dafc1c798453375d1107c7"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20221028-0003/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2021/09/01/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999589"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/torvalds/linux/commit/2287a51ba822384834dafc1c798453375d1107c7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20221028-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2021/09/01/4"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-125"
},
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-24 14:15
Modified
2025-05-30 20:15
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libexpat_project | libexpat | * | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 | |
| fedoraproject | fedora | 35 | |
| fedoraproject | fedora | 36 | |
| fedoraproject | fedora | 37 | |
| netapp | h300s_firmware | - | |
| netapp | h300s | - | |
| netapp | h500s_firmware | - | |
| netapp | h500s | - | |
| netapp | h700s_firmware | - | |
| netapp | h700s | - | |
| netapp | h410s_firmware | - | |
| netapp | h410s | - | |
| netapp | h410c_firmware | - | |
| netapp | h410c | - | |
| netapp | active_iq_unified_manager | - | |
| netapp | oncommand_workflow_automation | - | |
| netapp | solidfire_\&_hci_management_node | - | |
| netapp | hci_compute_node_firmware | - | |
| netapp | hci_compute_node | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "262BCBEE-82AD-4ED4-A93E-9AE282BBE16C",
"versionEndIncluding": "2.4.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire_\\\u0026_hci_management_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6D700C5-F67F-4FFB-BE69-D524592A3D2E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F921BC85-568E-4B69-A3CD-CF75C76672F1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations."
},
{
"lang": "es",
"value": "En libexpat versiones hasta 2.4.9, se presenta un uso de memoria previamente liberada causado por la destrucci\u00f3n excesiva de un DTD compartido en XML_ExternalEntityParserCreate en situaciones fuera de memoria"
}
],
"id": "CVE-2022-43680",
"lastModified": "2025-05-30T20:15:31.250",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-10-24T14:15:53.323",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/28/5"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2024/01/03/5"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/libexpat/libexpat/issues/649"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/libexpat/libexpat/pull/616"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/libexpat/libexpat/pull/650"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00033.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AJ5VY2VYXE4WTRGQ6LMGLF6FV3SY37YE/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BY4OPSIB33ETNUXZY2UPZ4NGQ3OKDY4D/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DPQVIF6TOJNY2T3ZZETFKR4G34FFREBQ/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FFCOMBSOJKLIKCGCJWHLJXO4EVYBG7AR/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUJ2BULJTZ2BMSKQHB6US674P55UCWWS/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG5XOOB7CD55CEE6OJYKSACSIMQ4RWQ6/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202210-38"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20221118-0007/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5266"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/28/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2024/01/03/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/libexpat/libexpat/issues/649"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/libexpat/libexpat/pull/616"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/libexpat/libexpat/pull/650"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00033.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AJ5VY2VYXE4WTRGQ6LMGLF6FV3SY37YE/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BY4OPSIB33ETNUXZY2UPZ4NGQ3OKDY4D/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DPQVIF6TOJNY2T3ZZETFKR4G34FFREBQ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FFCOMBSOJKLIKCGCJWHLJXO4EVYBG7AR/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUJ2BULJTZ2BMSKQHB6US674P55UCWWS/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG5XOOB7CD55CEE6OJYKSACSIMQ4RWQ6/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202210-38"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20221118-0007/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5266"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-25 09:15
Modified
2025-05-06 15:15
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nokogiri:nokogiri:*:*:*:*:*:ruby:*:*",
"matchCriteriaId": "57E74758-D6C1-4C5F-B471-D4028BAEF97C",
"versionEndExcluding": "1.13.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zlib:zlib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4976954F-9DF9-4CE4-B94D-2D8CA6ACA188",
"versionEndExcluding": "1.2.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB8A73F8-3074-4B32-B9F6-343B6B1988C5",
"versionEndExcluding": "10.15.7",
"versionStartIncluding": "10.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*",
"matchCriteriaId": "A654B8A2-FC30-4171-B0BB-366CD7ED4B6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020:*:*:*:*:*:*",
"matchCriteriaId": "F12CC8B5-C1EB-419E-8496-B9A3864656AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*",
"matchCriteriaId": "F1F4BF7F-90D4-4668-B4E6-B06F4070F448",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-005:*:*:*:*:*:*",
"matchCriteriaId": "7FD7176C-F4D1-43A7-9E49-BA92CA0D9980",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-007:*:*:*:*:*:*",
"matchCriteriaId": "2703DE0B-8A9E-4A9D-9AE8-028E22BF47CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*",
"matchCriteriaId": "0F441A43-1669-478D-9EC8-E96882DE4F9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:*",
"matchCriteriaId": "D425C653-37A2-448C-BF2F-B684ADB08A26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:*",
"matchCriteriaId": "A54D63B7-B92B-47C3-B1C5-9892E5873A98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-006:*:*:*:*:*:*",
"matchCriteriaId": "012052B5-9AA7-4FD3-9C80-5F615330039D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-007:*:*:*:*:*:*",
"matchCriteriaId": "50F21A3C-0AC3-48C5-A4F8-5A7B478875B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-008:*:*:*:*:*:*",
"matchCriteriaId": "8E974DC6-F7D9-4389-9AF9-863F6E419CE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-001:*:*:*:*:*:*",
"matchCriteriaId": "156A6382-2BD3-4882-90B2-8E7CF6659E17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-002:*:*:*:*:*:*",
"matchCriteriaId": "20A2FDB2-6712-406A-9896-C0B44508B07D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-003:*:*:*:*:*:*",
"matchCriteriaId": "49F537A0-DC42-4176-B22F-C80D179DD99D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09A6345C-D813-43BA-B12E-789C80653F86",
"versionEndExcluding": "11.6.6",
"versionStartIncluding": "11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "56A8A170-44A7-4334-88B0-CB4413E28E53",
"versionEndExcluding": "12.4",
"versionStartIncluding": "12.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0743C1B3-D44D-4940-AAF4-25DEFB46AC74",
"versionEndExcluding": "3.7.14",
"versionStartIncluding": "3.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5E28EB81-9BE6-4EC9-AC44-EFA4DDB0233F",
"versionEndExcluding": "3.8.14",
"versionStartIncluding": "3.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D10062BC-7B79-46C6-9FF5-396AE56F4508",
"versionEndExcluding": "3.9.13",
"versionStartIncluding": "3.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
"matchCriteriaId": "90CD96D5-4F6E-4733-A8D1-0771156CA2A2",
"versionEndExcluding": "3.10.5",
"versionStartIncluding": "3.10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D5048A61-025A-46D4-AA1D-17C20FD193C0",
"versionEndExcluding": "10.3.36",
"versionStartIncluding": "10.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76F49D8B-E293-475B-A190-E55F2586EB74",
"versionEndExcluding": "10.4.26",
"versionStartIncluding": "10.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "144984F5-B5E4-4890-B84C-0BD4EBD1A575",
"versionEndExcluding": "10.5.17",
"versionStartIncluding": "10.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9397E948-E3C7-4AE0-AB59-D8DF6DC0F85A",
"versionEndExcluding": "10.6.9",
"versionStartIncluding": "10.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E60C79C-A7E6-4AEF-AD29-38BC63149C60",
"versionEndExcluding": "10.7.5",
"versionStartIncluding": "10.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB9F7573-E888-42B6-8B57-CAF26300CC16",
"versionEndExcluding": "10.8.4",
"versionStartIncluding": "10.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9FD7E579-DE84-4D5D-A959-AC4C959A7020",
"versionEndExcluding": "10.9.2",
"versionStartIncluding": "10.9.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C5DA53D-744B-4087-AEA9-257F18949E4D",
"versionEndIncluding": "11.70.2",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:management_services_for_element_software:-:*:*:*:*:*:*:*",
"matchCriteriaId": "86B51137-28D9-41F2-AFA2-3CC22B4954D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7CF3019-975D-40BB-A8A4-894E62BD3797",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_sc622-2c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21A75847-54F1-453A-82D7-B6D2CB2DE7AA",
"versionEndExcluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_sc622-2c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50FEE5FA-B141-4E5F-8673-363089262530",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_sc626-2c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ECCD4A67-EA4B-47C7-83F8-5CCC18BC3C94",
"versionEndExcluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_sc626-2c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EAC3EE40-4398-4337-B40E-8AACDF225BBF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_sc632-2c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E00E02E5-109C-44E7-8C20-BFEE7C739ADC",
"versionEndExcluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_sc632-2c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A79836B-5EC1-40AF-8A57-9657EF6758E5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_sc636-2c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1BC85A6-386C-43E9-9266-50F8C53C7362",
"versionEndExcluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_sc636-2c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB9BD17-7F1F-42E9-831F-EB907F9BC214",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_sc642-2c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6ACE6C40-E0BB-4D65-A76E-BCCA262AF2FD",
"versionEndExcluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_sc642-2c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "10C7D54A-27B4-4195-8131-DD5380472A75",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_sc646-2c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9BFAB0B9-3C01-4066-B9CD-5A7C4A66AA3C",
"versionEndExcluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_sc646-2c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E54AF1E6-0E52-447C-8946-18716D30EBE2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:azul:zulu:6.45:*:*:*:*:*:*:*",
"matchCriteriaId": "850B5359-7804-406B-9DC9-D22D65ACEE40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azul:zulu:7.52:*:*:*:*:*:*:*",
"matchCriteriaId": "5522AD81-A23E-47D3-82E4-6D71ECEB1DBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azul:zulu:8.60:*:*:*:*:*:*:*",
"matchCriteriaId": "6AC61C25-871B-4F6F-A5F0-77359F373681",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azul:zulu:11.54:*:*:*:*:*:*:*",
"matchCriteriaId": "12A59E25-5ED3-4A6D-95F6-45750866E0D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azul:zulu:13.46:*:*:*:*:*:*:*",
"matchCriteriaId": "FC0DC492-706E-42FE-8757-71873B53C417",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azul:zulu:15.38:*:*:*:*:*:*:*",
"matchCriteriaId": "C1441FE9-45C5-46C4-BF78-FD5D30F9C80C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azul:zulu:17.32:*:*:*:*:*:*:*",
"matchCriteriaId": "28D25E37-5479-4876-B46C-28FF87384852",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:goto:gotoassist:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB7FB2D7-6D53-4D9C-865A-4DFC8BC82218",
"versionEndExcluding": "11.9.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches."
},
{
"lang": "es",
"value": "zlib versiones anteriores a 1.2.12 permite la corrupci\u00f3n de memoria al desinflar (es decir, al comprimir) si la entrada tiene muchas coincidencias distantes"
}
],
"id": "CVE-2018-25032",
"lastModified": "2025-05-06T15:15:54.753",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-03-25T09:15:08.187",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/May/33"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/May/35"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/May/38"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/03/25/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/03/26/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/madler/zlib/compare/v1.2.11...v1.2.12"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/madler/zlib/issues/605"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DCZFIJBJTZ7CL5QXBFKTQ22Q26VINRUF/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZZPTWRYQULAOL3AW7RZJNVZ2UONXCV4/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202210-42"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220526-0009/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220729-0004/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT213255"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT213256"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT213257"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5111"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2022/03/24/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2022/03/28/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2022/03/28/3"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/May/33"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/May/35"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/May/38"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/03/25/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/03/26/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/madler/zlib/compare/v1.2.11...v1.2.12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/madler/zlib/issues/605"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DCZFIJBJTZ7CL5QXBFKTQ22Q26VINRUF/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZZPTWRYQULAOL3AW7RZJNVZ2UONXCV4/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202210-42"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220526-0009/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220729-0004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT213255"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT213256"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT213257"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5111"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2022/03/24/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2022/03/28/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2022/03/28/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-18 06:15
Modified
2024-11-21 04:34
Severity ?
Summary
A memory leak in the adis_update_scan_mode_burst() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-9c0530e898f3.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7172A3FD-611E-40CA-A6DD-349C9DDAC17A",
"versionEndExcluding": "4.4.262",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D3BB1DB0-B588-4D26-89CB-F67E73EDA007",
"versionEndExcluding": "4.9.262",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "712E1CC6-B087-4811-8513-30A6E6DFAEBB",
"versionEndExcluding": "4.14.192",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "924A83F4-1C2A-4B17-8E73-A155635FC9EA",
"versionEndExcluding": "4.19.137",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC19B2E4-2B1F-44F3-9944-91396EAC744D",
"versionEndExcluding": "5.3.9",
"versionStartIncluding": "4.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:aff_baseboard_management_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C0ADE5D-F91D-4E0D-B6C5-3511B19665F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0EF46487-B64A-454E-AECC-D74B83170ACD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8AFF1109-26F3-43A5-A4CB-0F169FDBC0DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5AF71C49-ADEF-4EE2-802C-6159ADD51355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.20:*:*:*:*:*:*:*",
"matchCriteriaId": "B3BC6E59-2134-4A28-AAD2-77C8AE236BCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.25:*:*:*:*:*:*:*",
"matchCriteriaId": "24377899-5389-4BDC-AC82-0E4186F4DE53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.30:*:*:*:*:*:*:*",
"matchCriteriaId": "23FE83DE-AE7C-4313-88E3-886110C31302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.30.5r3:*:*:*:*:*:*:*",
"matchCriteriaId": "490B327B-AC20-419B-BB76-8AB6971304BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40:*:*:*:*:*:*:*",
"matchCriteriaId": "8DCE2754-7A9E-4B3B-91D1-DCF90C1BABE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40.3r2:*:*:*:*:*:*:*",
"matchCriteriaId": "6CA74E8B-51E2-4A7C-8A98-0583D31134A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7B64AB37-A1D9-4163-A51B-4C780361F1F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7BE9C9D7-9CED-4184-A190-1024A6FB8C82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.2:-:*:*:*:*:*:*",
"matchCriteriaId": "B73D4C3C-A511-4E14-B19F-91F561ACB1B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.2:p1:*:*:*:*:*:*",
"matchCriteriaId": "0C47D72C-9B6B-4E52-AF0E-56AD58E4A930",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60:*:*:*:*:*:*:*",
"matchCriteriaId": "039C3790-5AA2-4895-AEAE-CC84A71DB907",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4592238-D1F2-43D6-9BAB-2F63ECF9C965",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BA78068-80E9-4E49-9056-88EAB7E3682C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.3:*:*:*:*:*:*:*",
"matchCriteriaId": "092F366C-E8B0-4BE5-B106-0B7A73B08D34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.70.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7992E92-B159-4810-B895-01A9B944058A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.70.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5BDD7AAB-2BF3-4E8C-BEE2-5217E2926C11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:fas\\/aff_baseboard_management_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66EEA3CA-8CC7-4F0B-8204-6132D4114873",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:hci_baseboard_management_controller:h610s:*:*:*:*:*:*:*",
"matchCriteriaId": "DE7C6010-F736-4BDA-9E3B-C4370BBFA149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire\\,_enterprise_sds_\\\u0026_hci_storage_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DAA3919C-B2B1-4CB5-BA76-7A079AAFFC52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire_\\\u0026_hci_management_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6D700C5-F67F-4FFB-BE69-D524592A3D2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:brocade_fabric_operating_system_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B2748912-FC54-47F6-8C0C-B96784765B8E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F921BC85-568E-4B69-A3CD-CF75C76672F1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB9B8171-F6CA-427D-81E0-6536D3BBFA8D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "090AA6F4-4404-4E26-82AB-C3A22636F276",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A memory leak in the adis_update_scan_mode_burst() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-9c0530e898f3."
},
{
"lang": "es",
"value": "Una p\u00e9rdida de memoria en la funci\u00f3n adis_update_scan_mode_burst() en el archivo drivers/iio/imu/adis_buffer.c en el kernel de Linux versiones anteriores a 5.3.9, permite a atacantes causar una denegaci\u00f3n de servicio (consumo de memoria), tambi\u00e9n se conoce como CID-9c0530e898f3."
}
],
"id": "CVE-2019-19061",
"lastModified": "2024-11-21T04:34:06.290",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-18T06:15:12.403",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/torvalds/linux/commit/9c0530e898f384c5d279bfcebd8bb17af1105873"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20191205-0001/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4208-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4526-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/torvalds/linux/commit/9c0530e898f384c5d279bfcebd8bb17af1105873"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20191205-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4208-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4526-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-401"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-15 20:15
Modified
2025-06-23 19:11
Severity ?
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle Java SE: 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert_us@oracle.com | https://www.oracle.com/security-alerts/cpuoct2024.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20241018-0008/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netapp | bootstrap_os | - | |
| netapp | hci_compute_node | - | |
| oracle | graalvm | 20.3.15 | |
| oracle | graalvm | 21.3.11 | |
| oracle | graalvm_for_jdk | 17.0.12 | |
| oracle | graalvm_for_jdk | 21.0.4 | |
| oracle | graalvm_for_jdk | 23 | |
| oracle | jdk | 23 | |
| oracle | jre | 23 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "93A899CF-69C5-46A3-BE20-E9F128FB079E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "44A007AC-88D1-4F18-B1AD-C69600AD643C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "DDDE5C6D-036C-42FC-BD31-366175914F3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4162209C-031A-4AD9-9F19-445236332DA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:23:*:*:*:*:*:*:*",
"matchCriteriaId": "0DD0AB0E-208D-4856-9F31-3A4BB5213FB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdk:23:*:*:*:*:*:*:*",
"matchCriteriaId": "9137A4EB-820C-4F05-983A-5534CFB0E019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jre:23:*:*:*:*:*:*:*",
"matchCriteriaId": "5792796D-D244-4382-8DE2-30359F5CD9CD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle Java SE: 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Compiler). Las versiones compatibles afectadas son Oracle Java SE: 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 y 21.3.11. Esta vulnerabilidad, dif\u00edcil de explotar, permite que un atacante no autenticado con acceso a la red a trav\u00e9s de m\u00faltiples protocolos ponga en peligro Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Los ataques exitosos de esta vulnerabilidad pueden dar como resultado un acceso no autorizado a actualizaciones, inserciones o eliminaciones de algunos datos accesibles de Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad se puede explotar mediante el uso de API en el componente especificado, por ejemplo, a trav\u00e9s de un servicio web que proporciona datos a las API. Esta vulnerabilidad tambi\u00e9n se aplica a implementaciones de Java, generalmente en clientes que ejecutan aplicaciones Java Web Start o subprogramas Java en entornos aislados, que cargan y ejecutan c\u00f3digo no confiable (por ejemplo, c\u00f3digo que proviene de Internet) y dependen del entorno aislado de Java para su seguridad. Puntuaci\u00f3n base CVSS 3.1 3.7 (impactos en la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)."
}
],
"id": "CVE-2024-21211",
"lastModified": "2025-06-23T19:11:06.527",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "secalert_us@oracle.com",
"type": "Secondary"
}
]
},
"published": "2024-10-15T20:15:10.050",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20241018-0008/"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-922"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-01-04 15:15
Modified
2024-11-21 05:27
Severity ?
Summary
There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1911691 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| secalert@redhat.com | https://security.gentoo.org/glsa/202107-24 | Third Party Advisory | |
| secalert@redhat.com | https://security.netapp.com/advisory/ntap-20210212-0007/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1911691 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202107-24 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20210212-0007/ | Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:binutils:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FF09EA1-994B-4950-B853-1FB4F936A162",
"versionEndExcluding": "2.34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F921BC85-568E-4B69-A3CD-CF75C76672F1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7CF3019-975D-40BB-A8A4-894E62BD3797",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire\\,_enterprise_sds_\\\u0026_hci_storage_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DAA3919C-B2B1-4CB5-BA76-7A079AAFFC52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire_\\\u0026_hci_management_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6D700C5-F67F-4FFB-BE69-D524592A3D2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:brocade_fabric_operating_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "390BCCEF-BD91-426B-B89C-D9371A02FA9C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There\u0027s a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability."
},
{
"lang": "es",
"value": "Se presenta un fallo en bfd_pef_parse_function_stubs de bfd/pef.c en binutils en versiones anteriores a la 2.34 que podr\u00eda permitir a un atacante que sea capaz de enviar un archivo crafteado para ser procesado por objdump causar una desviaci\u00f3n de puntero NULL. La mayor amenaza de este defecto es la disponibilidad de la aplicaci\u00f3n"
}
],
"id": "CVE-2020-35507",
"lastModified": "2024-11-21T05:27:27.300",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-04T15:15:15.200",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1911691"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202107-24"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210212-0007/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1911691"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202107-24"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210212-0007/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-11 05:15
Modified
2024-11-21 06:58
Severity ?
Summary
The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| netapp | solidfire\,_enterprise_sds_\&_hci_storage_node | - | |
| netapp | solidfire_\&_hci_management_node | - | |
| netapp | hci_compute_node_firmware | - | |
| netapp | hci_compute_node | - | |
| netapp | h300s_firmware | - | |
| netapp | h300s | - | |
| netapp | h500s_firmware | - | |
| netapp | h500s | - | |
| netapp | h700s_firmware | - | |
| netapp | h700s | - | |
| netapp | h300e_firmware | - | |
| netapp | h300e | - | |
| netapp | h500e_firmware | - | |
| netapp | h500e | - | |
| netapp | h700e_firmware | - | |
| netapp | h700e | - | |
| netapp | h410s_firmware | - | |
| netapp | h410s | - | |
| netapp | h410c_firmware | - | |
| netapp | h410c | - | |
| debian | debian_linux | 11.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A3398EE-92F2-4D11-AE56-12A63F3AF811",
"versionEndExcluding": "5.4.196",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29E8F4A8-0245-410B-A451-FF3789D4811C",
"versionEndExcluding": "5.10.117",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DADAACF4-4A4D-4391-BC86-006141B25D65",
"versionEndExcluding": "5.15.41",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ABBBA66E-0244-4621-966B-9790AF1EEB00",
"versionEndExcluding": "5.16.20",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE420AC7-1E59-4398-B84F-71F4B4337762",
"versionEndExcluding": "5.17.3",
"versionStartIncluding": "5.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:solidfire\\,_enterprise_sds_\\\u0026_hci_storage_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DAA3919C-B2B1-4CB5-BA76-7A079AAFFC52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire_\\\u0026_hci_management_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6D700C5-F67F-4FFB-BE69-D524592A3D2E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F921BC85-568E-4B69-A3CD-CF75C76672F1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "108A2215-50FB-4074-94CF-C130FA14566D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "32F0B6C0-F930-480D-962B-3F4EFDCC13C7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "803BC414-B250-4E3A-A478-A3881340D6B8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FEB3337-BFDE-462A-908B-176F92053CEC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "736AEAE9-782B-4F71-9893-DED53367E102",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state."
},
{
"lang": "es",
"value": "El subsistema SUNRPC en el kernel de Linux versiones hasta 5.17.2, puede llamar a xs_xprt_free antes de asegurarse de que los sockets est\u00e1n en el estado deseado"
}
],
"id": "CVE-2022-28893",
"lastModified": "2024-11-21T06:58:09.020",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-11T05:15:07.700",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/04/11/3"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mailing List",
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2022/04/11/4"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/04/11/5"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1a3b1bba7c7a5eb8a11513cf88427cb9d77bc60a"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220526-0002/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5161"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/04/11/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mailing List",
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2022/04/11/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/04/11/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1a3b1bba7c7a5eb8a11513cf88427cb9d77bc60a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220526-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5161"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-01-04 13:29
Modified
2025-05-06 15:15
Severity ?
5.6 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
5.6 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
5.6 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Summary
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:atom_c:c2308:*:*:*:*:*:*:*",
"matchCriteriaId": "CD028C10-FD07-4206-A732-CCAC1B6D043D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c:c2316:*:*:*:*:*:*:*",
"matchCriteriaId": "704FAA50-1B7D-4917-AC4A-4C58785340F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c:c2338:*:*:*:*:*:*:*",
"matchCriteriaId": "5C6B95D3-75BD-4826-BFBE-9701CC0FF052",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c:c2350:*:*:*:*:*:*:*",
"matchCriteriaId": "F66E31A6-EA01-40C8-8718-CE2C1F45EEB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c:c2358:*:*:*:*:*:*:*",
"matchCriteriaId": "DBBE3B05-2063-49DE-A1D3-9D0A62E0CF5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c:c2508:*:*:*:*:*:*:*",
"matchCriteriaId": "022F2CBE-EFB1-4962-AC91-D25AAB057DAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c:c2516:*:*:*:*:*:*:*",
"matchCriteriaId": "69C05CD9-551B-46EE-85F8-D18FF878FE8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c:c2518:*:*:*:*:*:*:*",
"matchCriteriaId": "2DCCB5A5-20E3-4EC5-956C-EA7C0F33A026",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c:c2530:*:*:*:*:*:*:*",
"matchCriteriaId": "3C38C609-242E-4923-A81F-DAFBE7B6A927",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c:c2538:*:*:*:*:*:*:*",
"matchCriteriaId": "2AEB08B5-7CBA-479A-A41B-FD8A6D9E0875",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c:c2550:*:*:*:*:*:*:*",
"matchCriteriaId": "A8C4FDD7-F2EC-4EDB-ACC9-3D6B9152C855",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c:c2558:*:*:*:*:*:*:*",
"matchCriteriaId": "8E51DD0B-1EED-4BE9-B0A7-BE2E91CCA84C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c:c2718:*:*:*:*:*:*:*",
"matchCriteriaId": "D7AC7C56-2205-4121-99E2-001A7488E0FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c:c2730:*:*:*:*:*:*:*",
"matchCriteriaId": "A1677313-FF8F-493B-9DA3-C78F87581A17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c:c2738:*:*:*:*:*:*:*",
"matchCriteriaId": "4B2A3CCE-FA57-43B5-B7DE-CFD0CC2ECD7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c:c2750:*:*:*:*:*:*:*",
"matchCriteriaId": "85CA4444-5103-4451-8A7C-F6BBE714BBB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c:c2758:*:*:*:*:*:*:*",
"matchCriteriaId": "FA1EB745-46D7-4088-93C6-E7156520B144",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c:c3308:*:*:*:*:*:*:*",
"matchCriteriaId": "A93010C0-33B3-438F-94F6-8DA7A9D7B451",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c:c3338:*:*:*:*:*:*:*",
"matchCriteriaId": "2A988A78-6B3D-4599-A85C-42B4A294D86D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c:c3508:*:*:*:*:*:*:*",
"matchCriteriaId": "1D7C5EF4-3A92-4AF7-9B11-62B4FFDC5128",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c:c3538:*:*:*:*:*:*:*",
"matchCriteriaId": "246AA1B0-B6C8-406B-817D-26113DC63858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c:c3558:*:*:*:*:*:*:*",
"matchCriteriaId": "00EE5B42-FF05-447C-BACC-0E650E773E49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c:c3708:*:*:*:*:*:*:*",
"matchCriteriaId": "B0779CC9-BD39-4E0B-B523-A6C69F9EBB0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c:c3750:*:*:*:*:*:*:*",
"matchCriteriaId": "A1F0E3C4-7E9B-435F-907E-4BF4F12AF314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c:c3758:*:*:*:*:*:*:*",
"matchCriteriaId": "5D616C72-0863-478C-9E87-3963C83B87E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c:c3808:*:*:*:*:*:*:*",
"matchCriteriaId": "CC333B0D-3A0E-4629-8016-68C060343874",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c:c3830:*:*:*:*:*:*:*",
"matchCriteriaId": "6655535C-FF64-4F9E-8168-253AABCC4F5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c:c3850:*:*:*:*:*:*:*",
"matchCriteriaId": "B1EDEA1E-9A19-4B3F-806E-D770D1AB4C73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c:c3858:*:*:*:*:*:*:*",
"matchCriteriaId": "BBD68F3F-7E38-40B9-A20B-B9BB45E8D042",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c:c3950:*:*:*:*:*:*:*",
"matchCriteriaId": "1EACEF19-83BC-4579-9274-BE367F914432",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c:c3955:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC73291-AA6F-40B0-860A-1F2E6AB1E2AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c:c3958:*:*:*:*:*:*:*",
"matchCriteriaId": "24128A7F-2B0B-4923-BA9E-9F5093D29423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_e:e3805:*:*:*:*:*:*:*",
"matchCriteriaId": "0990DD71-9E83-499D-9DAF-A466CF896CFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_e:e3815:*:*:*:*:*:*:*",
"matchCriteriaId": "9B7FEDEF-9772-4FB1-9261-020487A795AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_e:e3825:*:*:*:*:*:*:*",
"matchCriteriaId": "FE7B0F72-DEDF-40C4-887C-83725C52C92E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_e:e3826:*:*:*:*:*:*:*",
"matchCriteriaId": "9568C222-9816-4520-B01C-C1DC2A79002D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_e:e3827:*:*:*:*:*:*:*",
"matchCriteriaId": "4B2F8FAD-1688-4369-BB4B-9FA9F30A80A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_e:e3845:*:*:*:*:*:*:*",
"matchCriteriaId": "53A1F23D-7226-4479-B51F-36376CC80B04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_x3:c3130:*:*:*:*:*:*:*",
"matchCriteriaId": "BAB245C8-9918-41A0-9DFB-A11E4185C87A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_x3:c3200rk:*:*:*:*:*:*:*",
"matchCriteriaId": "9990DD08-BD81-4BFA-B3D4-0DECBF8CCC54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_x3:c3205rk:*:*:*:*:*:*:*",
"matchCriteriaId": "F752A3C8-18ED-4765-B6EC-C664154EB701",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_x3:c3230rk:*:*:*:*:*:*:*",
"matchCriteriaId": "B4F31C3F-7C0D-4D95-B4B9-89FD38076913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_x3:c3235rk:*:*:*:*:*:*:*",
"matchCriteriaId": "5BEEE36E-E735-4A33-80B7-9407D072F6BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_x3:c3265rk:*:*:*:*:*:*:*",
"matchCriteriaId": "2CB3D3DE-21BE-40C7-A510-AC97C92390DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_x3:c3295rk:*:*:*:*:*:*:*",
"matchCriteriaId": "0D9A9545-38A3-460D-AB1A-8B03BEB405A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_x3:c3405:*:*:*:*:*:*:*",
"matchCriteriaId": "1860D932-777D-41F2-94A2-D14AB1494AA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_x3:c3445:*:*:*:*:*:*:*",
"matchCriteriaId": "75165A10-2FD5-4370-814C-B60FDE339AFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_x5-e3930:-:*:*:*:*:*:*:*",
"matchCriteriaId": "454AC633-5F1C-47BB-8FA7-91A5C29A1DD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_x5-e3940:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2394E8C-58D9-480B-87A7-A41CD7697FC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_x7-e3950:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B9AC02B-D3AE-4FAF-836E-55515186A462",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_z:z2420:*:*:*:*:*:*:*",
"matchCriteriaId": "65AAC7A7-77CA-4C6C-BD96-92A253512F09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_z:z2460:*:*:*:*:*:*:*",
"matchCriteriaId": "FCD16C07-0050-495A-8722-7AC46F5920F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_z:z2480:*:*:*:*:*:*:*",
"matchCriteriaId": "01423706-C82C-4457-9638-1A2380DE3826",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_z:z2520:*:*:*:*:*:*:*",
"matchCriteriaId": "A881E2D3-A668-465F-862B-F8C145BD5E8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_z:z2560:*:*:*:*:*:*:*",
"matchCriteriaId": "3E5B9B98-0EF0-4ACD-B378-F9DE5AB36CBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_z:z2580:*:*:*:*:*:*:*",
"matchCriteriaId": "4BDC6806-E4FC-4A6E-A6BB-88C18E47ABFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_z:z2760:*:*:*:*:*:*:*",
"matchCriteriaId": "6602DD69-E59A-417D-B19F-CA16B01E652C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_z:z3460:*:*:*:*:*:*:*",
"matchCriteriaId": "05C493EE-EF9F-47E2-8F88-86DF6C5F1FF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_z:z3480:*:*:*:*:*:*:*",
"matchCriteriaId": "40010DAE-DD1A-4A81-B6E9-EDC1B0DDCAB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_z:z3530:*:*:*:*:*:*:*",
"matchCriteriaId": "ED96AC16-12CC-43F6-ACC8-009A06CDD8F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_z:z3560:*:*:*:*:*:*:*",
"matchCriteriaId": "2CE9DC29-C192-4553-AF29-D39290976F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_z:z3570:*:*:*:*:*:*:*",
"matchCriteriaId": "F625E647-B47E-404C-9C5B-72F3EB1C46F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_z:z3580:*:*:*:*:*:*:*",
"matchCriteriaId": "E3AF3279-89E7-4C91-8C5F-5AD5937CD0C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_z:z3590:*:*:*:*:*:*:*",
"matchCriteriaId": "B5878612-9825-4737-85A5-8227BA97CBA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_z:z3735d:*:*:*:*:*:*:*",
"matchCriteriaId": "F453D348-28CE-402B-9D40-A29436A24ECC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_z:z3735e:*:*:*:*:*:*:*",
"matchCriteriaId": "36322F4B-83D7-468A-BB34-1C03729E9BF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_z:z3735f:*:*:*:*:*:*:*",
"matchCriteriaId": "0AD22811-C3C6-4B5E-98D5-D3F2240E6C8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_z:z3735g:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C7D0BA-8F07-42AD-8BB9-C65472BE41C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_z:z3736f:*:*:*:*:*:*:*",
"matchCriteriaId": "B0A2A50E-94FA-44E9-A45D-3016750CFBDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_z:z3736g:*:*:*:*:*:*:*",
"matchCriteriaId": "5625CAD8-4A62-4747-B6D9-90E56F09B731",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_z:z3740:*:*:*:*:*:*:*",
"matchCriteriaId": "43A234CE-D6AA-4A32-8425-1A4DDA0F6B6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_z:z3740d:*:*:*:*:*:*:*",
"matchCriteriaId": "78DE1A01-3AEF-41E6-97EE-CB93429C4A1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_z:z3745:*:*:*:*:*:*:*",
"matchCriteriaId": "410184AF-B932-4AC9-984F-73FD58BB4CF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_z:z3745d:*:*:*:*:*:*:*",
"matchCriteriaId": "B265F073-9E0A-4CA0-8296-AB52DEB1C323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_z:z3770:*:*:*:*:*:*:*",
"matchCriteriaId": "3F664223-1CBC-4D8A-921B-F03AACA6672B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_z:z3770d:*:*:*:*:*:*:*",
"matchCriteriaId": "987A8470-08BA-45DE-8EC0-CD2B4451EECD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_z:z3775:*:*:*:*:*:*:*",
"matchCriteriaId": "8BBC9542-FB77-4769-BF67-D42829703920",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_z:z3775d:*:*:*:*:*:*:*",
"matchCriteriaId": "74FDC18B-4662-422E-A86A-48FE821C056F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_z:z3785:*:*:*:*:*:*:*",
"matchCriteriaId": "CAB4AA2C-D1D9-44D8-9471-66EBDE9DC66D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_z:z3795:*:*:*:*:*:*:*",
"matchCriteriaId": "CBA3E7AE-CB74-48A8-A2B8-9FCADB6E40D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:celeron_j:j1750:*:*:*:*:*:*:*",
"matchCriteriaId": "78E4461B-72F8-4F3D-A405-4AFA99EC8A32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:celeron_j:j1800:*:*:*:*:*:*:*",
"matchCriteriaId": "663DDC1C-E48A-4E84-A6CC-B46FC45D6A6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:celeron_j:j1850:*:*:*:*:*:*:*",
"matchCriteriaId": "8CEEC75B-10CE-4B7E-BA5F-6D661EC07FFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:celeron_j:j1900:*:*:*:*:*:*:*",
"matchCriteriaId": "DAEDED56-9387-4DAC-BF52-C32ECCB7D407",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:celeron_j:j3060:*:*:*:*:*:*:*",
"matchCriteriaId": "FA13F31C-BBD9-48C7-8499-92D0B5CA8CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:celeron_j:j3160:*:*:*:*:*:*:*",
"matchCriteriaId": "E57A9B28-734B-401D-B24C-A295F364D8E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:celeron_j:j3355:*:*:*:*:*:*:*",
"matchCriteriaId": "F02289DF-4A02-4602-89B7-E9148236EE1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:celeron_j:j3455:*:*:*:*:*:*:*",
"matchCriteriaId": "723E7155-493D-4B5A-99E2-AB261838190E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:celeron_j:j4005:*:*:*:*:*:*:*",
"matchCriteriaId": "82E37264-E4BA-4D9D-92E7-56DE6B5F918F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:celeron_j:j4105:*:*:*:*:*:*:*",
"matchCriteriaId": "8704BE6D-2857-4328-9298-E0273376F2CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:celeron_n:n2805:*:*:*:*:*:*:*",
"matchCriteriaId": "731F1E65-1D53-443B-8E2F-8AF11191AFA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:celeron_n:n2806:*:*:*:*:*:*:*",
"matchCriteriaId": "02A83822-822D-4A4D-B29B-A5BE6367A7DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:celeron_n:n2807:*:*:*:*:*:*:*",
"matchCriteriaId": "E8C32738-F08E-469C-8DE0-2708F30574A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:celeron_n:n2808:*:*:*:*:*:*:*",
"matchCriteriaId": "B292187E-8EAD-49D2-B469-B14CA0656035",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:celeron_n:n2810:*:*:*:*:*:*:*",
"matchCriteriaId": "C7D131E1-24C1-48CF-B3DD-46B09A718FB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:celeron_n:n2815:*:*:*:*:*:*:*",
"matchCriteriaId": "0ABF1231-73CF-4D1B-860C-E76CD26A645E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:celeron_n:n2820:*:*:*:*:*:*:*",
"matchCriteriaId": "F7F88E38-4EC4-41DB-A59D-800997440C0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:celeron_n:n2830:*:*:*:*:*:*:*",
"matchCriteriaId": "32FD6647-4101-4B36-9A9A-F70C29997148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:celeron_n:n2840:*:*:*:*:*:*:*",
"matchCriteriaId": "D248D668-A895-43B3-ADEF-1B22EE7DC76E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:celeron_n:n2910:*:*:*:*:*:*:*",
"matchCriteriaId": "858411B5-E904-45FA-8B33-5CC73B915B22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:celeron_n:n2920:*:*:*:*:*:*:*",
"matchCriteriaId": "6BB9336C-C893-4AB0-9402-868CE9960058",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:celeron_n:n2930:*:*:*:*:*:*:*",
"matchCriteriaId": "A4695F94-7AAE-4219-9EF6-CE6D0838192D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:celeron_n:n2940:*:*:*:*:*:*:*",
"matchCriteriaId": "BD7A0991-73F0-410D-855C-BFC88A66E61F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:celeron_n:n3000:*:*:*:*:*:*:*",
"matchCriteriaId": "FAF5CF9A-B3F2-4686-B933-7DB13AD2CF35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:celeron_n:n3010:*:*:*:*:*:*:*",
"matchCriteriaId": "9858EAC3-C1CE-449B-A605-FFA337DA825D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:celeron_n:n3050:*:*:*:*:*:*:*",
"matchCriteriaId": "E7A8F905-A4C6-4EC6-B9E8-800948350B89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:celeron_n:n3060:*:*:*:*:*:*:*",
"matchCriteriaId": "565B48E3-1406-4E3C-B4A5-35865C5614E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:celeron_n:n3150:*:*:*:*:*:*:*",
"matchCriteriaId": "46B6C4D7-B0A2-4DF1-B8DE-19C806D5FABB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:celeron_n:n3160:*:*:*:*:*:*:*",
"matchCriteriaId": "8AB82A90-C0BC-4BA8-88CA-4967BC3A4A7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:celeron_n:n3350:*:*:*:*:*:*:*",
"matchCriteriaId": "191A094B-E354-4767-AD43-87CE140BF851",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:celeron_n:n3450:*:*:*:*:*:*:*",
"matchCriteriaId": "C1289B9E-5725-42EF-8848-F545421A29E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:celeron_n:n4000:*:*:*:*:*:*:*",
"matchCriteriaId": "238A21CB-F8C5-468B-B523-6D014E2EA8AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:celeron_n:n4100:*:*:*:*:*:*:*",
"matchCriteriaId": "0DC52CDD-614D-4EA0-8DA8-D71189C42E8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:330e:*:*:*:*:*:*:*",
"matchCriteriaId": "A4229DB2-8BBC-49F8-87A8-2E7D56EFD310",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:330m:*:*:*:*:*:*:*",
"matchCriteriaId": "FEBA7322-4D95-4E70-B6A5-E0D8F1B5D7EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:330um:*:*:*:*:*:*:*",
"matchCriteriaId": "A0E91F46-D950-4894-BACF-05A70C7C6F7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:350m:*:*:*:*:*:*:*",
"matchCriteriaId": "0E12B40B-5221-48A6-B2A6-D44CD5636BB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:370m:*:*:*:*:*:*:*",
"matchCriteriaId": "6BCB77C9-ABE3-44A0-B377-7D7035E8A11F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:380m:*:*:*:*:*:*:*",
"matchCriteriaId": "D06639F5-5EE8-44F4-B48A-5694383154DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:380um:*:*:*:*:*:*:*",
"matchCriteriaId": "CD9662C9-59D3-4B3E-A4DA-4F1EE16FC94B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:390m:*:*:*:*:*:*:*",
"matchCriteriaId": "637C3687-FBCC-41A0-BFE6-823BAE45FB92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:530:*:*:*:*:*:*:*",
"matchCriteriaId": "2350A197-193F-4B22-80E8-3275C97C78EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:540:*:*:*:*:*:*:*",
"matchCriteriaId": "734C7A7E-ACCA-4B34-BF38-0FAED988CC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:550:*:*:*:*:*:*:*",
"matchCriteriaId": "4D9ABAFC-B3B5-449D-A48E-2E978563EDE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:560:*:*:*:*:*:*:*",
"matchCriteriaId": "99019EA0-6576-4CE7-B60A-975D418AA917",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:2100:*:*:*:*:*:*:*",
"matchCriteriaId": "8E846AEF-751D-40AD-84B5-EFDC9CF23E2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:2100t:*:*:*:*:*:*:*",
"matchCriteriaId": "EB9DD909-B2AC-46BA-B057-D239D0773CAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:2102:*:*:*:*:*:*:*",
"matchCriteriaId": "54F5C355-FDFC-4E71-93AA-218389EF10E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:2105:*:*:*:*:*:*:*",
"matchCriteriaId": "B0A1CA1E-971D-4F67-864E-2E772C1E736B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:2115c:*:*:*:*:*:*:*",
"matchCriteriaId": "1B5F8391-D974-49AC-8550-ADB3FA6C0535",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:2120:*:*:*:*:*:*:*",
"matchCriteriaId": "8302BF58-9E54-40DA-BCFE-59CA52C460D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:2120t:*:*:*:*:*:*:*",
"matchCriteriaId": "ECCDE9EF-037B-4650-8131-4D57BE141277",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:2125:*:*:*:*:*:*:*",
"matchCriteriaId": "47BA9DA8-F690-4E3C-AEF6-6A5C7BAA6F19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:2130:*:*:*:*:*:*:*",
"matchCriteriaId": "DB8253DA-9A04-40D6-84C1-C682B4023D4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:2310e:*:*:*:*:*:*:*",
"matchCriteriaId": "DAF6D175-85C3-4C72-AD9F-31B47EF43154",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:2310m:*:*:*:*:*:*:*",
"matchCriteriaId": "7A5FC594-2092-4240-9538-235BBE236DD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:2312m:*:*:*:*:*:*:*",
"matchCriteriaId": "87D95F00-EA89-4FDE-991C-56636B8E0331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:2328m:*:*:*:*:*:*:*",
"matchCriteriaId": "32C40D38-F7F2-4A48-ADAA-6A8BBD6A1A00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:2330e:*:*:*:*:*:*:*",
"matchCriteriaId": "4158561F-8270-42D1-91D8-E063CE7F5505",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:2330m:*:*:*:*:*:*:*",
"matchCriteriaId": "FF0DEA96-0202-41EB-BDC3-24E2FC4415B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:2340ue:*:*:*:*:*:*:*",
"matchCriteriaId": "F8BACE1C-5D66-4FBC-8F86-30215A623A94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:2348m:*:*:*:*:*:*:*",
"matchCriteriaId": "CF707146-0D64-4F3A-AE22-956EA1CB32B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:2350m:*:*:*:*:*:*:*",
"matchCriteriaId": "8118C3F9-0853-4E87-9E65-86E1398B2780",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:2357m:*:*:*:*:*:*:*",
"matchCriteriaId": "1A298501-C4D7-48D4-90F9-15AFA59DED48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:2365m:*:*:*:*:*:*:*",
"matchCriteriaId": "FEE1B07B-3D92-4D2D-8667-D902F002277F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:2367m:*:*:*:*:*:*:*",
"matchCriteriaId": "8F05CB19-1059-4C4D-BFD7-9F51A22A4F97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:2370m:*:*:*:*:*:*:*",
"matchCriteriaId": "5588732F-7F1A-4C24-B35F-30532107FFDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:2375m:*:*:*:*:*:*:*",
"matchCriteriaId": "A127DD5D-426D-4F24-A8C5-DC9DAC94B91C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:2377m:*:*:*:*:*:*:*",
"matchCriteriaId": "26EE0BBD-3982-4B0F-82F6-D58E077C75DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:3110m:*:*:*:*:*:*:*",
"matchCriteriaId": "FAEEC918-EA25-4B38-B5C3-85899D3EBE6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:3115c:*:*:*:*:*:*:*",
"matchCriteriaId": "813965F4-3BDA-4478-8E6A-0FD52723B764",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:3120m:*:*:*:*:*:*:*",
"matchCriteriaId": "2C5EA2F4-F3EF-4305-B1A1-92F636ED688F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:3120me:*:*:*:*:*:*:*",
"matchCriteriaId": "04384319-EE8C-45B4-8BDD-414502E7C02D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:3130m:*:*:*:*:*:*:*",
"matchCriteriaId": "C52528CE-4F31-4E5F-8255-E576B20F3043",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:3210:*:*:*:*:*:*:*",
"matchCriteriaId": "A6C3F422-F865-4160-AA24-1DAFAE63729C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:3217u:*:*:*:*:*:*:*",
"matchCriteriaId": "5D034E7F-4D17-49D7-BDB2-90CB4C709B30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:3217ue:*:*:*:*:*:*:*",
"matchCriteriaId": "3C18E6B4-E947-403B-80FB-7095420D482B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:3220:*:*:*:*:*:*:*",
"matchCriteriaId": "2814CC9F-E027-4C5A-93AF-84EA445E6C12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:3220t:*:*:*:*:*:*:*",
"matchCriteriaId": "24A470C3-AAAA-4A6E-B738-FEB69DB78B9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:3225:*:*:*:*:*:*:*",
"matchCriteriaId": "A1236944-4942-40E4-9BA1-029FEAE94BBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:3227u:*:*:*:*:*:*:*",
"matchCriteriaId": "086CAB4B-A10A-4165-BC33-33CADCD23C0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:3229y:*:*:*:*:*:*:*",
"matchCriteriaId": "B1A6A1EB-B3AB-4CB4-827E-CCAAD783F8E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:3240:*:*:*:*:*:*:*",
"matchCriteriaId": "AAFB6B30-BFB0-4397-9E16-37D1A772E639",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:3240t:*:*:*:*:*:*:*",
"matchCriteriaId": "DFCB9D7B-7D0A-435D-8499-C16BE09E19FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:3245:*:*:*:*:*:*:*",
"matchCriteriaId": "64277594-9713-436B-8056-542CFA9F4CFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:3250:*:*:*:*:*:*:*",
"matchCriteriaId": "589BB170-7CBA-4F28-99E3-9242B62E2918",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:3250t:*:*:*:*:*:*:*",
"matchCriteriaId": "91B9C4D9-DA09-4377-9DCD-225857BD9FA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:4000m:*:*:*:*:*:*:*",
"matchCriteriaId": "03D0265F-840B-45A1-90BD-9ED8846A9F63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:4005u:*:*:*:*:*:*:*",
"matchCriteriaId": "74BAC0EC-2B38-4553-A399-4BD5483C4753",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:4010u:*:*:*:*:*:*:*",
"matchCriteriaId": "4477EBA6-F0A7-452B-96E8-BA788370CCA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:4010y:*:*:*:*:*:*:*",
"matchCriteriaId": "1285D817-B5B8-4940-925D-FCDD24810AE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:4012y:*:*:*:*:*:*:*",
"matchCriteriaId": "D289F7B4-27CD-4433-BB45-06AF98A59B7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:4020y:*:*:*:*:*:*:*",
"matchCriteriaId": "00168903-6012-4414-87D1-2EE52AA6D78E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:4025u:*:*:*:*:*:*:*",
"matchCriteriaId": "6AE8D524-577E-4994-8A4B-D15022C84D7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:4030u:*:*:*:*:*:*:*",
"matchCriteriaId": "75977B0B-C44D-43BC-8D7A-AF966CDB1901",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:4030y:*:*:*:*:*:*:*",
"matchCriteriaId": "AE7F5D52-9F41-49A4-B941-E0D777203FF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:4100e:*:*:*:*:*:*:*",
"matchCriteriaId": "52B5B3FD-5BEA-4DE8-B010-55FED1547167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:4100m:*:*:*:*:*:*:*",
"matchCriteriaId": "167B1B04-5823-4038-A019-3975A3B447C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:4100u:*:*:*:*:*:*:*",
"matchCriteriaId": "F6C7A4EA-0B5E-47CD-8924-3B1B60EB4BE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:4102e:*:*:*:*:*:*:*",
"matchCriteriaId": "1BA096E0-5480-47CB-822B-D11D7E20F69F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:4110e:*:*:*:*:*:*:*",
"matchCriteriaId": "30357469-0B8F-4385-A282-2F50181EA442",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:4110m:*:*:*:*:*:*:*",
"matchCriteriaId": "3BE70772-7796-4594-880A-6AAD046E4D8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:4112e:*:*:*:*:*:*:*",
"matchCriteriaId": "1A9E2F8D-2974-4833-9EC2-233CEE257C26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:4120u:*:*:*:*:*:*:*",
"matchCriteriaId": "17EE3078-454F-48F8-B201-3847DB40D5C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:4130:*:*:*:*:*:*:*",
"matchCriteriaId": "EE32C500-55C2-41A7-8621-14EBF793BF11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:4130t:*:*:*:*:*:*:*",
"matchCriteriaId": "52D3DF52-501A-4656-98F1-8DD51D04F31F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:4150:*:*:*:*:*:*:*",
"matchCriteriaId": "3EA603AD-6CF1-44B2-876D-6F1C0B7EF2C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:4150t:*:*:*:*:*:*:*",
"matchCriteriaId": "09578301-CF39-4C24-951A-535743E277EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:4158u:*:*:*:*:*:*:*",
"matchCriteriaId": "1F4D14AA-7DBF-4B73-BDEF-6248EF5C0F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:4160:*:*:*:*:*:*:*",
"matchCriteriaId": "5A65F303-96C8-4884-8D6F-F439B86BA30C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:4160t:*:*:*:*:*:*:*",
"matchCriteriaId": "1E046105-9DF5-425F-A97E-16081D54613C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:4170:*:*:*:*:*:*:*",
"matchCriteriaId": "B2987BCF-39E6-49B6-8DEE-963A38F12B07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:4170t:*:*:*:*:*:*:*",
"matchCriteriaId": "7AEDE2B7-9AA2-4A14-8A02-9A2BFF0DDCBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:4330:*:*:*:*:*:*:*",
"matchCriteriaId": "5AD92AD8-033A-4AAD-91E5-CB446CCE9732",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:4330t:*:*:*:*:*:*:*",
"matchCriteriaId": "77E0E73A-F1B4-4E70-B9F1-EE97785B8891",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:4330te:*:*:*:*:*:*:*",
"matchCriteriaId": "61D6E3CC-79B1-4995-9A76-41683C7F254A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:4340:*:*:*:*:*:*:*",
"matchCriteriaId": "F9CEB2B1-BD1A-4B89-8E03-4F90F04A0F0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:4340te:*:*:*:*:*:*:*",
"matchCriteriaId": "6FE5773D-3CD1-4E63-8983-E0105C46D185",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:4350:*:*:*:*:*:*:*",
"matchCriteriaId": "2A7C307A-6576-4A0A-8F4E-0981C9EE2901",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:4350t:*:*:*:*:*:*:*",
"matchCriteriaId": "18B3A53B-902C-46A5-8CE7-B55102703278",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:4360:*:*:*:*:*:*:*",
"matchCriteriaId": "AB843479-729A-4E58-8027-0FC586F051AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:4360t:*:*:*:*:*:*:*",
"matchCriteriaId": "1AF5A233-1E77-49FD-AC2C-60D185481E28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:4370:*:*:*:*:*:*:*",
"matchCriteriaId": "18519CF2-B0DA-42DD-8A3E-9084298C210A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:4370t:*:*:*:*:*:*:*",
"matchCriteriaId": "329D5FCF-7EC5-4471-906B-3619A180BD52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:5005u:*:*:*:*:*:*:*",
"matchCriteriaId": "0DD43EAA-F3A5-4748-9187-A6E6707ACD11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:5010u:*:*:*:*:*:*:*",
"matchCriteriaId": "C6F3C14D-4BFC-4205-8781-95E6B28C83C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:5015u:*:*:*:*:*:*:*",
"matchCriteriaId": "20942AD8-ADB7-4A50-BDBE-DB36249F4F52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:5020u:*:*:*:*:*:*:*",
"matchCriteriaId": "1EC6ED02-134B-4322-AB72-75A0AB22701E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:5157u:*:*:*:*:*:*:*",
"matchCriteriaId": "6FA74EEE-54CC-4F80-B1D3-99F7771335ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:6006u:*:*:*:*:*:*:*",
"matchCriteriaId": "B6B859F7-0373-4ADD-92B3-0FAB42FCF23C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:6098p:*:*:*:*:*:*:*",
"matchCriteriaId": "AAC76F31-00A5-4719-AA50-92F773919B3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:6100:*:*:*:*:*:*:*",
"matchCriteriaId": "49996F5A-51B2-4D4E-AE04-E98E093A76CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:6100e:*:*:*:*:*:*:*",
"matchCriteriaId": "9F8406B0-D1E5-4633-B17E-53DC99FE7622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:6100h:*:*:*:*:*:*:*",
"matchCriteriaId": "3D49435C-7C33-454B-9F43-9C10F28A28A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:6100t:*:*:*:*:*:*:*",
"matchCriteriaId": "D17E1A0F-1150-4899-81BC-BE84E4EF5FA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:6100te:*:*:*:*:*:*:*",
"matchCriteriaId": "EADD98AE-BAB0-440D-AB9F-2D76BE5109E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:6100u:*:*:*:*:*:*:*",
"matchCriteriaId": "ED44A404-8548-4EDC-8928-4094D05A6A38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:6102e:*:*:*:*:*:*:*",
"matchCriteriaId": "3A6E4AA3-BEBC-4B14-9A52-A8F8B2954D64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:6157u:*:*:*:*:*:*:*",
"matchCriteriaId": "D2AAD8F0-0D31-4806-8A88-A30E5BE43630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:6167u:*:*:*:*:*:*:*",
"matchCriteriaId": "8164EE5F-6ABA-4365-8718-2F98C2E57A0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:6300:*:*:*:*:*:*:*",
"matchCriteriaId": "C7110AF9-A407-4EE2-9C46-E5F1E3638E9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:6300t:*:*:*:*:*:*:*",
"matchCriteriaId": "2A06696D-37F0-427D-BFC5-1606E7441C31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:6320:*:*:*:*:*:*:*",
"matchCriteriaId": "E9F8A5FC-5EFE-42EC-A49B-D3A312FB5F6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:8100:*:*:*:*:*:*:*",
"matchCriteriaId": "68A76015-0A05-4EC7-B136-DC13B55D881F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3:8350k:*:*:*:*:*:*:*",
"matchCriteriaId": "C352DCE8-E8D9-40D3-AFE9-B5FB84F7ED33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:430m:*:*:*:*:*:*:*",
"matchCriteriaId": "54464F6C-9B2D-46BA-AC44-506389F3EE0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:430um:*:*:*:*:*:*:*",
"matchCriteriaId": "8FA11017-EA58-45EE-8408-FCCCF7183643",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:450m:*:*:*:*:*:*:*",
"matchCriteriaId": "8A5098A5-E4E8-47E4-8CD0-F607FF0C0C90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:460m:*:*:*:*:*:*:*",
"matchCriteriaId": "442AD778-D56F-4C30-BBF8-749D6AAC4737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:470um:*:*:*:*:*:*:*",
"matchCriteriaId": "AF7D3F31-AF4D-4C50-8590-A763AAC7AF07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:480m:*:*:*:*:*:*:*",
"matchCriteriaId": "445BFC2E-38FA-4130-8550-0866EC4EDA33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:520e:*:*:*:*:*:*:*",
"matchCriteriaId": "A6DC2746-CE41-40C9-8CFA-23231BBCAE77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:520m:*:*:*:*:*:*:*",
"matchCriteriaId": "3C3A8976-5E4D-490A-A87D-A47D1B2B903C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:520um:*:*:*:*:*:*:*",
"matchCriteriaId": "0C8535E6-220E-4747-8992-45B6EAFC555C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:540m:*:*:*:*:*:*:*",
"matchCriteriaId": "C7479B49-F484-4DF2-86CB-E52EE89FA238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:540um:*:*:*:*:*:*:*",
"matchCriteriaId": "B6D68512-746D-4E95-857B-13A0B6313C5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:560m:*:*:*:*:*:*:*",
"matchCriteriaId": "4312BA84-F9A0-4BD4-8438-058E1E7D6C0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:560um:*:*:*:*:*:*:*",
"matchCriteriaId": "60E52DF5-C713-4BC4-B587-FF6BDA8509CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:580m:*:*:*:*:*:*:*",
"matchCriteriaId": "304ADCAC-9E49-42BD-BC92-58D9B2AD52E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:650:*:*:*:*:*:*:*",
"matchCriteriaId": "2AB02172-B9A7-4801-88F2-98BF5843184A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:655k:*:*:*:*:*:*:*",
"matchCriteriaId": "5141380E-BD18-47C1-A84C-384BA821773D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:660:*:*:*:*:*:*:*",
"matchCriteriaId": "1AE6C49E-2359-4E44-9979-7D34F8460E35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:661:*:*:*:*:*:*:*",
"matchCriteriaId": "C004B75F-37AF-4E61-98F3-1B09A7062DDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:670:*:*:*:*:*:*:*",
"matchCriteriaId": "F7126D19-C6D9-43CB-8809-647B1A20E7DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:680:*:*:*:*:*:*:*",
"matchCriteriaId": "9CC98503-A80A-4114-8BF2-E016659BE84E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:750:*:*:*:*:*:*:*",
"matchCriteriaId": "01E6F4A7-24BE-4AA0-9CDD-84FBC56FE9BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:750s:*:*:*:*:*:*:*",
"matchCriteriaId": "3821412D-B010-49C4-A7B4-6C5FB6C603B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:760:*:*:*:*:*:*:*",
"matchCriteriaId": "A34CA5CC-9EB1-4063-8B9D-3F566C1EFF76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:2300:*:*:*:*:*:*:*",
"matchCriteriaId": "5CEB5D2D-FF54-4BDB-9E9C-8C1B2719FC9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:2310:*:*:*:*:*:*:*",
"matchCriteriaId": "6AD5B51A-AEA0-4DA2-BA60-94A2D5605352",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:2320:*:*:*:*:*:*:*",
"matchCriteriaId": "F96C6CA0-434D-428F-B629-A971C2937628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:2380p:*:*:*:*:*:*:*",
"matchCriteriaId": "301AB72A-A6F2-42C8-A931-94EF2271443F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:2390t:*:*:*:*:*:*:*",
"matchCriteriaId": "59414B5A-05B8-49AF-A197-2A31729DDB65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:2400:*:*:*:*:*:*:*",
"matchCriteriaId": "0BFDD380-692F-41D7-996F-F97FC74DC7CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:2400s:*:*:*:*:*:*:*",
"matchCriteriaId": "49602828-2BFC-4571-9F05-6210FD263DF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:2405s:*:*:*:*:*:*:*",
"matchCriteriaId": "87E03978-E16D-4A9B-8AE7-9F4F1171C14A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:2410m:*:*:*:*:*:*:*",
"matchCriteriaId": "03096A9A-5758-47E6-81E2-BCFE847C41F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:2430m:*:*:*:*:*:*:*",
"matchCriteriaId": "150CC865-7975-45EC-BFF7-A94146442BA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:2435m:*:*:*:*:*:*:*",
"matchCriteriaId": "C8FA1308-589B-432B-80F9-9A499D083ED5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:2450m:*:*:*:*:*:*:*",
"matchCriteriaId": "6ED2453E-30E1-4620-BEC5-21B0083449E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:2450p:*:*:*:*:*:*:*",
"matchCriteriaId": "0FE8DD05-D700-4F89-9B01-D489029DF7A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:2467m:*:*:*:*:*:*:*",
"matchCriteriaId": "050957CA-6191-4F9F-9D07-48B342B3B1B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:2500:*:*:*:*:*:*:*",
"matchCriteriaId": "DACBF998-8B11-45C7-9017-486AED4FAE6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:2500k:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F2F3C4-FC94-414A-A208-913A43D57D75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:2500s:*:*:*:*:*:*:*",
"matchCriteriaId": "641152EC-F4B4-4E5E-B396-AC4CAAB805BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:2500t:*:*:*:*:*:*:*",
"matchCriteriaId": "4911E332-B8BA-4336-A448-3F70D2BBB147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:2510e:*:*:*:*:*:*:*",
"matchCriteriaId": "330EC403-3174-4543-9BBE-CEC0ABC1575D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:2515e:*:*:*:*:*:*:*",
"matchCriteriaId": "5EF585D0-507E-491E-9C3B-78EE26F2F070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:2520m:*:*:*:*:*:*:*",
"matchCriteriaId": "DD00F7C6-6762-4DC9-9F6C-5EAC4ACB1C54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:2537m:*:*:*:*:*:*:*",
"matchCriteriaId": "1F5D885A-85C4-4A11-B061-61EFF6B6E329",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:2540m:*:*:*:*:*:*:*",
"matchCriteriaId": "0502B59F-933C-4E25-A2EC-9296B197E139",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:2550k:*:*:*:*:*:*:*",
"matchCriteriaId": "99D9C0A9-2DFF-4760-8FED-AC2DA7968E51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:2557m:*:*:*:*:*:*:*",
"matchCriteriaId": "B5A1BAEC-18BF-4607-BFB7-48102E75186A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:3210m:*:*:*:*:*:*:*",
"matchCriteriaId": "D49ED138-F42D-4451-A350-0B2DD5AB9444",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:3230m:*:*:*:*:*:*:*",
"matchCriteriaId": "5ED91472-90FC-4AC8-96D5-1550A8502411",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:3317u:*:*:*:*:*:*:*",
"matchCriteriaId": "57CEEFA6-CEED-4CA3-8DDC-B6601D69FB7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:3320m:*:*:*:*:*:*:*",
"matchCriteriaId": "2FD25ECD-0605-4CD7-9DC5-294ACD7EF1B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:3330:*:*:*:*:*:*:*",
"matchCriteriaId": "2784E2AF-A5E5-4960-830C-B3EFB84043D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:3330s:*:*:*:*:*:*:*",
"matchCriteriaId": "9112FA50-5527-4B20-80F5-2DE9E66D09F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:3337u:*:*:*:*:*:*:*",
"matchCriteriaId": "73CE4E2E-B2BF-409E-B18C-D67DA810FE9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:3339y:*:*:*:*:*:*:*",
"matchCriteriaId": "E2B84D67-0B1D-4B74-BC85-AF8F933D8429",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:3340:*:*:*:*:*:*:*",
"matchCriteriaId": "BCA05A18-1523-4EED-9D2E-0A258A33F24F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:3340m:*:*:*:*:*:*:*",
"matchCriteriaId": "C34E70EB-92F0-43F6-8883-FE422BE1A3FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:3340s:*:*:*:*:*:*:*",
"matchCriteriaId": "78D301F1-20C2-4756-9A90-37F14835CE14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:3350p:*:*:*:*:*:*:*",
"matchCriteriaId": "B2EEC8B5-1CAB-4FBE-BBA2-D2FFA3EF9489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:3360m:*:*:*:*:*:*:*",
"matchCriteriaId": "BA63B803-4D48-42E8-A793-F92ABCB8BFC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:3380m:*:*:*:*:*:*:*",
"matchCriteriaId": "129DB9CB-E878-4856-A954-15FFE1428636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:3427u:*:*:*:*:*:*:*",
"matchCriteriaId": "730DB4AA-FD7D-40C6-8D7F-19937832EF9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:3437u:*:*:*:*:*:*:*",
"matchCriteriaId": "07E86978-4820-422A-8C7C-FF0697DAED05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:3439y:*:*:*:*:*:*:*",
"matchCriteriaId": "8A7A9DB5-F544-4FD8-A9CC-0BD6257516AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:3450:*:*:*:*:*:*:*",
"matchCriteriaId": "AF813AD9-D296-4915-861C-8DE929E45FE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:3450s:*:*:*:*:*:*:*",
"matchCriteriaId": "04A65469-083F-40B5-86C5-A2EAE5B2F00A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:3470:*:*:*:*:*:*:*",
"matchCriteriaId": "8F1AA82E-BD86-40F5-B417-71DF6AF53A37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:3470s:*:*:*:*:*:*:*",
"matchCriteriaId": "B71A6DB0-5EB0-4712-8480-CF427F521D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:3470t:*:*:*:*:*:*:*",
"matchCriteriaId": "8223D5A1-ADF1-43C6-AF91-EE5C413BCB37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:3475s:*:*:*:*:*:*:*",
"matchCriteriaId": "4DD69605-F52B-4623-921A-983A5A408ECA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:3550:*:*:*:*:*:*:*",
"matchCriteriaId": "B1D5685F-6FFE-4A6A-9FF8-940C8DA36499",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:3550s:*:*:*:*:*:*:*",
"matchCriteriaId": "B94062D9-8DDA-4B4A-B3B5-07F71F5B97E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:3570:*:*:*:*:*:*:*",
"matchCriteriaId": "3832D0A6-419D-4876-B5C4-920578F713F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:3570k:*:*:*:*:*:*:*",
"matchCriteriaId": "E1AA5C8A-83A8-4F96-9D7C-7A50ADDB2341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:3570s:*:*:*:*:*:*:*",
"matchCriteriaId": "404E38E6-9EB3-41D0-97A7-DC579688BFB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:3570t:*:*:*:*:*:*:*",
"matchCriteriaId": "40E4A921-AB28-47B7-B5A3-EB82193D15BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:3610me:*:*:*:*:*:*:*",
"matchCriteriaId": "B0357E48-2300-47B4-B9E5-9FE813A2FC09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:4200h:*:*:*:*:*:*:*",
"matchCriteriaId": "96CC28B6-57D1-4919-AA55-A262CC16AFE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:4200m:*:*:*:*:*:*:*",
"matchCriteriaId": "0EB4C54D-1265-425A-B507-E1099844875A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:4200u:*:*:*:*:*:*:*",
"matchCriteriaId": "97362147-3A71-430D-9064-4435D45C3B8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:4200y:*:*:*:*:*:*:*",
"matchCriteriaId": "89212CF3-4E99-4389-94CE-F4211DDCA01B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:4202y:*:*:*:*:*:*:*",
"matchCriteriaId": "FBEA4DA3-0AFB-4FCE-92DB-5B316775BB17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:4210h:*:*:*:*:*:*:*",
"matchCriteriaId": "611C0A0A-1FA3-42F9-82E8-BFCB71A077DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:4210m:*:*:*:*:*:*:*",
"matchCriteriaId": "36F027D9-DCB4-4A3D-8987-41F2941DBD45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:4210u:*:*:*:*:*:*:*",
"matchCriteriaId": "E23BCEC9-2BFB-4B41-9A7A-18B1347C6202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:4210y:*:*:*:*:*:*:*",
"matchCriteriaId": "4924CE39-A846-4DB4-9547-6322FC5AD6B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:4220y:*:*:*:*:*:*:*",
"matchCriteriaId": "6C9E2C9A-94A1-456B-90D5-54932DF64C22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:4250u:*:*:*:*:*:*:*",
"matchCriteriaId": "AC04C652-B2D8-4002-A50E-8AFE83204A25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:4258u:*:*:*:*:*:*:*",
"matchCriteriaId": "10D413F0-CDBC-4A63-B9A7-9E7725BA1E83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:4260u:*:*:*:*:*:*:*",
"matchCriteriaId": "754A8826-59F7-4A71-B74B-737BE9C7DE4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:4278u:*:*:*:*:*:*:*",
"matchCriteriaId": "FADB6BDA-6825-489B-AB39-7729BA45DFD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:4288u:*:*:*:*:*:*:*",
"matchCriteriaId": "7913F57E-E600-4767-AF51-D045E1898E72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:4300m:*:*:*:*:*:*:*",
"matchCriteriaId": "BD3783F4-5A05-45AA-9791-A681011FD78C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:4300u:*:*:*:*:*:*:*",
"matchCriteriaId": "01E3114D-31D2-4DBF-A664-F4049D8B6266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:4300y:*:*:*:*:*:*:*",
"matchCriteriaId": "D8EE6578-981D-470C-BB24-4960B3CB1478",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:4302y:*:*:*:*:*:*:*",
"matchCriteriaId": "E3320D50-C5C9-4D75-BF1A-5BB7BCBFE2BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:4308u:*:*:*:*:*:*:*",
"matchCriteriaId": "7EE59839-8EB9-47FE-88E2-F0D54BE787A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:4310m:*:*:*:*:*:*:*",
"matchCriteriaId": "75694A3D-080A-4AA7-97DF-5A5833C9D9F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:4310u:*:*:*:*:*:*:*",
"matchCriteriaId": "19C5E27D-BBAB-4395-8FC6-8E3D4FB9A1EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:4330m:*:*:*:*:*:*:*",
"matchCriteriaId": "6E996176-3DEA-46E6-93B7-9C0DF32B59D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:4340m:*:*:*:*:*:*:*",
"matchCriteriaId": "4417007D-126A-478B-87EA-039D088A4515",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:4350u:*:*:*:*:*:*:*",
"matchCriteriaId": "F78C2825-F6A3-4188-9D25-59EAEC8A7B0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:4360u:*:*:*:*:*:*:*",
"matchCriteriaId": "EF2FA85D-B117-410D-B247-8C5A3479319A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:4400e:*:*:*:*:*:*:*",
"matchCriteriaId": "3A041D27-132C-4B15-976F-1750C039A89F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:4402e:*:*:*:*:*:*:*",
"matchCriteriaId": "5D495E06-BF2B-4C5A-881D-94C93CD2BA2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:4402ec:*:*:*:*:*:*:*",
"matchCriteriaId": "7C31DFB8-8D8C-47D6-AAFF-BAE829A3D965",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:4410e:*:*:*:*:*:*:*",
"matchCriteriaId": "088BC395-06D5-4156-85EB-63C4A9552898",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:4422e:*:*:*:*:*:*:*",
"matchCriteriaId": "33A220A2-A6D2-46A7-B168-607400EEDCE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:4430:*:*:*:*:*:*:*",
"matchCriteriaId": "1E79232F-7196-440B-82D4-165885251232",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:4430s:*:*:*:*:*:*:*",
"matchCriteriaId": "ED866954-77AB-4CA8-8AED-4252C595FC4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:4440:*:*:*:*:*:*:*",
"matchCriteriaId": "28A1F516-B180-45D4-8EB1-754B7497CB2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:4440s:*:*:*:*:*:*:*",
"matchCriteriaId": "36758A04-64D3-4150-A004-CF042FA31CD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:4460:*:*:*:*:*:*:*",
"matchCriteriaId": "1E01752E-F1DD-400A-A917-216CAF15B0F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:4460s:*:*:*:*:*:*:*",
"matchCriteriaId": "AD47EC58-F776-4F59-8F15-4B208904CF4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:4460t:*:*:*:*:*:*:*",
"matchCriteriaId": "2D3781F4-2123-4FA1-8AF5-D0D1E6C1A5B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:4570:*:*:*:*:*:*:*",
"matchCriteriaId": "94565E35-8A58-4CB6-A489-C796DCB97FC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:4570r:*:*:*:*:*:*:*",
"matchCriteriaId": "49964D35-5323-4412-BD54-661630F9A8CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:4570s:*:*:*:*:*:*:*",
"matchCriteriaId": "F0A37E7D-1BF6-4A2A-BF52-5F0EC4B4F341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:4570t:*:*:*:*:*:*:*",
"matchCriteriaId": "A0F66468-87D0-41FC-934B-5924BE2956CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:4570te:*:*:*:*:*:*:*",
"matchCriteriaId": "3E0F93E1-4607-4DF4-AC6E-4B7254D4A8DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:4590:*:*:*:*:*:*:*",
"matchCriteriaId": "45C0D99E-443E-4AB1-A07A-900A09FE177E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:4590s:*:*:*:*:*:*:*",
"matchCriteriaId": "C6D0FD76-C1FB-43D0-8511-FC0BA6DA7960",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:4590t:*:*:*:*:*:*:*",
"matchCriteriaId": "A9DAEE52-09C3-4A09-9958-9D6807B2700B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:4670:*:*:*:*:*:*:*",
"matchCriteriaId": "B97690D4-E814-4D40-B170-BE56D7AE2C1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:4670k:*:*:*:*:*:*:*",
"matchCriteriaId": "89804F2C-D32D-4444-ABEA-5B241153D096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:4670r:*:*:*:*:*:*:*",
"matchCriteriaId": "2AAAAF9C-B29B-4020-BAFF-C87B1A08294A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:4670s:*:*:*:*:*:*:*",
"matchCriteriaId": "ECE60E1E-AB8D-46E4-A779-A54F2D20B5D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:4670t:*:*:*:*:*:*:*",
"matchCriteriaId": "EB958A28-7C9A-4BD0-B002-4E1A65CDB0A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:4690:*:*:*:*:*:*:*",
"matchCriteriaId": "7C27B318-2AC1-423D-B0C8-583BB1800D5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:4690k:*:*:*:*:*:*:*",
"matchCriteriaId": "9E58E3D0-1154-4B13-BA16-67CE67DF0637",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:4690s:*:*:*:*:*:*:*",
"matchCriteriaId": "32D2ACB3-B906-4944-A021-03C4645965BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:4690t:*:*:*:*:*:*:*",
"matchCriteriaId": "8FFF834A-D7F0-4E48-AD3D-DD0BCE6DEC0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:5200u:*:*:*:*:*:*:*",
"matchCriteriaId": "8E1A41BA-A1D6-484A-BAD2-68DF85598354",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:5250u:*:*:*:*:*:*:*",
"matchCriteriaId": "11260C9D-69A9-4D81-9CCF-2E116DD75F7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:5257u:*:*:*:*:*:*:*",
"matchCriteriaId": "1C020F06-FD27-46E3-A48F-3F60F33BB969",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:5287u:*:*:*:*:*:*:*",
"matchCriteriaId": "03C74F10-6A7F-4F68-8A34-E981E1760DE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:5300u:*:*:*:*:*:*:*",
"matchCriteriaId": "24741B98-8D0E-4307-AAEF-A14B2531DCA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:5350h:*:*:*:*:*:*:*",
"matchCriteriaId": "8D4FA4BA-4304-4A70-9F86-120F2A3D8148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:5350u:*:*:*:*:*:*:*",
"matchCriteriaId": "367FC8BA-F046-4264-A049-49E933E7698F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:5575r:*:*:*:*:*:*:*",
"matchCriteriaId": "DE9B68D3-1DFB-4468-85C4-AC13E6CBC111",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:5675c:*:*:*:*:*:*:*",
"matchCriteriaId": "C966A016-B650-44D9-B8C4-1ED50AB318DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:5675r:*:*:*:*:*:*:*",
"matchCriteriaId": "DC448FF0-6D3F-4609-864B-4191905EE2B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:6200u:*:*:*:*:*:*:*",
"matchCriteriaId": "0FC246FE-4CA6-4B2D-83C3-D50A386C24A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:6260u:*:*:*:*:*:*:*",
"matchCriteriaId": "758A14DB-1BAF-442A-BA7C-5E9C67847BEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:6267u:*:*:*:*:*:*:*",
"matchCriteriaId": "61309100-CFA7-4607-A236-8910838AA057",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:6287u:*:*:*:*:*:*:*",
"matchCriteriaId": "82D76265-7BD0-4C51-AE77-22B22524DE81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:6300hq:*:*:*:*:*:*:*",
"matchCriteriaId": "DE38B195-BB8D-4747-881D-E8033760B4C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:6300u:*:*:*:*:*:*:*",
"matchCriteriaId": "1AA8BE76-168D-48A3-8DF6-E91F44600408",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:6350hq:*:*:*:*:*:*:*",
"matchCriteriaId": "3B656975-5D71-4712-9820-BDB7BC248AFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:6360u:*:*:*:*:*:*:*",
"matchCriteriaId": "FA045267-114D-4587-B6D7-E273C28DC9B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:6400:*:*:*:*:*:*:*",
"matchCriteriaId": "77018415-E122-406E-896D-1BC6CF790BE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:6400t:*:*:*:*:*:*:*",
"matchCriteriaId": "3ADF37F1-546B-4EF0-8DEC-DC3B9F5309FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:6402p:*:*:*:*:*:*:*",
"matchCriteriaId": "D7469256-1A64-46FF-8F5A-A8E9E3CF5BE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:6440eq:*:*:*:*:*:*:*",
"matchCriteriaId": "7F9069B9-9FE3-4AD5-9A8E-55C0F73BD756",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:6440hq:*:*:*:*:*:*:*",
"matchCriteriaId": "F4E1C012-3E05-44DB-B6D2-BFD619C034B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:6442eq:*:*:*:*:*:*:*",
"matchCriteriaId": "15D689D6-8594-42F2-8EEF-DCAEBA885A67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:6500:*:*:*:*:*:*:*",
"matchCriteriaId": "A6446000-0494-4DC5-ABAA-F20A44546068",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:6500t:*:*:*:*:*:*:*",
"matchCriteriaId": "99B94EEC-6690-45D0-B086-F4A5B25C25CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:6500te:*:*:*:*:*:*:*",
"matchCriteriaId": "8B767B6E-B3E6-4424-97A6-89A7E7EB0EEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:6585r:*:*:*:*:*:*:*",
"matchCriteriaId": "832AB3CD-E3A1-4CCB-A210-287973563D0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:6600:*:*:*:*:*:*:*",
"matchCriteriaId": "5A26C0CC-68AD-40F5-96B8-87E6C643F6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:6600k:*:*:*:*:*:*:*",
"matchCriteriaId": "99C4221A-9994-43B3-9C7A-E13815A50A10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:6600t:*:*:*:*:*:*:*",
"matchCriteriaId": "20070B1D-B91C-40BA-A9D8-E80170A2933F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:6685r:*:*:*:*:*:*:*",
"matchCriteriaId": "A70129C9-371F-4542-A388-C095869E593A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:8250u:*:*:*:*:*:*:*",
"matchCriteriaId": "6C4DE25F-168A-4C67-8B66-09F61F072BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:8350u:*:*:*:*:*:*:*",
"matchCriteriaId": "58157F24-D89E-4552-8CE6-2F01E98BD1E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:8400:*:*:*:*:*:*:*",
"matchCriteriaId": "BC7FFD78-1E1C-4246-BBD3-73FAC06AA46B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5:8600k:*:*:*:*:*:*:*",
"matchCriteriaId": "45ACBBEA-EC95-4F3E-B585-893DB6D21A0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:7y75:*:*:*:*:*:*:*",
"matchCriteriaId": "7DEC55DF-1950-45E5-A5F2-B5604AFA1CBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:610e:*:*:*:*:*:*:*",
"matchCriteriaId": "A6A5EC79-1B21-4BB3-8791-73507BC8D4DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:620le:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB4AFC3-FE30-4F46-ADC1-D03EB14E757D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:620lm:*:*:*:*:*:*:*",
"matchCriteriaId": "E0387587-AAB6-4284-8516-4DA3E3582D30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:620m:*:*:*:*:*:*:*",
"matchCriteriaId": "A238C975-9196-449F-9C15-ABB2E9FD1D06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:620ue:*:*:*:*:*:*:*",
"matchCriteriaId": "6F17F4A5-120B-4E00-97C8-8A85841ACBC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:620um:*:*:*:*:*:*:*",
"matchCriteriaId": "2537F047-64C9-4E73-B82C-310253184183",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:640lm:*:*:*:*:*:*:*",
"matchCriteriaId": "3A55857C-649D-46CE-AEDA-6E553E554FC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:640m:*:*:*:*:*:*:*",
"matchCriteriaId": "7BA4892D-AFDF-4441-821E-5EBF7F64C9F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:640um:*:*:*:*:*:*:*",
"matchCriteriaId": "327E06A3-7F0E-4498-8811-10C8D15398FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:660lm:*:*:*:*:*:*:*",
"matchCriteriaId": "1624E6D6-858E-4085-B0B9-362B819EFD88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:660ue:*:*:*:*:*:*:*",
"matchCriteriaId": "50D61F4A-40F0-477C-8326-7359D3626E77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:660um:*:*:*:*:*:*:*",
"matchCriteriaId": "1455B4DE-7F1C-4CF2-AE02-2EDD20025D62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:680um:*:*:*:*:*:*:*",
"matchCriteriaId": "5B215788-860B-46CD-9A08-43AFF98FAEAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:720qm:*:*:*:*:*:*:*",
"matchCriteriaId": "2B92FAD5-CA6E-48F7-9613-3A4CE90F5F54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:740qm:*:*:*:*:*:*:*",
"matchCriteriaId": "E4EB132B-000C-4A17-AFB3-19F40A73D2CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:820qm:*:*:*:*:*:*:*",
"matchCriteriaId": "5C4815AE-B635-4545-83C2-5EC4E0128337",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:840qm:*:*:*:*:*:*:*",
"matchCriteriaId": "C0046C06-E3E6-4674-A4D1-332DD29D9552",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:860:*:*:*:*:*:*:*",
"matchCriteriaId": "2C191851-3DC3-41C7-AD89-81F091CCC83A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:860s:*:*:*:*:*:*:*",
"matchCriteriaId": "21126922-8E81-47F4-82D4-CBCDDACEC4FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:870:*:*:*:*:*:*:*",
"matchCriteriaId": "209E18B0-BBB5-4C65-B336-44340F7740DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:870s:*:*:*:*:*:*:*",
"matchCriteriaId": "C867C0B8-91A4-482A-B7DD-54AB9599AE52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:875k:*:*:*:*:*:*:*",
"matchCriteriaId": "30F03843-8A51-4CE1-BE6C-994BDE3A8F97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:880:*:*:*:*:*:*:*",
"matchCriteriaId": "09854948-2657-4261-A32A-0523058F072E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:920:*:*:*:*:*:*:*",
"matchCriteriaId": "D13904A5-266D-481C-A42A-734C3823A238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:920xm:*:*:*:*:*:*:*",
"matchCriteriaId": "ACC82FCB-0541-45C4-8B7E-CB612D7F702A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:930:*:*:*:*:*:*:*",
"matchCriteriaId": "6C18BD84-5E9C-4C9E-B0AA-2CEB0D7A58C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:940:*:*:*:*:*:*:*",
"matchCriteriaId": "0F5ABC7E-C4E0-4850-A1E6-07EBCF4A87D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:940xm:*:*:*:*:*:*:*",
"matchCriteriaId": "501E9355-0CDD-4951-BCC3-47962788BCCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:950:*:*:*:*:*:*:*",
"matchCriteriaId": "B3D976D9-62F0-43C3-8359-E51E26B6CD87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:960:*:*:*:*:*:*:*",
"matchCriteriaId": "02AFBCD0-9B4B-4CA3-8FA9-D8B6ECB24894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:965:*:*:*:*:*:*:*",
"matchCriteriaId": "64ADE9AF-196F-4E0B-BC66-7DE0183F9032",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:970:*:*:*:*:*:*:*",
"matchCriteriaId": "C90CCA48-1705-4564-AAF9-271201BD5113",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:975:*:*:*:*:*:*:*",
"matchCriteriaId": "0B82BAFF-17F5-465C-8032-67D5ECAB2921",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:980:*:*:*:*:*:*:*",
"matchCriteriaId": "1F694FEC-B97D-4BDA-ADFA-751E8BFB7CD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:980x:*:*:*:*:*:*:*",
"matchCriteriaId": "F831371E-7437-48D7-8281-1F406215041B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:990x:*:*:*:*:*:*:*",
"matchCriteriaId": "BC4F06B5-615A-464A-A0C4-7AABEE8530CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:2600:*:*:*:*:*:*:*",
"matchCriteriaId": "92AF503A-A2B1-4FC3-858B-264049ADF0F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:2600k:*:*:*:*:*:*:*",
"matchCriteriaId": "E702C7EC-B1D9-4BDF-B334-2004CD76B52B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:2600s:*:*:*:*:*:*:*",
"matchCriteriaId": "E39F31D6-DC4B-46FE-BE5D-EA612D915A96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:2610ue:*:*:*:*:*:*:*",
"matchCriteriaId": "51CB8036-5F36-4CD4-9B3E-D2401F2E64F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:2617m:*:*:*:*:*:*:*",
"matchCriteriaId": "F9849BA3-3990-4E30-B99B-ADD043314CDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:2620m:*:*:*:*:*:*:*",
"matchCriteriaId": "A20FB18A-D3DA-4DE9-BEFF-75B7AB9B9A55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:2629m:*:*:*:*:*:*:*",
"matchCriteriaId": "7A67CD6F-5E4F-4E69-A2A9-A4033DCE08EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:2630qm:*:*:*:*:*:*:*",
"matchCriteriaId": "A0A22E92-1EA7-45D9-AC86-EC3D9664C294",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:2635qm:*:*:*:*:*:*:*",
"matchCriteriaId": "D7FA2911-6561-47BF-BEE8-DDA31642C346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:2637m:*:*:*:*:*:*:*",
"matchCriteriaId": "1FA6CA23-6F2B-44D5-B2DA-4F142BA3E48A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:2640m:*:*:*:*:*:*:*",
"matchCriteriaId": "0F829DED-4D92-401A-BD80-C070DE57FC7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:2649m:*:*:*:*:*:*:*",
"matchCriteriaId": "F560575C-FD8E-485D-B50A-572604BBE903",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:2655le:*:*:*:*:*:*:*",
"matchCriteriaId": "6ED8C51B-AE59-46DC-85F9-6D3B2891CB3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:2657m:*:*:*:*:*:*:*",
"matchCriteriaId": "1A38D00A-B9DC-44DF-8247-70355FF9A6EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:2670qm:*:*:*:*:*:*:*",
"matchCriteriaId": "381EFC43-D5D9-4D10-90BE-4C333A9BA074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:2675qm:*:*:*:*:*:*:*",
"matchCriteriaId": "CBEDED18-2755-4C55-A1A1-04B4D5F40276",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:2677m:*:*:*:*:*:*:*",
"matchCriteriaId": "F04B57EC-0731-40C8-939F-1C686A65A0FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:2700k:*:*:*:*:*:*:*",
"matchCriteriaId": "2AB301FB-EB3E-4F5F-868D-5B66CC7E1E6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:2710qe:*:*:*:*:*:*:*",
"matchCriteriaId": "CE1D28F9-B135-441B-A9BF-792DD356E374",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:2715qe:*:*:*:*:*:*:*",
"matchCriteriaId": "4D01CE3E-5C89-4FC0-9097-CAC483ACD441",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:2720qm:*:*:*:*:*:*:*",
"matchCriteriaId": "7BDD55C4-AFCD-4DF2-921C-DDC1D7556DA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:2760qm:*:*:*:*:*:*:*",
"matchCriteriaId": "8F52334F-BE6A-4FD4-9F63-AE9BB017115B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:2820qm:*:*:*:*:*:*:*",
"matchCriteriaId": "C7C9BCC3-B9A6-4195-BF2F-E7BBCE8DC269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:2860qm:*:*:*:*:*:*:*",
"matchCriteriaId": "2A4DFFA7-AA0E-4D7E-97B8-13389FD47D4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:2920xm:*:*:*:*:*:*:*",
"matchCriteriaId": "707F6671-57AC-4DF4-8024-444502E5C92E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:2960xm:*:*:*:*:*:*:*",
"matchCriteriaId": "3C1FCE07-F9E8-4B14-95CE-01784D472128",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:3517u:*:*:*:*:*:*:*",
"matchCriteriaId": "C208711F-FC06-46C8-8849-27054DC1B264",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:3517ue:*:*:*:*:*:*:*",
"matchCriteriaId": "25AB8041-F201-4BB3-AAD9-199B06697DF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:3520m:*:*:*:*:*:*:*",
"matchCriteriaId": "D75C474C-D5EF-42D6-9B2A-A504BEFCB982",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:3537u:*:*:*:*:*:*:*",
"matchCriteriaId": "1F566CD3-3649-492B-B0AB-A107E51675B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:3540m:*:*:*:*:*:*:*",
"matchCriteriaId": "BB9F3D74-AE72-4FC5-83E9-890781AF3093",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:3555le:*:*:*:*:*:*:*",
"matchCriteriaId": "0E8EA6A7-4AB8-487E-B5DD-9989CC5F1CD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:3610qe:*:*:*:*:*:*:*",
"matchCriteriaId": "DF63DDC8-A0C1-482B-92F2-CF6135E8C2A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:3610qm:*:*:*:*:*:*:*",
"matchCriteriaId": "C69918C6-7AAD-4AA5-AB72-C275367B1008",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:3612qe:*:*:*:*:*:*:*",
"matchCriteriaId": "06155B0B-A5AD-4A82-8C02-D264981687A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:3612qm:*:*:*:*:*:*:*",
"matchCriteriaId": "F76C19A4-FA26-432A-9443-9F92B2A946EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:3615qe:*:*:*:*:*:*:*",
"matchCriteriaId": "99BEE9BE-E49A-489B-B333-95D0993F8FA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:3615qm:*:*:*:*:*:*:*",
"matchCriteriaId": "7427A678-EC47-4030-B905-619DD95F5A82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:3630qm:*:*:*:*:*:*:*",
"matchCriteriaId": "86749716-1C9F-4C2A-B2A7-E62DEC10EA30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:3632qm:*:*:*:*:*:*:*",
"matchCriteriaId": "FD000B53-06DA-4ED4-B0EE-9CB201B75C8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:3635qm:*:*:*:*:*:*:*",
"matchCriteriaId": "A8424463-C329-4BAA-8AA1-25CD8B63292E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:3667u:*:*:*:*:*:*:*",
"matchCriteriaId": "52727E62-0048-4C56-BC8C-B3450D257B21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:3687u:*:*:*:*:*:*:*",
"matchCriteriaId": "9D8223AA-F077-45FD-A7E3-3C2C1A8F6E91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:3689y:*:*:*:*:*:*:*",
"matchCriteriaId": "FAA34B50-2330-4D77-BF1A-6F05F3EF222C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:3720qm:*:*:*:*:*:*:*",
"matchCriteriaId": "F6421F69-1076-43D2-B273-DE80FB2D5F72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:3740qm:*:*:*:*:*:*:*",
"matchCriteriaId": "C1EDA9E2-CFE7-4917-BE48-A83208BDF0F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:3770:*:*:*:*:*:*:*",
"matchCriteriaId": "9A34E7FC-93A4-45F2-A7B6-4A8ABFCAB0F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:3770k:*:*:*:*:*:*:*",
"matchCriteriaId": "7E611EDD-D44C-4311-B681-431D7C574528",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:3770s:*:*:*:*:*:*:*",
"matchCriteriaId": "C5E1B6AA-2F9A-43A8-9147-2BD9474E54C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:3770t:*:*:*:*:*:*:*",
"matchCriteriaId": "1886D007-85B6-4E5A-968D-A1FD476A08A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:3820qm:*:*:*:*:*:*:*",
"matchCriteriaId": "BDDDCB65-4404-49BC-9515-ECECD58A667F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:3840qm:*:*:*:*:*:*:*",
"matchCriteriaId": "1B8D3E00-64C3-407A-9B00-8B6E383F73FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:4500u:*:*:*:*:*:*:*",
"matchCriteriaId": "CB1B00A1-9C15-47C2-9F57-66586DEACC7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:4510u:*:*:*:*:*:*:*",
"matchCriteriaId": "CB5BF932-459F-4DD2-B160-5FE0371C7D83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:4550u:*:*:*:*:*:*:*",
"matchCriteriaId": "A58ACE96-F1BE-4261-8F94-FC3C6E7C7561",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:4558u:*:*:*:*:*:*:*",
"matchCriteriaId": "783D6EA7-C016-4314-A87B-4FED1DC7114B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:4578u:*:*:*:*:*:*:*",
"matchCriteriaId": "7AD0176F-FFAE-4A85-9327-CE72FE059E90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:4600m:*:*:*:*:*:*:*",
"matchCriteriaId": "A56970C7-F8D3-41B2-A78B-0C7F4A2A4E0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:4600u:*:*:*:*:*:*:*",
"matchCriteriaId": "26D4CE1F-86C8-4E48-9146-9DB57BF540FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:4610m:*:*:*:*:*:*:*",
"matchCriteriaId": "CB7F9D65-5537-4C25-B02B-2393F60D1299",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:4610y:*:*:*:*:*:*:*",
"matchCriteriaId": "F09C8A92-820D-4572-A797-180E17A7DEB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:4650u:*:*:*:*:*:*:*",
"matchCriteriaId": "CA7D77A2-0D9A-4D0D-B0DC-152757917BE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:4700ec:*:*:*:*:*:*:*",
"matchCriteriaId": "A07D3F1A-16CE-461F-A2F4-80FE5F841CB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:4700eq:*:*:*:*:*:*:*",
"matchCriteriaId": "0C04557A-C508-4FAD-A535-1C0AEFF08075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:4700hq:*:*:*:*:*:*:*",
"matchCriteriaId": "6AFAE489-6679-4705-BF9C-BB6D385A1DC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:4700mq:*:*:*:*:*:*:*",
"matchCriteriaId": "429A99C8-BC55-4887-893C-7124C1A5DB08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:4702ec:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A2B709-CC19-4116-A5BE-5DB5C8B45A12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:4702hq:*:*:*:*:*:*:*",
"matchCriteriaId": "D79DAC74-1F28-4EC8-B417-3FAFFB74C4BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:4702mq:*:*:*:*:*:*:*",
"matchCriteriaId": "6F1F1377-6220-43FB-BEF9-BAA7B0158147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:4710hq:*:*:*:*:*:*:*",
"matchCriteriaId": "18422CA8-3000-46B1-9065-2369E6B0BE16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:4710mq:*:*:*:*:*:*:*",
"matchCriteriaId": "5D558C66-E80E-4FC7-A0DF-485466390C46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:4712hq:*:*:*:*:*:*:*",
"matchCriteriaId": "E23EA9AE-9E70-47B5-AD9B-0DF13A0939E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:4712mq:*:*:*:*:*:*:*",
"matchCriteriaId": "860F22F6-4C87-47C5-965E-02A1AFF41A72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:4720hq:*:*:*:*:*:*:*",
"matchCriteriaId": "19A2CA86-BFA8-4C78-987D-AD26F32622F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:4722hq:*:*:*:*:*:*:*",
"matchCriteriaId": "EEF64E0A-CDB0-427E-A96F-095EFEBA0A3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:4750hq:*:*:*:*:*:*:*",
"matchCriteriaId": "425F6D34-EE60-464B-8EA6-8116EDAA1219",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:4760hq:*:*:*:*:*:*:*",
"matchCriteriaId": "CEB9F657-1239-4424-A2E8-F8BD98C0095E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:4765t:*:*:*:*:*:*:*",
"matchCriteriaId": "F631403C-0A67-42CB-815C-133EB87E0C95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:4770:*:*:*:*:*:*:*",
"matchCriteriaId": "6A4A5A57-B1A2-4BBA-AC36-7EA7DF9CDE06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:4770hq:*:*:*:*:*:*:*",
"matchCriteriaId": "0453C0EA-BA67-49D5-964F-35493F97D905",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:4770k:*:*:*:*:*:*:*",
"matchCriteriaId": "4D4D237E-ACB7-4382-AF5B-D27E634BF867",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:4770r:*:*:*:*:*:*:*",
"matchCriteriaId": "B5461EB2-2958-4923-86AF-C74D449120B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:4770s:*:*:*:*:*:*:*",
"matchCriteriaId": "45C22141-E698-4E38-AF50-9CE04C1168FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:4770t:*:*:*:*:*:*:*",
"matchCriteriaId": "49D0E470-427D-4A68-AFD2-982A4F7CE2D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:4770te:*:*:*:*:*:*:*",
"matchCriteriaId": "43AB50F3-14AC-44BD-B7F0-A683C5FD1A3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:4771:*:*:*:*:*:*:*",
"matchCriteriaId": "713C4B7A-C38A-4818-A258-D07DEDEC906E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:4785t:*:*:*:*:*:*:*",
"matchCriteriaId": "C59740BE-FC30-4400-B978-1DB41282971C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:4790:*:*:*:*:*:*:*",
"matchCriteriaId": "839728F0-5F23-462F-B493-C37EE4C874F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:4790k:*:*:*:*:*:*:*",
"matchCriteriaId": "6F1B47DA-BA53-4D7A-9B5B-582238D5E99A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:4790s:*:*:*:*:*:*:*",
"matchCriteriaId": "D452F1BF-1FA5-463C-8F13-6357509FB5D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:4790t:*:*:*:*:*:*:*",
"matchCriteriaId": "EF6D1F4C-B396-468C-BA32-9367A68C95DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:4800mq:*:*:*:*:*:*:*",
"matchCriteriaId": "B76A812F-D77A-49C8-B7A5-0C08258D4BBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:4810mq:*:*:*:*:*:*:*",
"matchCriteriaId": "6E001AAB-07EC-47BF-BDE9-BB927872781D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:4850hq:*:*:*:*:*:*:*",
"matchCriteriaId": "D1DF11F5-61E8-4A98-86C8-49D6B3224FCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:4860hq:*:*:*:*:*:*:*",
"matchCriteriaId": "AED153E7-99A2-4C02-B81B-C3DDF8FAE1A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:4870hq:*:*:*:*:*:*:*",
"matchCriteriaId": "D024802A-EA60-4D9B-B04C-027A0703EABD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:4900mq:*:*:*:*:*:*:*",
"matchCriteriaId": "BA731F3C-1F04-4EE2-83EC-9486F5032903",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:4910mq:*:*:*:*:*:*:*",
"matchCriteriaId": "544A59F6-E731-43C8-8455-69256933E71D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:4950hq:*:*:*:*:*:*:*",
"matchCriteriaId": "624258EE-7FFF-4432-9B6D-4D60AA73CD9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:4960hq:*:*:*:*:*:*:*",
"matchCriteriaId": "69A2701A-35A8-4268-B9CF-40BA3219373B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:4980hq:*:*:*:*:*:*:*",
"matchCriteriaId": "15E671F6-8DED-4735-BE97-58A60E5B5C13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:5500u:*:*:*:*:*:*:*",
"matchCriteriaId": "3FC68B2A-8570-4311-BB60-49DBBDAF7430",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:5550u:*:*:*:*:*:*:*",
"matchCriteriaId": "9826FA02-937E-4323-B9D5-8AE059ADBE95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:5557u:*:*:*:*:*:*:*",
"matchCriteriaId": "9B8630BB-48AA-4688-A6F0-212C1BB4D14C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:5600u:*:*:*:*:*:*:*",
"matchCriteriaId": "9AC98D35-D7D5-4C24-B47E-EDE2A80B2B9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:5650u:*:*:*:*:*:*:*",
"matchCriteriaId": "A2F8ABCB-12C3-4C45-844E-B07F77DA2DE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:5700eq:*:*:*:*:*:*:*",
"matchCriteriaId": "326105AC-3926-437E-8AFF-916960107050",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:5700hq:*:*:*:*:*:*:*",
"matchCriteriaId": "866E1275-7541-4B80-8FDF-53246A204C15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:5750hq:*:*:*:*:*:*:*",
"matchCriteriaId": "E190929D-D3CC-46E1-A903-0848829061DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:5775c:*:*:*:*:*:*:*",
"matchCriteriaId": "81E4EBCB-B660-4F6A-AD73-81B9D8964162",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:5775r:*:*:*:*:*:*:*",
"matchCriteriaId": "55D58CC5-CB46-464D-93B8-6AD5A19AF097",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:5850eq:*:*:*:*:*:*:*",
"matchCriteriaId": "16541D3E-EBBD-4D92-96D8-F169733377AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:5850hq:*:*:*:*:*:*:*",
"matchCriteriaId": "3F08D257-F570-4D39-A6E8-0F60E55472E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:5950hq:*:*:*:*:*:*:*",
"matchCriteriaId": "C20ED667-2BFB-41C7-82BA-9F0C0044DA08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:7500u:*:*:*:*:*:*:*",
"matchCriteriaId": "6158ED8A-007E-48B7-99BF-8BA03BF584BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:7560u:*:*:*:*:*:*:*",
"matchCriteriaId": "DBA7096A-F321-49A0-911A-F9683ABE6E6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:7567u:*:*:*:*:*:*:*",
"matchCriteriaId": "6A471395-7F8F-4BA5-962D-4D8F271FAB47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:7600u:*:*:*:*:*:*:*",
"matchCriteriaId": "B9484380-92B9-44DB-8E20-DC8DE02D1CA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:7660u:*:*:*:*:*:*:*",
"matchCriteriaId": "8010808D-805D-4CA3-9EA2-55EB1E57964C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:7700:*:*:*:*:*:*:*",
"matchCriteriaId": "9716FE9F-A056-42A3-A241-F2FE37A6386A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:7700hq:*:*:*:*:*:*:*",
"matchCriteriaId": "F73422A3-ECA0-4C41-9AA5-CF7D77885CF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:7700k:*:*:*:*:*:*:*",
"matchCriteriaId": "7A96A5AF-C9EF-4DED-AE25-4540A2B02915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:7700t:*:*:*:*:*:*:*",
"matchCriteriaId": "D5115B12-053A-4866-A833-D6EC88D8F93E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:7820eq:*:*:*:*:*:*:*",
"matchCriteriaId": "C5619D4D-9685-4595-8A5F-A18273FE4213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:7820hk:*:*:*:*:*:*:*",
"matchCriteriaId": "B77E00E7-0EA4-4E32-A693-0E0F66BA4C57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:7820hq:*:*:*:*:*:*:*",
"matchCriteriaId": "DAA3457E-7E1A-4878-9752-79382E954A66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:7920hq:*:*:*:*:*:*:*",
"matchCriteriaId": "68630C63-4457-4E12-B7BD-AD456B237FC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:8550u:*:*:*:*:*:*:*",
"matchCriteriaId": "F6FB5695-2950-4CEC-81B4-FD280F835330",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:8650u:*:*:*:*:*:*:*",
"matchCriteriaId": "9F340AF8-508F-449D-9AFA-4E55F069B4F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:8700:*:*:*:*:*:*:*",
"matchCriteriaId": "E944410E-D674-4141-B50C-9F55090325FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i7:8700k:*:*:*:*:*:*:*",
"matchCriteriaId": "A6438E07-0AC0-4BF9-B0F2-9072CA9639D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_m:5y10:*:*:*:*:*:*:*",
"matchCriteriaId": "5079AA70-C864-4AE2-809C-52B50632F2B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_m:5y10a:*:*:*:*:*:*:*",
"matchCriteriaId": "5D124BCB-D8C3-49F5-B05C-E09B3CEBEBCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_m:5y10c:*:*:*:*:*:*:*",
"matchCriteriaId": "6A86291B-C986-4320-BCEF-9F5AD8B309D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_m:5y31:*:*:*:*:*:*:*",
"matchCriteriaId": "1227659F-1393-4189-978B-CC3DC53BF407",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_m:5y51:*:*:*:*:*:*:*",
"matchCriteriaId": "4C2DB843-638F-41EF-B486-409318AA2DE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_m:5y70:*:*:*:*:*:*:*",
"matchCriteriaId": "A0004D8A-A186-4DA2-A7AB-18A6456438FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_m:5y71:*:*:*:*:*:*:*",
"matchCriteriaId": "75B6BE9F-F113-4976-951D-53F2E183A95A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_m3:6y30:*:*:*:*:*:*:*",
"matchCriteriaId": "DEB005F1-9719-4985-B9D9-2140C962ADD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_m3:7y30:*:*:*:*:*:*:*",
"matchCriteriaId": "A94D0C1B-F30F-4724-915E-192C53FAE58A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_m3:7y32:*:*:*:*:*:*:*",
"matchCriteriaId": "3F247860-1D2C-415C-AFBD-26BD875AAF02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_m5:6y54:*:*:*:*:*:*:*",
"matchCriteriaId": "9697EDCD-A742-4AC6-876E-1080AD684207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_m5:6y57:*:*:*:*:*:*:*",
"matchCriteriaId": "6E73924A-875B-44D0-8F7C-A822B0488126",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_m7:6y75:*:*:*:*:*:*:*",
"matchCriteriaId": "03751B92-EE07-4F16-A476-BD25561810BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:pentium_j:j2850:*:*:*:*:*:*:*",
"matchCriteriaId": "A3A630E1-6CAE-4809-AB18-5002F158AE90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:pentium_j:j2900:*:*:*:*:*:*:*",
"matchCriteriaId": "A67750FF-EF4B-414F-8ED4-299CAF33B0DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:pentium_j:j3710:*:*:*:*:*:*:*",
"matchCriteriaId": "5A82D885-82F5-4755-BC11-5899E28CEE42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:pentium_j:j4205:*:*:*:*:*:*:*",
"matchCriteriaId": "88AF1366-8A14-4741-8146-886C31D8D347",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:pentium_n:n3510:*:*:*:*:*:*:*",
"matchCriteriaId": "7FD75301-E29C-47DC-B53F-DC44EA0C1885",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:pentium_n:n3520:*:*:*:*:*:*:*",
"matchCriteriaId": "8C944024-BEAA-43AF-A339-FD69C75E8240",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:pentium_n:n3530:*:*:*:*:*:*:*",
"matchCriteriaId": "435C69D1-3932-4379-8D18-B1E12D558325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:pentium_n:n3540:*:*:*:*:*:*:*",
"matchCriteriaId": "3572B700-73C0-41D1-95FD-FE9D5B0C1F80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:pentium_n:n3700:*:*:*:*:*:*:*",
"matchCriteriaId": "97A40DC9-0D4E-4C91-8D1B-3CED95B3952E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:pentium_n:n3710:*:*:*:*:*:*:*",
"matchCriteriaId": "16FB3E4B-05F8-411A-8C86-4ACE03815553",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:pentium_n:n4200:*:*:*:*:*:*:*",
"matchCriteriaId": "8E55EBC1-6F96-47CD-9503-7855EFB07240",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon:e5502:*:*:*:*:*:*:*",
"matchCriteriaId": "4208DBA1-7F85-4876-9B6C-D1B43EAAB2AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon:e5503:*:*:*:*:*:*:*",
"matchCriteriaId": "F5ADC8E5-1CE7-4481-A9B5-61BFC6B4FF50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon:e5504:*:*:*:*:*:*:*",
"matchCriteriaId": "A1789924-FADB-4076-8874-120B29EE6B86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon:e5506:*:*:*:*:*:*:*",
"matchCriteriaId": "BC246667-2F6F-4024-9EAA-2CE3018235C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon:e5507:*:*:*:*:*:*:*",
"matchCriteriaId": "B21BA7F8-D4B5-4E6B-8FCE-04BBD3501AA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon:e5520:*:*:*:*:*:*:*",
"matchCriteriaId": "1341A5D4-A5CE-4D31-A178-01C3069D7A55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon:e5530:*:*:*:*:*:*:*",
"matchCriteriaId": "86A5C199-92E5-435C-AC40-175849285104",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon:e5540:*:*:*:*:*:*:*",
"matchCriteriaId": "67589F54-0A54-4DE7-9A47-A73DD05F7965",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon:e5603:*:*:*:*:*:*:*",
"matchCriteriaId": "DDC34C8E-1BB9-43CC-9D89-9E6DC435B7EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon:e5606:*:*:*:*:*:*:*",
"matchCriteriaId": "8BE5163E-9BCF-4BF8-BCB9-B48C4E7E1564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon:e5607:*:*:*:*:*:*:*",
"matchCriteriaId": "92C5DC8C-3318-440B-8B29-4827F343927B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon:e5620:*:*:*:*:*:*:*",
"matchCriteriaId": "0ECC47D8-F602-4CEA-B19A-209CE76C9D36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon:e5630:*:*:*:*:*:*:*",
"matchCriteriaId": "7514ADD3-DECC-4CC2-9421-A609E526FDC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon:e5640:*:*:*:*:*:*:*",
"matchCriteriaId": "6ED2EC97-8B2D-47A9-8EC7-D1E0ACBB6C52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon:e5645:*:*:*:*:*:*:*",
"matchCriteriaId": "691097C3-F91B-499B-BAEB-4E7E9C43B517",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon:e5649:*:*:*:*:*:*:*",
"matchCriteriaId": "0B3DB1ED-017B-43EF-92A3-A8A88669FBC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon:e6510:*:*:*:*:*:*:*",
"matchCriteriaId": "19A49AAF-0F08-4151-8F74-4EF9C3415B00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon:e6540:*:*:*:*:*:*:*",
"matchCriteriaId": "3F7A2018-BB4D-4DC1-813D-A4AA3F270893",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon:e7520:*:*:*:*:*:*:*",
"matchCriteriaId": "A95D91C4-C539-4458-A6C9-8AE17207AE30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon:e7530:*:*:*:*:*:*:*",
"matchCriteriaId": "37F9D218-8198-42C7-88FE-7C5382138324",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon:e7540:*:*:*:*:*:*:*",
"matchCriteriaId": "CF8FDD81-95EE-4241-93C8-925085A4CE7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon:ec5509:*:*:*:*:*:*:*",
"matchCriteriaId": "614D9E35-10E0-4CCB-B817-C7C8C3947BE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon:ec5539:*:*:*:*:*:*:*",
"matchCriteriaId": "F75F987E-F4DB-46FF-B048-21B4A4C07B10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon:ec5549:*:*:*:*:*:*:*",
"matchCriteriaId": "05376F2C-30B6-406D-90F7-6C2E00E85171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon:l3406:*:*:*:*:*:*:*",
"matchCriteriaId": "CCDD3DF6-24BF-4C13-8F07-AF07327E5622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon:l3426:*:*:*:*:*:*:*",
"matchCriteriaId": "B1520A64-2157-45D7-A135-F900798C4EB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon:l5506:*:*:*:*:*:*:*",
"matchCriteriaId": "05A30F85-5367-4369-B7A5-176D71279FC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon:l5508:*:*:*:*:*:*:*",
"matchCriteriaId": "B8803FF9-48D7-4AB0-8A17-4590CABD0BFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon:l5518:*:*:*:*:*:*:*",
"matchCriteriaId": "1DC63B6B-5D6D-477B-9125-007F835981B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon:l5520:*:*:*:*:*:*:*",
"matchCriteriaId": "BF385AC9-963E-4670-95A6-BE1EBC3890B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon:l5530:*:*:*:*:*:*:*",
"matchCriteriaId": "943FA088-2902-45A9-A1BA-D612B46A50D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon:l5609:*:*:*:*:*:*:*",
"matchCriteriaId": "8C80902D-9A6C-47D4-B56F-35C378FC0E63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon:l5618:*:*:*:*:*:*:*",
"matchCriteriaId": "1100B46C-8485-4048-BFF8-2BAB311EC04A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon:l5630:*:*:*:*:*:*:*",
"matchCriteriaId": "4B9E1646-E154-41BA-B9FA-0839A898023D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon:l5638:*:*:*:*:*:*:*",
"matchCriteriaId": "03F4C8E6-0043-41A8-94EA-EEBAA1A081E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon:l5640:*:*:*:*:*:*:*",
"matchCriteriaId": "31C10985-CBF7-4717-A7D6-2594887D7CB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon:l7545:*:*:*:*:*:*:*",
"matchCriteriaId": "8C49886C-B6A0-4D95-8533-329FE5A66F6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon:l7555:*:*:*:*:*:*:*",
"matchCriteriaId": "0788CF23-3FAF-44C9-9AAA-96E4818A1AEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon:lc5518:*:*:*:*:*:*:*",
"matchCriteriaId": "24AF7001-64D1-4BFB-9280-0BA0FAD97A0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon:lc5528:*:*:*:*:*:*:*",
"matchCriteriaId": "8C6E420E-16DA-4FB1-9968-C93E229614FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon:w3670:*:*:*:*:*:*:*",
"matchCriteriaId": "07469E04-B3D2-41FE-A2E4-E25A977026CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon:w3680:*:*:*:*:*:*:*",
"matchCriteriaId": "60FF402E-5E4F-414A-A3AB-149548303616",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon:w3690:*:*:*:*:*:*:*",
"matchCriteriaId": "79E2B875-A270-45C0-A1B1-041264E5B290",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon:w5580:*:*:*:*:*:*:*",
"matchCriteriaId": "8C828C8C-7ECB-4167-87A9-0F522C400C66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon:w5590:*:*:*:*:*:*:*",
"matchCriteriaId": "0C2C887F-1EF7-468A-A6AE-440793C78DAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon:x3430:*:*:*:*:*:*:*",
"matchCriteriaId": "6F2F3D7F-D884-4ACD-A103-060F57A9867B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon:x3440:*:*:*:*:*:*:*",
"matchCriteriaId": "BD1FCAAD-7072-45EC-9ACB-08556458BAF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon:x3450:*:*:*:*:*:*:*",
"matchCriteriaId": "C4446224-40E8-4AD0-8197-921D3473E19B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon:x3460:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA159D9-8C7F-4BE5-9093-A21C7D00F7EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon:x3470:*:*:*:*:*:*:*",
"matchCriteriaId": "B92B68FD-771A-4401-8B1D-B1A252356F62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon:x3480:*:*:*:*:*:*:*",
"matchCriteriaId": "1B933941-0BE3-4EEB-8FDD-2DAA63343EE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon:x5550:*:*:*:*:*:*:*",
"matchCriteriaId": "8D060EF0-B29C-4B54-86A0-FD5CFF7B80BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon:x5560:*:*:*:*:*:*:*",
"matchCriteriaId": "36F737C1-6011-42D2-9690-CA81EA0A283C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon:x5570:*:*:*:*:*:*:*",
"matchCriteriaId": "19CA7EB6-D1C9-48D9-A69A-2618800A6CE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon:x5647:*:*:*:*:*:*:*",
"matchCriteriaId": "0CA1F3E5-ED7F-4E4C-AD0D-0EEC542A9E51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon:x5650:*:*:*:*:*:*:*",
"matchCriteriaId": "ED6E3C9B-A661-4B37-B76D-A3F7BD638D4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon:x5660:*:*:*:*:*:*:*",
"matchCriteriaId": "56C909B0-8FB2-4220-AF93-EECB8D650CC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon:x5667:*:*:*:*:*:*:*",
"matchCriteriaId": "FF36BAD0-A762-4F84-BE0B-060FE666ED67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon:x5670:*:*:*:*:*:*:*",
"matchCriteriaId": "007337CD-94FB-4ED9-B4A3-9E0EC52D79B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon:x5672:*:*:*:*:*:*:*",
"matchCriteriaId": "BCDFA137-F1FC-46BD-9872-D62671B1434D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon:x5675:*:*:*:*:*:*:*",
"matchCriteriaId": "2E6DBCB3-E912-43A1-914B-5C7CCFAADE25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon:x5677:*:*:*:*:*:*:*",
"matchCriteriaId": "0FCF36E2-0B42-4F23-97D6-9E79ECCA8FAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon:x5680:*:*:*:*:*:*:*",
"matchCriteriaId": "E2C67312-E128-4833-A91E-D7A9F96A7AD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon:x5687:*:*:*:*:*:*:*",
"matchCriteriaId": "3F19F408-FABD-4A68-8CDC-C763F0321FB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon:x5690:*:*:*:*:*:*:*",
"matchCriteriaId": "68A06EC2-E491-4CD5-9904-61A88EBB7FD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon:x6550:*:*:*:*:*:*:*",
"matchCriteriaId": "789A8CAE-8D9E-4244-880D-FBE28EC53AED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon:x7542:*:*:*:*:*:*:*",
"matchCriteriaId": "F901EE11-D0C9-46F6-8316-D8F4F1D50260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon:x7550:*:*:*:*:*:*:*",
"matchCriteriaId": "E549F600-B9CE-4843-A772-2DACC528903E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon:x7560:*:*:*:*:*:*:*",
"matchCriteriaId": "3F28E733-87ED-4610-A8EE-BD37BED7685B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_bronze_3104:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DB488DD-D97C-4E21-A055-E6CECBBBC34E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_bronze_3106:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9DC12C97-9966-40E2-8B23-B4453EC9EA6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e-1105c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2832E8BF-7AC7-444C-B297-66F770860571",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3:1505m_v6:*:*:*:*:*:*:*",
"matchCriteriaId": "44AA72FB-E78D-419E-AA82-B0538C6504D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3:1515m_v5:*:*:*:*:*:*:*",
"matchCriteriaId": "687C3BF3-D71A-49AD-8A05-EAC07CBCD949",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3:1535m_v5:*:*:*:*:*:*:*",
"matchCriteriaId": "90AF90D9-16C4-4F8A-9868-3E2823E3445C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3:1535m_v6:*:*:*:*:*:*:*",
"matchCriteriaId": "3C063C53-8970-45B1-85F8-FB2080BF4695",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3:1545m_v5:*:*:*:*:*:*:*",
"matchCriteriaId": "64596ED7-794A-4D23-987B-D9AD59D48EA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3:1558l_v5:*:*:*:*:*:*:*",
"matchCriteriaId": "C2E52BA6-2F2F-4CD2-A601-5B0ADDE5E23F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3:1565l_v5:*:*:*:*:*:*:*",
"matchCriteriaId": "3FDA48F0-0F35-4A8F-8117-B0B28E00AB95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3:1575m_v5:*:*:*:*:*:*:*",
"matchCriteriaId": "A561A8E8-79E2-4071-B57D-590C22EF86A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3:1578l_v5:*:*:*:*:*:*:*",
"matchCriteriaId": "92E46658-60AB-4758-9236-3AC0E6464383",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3:1585_v5:*:*:*:*:*:*:*",
"matchCriteriaId": "207B8FBA-E2FF-485A-9AD9-E604AE0FB903",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3:1585l_v5:*:*:*:*:*:*:*",
"matchCriteriaId": "33F99640-C753-40BE-A0A1-4C2D92E7DB09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1105c_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA1EC6D3-01CD-4CAB-817D-AE2E72FD0D03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1125c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6F98247B-1839-4676-855B-827A4B6C016B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1125c_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDBA35BD-1048-4B6E-96B2-1CFF615EB49A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E6CEEEE2-D6A2-4342-8A73-934093948824",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1220_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "979FEE9F-A957-43B6-BB6D-1A851D6FA11C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1220_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A7AF59D-D05E-47F9-B493-B5CD6781FDDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1220_v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7EF7EC93-0170-45A9-86C7-5460320B2AE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1220_v6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A8A7B1C2-D2CE-485A-9376-27E14F3FA05A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_12201:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5F803AC-DCC7-43FC-BEB3-AA7984E0506C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_12201_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "560993AA-299D-42B7-B77F-1BD0D2114CCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1220l_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1C582B1C-1DAC-48FD-82DD-7334C10A2175",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1225:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7862B0C-2C44-4110-A62A-083116129612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1225_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "048C5996-F719-4338-B148-0DD1C13E02FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1225_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0196DA2F-CFA7-44D0-BDF5-37C7403E3B9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1225_v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B9FF7FB-AB5A-4549-8C15-E69458C649E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1225_v6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CEF6608-B650-4C77-9823-0AD57B3484F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1226_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4BE6A2D7-901C-45F9-B487-D674047D522E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1230:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DCFCAC5E-6CF1-4EC1-A24C-688DD1016A96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1230_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1ADCB509-5B0E-4592-8B23-EC25A3F79D41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1230_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB51691F-089F-4016-B25E-238074B06C0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1230_v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBAAC728-6A0F-4675-9677-AAF7DD5D38ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1230_v6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB3BFEFD-3D0D-48B0-A5AE-6F3C2D791CE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1230l_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC7E1AFD-9BCE-4487-A8DE-F9C60529CA7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1231_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7EA37503-FD3D-4220-933C-234631D6EDEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1235:-:*:*:*:*:*:*:*",
"matchCriteriaId": "72992831-2A76-456B-A80C-944BDD8591E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1235l_v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A79C2131-5566-4CC2-B6ED-38E3F6964500",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1240:-:*:*:*:*:*:*:*",
"matchCriteriaId": "60BFDAA6-3DFC-4908-BC33-B05BAB462F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1240_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B6266056-770A-4E2D-A4FC-F1475257648E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1240_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "929AA8F3-8BDF-4614-9806-6D4231735616",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1240_v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "605D7552-8184-4B11-96FD-FE501A6C97DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1240_v6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3144BBDE-CC96-4408-AA02-ECC3BF902A34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1240l_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B8BA77A-34E3-4B9E-822A-7B7A90D35790",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1240l_v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7165B43-ED22-4714-8FA4-1E201D1BFA69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1241_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "67CFB133-FAF0-431A-9765-8A9738D6D87C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1245:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2975B0F2-DB7C-4257-985A-482ED2725883",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1245_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "70221E07-3C2E-4A82-8259-AD583EB5CDDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1245_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "427DFD78-56CD-43C4-948E-F53AF9D669F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1245_v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E3E6F5F-6B82-43D9-BD6E-D22F9B991DB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1245_v6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "75AD7649-3FEA-4971-9886-6C9312B937A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1246_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B4EE972C-6BAE-4342-BA01-1D685487F9C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1258l_v4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "27CDFE3B-C064-49A9-BD43-3F7612257A74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1260l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3BD0EEC1-D695-41A5-8CD6-9E987A547CC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1260l_v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C35AA9AC-28B3-49C2-A9B5-5D26DFEDB723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1265l_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4DBF25B8-D474-4C6B-8E45-F57DDC7074E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1265l_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3DF18FD1-6670-4C3C-8000-A079C69D575E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1265l_v4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D760EEAF-5CF5-4F25-8FA2-D4F75F4F5A91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1268l_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "921EB5A5-F911-4FCE-A6F1-C66818B34678",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1268l_v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "13878C13-1C7C-4B83-AF27-4998E8F659DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1270:-:*:*:*:*:*:*:*",
"matchCriteriaId": "023063E1-2DD7-487C-A8A7-939FAEE666A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1270_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77255CE6-D7B7-4B48-993C-7100A1170BC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1270_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B40AC368-3A14-4EFF-A8D0-7EFB4C83045D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1270_v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3472AA7B-C0CF-4D65-8A6C-B1D52D27F0CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1270_v6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C07E80D5-70A5-49C9-9044-D683C7ECCFF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1271_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "63668AF4-F29C-4424-8EC5-2F0A5950DD58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1275:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E86616FE-0C3F-4984-A364-8A6A9F01DAD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1275_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "09C1C7CD-538D-4D7A-A81C-10DF5376A479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1275_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5922F749-2B23-44B8-8A46-F31BCAEAD279",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1275_v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C48BBAF-6B27-43D6-B86B-40CD8E7BA056",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1275_v6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D75D0EEB-707C-4C86-A569-E91E9F00BA77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1275l_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0FB0E20-0243-40A1-8DEF-37150791222E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1276_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "68CFF26D-8AD3-4179-9E4C-F06D7C858C9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1278l_v4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7541572C-229F-4963-B7F0-06EB3323E53B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1280:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85DE669C-27FD-4196-8B8C-1DA4EE4C1D6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1280_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "479F7C77-D16F-4E40-9026-3EB8422E0401",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1280_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7A242AC2-9AA6-43FD-90F4-5BF6E80DBB5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1280_v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "04DB08C8-0018-4A8E-A206-097BDDF83B08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1280_v6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B7193E85-30BE-42D5-A26B-3F88817F3574",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1281_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "446E8515-45FC-4B8B-8D12-60643D64C07F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1285_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBBDF6B2-D388-4639-87D8-064AA3F6B6FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1285_v4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "00AAB8B6-B614-4EAA-BA90-C5326CB5D07A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1285_v6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2A371DF9-E224-404F-99C2-C2A4607E62D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1285l_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F40E356-365D-44B7-8C38-A0C89DDD6D3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1285l_v4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3132029-89F8-4359-A0DC-A275785266A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1286_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B02F5685-0636-48AB-B222-434CA1F3B336",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1286l_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E51FDD60-88E5-4A86-BB8E-4C2D7EDEFA03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1290:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3ED4693C-DECF-4434-90C0-56158F102E7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1290_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB408A6B-0842-43DA-9180-B0A299FCBCE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1501l_v6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6215EBAC-7C75-4647-9970-482120897F1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1501m_v6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3357FCAC-B6C4-4E3E-A40B-AB5084A7F9B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1505l_v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B1BD2B6-1AF6-4AD4-94FA-94B453A21908",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1505l_v6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8D1FD6E8-80EC-461F-9ED1-CE5912399E80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e3_1505m_v5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E96F585E-BDEF-45EE-B0AB-94FE23753AC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2650l_v4:*:*:*:*:*:*:*",
"matchCriteriaId": "3279C067-3058-4D46-A739-05404FD0E9B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2658:*:*:*:*:*:*:*",
"matchCriteriaId": "DB4DF0A7-8BC2-48AE-9036-FED6EEC57DF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2658_v2:*:*:*:*:*:*:*",
"matchCriteriaId": "C0855225-F501-486A-BD03-2A86FD252B5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2658_v3:*:*:*:*:*:*:*",
"matchCriteriaId": "214C7B0C-C438-4000-9F9B-6D83294243AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2658_v4:*:*:*:*:*:*:*",
"matchCriteriaId": "4C91AA2E-4BB2-49C8-9364-4E363DF42CB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2658a_v3:*:*:*:*:*:*:*",
"matchCriteriaId": "DA26781F-5A1C-4DA5-835E-D984D697F22B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2660:*:*:*:*:*:*:*",
"matchCriteriaId": "2EEA4222-F25D-4457-80AA-6D05CA918D68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2660_v2:*:*:*:*:*:*:*",
"matchCriteriaId": "9F3E60D1-5CF9-4F96-9EDB-D87F8CF57272",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2660_v3:*:*:*:*:*:*:*",
"matchCriteriaId": "F4D321BC-6B1D-4C71-8E16-5A1319CEFD6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2660_v4:*:*:*:*:*:*:*",
"matchCriteriaId": "6777AC35-9D1F-4153-94AC-B25627D730E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2665:*:*:*:*:*:*:*",
"matchCriteriaId": "A5F063F4-8994-4E46-BA7B-A12A112009BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2667:*:*:*:*:*:*:*",
"matchCriteriaId": "4D6F2DE5-AF11-439A-8D37-30CB882ECD58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2667_v2:*:*:*:*:*:*:*",
"matchCriteriaId": "E213DD86-5419-42C8-BF38-7795DDB3C582",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2667_v3:*:*:*:*:*:*:*",
"matchCriteriaId": "A972291E-5231-439D-873B-2F87BCAF800A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2667_v4:*:*:*:*:*:*:*",
"matchCriteriaId": "C089CC54-3229-43D7-AA15-73CFA1A43EE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2670:*:*:*:*:*:*:*",
"matchCriteriaId": "EF268D83-C15D-4559-A46F-844E1D9264F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2670_v2:*:*:*:*:*:*:*",
"matchCriteriaId": "CFE97C0D-3EA1-4314-A74A-7845C7778FB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2670_v3:*:*:*:*:*:*:*",
"matchCriteriaId": "34293F29-F327-4ADD-BF62-78F63F79BB96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2680:*:*:*:*:*:*:*",
"matchCriteriaId": "528C0A46-1CC4-4882-985A-0BB41525BC6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2680_v2:*:*:*:*:*:*:*",
"matchCriteriaId": "643F3522-A452-4927-944D-532574EC4243",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2680_v3:*:*:*:*:*:*:*",
"matchCriteriaId": "58F40B78-4DBA-44EE-8420-086789EFF53D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2680_v4:*:*:*:*:*:*:*",
"matchCriteriaId": "423BFD8F-4B50-43DA-9979-75FD18FBC953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2683_v3:*:*:*:*:*:*:*",
"matchCriteriaId": "8BAD4A68-0481-476F-BBBD-3D515331368C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2683_v4:*:*:*:*:*:*:*",
"matchCriteriaId": "838CEB7C-7C4C-416C-86CE-6E8DD47EF25B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2687w:*:*:*:*:*:*:*",
"matchCriteriaId": "CC7D021F-3C97-45B3-B1F7-0AC26959F22B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2687w_v2:*:*:*:*:*:*:*",
"matchCriteriaId": "4A31AEF3-448D-417B-9589-4BA0A06F2FE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2687w_v3:*:*:*:*:*:*:*",
"matchCriteriaId": "F7A1D96F-7FFD-413F-ABCE-4530C3D63040",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2687w_v4:*:*:*:*:*:*:*",
"matchCriteriaId": "FDB2B08B-D3C7-4B82-B170-471D6CDEFAE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2690:*:*:*:*:*:*:*",
"matchCriteriaId": "4B8343FE-1320-40AE-A37F-70EF1A4AC4B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2690_v2:*:*:*:*:*:*:*",
"matchCriteriaId": "CD42BA5A-7DA0-409D-8685-E43CF9B61D9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2690_v3:*:*:*:*:*:*:*",
"matchCriteriaId": "A5FF80E9-CF28-4EF6-9CFE-4B500A434674",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2690_v4:*:*:*:*:*:*:*",
"matchCriteriaId": "7896A6C6-5918-4C27-85AF-6FEEFC7F8FD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2695_v2:*:*:*:*:*:*:*",
"matchCriteriaId": "647B77A4-2F49-4989-AF43-961D69037370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2695_v3:*:*:*:*:*:*:*",
"matchCriteriaId": "805B1E33-F279-4303-9DF3-C81039A40C1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2695_v4:*:*:*:*:*:*:*",
"matchCriteriaId": "B971EA9E-AE5C-4A1D-AD55-8241F7B38C9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2697_v2:*:*:*:*:*:*:*",
"matchCriteriaId": "DE7E0AAE-6539-4024-9055-BE0BAD702143",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2697_v3:*:*:*:*:*:*:*",
"matchCriteriaId": "7F1A8828-0765-4799-AD6C-143F45FAAD23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2697_v4:*:*:*:*:*:*:*",
"matchCriteriaId": "12D34618-1CCA-405B-A49C-EB384A09C2C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2697a_v4:*:*:*:*:*:*:*",
"matchCriteriaId": "575D6061-66BC-4862-BC84-ECD82D436E2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2698_v3:*:*:*:*:*:*:*",
"matchCriteriaId": "56B6EE64-1AD4-46B2-BA65-BB6282E56EB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2698_v4:*:*:*:*:*:*:*",
"matchCriteriaId": "11650B45-0BDA-42BF-AEF3-83B48DD6A71D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2699_v3:*:*:*:*:*:*:*",
"matchCriteriaId": "BD3C92BA-827B-48AF-BBB3-FB60A9053C22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2699_v4:*:*:*:*:*:*:*",
"matchCriteriaId": "AC097E24-F6C9-40D9-95E9-7EFDFA61AFF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2699a_v4:*:*:*:*:*:*:*",
"matchCriteriaId": "5EB44CA7-DFE6-4B1A-9A63-97AE30017E49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:2699r_v4:*:*:*:*:*:*:*",
"matchCriteriaId": "4B305EFA-6226-412C-90EE-F0691F2DDDE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:4603:*:*:*:*:*:*:*",
"matchCriteriaId": "7F3874FA-63CB-4B5D-8B64-CE920320A4E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:4603_v2:*:*:*:*:*:*:*",
"matchCriteriaId": "0800ED17-50E4-43F3-B46C-591DFA818BA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:4607:*:*:*:*:*:*:*",
"matchCriteriaId": "A46B0405-F301-4209-8766-6E12EAFAD157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:4607_v2:*:*:*:*:*:*:*",
"matchCriteriaId": "F99F9F1F-A967-4884-96CF-4488102DC0A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:4610:*:*:*:*:*:*:*",
"matchCriteriaId": "DA9B37AD-4599-425B-B39F-E571F4975266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:4610_v2:*:*:*:*:*:*:*",
"matchCriteriaId": "C5A5F1CF-A1E6-45F1-8B09-36566778DB57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:4610_v3:*:*:*:*:*:*:*",
"matchCriteriaId": "698C8A49-888B-4675-B3B0-25EDE2FD515E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:4610_v4:*:*:*:*:*:*:*",
"matchCriteriaId": "70D98F97-8EF4-48B5-84BE-C3CC27031FDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:4617:*:*:*:*:*:*:*",
"matchCriteriaId": "B473D1FA-909B-492E-9C5B-94B0E20E1C0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:4620:*:*:*:*:*:*:*",
"matchCriteriaId": "BFD5EA7E-322E-4CE6-89D4-7DB1055C9034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:4620_v2:*:*:*:*:*:*:*",
"matchCriteriaId": "67836379-4E1A-45CD-9506-7D3F612E47C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:4620_v3:*:*:*:*:*:*:*",
"matchCriteriaId": "5B1BBC61-8664-4452-93A7-DDB4D2E4C802",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:4620_v4:*:*:*:*:*:*:*",
"matchCriteriaId": "C4F1B50C-FC5F-47F4-87BC-60E1BD3DD1F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:4624l_v2:*:*:*:*:*:*:*",
"matchCriteriaId": "044F0375-DF2F-4D9B-AD7E-473D34165E8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:4627_v2:*:*:*:*:*:*:*",
"matchCriteriaId": "2CEE9B72-5C4C-40C0-A8A7-9DF11655DA43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:4627_v3:*:*:*:*:*:*:*",
"matchCriteriaId": "4A0655CA-A88C-4632-9A18-560E3F63B2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:4627_v4:*:*:*:*:*:*:*",
"matchCriteriaId": "8C1454DD-DA51-4CBC-8BB2-09D5AB5777DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:4628l_v4:*:*:*:*:*:*:*",
"matchCriteriaId": "C6965851-3B29-4C21-9556-97FD731EAA85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:4640:*:*:*:*:*:*:*",
"matchCriteriaId": "52984FD2-44E0-4E91-B290-0376737EEF6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:4640_v2:*:*:*:*:*:*:*",
"matchCriteriaId": "4C5D92E2-E718-4247-BA5D-DFE86C0F6AAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:4640_v3:*:*:*:*:*:*:*",
"matchCriteriaId": "DF933366-7503-4F8D-B7AA-F6A16210EC37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:4640_v4:*:*:*:*:*:*:*",
"matchCriteriaId": "4E2DAF5D-5BB7-49C6-8426-8B547505B6FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:4648_v3:*:*:*:*:*:*:*",
"matchCriteriaId": "3EABB21D-D021-434B-B147-CAF687097A5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:4650:*:*:*:*:*:*:*",
"matchCriteriaId": "7609424D-95F1-4493-A20C-B1BA4EC6439D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:4650_v2:*:*:*:*:*:*:*",
"matchCriteriaId": "966DC636-C802-4D9F-8162-652AFB931203",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:4650_v3:*:*:*:*:*:*:*",
"matchCriteriaId": "A75794EB-A5AF-43F0-985F-D9E36F04C6D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:4650_v4:*:*:*:*:*:*:*",
"matchCriteriaId": "31C2CFF0-98FD-4A0D-8949-D554B2FE53D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:4650l:*:*:*:*:*:*:*",
"matchCriteriaId": "05F9217F-5028-4659-AA8E-F60548DE4D52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:4655_v3:*:*:*:*:*:*:*",
"matchCriteriaId": "4AC769DC-CF2E-4A3C-A610-264F024E6279",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:4655_v4:*:*:*:*:*:*:*",
"matchCriteriaId": "9B2B1CBF-D155-49BC-81A4-4172F177A5C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:4657l_v2:*:*:*:*:*:*:*",
"matchCriteriaId": "370B2B32-519E-4373-8A04-5C5025D688BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:4660_v3:*:*:*:*:*:*:*",
"matchCriteriaId": "83D9B562-C279-4A55-A347-F28FC4F9CD12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:4660_v4:*:*:*:*:*:*:*",
"matchCriteriaId": "2A8C2BA0-48A8-4107-8681-A7C34C553D8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:4667_v3:*:*:*:*:*:*:*",
"matchCriteriaId": "B1B009DE-A82F-4569-9B42-EC1EC4DA8A40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:4667_v4:*:*:*:*:*:*:*",
"matchCriteriaId": "683B6E83-37FF-4F9B-915F-059EBB29DB53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:4669_v3:*:*:*:*:*:*:*",
"matchCriteriaId": "E218718F-4BE6-48B0-A204-9DD4A932A654",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5:4669_v4:*:*:*:*:*:*:*",
"matchCriteriaId": "FB0AB327-B60A-473C-9D36-97766EE62D7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_1428l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3DA249EE-4786-4E27-8787-5E8B88C2AEB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_1428l_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CEBD0529-1CF3-44E5-85B3-19A3323C9493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_1428l_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D664EE97-07EC-410F-94C3-AEAB2C6A627D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_1620:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D31DB981-03B1-4A84-8D87-CD407C3C149F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_1620_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0CBD155D-89D9-4677-A621-4D7613BE65C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_1620_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D02BD0D4-FFFD-4355-97D8-170362F10B9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_1620_v4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6635781A-2651-4EF2-A5AC-AEEEE63FDE6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_1630_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8DCE6930-760A-48C0-B964-1E3ED6A8517C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_1630_v4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E52DE90-DF96-4CE7-B8D1-226BA50E4D09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_1650:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C8EB40E7-9B91-4106-B303-2B70AF395BFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_1650_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EAB0D5CD-8AF3-409D-96A7-718641D4B90D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_1650_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E420B0B-0CD5-41C7-B25A-3DB856055F9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_1650_v4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B0C295B-0D63-4BE7-830D-D927E00C301C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_1660:-:*:*:*:*:*:*:*",
"matchCriteriaId": "605C340D-2220-4669-B827-9009CB099E8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_1660_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8791879D-2908-4F57-8DB3-6D24100A9108",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_1660_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CEBEDBBA-0427-4DE0-BA8D-737DE7DF80E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_1660_v4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E823DC5B-98BE-4656-BFBF-3A7018F8F213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_1680_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "64E8D558-ADE0-4358-9C76-7BD77BF23AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_1680_v4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7973B3D0-F244-4E26-88F5-A2D9BF2E4503",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2403:-:*:*:*:*:*:*:*",
"matchCriteriaId": "68E6BAB9-CBA4-4362-BC82-00D2C5CC6FB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2403_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CD3F4BFF-3CBE-4E4B-8B29-B203F99CFD8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2407:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3F5CB567-4F86-4466-BE4D-BFF557ACAE0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2407_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A52611B-6583-4660-90D7-C9472728072B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2408l_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E80C6E89-B57C-47BB-8B95-50C03DFB3B96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2418l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A9AB685B-FEE1-41EF-A046-1B34619E12A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2418l_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB9F6724-967A-4AF0-9896-12BF6164B2CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2418l_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FC1116BF-12D7-47CC-98DB-18B200CF9C16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2420:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9FBB28DE-726B-4AF0-88A5-35987E1E648B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2420_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5EA1DB22-8FBF-4CF6-AA96-5B68EE28877D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2428l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1880E2B8-5E0E-4603-8D17-3ABA43D28179",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2428l_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FAFBB92-1917-4238-832B-195FBE418271",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2428l_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91DFDF3F-9A3F-42B8-99A1-A3F76B198358",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2430:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8778F972-BF34-482F-9FA7-71A77F6138E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2430_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F288BB0-FE7A-4900-B227-BE80E4F4AADF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2430l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A8DC53A-90C6-47FE-89F1-A1FE8B1C07A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2430l_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57E16338-A094-4CA9-B77F-6FE42D3B422C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2438l_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E07AB33-5351-487D-9602-495489C7C0B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2440:-:*:*:*:*:*:*:*",
"matchCriteriaId": "22115ED6-1707-4840-B0D1-AD36BC0C75A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2440_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C7C633BC-831F-4CB7-9D62-16693444B216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2448l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9CF5EE7E-F41B-44EC-9F69-7963B1BF1FB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2448l_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DD501E1-E78F-44C6-8A13-C29337B07EBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2450:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9085BA0B-B7E2-4908-90C0-B4183891C718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2450_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F2267CB8-0EE9-4DBD-AD5F-8A13BB62673C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2450l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "81971C2F-137A-4F11-8C93-3B99D4CD1B58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2450l_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98E0BDAC-398E-406B-B2DB-AE049D6E98B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2470:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB66D7E-B465-4A8B-8CBD-7E93CCA2CD6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2470_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "86AFDE6C-DE58-4C4D-882E-474EF6C3D934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2603:-:*:*:*:*:*:*:*",
"matchCriteriaId": "950C6BF9-AA47-4287-AC01-D183237490FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2603_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2355181D-D8EE-4F80-8280-13D5CBCF4779",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2603_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5209343F-66B0-4DC0-9111-E2E64CFF7409",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2603_v4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "720109A6-B79E-48E1-9AE7-7708B154788E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2608l_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "82FF0DBD-AE13-4232-80F7-F4C2E2CC9721",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2608l_v4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E5E944ED-8C02-46B8-BF95-0CE4C352753B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2609:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77AEA3D1-4846-46E2-9B80-20B19F00DC11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2609_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1576978F-E93D-4A47-90B6-6A4E3A7DE558",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2609_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0D339FE5-001F-4005-88A5-CFFE37F9B63E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2609_v4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1BDABA86-497E-497E-A5BA-46F913A4840A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2618l_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD886F4C-DB6F-4DDD-9807-8BCBB625C226",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2618l_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E16912A-7F6A-4A2B-B70F-D1FCD34BC7DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2618l_v4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4C454B7-E5F4-4AAE-B577-FD71FA002C8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2620:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38BE2781-3A06-4D62-AC8B-68B721DA526B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2620_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E9AE4EA5-B8C8-4AE2-9614-F9DBDB4D79DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2620_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2DA23772-2EB8-4BEE-8703-26D967EC4503",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2620_v4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "72DC766A-B1F9-4B83-9F9B-CF603EE476BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2623_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA594740-43C5-4F42-BA5B-00CA8AE7BB60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2623_v4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "572B16E2-8118-43A0-9A80-5D96831D55FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2628l_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9FB5C551-BADC-4A3A-93E5-2EBCA0704C51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2628l_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5383B7A3-1569-4FEB-B299-B87CE8C8A87B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2628l_v4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A05BBDE0-6C47-4489-9455-7DA7D230ECA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2630:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1789AA69-EA31-44D1-82E6-228E48E18586",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2630_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B4A7D5FF-3B1F-4C64-BB81-7A349765520D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2630_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D93A92E9-C8D2-4F6E-A5CA-E8AFFEEC7E13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2630_v4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F0498B3-393A-4C32-B338-E6014B956755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2630l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C451F752-6869-4AFA-BAE5-5C9A54427BF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2630l_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "83710FD1-099B-436D-9640-061D515E10BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2630l_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "517B71CE-6156-40E1-B068-A2B733E205E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2630l_v4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "11DEEEE5-5055-4CE1-962C-C5F075F4CC02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2637:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8718DDAB-3208-48CF-9BCE-54DA1257C16A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2637_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE1AA901-E822-4240-9D82-C9311E4F87B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2637_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1CDE3DF-8E79-4997-94EB-B517FFCAE55C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2637_v4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12A0DE13-EB0B-493B-BC84-3AEB3D454776",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2640:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1727697B-1F59-4E29-B036-C32E9076C523",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2640_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E69E827C-C0D0-46C7-913A-1C1E02CEAACE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2640_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2528F3F9-34DC-41DA-8926-382CB3EF5560",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2640_v4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E452C262-5A8D-4D97-BC7F-A4F5FF53A659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2643:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D57BF69-D750-4278-98AA-976B0D28E347",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2643_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "76ADAE30-6CAD-4F5B-B6F7-C18953144C63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2643_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A25D792-E21D-43EE-8B9D-67DE066DE5DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2643_v4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C669783-C058-4B4F-BB9A-84B2C4682247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2648l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "159B088B-9A85-4CAA-854A-AA080E528F95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2648l_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBE74A94-FE8F-4749-A35A-AB7D57E24913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2648l_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "990AC341-0E67-4A81-87E9-EE3EFD9E847E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2648l_v4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "53BC18B0-58F1-4477-9978-CA7383C197FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2650:-:*:*:*:*:*:*:*",
"matchCriteriaId": "474992FB-842D-4661-A565-44AF2CD78693",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2650_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "476E1B79-5342-4895-96D7-E97DFC1F5334",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2650_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBD318D5-89A6-4E28-939C-C5B61396806B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2650_v4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "981AD3FF-1D14-4ECD-8B6F-BCEB7F2409AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2650l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A32C7E89-32ED-4328-9313-FA7D3DDBDC58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2650l_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2792EED8-2CBD-478E-BC09-05FE830B3147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e5_2650l_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97B1AF2F-6E48-4DBD-A60E-3088CA4C3771",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:2803:*:*:*:*:*:*:*",
"matchCriteriaId": "34E1691D-65B3-45E4-A544-8B29E38D569D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:2820:*:*:*:*:*:*:*",
"matchCriteriaId": "E42F2703-B8AB-410E-AF7B-CD0BE777F061",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:2830:*:*:*:*:*:*:*",
"matchCriteriaId": "31244C94-00A3-499C-A91A-1BEF2FB0E6B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:2850:*:*:*:*:*:*:*",
"matchCriteriaId": "878FF6E8-8A6D-44CE-9DD1-2C912AB8A193",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:2850_v2:*:*:*:*:*:*:*",
"matchCriteriaId": "5078A95B-2BD8-4A37-A356-F53D1A53CB37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:2860:*:*:*:*:*:*:*",
"matchCriteriaId": "0BFE67CD-DE53-4C4E-8245-35902AEFA6E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:2870:*:*:*:*:*:*:*",
"matchCriteriaId": "9F231D31-3AAD-4C5D-A225-D2DF94486718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:2870_v2:*:*:*:*:*:*:*",
"matchCriteriaId": "5998DF5D-E785-45EC-B8D0-1F4EC4F96D50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:2880_v2:*:*:*:*:*:*:*",
"matchCriteriaId": "EADFD013-0BFB-427C-98E6-F9E4774DCBC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:2890_v2:*:*:*:*:*:*:*",
"matchCriteriaId": "58620B10-FEA6-456D-B6B5-2745F5DBE82D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:4807:*:*:*:*:*:*:*",
"matchCriteriaId": "E8F698B1-D9CF-4FE5-933D-EFCEA3056E3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:4809_v2:*:*:*:*:*:*:*",
"matchCriteriaId": "4858A1F0-97F2-4258-AB98-027BF1EC5117",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:4809_v3:*:*:*:*:*:*:*",
"matchCriteriaId": "3C961A8B-EAFD-4F66-9432-BCC0D154ECCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:4809_v4:*:*:*:*:*:*:*",
"matchCriteriaId": "052DE6CD-A1E7-4E81-B476-66EF451061C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:4820:*:*:*:*:*:*:*",
"matchCriteriaId": "3BE1AE1E-6FC0-41D8-857C-C5A99CAF5823",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:4820_v2:*:*:*:*:*:*:*",
"matchCriteriaId": "751B3AC8-D45E-46B6-83D5-311B693F3C0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:4820_v3:*:*:*:*:*:*:*",
"matchCriteriaId": "9588277A-0B97-4408-9CF7-11271CDAADD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:4820_v4:*:*:*:*:*:*:*",
"matchCriteriaId": "479FE854-85E5-4ED0-BFAF-2618C9053082",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:4830:*:*:*:*:*:*:*",
"matchCriteriaId": "E048B9BF-77C8-49F7-9F2D-9999F79BA264",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:4830_v2:*:*:*:*:*:*:*",
"matchCriteriaId": "6CD16D4D-E816-486D-96F4-5A2BF75B959F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:4830_v3:*:*:*:*:*:*:*",
"matchCriteriaId": "169C558E-1A83-47D5-A66B-035BD1DD56FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:4830_v4:*:*:*:*:*:*:*",
"matchCriteriaId": "D683E509-3FB2-4175-BCAB-4EB1B5C04958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:4850:*:*:*:*:*:*:*",
"matchCriteriaId": "6FCFA915-5445-4732-9F8F-D7561BA4177F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:4850_v2:*:*:*:*:*:*:*",
"matchCriteriaId": "63A9FD98-C22D-48F6-87A1-60791C818A1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:4850_v3:*:*:*:*:*:*:*",
"matchCriteriaId": "85F99F24-1783-4E6E-BE61-04C2E80356ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:4850_v4:*:*:*:*:*:*:*",
"matchCriteriaId": "74CC7EB9-3F59-4C0A-B3A1-984BCCFB25BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:4860:*:*:*:*:*:*:*",
"matchCriteriaId": "85289E4C-C813-4677-867D-EE8E98F4A1A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:4860_v2:*:*:*:*:*:*:*",
"matchCriteriaId": "27C8150F-BEFA-406D-9F0D-E7CB187E26AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:4870:*:*:*:*:*:*:*",
"matchCriteriaId": "1E807F90-819F-4103-B1F7-4CE46971BD63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:4870_v2:*:*:*:*:*:*:*",
"matchCriteriaId": "CD93203F-71B9-4F87-B5D8-FD273451C8A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:4880_v2:*:*:*:*:*:*:*",
"matchCriteriaId": "1E652C74-C48D-4F29-9E85-09325632443F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:4890_v2:*:*:*:*:*:*:*",
"matchCriteriaId": "99158191-3013-4182-8A53-5DFCA1E2C60A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:8830:*:*:*:*:*:*:*",
"matchCriteriaId": "F7E39A3E-7EAE-47C9-930B-58A980B73FC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:8837:*:*:*:*:*:*:*",
"matchCriteriaId": "FFDA54BA-C00D-4890-9B7F-328257607B21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:8850:*:*:*:*:*:*:*",
"matchCriteriaId": "1F5EFB1E-334C-4B55-8E2E-6AE19B34774D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:8850_v2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8260DCA-2F0C-45F7-B35F-D489AF5639F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:8857_v2:*:*:*:*:*:*:*",
"matchCriteriaId": "7778F81B-6D05-4666-B1D4-53DB0EC16858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:8860:*:*:*:*:*:*:*",
"matchCriteriaId": "5DC6706A-61F7-4AA0-B2FF-0FFDF739A644",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:8860_v3:*:*:*:*:*:*:*",
"matchCriteriaId": "7EF1B16B-02F2-4ECA-938E-B5CDCFC67816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:8860_v4:*:*:*:*:*:*:*",
"matchCriteriaId": "3C5501D8-1B0D-4F5A-AFD7-C63181D3281F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:8867_v3:*:*:*:*:*:*:*",
"matchCriteriaId": "1751F0CE-A0D3-40E2-8EEC-D31141FE33A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:8867_v4:*:*:*:*:*:*:*",
"matchCriteriaId": "5FF9AFA7-BBE8-4229-94CB-5A9596728BA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:8867l:*:*:*:*:*:*:*",
"matchCriteriaId": "E23A777F-68A4-4217-A75A-4D8A27E6451A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:8870:*:*:*:*:*:*:*",
"matchCriteriaId": "2CA27DFB-CDD1-4F52-86B3-DB2320A9C7B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:8870_v2:*:*:*:*:*:*:*",
"matchCriteriaId": "392A4337-11F6-4980-A138-4FDBCAD0EBA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:8870_v3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2E9BB67-F1FF-4190-889F-78B965CCE934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:8870_v4:*:*:*:*:*:*:*",
"matchCriteriaId": "F4185A70-5D10-448E-A9AB-AA9D5CDF0FF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:8880_v2:*:*:*:*:*:*:*",
"matchCriteriaId": "35607317-0928-4297-A33E-D44BEE1BBEC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:8880_v3:*:*:*:*:*:*:*",
"matchCriteriaId": "D48323B1-7FEB-451F-A064-23E7CE7F6403",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:8880_v4:*:*:*:*:*:*:*",
"matchCriteriaId": "29EF4E8A-EF37-4DCC-B5D4-DA89AF31DD18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:8880l_v2:*:*:*:*:*:*:*",
"matchCriteriaId": "F5763189-7980-4A72-92C9-1908FE9E15EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:8880l_v3:*:*:*:*:*:*:*",
"matchCriteriaId": "C53ACD49-DA21-4DDE-A0AA-FCCD59D29886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:8890_v2:*:*:*:*:*:*:*",
"matchCriteriaId": "4326D350-EBC2-48E6-A2C6-0499F6826CEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:8890_v3:*:*:*:*:*:*:*",
"matchCriteriaId": "8594E6FE-B6DB-4343-B3DD-AEC19923DAF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:8890_v4:*:*:*:*:*:*:*",
"matchCriteriaId": "5BCADA00-E453-414D-9933-FCB43D21BBC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:8891_v2:*:*:*:*:*:*:*",
"matchCriteriaId": "E62212D9-F707-4A8E-AB2A-A3985E7A4049",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:8891_v3:*:*:*:*:*:*:*",
"matchCriteriaId": "561755A8-8AAD-4F41-8266-747EFDAF2D55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:8891_v4:*:*:*:*:*:*:*",
"matchCriteriaId": "E6F4BB0F-DAF4-479B-B78A-7929C151AA1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:8893_v2:*:*:*:*:*:*:*",
"matchCriteriaId": "A207312E-1D35-4464-A111-22C4C793E146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:8893_v3:*:*:*:*:*:*:*",
"matchCriteriaId": "E9B16E32-07D5-445B-BAA5-4E4A0881BFC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:8893_v4:*:*:*:*:*:*:*",
"matchCriteriaId": "7CF08F6B-2ECB-414C-82D7-C06085BF8B10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_e7:8894_v4:*:*:*:*:*:*:*",
"matchCriteriaId": "21032BE3-74D8-4C3F-B461-158F475B6853",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_gold:5115:*:*:*:*:*:*:*",
"matchCriteriaId": "2F9AC992-59B7-44EE-9FF3-567AC48938AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_gold:5118:*:*:*:*:*:*:*",
"matchCriteriaId": "B44B3BFF-649A-4C1E-9564-EFA007FA2BD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_gold:5119t:*:*:*:*:*:*:*",
"matchCriteriaId": "C04EDD71-15B3-4085-828C-BB7A43DBDCC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_gold:5120:*:*:*:*:*:*:*",
"matchCriteriaId": "CC1BA7AC-989B-4093-841A-C6D5978BF17F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_gold:5120t:*:*:*:*:*:*:*",
"matchCriteriaId": "1874F848-B15B-4369-A164-5FA11D2B9AFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_gold:5122:*:*:*:*:*:*:*",
"matchCriteriaId": "9E46F934-9765-43ED-88A7-A4778C99A976",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_gold:6126:*:*:*:*:*:*:*",
"matchCriteriaId": "380A8F4F-7D1F-4F79-B555-E5AE18EF9F5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_gold:6126f:*:*:*:*:*:*:*",
"matchCriteriaId": "E8D5217E-9520-4FDB-9330-C8DC2CDDAA70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_gold:6126t:*:*:*:*:*:*:*",
"matchCriteriaId": "B206674F-1A34-470B-820C-05F9C37792CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_gold:6128:*:*:*:*:*:*:*",
"matchCriteriaId": "63AE2051-9F8E-4477-8E1E-38A1E06AD247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_gold:6130:*:*:*:*:*:*:*",
"matchCriteriaId": "6B39281F-990C-4AA3-9287-CCB5BA7E8AC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_gold:6130f:*:*:*:*:*:*:*",
"matchCriteriaId": "3EDC0FCF-BD22-42AD-8044-9A64215B91CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_gold:6130t:*:*:*:*:*:*:*",
"matchCriteriaId": "7E0ED8AA-56D8-4CB6-A765-706BE87C9E30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_gold:6132:*:*:*:*:*:*:*",
"matchCriteriaId": "AA890C07-7940-4DF4-96FB-8F71A2EFE5C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_gold:6134:*:*:*:*:*:*:*",
"matchCriteriaId": "E95A34F0-0B74-4031-BC9E-CBC93665BE68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_gold:6134m:*:*:*:*:*:*:*",
"matchCriteriaId": "4CD3CF38-0DDD-4C1C-B420-4DE0B1C932CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_gold:6136:*:*:*:*:*:*:*",
"matchCriteriaId": "0BB22DF7-15CE-4340-A05F-BD39FCA41F50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_gold:6138:*:*:*:*:*:*:*",
"matchCriteriaId": "7BA72DC8-2E4E-453A-A3FB-20F31D32B973",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_gold:6138f:*:*:*:*:*:*:*",
"matchCriteriaId": "758E45B6-7C7A-432D-891D-CB99077AE3B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_gold:6138t:*:*:*:*:*:*:*",
"matchCriteriaId": "06B3CDFF-B055-4BB4-98FB-DFF4B2E63A29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_gold:6140:*:*:*:*:*:*:*",
"matchCriteriaId": "26D7A401-BCE1-4673-93C9-67F009B75A39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_gold:6140m:*:*:*:*:*:*:*",
"matchCriteriaId": "6E62119B-2A65-4473-B570-F118614B0ED6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_gold:6142:*:*:*:*:*:*:*",
"matchCriteriaId": "5E5319E0-909C-4688-AAA6-6A0B5D19FFDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_gold:6142f:*:*:*:*:*:*:*",
"matchCriteriaId": "8F83F9F9-D2DB-4D40-AD61-29E66B050B45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_gold:6142m:*:*:*:*:*:*:*",
"matchCriteriaId": "91BE6238-312E-4CF7-9E74-48CB5603B0FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_gold:6144:*:*:*:*:*:*:*",
"matchCriteriaId": "AC09EB6D-7FAC-4B61-83A5-B0DC18D54EB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_gold:6146:*:*:*:*:*:*:*",
"matchCriteriaId": "33BA1BE0-0A78-4E94-A619-35735C913180",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_gold:6148:*:*:*:*:*:*:*",
"matchCriteriaId": "3FDD838C-8037-49E1-BAB4-C1D7D29BB9D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_gold:6148f:*:*:*:*:*:*:*",
"matchCriteriaId": "24CA40FE-80C5-4A20-8219-CEF51F3162FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_gold:6150:*:*:*:*:*:*:*",
"matchCriteriaId": "B10305C5-0C2C-48B7-A0AD-2B24AD722EBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_gold:6152:*:*:*:*:*:*:*",
"matchCriteriaId": "33E8F127-6EAE-4302-BD52-7C3FCCA307D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_gold:6154:*:*:*:*:*:*:*",
"matchCriteriaId": "8D675EA9-33E7-45ED-B6A9-7117AD2FEE26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_phi:7210:*:*:*:*:*:*:*",
"matchCriteriaId": "F6E468FE-73BE-4B20-B774-58EC7CD20CDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_phi:7210f:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF6B19B-7D45-44B3-8524-407253B93EEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_phi:7230:*:*:*:*:*:*:*",
"matchCriteriaId": "2B803FAD-E54D-49FE-A078-029B8FFBBB98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_phi:7230f:*:*:*:*:*:*:*",
"matchCriteriaId": "CC511505-ED67-45B4-B76C-56AB750C4408",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_phi:7235:*:*:*:*:*:*:*",
"matchCriteriaId": "A430C232-79EB-4264-AE24-41D4A2A5D990",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_phi:7250:*:*:*:*:*:*:*",
"matchCriteriaId": "3A9E3D4B-A3DF-4858-8C64-0316B6E57435",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_phi:7250f:*:*:*:*:*:*:*",
"matchCriteriaId": "19108672-E1AA-41CC-B86C-061D3721C8B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_phi:7285:*:*:*:*:*:*:*",
"matchCriteriaId": "200D36CF-AEDE-4183-8C54-748E6E5A3218",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_phi:7290:*:*:*:*:*:*:*",
"matchCriteriaId": "4CF13A44-5163-4282-8EE8-7DC05499B5E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_phi:7290f:*:*:*:*:*:*:*",
"matchCriteriaId": "827C12CE-D87D-489D-ABA7-BE0405EC33D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_phi:7295:*:*:*:*:*:*:*",
"matchCriteriaId": "16AA78F7-520B-4FFC-838C-DC74FEE8E13F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_platinum:8153:*:*:*:*:*:*:*",
"matchCriteriaId": "8CB2949C-4699-49EF-83EB-31199E0CE2DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_platinum:8156:*:*:*:*:*:*:*",
"matchCriteriaId": "66C169DC-EEFE-4DE6-A3D0-65B606527240",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_platinum:8158:*:*:*:*:*:*:*",
"matchCriteriaId": "FD28227A-8888-43B2-BC41-8D54B49DA58C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_platinum:8160:*:*:*:*:*:*:*",
"matchCriteriaId": "7984BAEA-4518-4E17-830E-B34D09648BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_platinum:8160f:*:*:*:*:*:*:*",
"matchCriteriaId": "2C2214E5-491E-448F-A4B6-A497FB44D722",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_platinum:8160m:*:*:*:*:*:*:*",
"matchCriteriaId": "2AE93013-C262-46A5-8E77-D647881EE632",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_platinum:8160t:*:*:*:*:*:*:*",
"matchCriteriaId": "85B53CEC-943F-4966-8EC1-CB2C6AD6A15B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_platinum:8164:*:*:*:*:*:*:*",
"matchCriteriaId": "EEAC04A3-EBE3-406B-B784-A3547162ECE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_platinum:8168:*:*:*:*:*:*:*",
"matchCriteriaId": "15720FFE-B2A4-4347-BCD7-DFA6774C0B8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_platinum:8170:*:*:*:*:*:*:*",
"matchCriteriaId": "50F46B0E-C746-44B4-B343-E3DCAB4B98DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_platinum:8170m:*:*:*:*:*:*:*",
"matchCriteriaId": "5AE30903-4F75-4D71-A8BB-44D1099E9837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_platinum:8176:*:*:*:*:*:*:*",
"matchCriteriaId": "98311EAA-26C8-4092-8BE5-4E7BEAA68DD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_platinum:8176f:*:*:*:*:*:*:*",
"matchCriteriaId": "DB8CF348-811C-4342-ACB9-AFCABCC34331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_platinum:8176m:*:*:*:*:*:*:*",
"matchCriteriaId": "71998EC5-EC0F-496C-B658-3CD91D824944",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_platinum:8180:*:*:*:*:*:*:*",
"matchCriteriaId": "A1F19B2A-E7A1-4B97-AC40-02B0D3673555",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_silver:4108:*:*:*:*:*:*:*",
"matchCriteriaId": "CB6387C9-C0A8-4B26-BC62-802775CD0AD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_silver:4109t:*:*:*:*:*:*:*",
"matchCriteriaId": "EFEB0164-77C2-4EC2-92FD-5FCE246119CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_silver:4110:*:*:*:*:*:*:*",
"matchCriteriaId": "FDB20210-337C-4220-8CA1-F4B2BC54EBC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_silver:4112:*:*:*:*:*:*:*",
"matchCriteriaId": "F699569F-4F52-4CC0-90D9-CC4CBC32428A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_silver:4114:*:*:*:*:*:*:*",
"matchCriteriaId": "CBAED22B-D097-49C4-ADDF-4B3F3E1262D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_silver:4114t:*:*:*:*:*:*:*",
"matchCriteriaId": "ACF5C3C2-EE69-4DE7-A76C-C797192EE7A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_silver:4116:*:*:*:*:*:*:*",
"matchCriteriaId": "7756B588-5A63-4508-8BDD-92DB8CB0F4AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:xeon_silver:4116t:*:*:*:*:*:*:*",
"matchCriteriaId": "316E26AE-67A5-4E75-8F9B-ECF4A03AED51",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arm:cortex-a:9:*:*:*:*:*:*:*",
"matchCriteriaId": "A51E86F5-8F94-4E7C-9A63-DAA3FCBE0438",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:arm:cortex-a:15:*:*:*:*:*:*:*",
"matchCriteriaId": "001AB619-157E-40B4-B86C-5DB18245D62F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:arm:cortex-a:17:*:*:*:*:*:*:*",
"matchCriteriaId": "1221FB4F-488A-4A52-8788-82ECBF92113B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:arm:cortex-a:57:*:*:*:*:*:*:*",
"matchCriteriaId": "38D51E27-28A3-47A1-9C36-1A223858E352",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:arm:cortex-a:72:*:*:*:*:*:*:*",
"matchCriteriaId": "365DF3EF-E7D1-41FC-8382-D3B095542D59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:arm:cortex-a:73:*:*:*:*:*:*:*",
"matchCriteriaId": "D0B2B122-34A9-4534-A996-8FEAACA71A05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:arm:cortex-a:75:*:*:*:*:*:*:*",
"matchCriteriaId": "C850453B-CDB1-490D-B551-9AC0B27D8A67",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
"matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*",
"matchCriteriaId": "588D4F37-0A56-47A4-B710-4D5F3D214FB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_winac_rtx_\\(f\\)_firmware:2010:-:*:*:*:*:*:*",
"matchCriteriaId": "7151A19C-0AE5-4F66-9E3D-8BF675A8430C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:siemens:simatic_winac_rtx_\\(f\\)_firmware:2010:sp1:*:*:*:*:*:*",
"matchCriteriaId": "BEEB72F4-AE57-49DD-8876-1BCA7B805692",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:siemens:simatic_winac_rtx_\\(f\\)_firmware:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "7929F123-AC76-4F49-940F-558CABC25E75",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_winac_rtx_\\(f\\)_2010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E6034789-ABD1-4035-8378-F0BA7157B087",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A9317C01-22AA-452B-BBBF-5FAFFFB8BEA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4534CF9-D9FD-4936-9D8C-077387028A05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D60384BD-284C-4A68-9EEF-0FAFDF0C21F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CDA8DD5B-8A34-4CB3-B0FB-F82C73B25007",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C403C49F-3779-4A7A-8D12-B4A32BFD77CF",
"versionEndExcluding": "5.1.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0AEC1DE4-F01C-4D21-8FB6-A0D4460D6CD0",
"versionEndExcluding": "5.2.6",
"versionStartIncluding": "5.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis."
},
{
"lang": "es",
"value": "Los sistemas con microprocesadores con ejecuci\u00f3n especulativa y predicci\u00f3n indirecta de ramas podr\u00edan permitir la revelaci\u00f3n no autorizada de informaci\u00f3n al atacante con acceso de usuario local mediante un an\u00e1lisis de un canal lateral."
}
],
"id": "CVE-2017-5715",
"lastModified": "2025-05-06T15:15:51.640",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.1,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.1,
"impactScore": 4.0,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2018-01-04T13:29:00.227",
"references": [
{
"source": "secure@intel.com",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00002.html"
},
{
"source": "secure@intel.com",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00003.html"
},
{
"source": "secure@intel.com",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00004.html"
},
{
"source": "secure@intel.com",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00005.html"
},
{
"source": "secure@intel.com",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html"
},
{
"source": "secure@intel.com",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html"
},
{
"source": "secure@intel.com",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html"
},
{
"source": "secure@intel.com",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00009.html"
},
{
"source": "secure@intel.com",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00012.html"
},
{
"source": "secure@intel.com",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00013.html"
},
{
"source": "secure@intel.com",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html"
},
{
"source": "secure@intel.com",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html"
},
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4609"
},
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4611"
},
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4613"
},
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4614"
},
{
"source": "secure@intel.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/145645/Spectre-Information-Disclosure-Proof-Of-Concept.html"
},
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html"
},
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt"
},
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt"
},
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/584653"
},
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102376"
},
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040071"
},
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory"
],
"url": "http://xenbits.xen.org/xsa/advisory-254.html"
},
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0292"
},
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/vulnerabilities/speculativeexecution"
},
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory"
],
"url": "https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/"
},
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory"
],
"url": "https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/"
},
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
},
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2018-002"
},
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2018-003"
},
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory"
],
"url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
},
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory"
],
"url": "https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html"
},
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory"
],
"url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes"
},
{
"source": "secure@intel.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
},
{
"source": "secure@intel.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html"
},
{
"source": "secure@intel.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html"
},
{
"source": "secure@intel.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"source": "secure@intel.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
},
{
"source": "secure@intel.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00025.html"
},
{
"source": "secure@intel.com",
"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00019.html"
},
{
"source": "secure@intel.com",
"tags": [
"Patch",
"Third Party Advisory",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002"
},
{
"source": "secure@intel.com",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Jun/36"
},
{
"source": "secure@intel.com",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Nov/16"
},
{
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088\u0026languageid=en-fr"
},
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:03.speculative_execution.asc"
},
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:26.mcu.asc"
},
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201810-06"
},
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html"
},
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20180104-0001/"
},
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2017-5715"
},
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory"
],
"url": "https://spectreattack.com/"
},
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory"
],
"url": "https://support.citrix.com/article/CTX231399"
},
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory"
],
"url": "https://support.f5.com/csp/article/K91229003"
},
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us"
},
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03871en_us"
},
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-18282"
},
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel"
},
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3531-1/"
},
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3531-3/"
},
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3540-2/"
},
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3541-2/"
},
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3542-2/"
},
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3549-1/"
},
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3560-1/"
},
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3561-1/"
},
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3580-1/"
},
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3581-1/"
},
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3581-2/"
},
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3582-1/"
},
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3582-2/"
},
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3594-1/"
},
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3597-1/"
},
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3597-2/"
},
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3620-2/"
},
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3690-1/"
},
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3777-3/"
},
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/usn/usn-3516-1/"
},
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4120"
},
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4187"
},
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4188"
},
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4213"
},
{
"source": "secure@intel.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/43427/"
},
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/180049"
},
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001"
},
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/"
},
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.synology.com/support/security/Synology_SA_18_01"
},
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0007.html"
},
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html"
},
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.vmware.com/us/security/advisories/VMSA-2018-0004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4609"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4611"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4613"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4614"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/145645/Spectre-Information-Disclosure-Proof-Of-Concept.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/584653"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102376"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040071"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://xenbits.xen.org/xsa/advisory-254.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0292"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/vulnerabilities/speculativeexecution"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2018-002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2018-003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00019.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Jun/36"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Nov/16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088\u0026languageid=en-fr"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:03.speculative_execution.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:26.mcu.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201810-06"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20180104-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2017-5715"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://spectreattack.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.citrix.com/article/CTX231399"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.f5.com/csp/article/K91229003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03871en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-18282"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3531-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3531-3/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3540-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3541-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3542-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3549-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3560-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3561-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3580-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3581-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3581-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3582-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3582-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3594-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3597-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3597-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3620-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3690-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3777-3/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/usn/usn-3516-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4120"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4187"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4188"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4213"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/43427/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/180049"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.synology.com/support/security/Synology_SA_18_01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.vmware.com/us/security/advisories/VMSA-2018-0004.html"
}
],
"sourceIdentifier": "secure@intel.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-04-22 22:15
Modified
2024-11-21 06:02
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. It can also be exploited by supplying untrusted data to APIs in the specified Component. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update291:*:*:*:*:*:*",
"matchCriteriaId": "CC7644D5-EEA1-4FA8-8F5E-9C476DACF956",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update281:*:*:*:*:*:*",
"matchCriteriaId": "3484EAC9-2F68-4952-8F0B-D1B83B5956CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdk:11.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "5FCE2C42-BFFB-4E1E-9E37-07F334BA3C12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdk:16.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16BDD043-0138-4F9E-A369-B1AA779CA4C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.8.0:update281:*:*:*:*:*:*",
"matchCriteriaId": "6DFA7B46-AA37-4943-81A1-DF8C7F2CB038",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:graalvm:19.3.5:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "058C7C4B-D692-49DE-924A-C2725A8162D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:graalvm:20.3.1.2:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "0F0434A5-F2A1-4973-917C-A95F2ABE97D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:graalvm:21.0.0.2:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "96DD93E0-274E-4C36-99F3-EEF085E57655",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C5344C25-BD71-4228-903F-E419A4455F5F",
"versionEndIncluding": "11.0.10",
"versionStartIncluding": "11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D1453F5-ABB5-48F8-9C1C-69EEEE3949A5",
"versionEndIncluding": "13.0.6",
"versionStartIncluding": "13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8602555C-1C07-4A4C-8DBB-5D304366A7E7",
"versionEndIncluding": "15.0.2",
"versionStartIncluding": "15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*",
"matchCriteriaId": "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*",
"matchCriteriaId": "02011EDC-20A7-4A16-A592-7C76E0037997",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*",
"matchCriteriaId": "AC6D4652-1226-4C60-BEDF-01EBF8AC0849",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:*",
"matchCriteriaId": "3C1F9ED7-7D93-41F4-9130-15BA734420AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*",
"matchCriteriaId": "1CF9CDF1-95D3-4125-A73F-396D2280FC4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:*",
"matchCriteriaId": "A13266DC-F8D9-4F30-987F-65BBEAF8D3A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:*",
"matchCriteriaId": "C28388AB-CFC9-4749-A90F-383F5B905EA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*",
"matchCriteriaId": "DA1B00F9-A81C-48B7-8DAA-F394DDF323F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:*",
"matchCriteriaId": "CA7AD457-6CE6-4925-8D94-A907B40233D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:*",
"matchCriteriaId": "A6F3FDD1-7CAC-4B84-ABB7-64E9D3FBD708",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*",
"matchCriteriaId": "5480E5AD-DB46-474A-9B57-84ED088A75FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*",
"matchCriteriaId": "881A4AE9-6012-4E91-98BE-0A352CC20703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*",
"matchCriteriaId": "7E1E1079-57D9-473B-A017-964F4745F329",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*",
"matchCriteriaId": "B8D6446E-2915-4F12-87BE-E7420BC2626E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*",
"matchCriteriaId": "564EDCE3-16E6-401D-8A43-032D1F8875E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*",
"matchCriteriaId": "08278802-D31B-488A-BA6A-EBC816DF883A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*",
"matchCriteriaId": "72BDA05A-C8BD-472E-8465-EE1F3E5D8CF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*",
"matchCriteriaId": "7BBB0969-565E-43E2-B067-A10AAA5F1958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*",
"matchCriteriaId": "D78BE95D-6270-469A-8035-FCDDB398F952",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*",
"matchCriteriaId": "88C24F40-3150-4584-93D9-8307DE04EEE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*",
"matchCriteriaId": "E0FC5A03-FF11-4787-BBF1-3ACF93A21F2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*",
"matchCriteriaId": "19626B36-62FC-4497-A2E1-7D6CD9839B19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*",
"matchCriteriaId": "5713AEBD-35F6-44E8-A0CC-A42830D7AE20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*",
"matchCriteriaId": "8BE0C04B-440E-4B35-ACC8-6264514F764C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:*",
"matchCriteriaId": "555EC2A6-0475-48ED-AE0C-B306714A9333",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*",
"matchCriteriaId": "EC1CF2AD-3F7A-4EF3-BD41-117A21553A9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update261:*:*:*:*:*:*",
"matchCriteriaId": "02C55E2E-AEDE-455C-B128-168C918B5D97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update271:*:*:*:*:*:*",
"matchCriteriaId": "81831D37-6597-441B-87DE-38F7191BEA42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update281:*:*:*:*:*:*",
"matchCriteriaId": "EEA1594D-0AB5-436D-9E60-C26EE2175753",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update291:*:*:*:*:*:*",
"matchCriteriaId": "B868FA41-C71B-491C-880B-484740B30C72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*",
"matchCriteriaId": "C242D3BE-9114-4A9E-BB78-45754C7CC450",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update4:*:*:*:*:*:*",
"matchCriteriaId": "D61068FE-18EE-4ADB-BC69-A3ECE8724575",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update40:*:*:*:*:*:*",
"matchCriteriaId": "EFB59E80-4EC4-4399-BF40-6733E4E475A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update45:*:*:*:*:*:*",
"matchCriteriaId": "84E31265-22E1-4E91-BFCB-D2AFF445926A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update5:*:*:*:*:*:*",
"matchCriteriaId": "AB3A58C3-94BB-4120-BE1D-AAF8BBF7F22B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update51:*:*:*:*:*:*",
"matchCriteriaId": "50319E52-8739-47C5-B61E-3CA9B6A9A48F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update55:*:*:*:*:*:*",
"matchCriteriaId": "7ED515B9-DC74-4DC5-B98A-08D87D85E11E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update6:*:*:*:*:*:*",
"matchCriteriaId": "6D1D4868-1F9F-43F7-968C-6469B67D3F1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update60:*:*:*:*:*:*",
"matchCriteriaId": "568F1AC4-B0D7-4438-82E5-0E61500F2240",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update65:*:*:*:*:*:*",
"matchCriteriaId": "F5E99B4A-EDAD-4471-81C4-7E9C775C9D9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update67:*:*:*:*:*:*",
"matchCriteriaId": "14E9133E-9FF3-40DB-9A11-7469EF5FD265",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update7:*:*:*:*:*:*",
"matchCriteriaId": "94834710-3FA9-49D9-8600-B514CBCA4270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update72:*:*:*:*:*:*",
"matchCriteriaId": "4228D9E1-7D82-4B49-9669-9CDAD7187432",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update76:*:*:*:*:*:*",
"matchCriteriaId": "F6231F48-2936-4F7D-96D5-4BA11F78EBE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*",
"matchCriteriaId": "D96D5061-4A81-497E-9AD6-A8381B3B454C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*",
"matchCriteriaId": "5345C21E-A01B-43B9-9A20-F2783D921C60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update9:*:*:*:*:*:*",
"matchCriteriaId": "B219F360-83BD-4111-AB59-C9D4F55AF4C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update91:*:*:*:*:*:*",
"matchCriteriaId": "D25377EA-8E8F-4C76-8EA9-3BBDFB352815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update95:*:*:*:*:*:*",
"matchCriteriaId": "59FEFE05-269A-4EAF-A80F-E4C2107B1197",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update97:*:*:*:*:*:*",
"matchCriteriaId": "E7E2AA7C-F602-4DB7-9EC1-0708C46C253C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update99:*:*:*:*:*:*",
"matchCriteriaId": "FB70E154-A304-429E-80F5-8D87B00E32D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*",
"matchCriteriaId": "70892D06-6E75-4425-BBF0-4B684EC62A1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone1:*:*:*:*:*:*",
"matchCriteriaId": "7A165D71-71CC-4E6A-AA4F-FF8DB5B9A5AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone2:*:*:*:*:*:*",
"matchCriteriaId": "7417B2BB-9AC2-4AF4-A828-C89A0735AD92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone3:*:*:*:*:*:*",
"matchCriteriaId": "6A0A57B5-6F88-4288-9CDE-F6613FE068D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone4:*:*:*:*:*:*",
"matchCriteriaId": "67ED8559-C348-4932-B7CE-CB96976A30EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone5:*:*:*:*:*:*",
"matchCriteriaId": "40AC3D91-263F-4345-9FAA-0E573EA64590",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone6:*:*:*:*:*:*",
"matchCriteriaId": "DD92AFA9-81F8-48D4-B79A-E7F066F69A99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone7:*:*:*:*:*:*",
"matchCriteriaId": "2C4B2F24-A730-4818-90C8-A2D90C081F03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone8:*:*:*:*:*:*",
"matchCriteriaId": "464087F2-C285-4574-957E-CE0663F07DE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone9:*:*:*:*:*:*",
"matchCriteriaId": "3E9BB880-A4F6-4887-8BB9-47AA298753D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*",
"matchCriteriaId": "18DCFF53-B298-4534-AB5C-8A5EF59C616F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*",
"matchCriteriaId": "083419F8-FDDF-4E36-88F8-857DB317C1D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*",
"matchCriteriaId": "D7A74F65-57E8-4C9A-BA96-5EF401504F13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*",
"matchCriteriaId": "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*",
"matchCriteriaId": "07812576-3C35-404C-A7D7-9BE9E3D76E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*",
"matchCriteriaId": "00C52B1C-5447-4282-9667-9EBE0720B423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*",
"matchCriteriaId": "92BB9EB0-0C12-4E77-89EE-FB77097841B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*",
"matchCriteriaId": "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*",
"matchCriteriaId": "ABC0E7BB-F8B7-4369-9910-71240E4073A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*",
"matchCriteriaId": "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*",
"matchCriteriaId": "0AE30779-48FB-451E-8CE1-F469F93B8772",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*",
"matchCriteriaId": "60590FDE-7156-4314-A012-AA38BD2ADDC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*",
"matchCriteriaId": "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*",
"matchCriteriaId": "F24F6122-2256-41B6-9033-794C6424ED99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*",
"matchCriteriaId": "0EAFA79E-8C7A-48CF-8868-11378FE4B26F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*",
"matchCriteriaId": "D1D6F19F-59B5-4BB6-AD35-013384025970",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*",
"matchCriteriaId": "E7BA97BC-3ADA-465A-835B-6C3C5F416B56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*",
"matchCriteriaId": "B71F77A4-B7EB-47A1-AAFD-431A7D040B86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*",
"matchCriteriaId": "91D6BEA9-5943-44A4-946D-CEAA9BA99376",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*",
"matchCriteriaId": "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*",
"matchCriteriaId": "2CB74086-14B8-4237-8357-E0C6B5BB8313",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*",
"matchCriteriaId": "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*",
"matchCriteriaId": "00C2B9C9-1177-4DA6-96CE-55F37F383F99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*",
"matchCriteriaId": "435CF189-0BD8-40DF-A0DC-99862CDEAF8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*",
"matchCriteriaId": "12A3F367-33AD-47C3-BFDC-871A17E72C94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*",
"matchCriteriaId": "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*",
"matchCriteriaId": "78261932-7373-4F16-91E0-1A72ADBEBC3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update242:*:*:*:*:*:*",
"matchCriteriaId": "9BD90D3D-9B3A-4101-9A8A-5090F0A9719F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*",
"matchCriteriaId": "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update252:*:*:*:*:*:*",
"matchCriteriaId": "F5A40B8A-D428-4008-9F21-AF21394C51D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update262:*:*:*:*:*:*",
"matchCriteriaId": "FEC5B777-01E1-45EE-AF95-C3BD1F098B2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update271:*:*:*:*:*:*",
"matchCriteriaId": "3B504718-5DCE-43B4-B19A-C6B6E7444BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update281:*:*:*:*:*:*",
"matchCriteriaId": "3102AA10-99A8-49A9-867E-7EEC56865680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update282:*:*:*:*:*:*",
"matchCriteriaId": "5A55CBC7-A7B2-4B89-8AB5-ED30DBE6814E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*",
"matchCriteriaId": "F8483034-DD5A-445D-892F-CDE90A7D58EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*",
"matchCriteriaId": "8279718F-878F-4868-8859-1728D13CD0D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*",
"matchCriteriaId": "2C024E1A-FD2C-42E8-B227-C2AFD3040436",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*",
"matchCriteriaId": "4F24389D-DDD0-4204-AA24-31C920A4F47E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*",
"matchCriteriaId": "966979BE-1F21-4729-B6B8-610F74648344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*",
"matchCriteriaId": "F8534265-33BF-460D-BF74-5F55FDE50F29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*",
"matchCriteriaId": "F77AFC25-1466-4E56-9D5F-6988F3288E16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*",
"matchCriteriaId": "A650BEB8-E56F-4E42-9361-8D2DB083F0F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*",
"matchCriteriaId": "799FFECD-E80A-44B3-953D-CDB5E195F3AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*",
"matchCriteriaId": "A7047507-7CAF-4A14-AA9A-5CEF806EDE98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*",
"matchCriteriaId": "CFC7B179-95D3-4F94-84F6-73F1034A1AF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*",
"matchCriteriaId": "9FB28526-9385-44CA-AF08-1899E6C3AE4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*",
"matchCriteriaId": "E26B69E4-0B43-415F-A82B-52FDCB262B3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*",
"matchCriteriaId": "27BC4150-70EC-462B-8FC5-20B3442CBB31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*",
"matchCriteriaId": "02646989-ECD9-40AE-A83E-EFF4080C69B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:16:*:*:*:*:*:*:*",
"matchCriteriaId": "DCFB65CD-98D5-4024-86CF-130D70DC5A5F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
"matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02DEB4FB-A21D-4CB1-B522-EEE5093E8521",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A30F7908-5AF6-4761-BC6A-4C18EFAE48E5",
"versionEndExcluding": "5.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:*",
"matchCriteriaId": "0F30D3AF-4FA3-4B7A-BE04-C24E2EA19A95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*",
"matchCriteriaId": "7B00DDE7-7002-45BE-8EDE-65D964922CB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_10:*:*:*:*:*:*",
"matchCriteriaId": "DB88C165-BB24-49FB-AAF6-087A766D5AD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*",
"matchCriteriaId": "FF806B52-DAD5-4D12-8BB6-3CBF9DC6B8DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*",
"matchCriteriaId": "7DE847E0-431D-497D-9C57-C4E59749F6A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:*",
"matchCriteriaId": "46385384-5561-40AA-9FDE-A2DE4FDFAD3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:*",
"matchCriteriaId": "B7CA7CA6-7CF2-48F6-81B5-69BA0A37EF4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_6:*:*:*:*:*:*",
"matchCriteriaId": "9E4E5481-1070-4E1F-8679-1985DE4E785A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_7:*:*:*:*:*:*",
"matchCriteriaId": "D9EEA681-67FF-43B3-8610-0FA17FD279E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_8:*:*:*:*:*:*",
"matchCriteriaId": "C33BA8EA-793D-4E79-BE9C-235ACE717216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_9:*:*:*:*:*:*",
"matchCriteriaId": "823DBE80-CB8D-4981-AE7C-28F3FDD40451",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. It can also be exploited by supplying untrusted data to APIs in the specified Component. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el producto Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Libraries).\u0026#xa0;Las versiones compatibles que est\u00e1n afectadas son Java SE: 7u291, 8u281, 11.0.10, 16;\u0026#xa0;Java SE integrado: 8u281;\u0026#xa0;Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 y 21.0.0.2.\u0026#xa0;La vulnerabilidad dif\u00edcil de explotar permite a un atacante no autenticado con acceso a la red por medio de m\u00faltiples protocolos comprometer a Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition.\u0026#xa0;Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en la creaci\u00f3n, eliminaci\u00f3n o modificaci\u00f3n no autorizada del acceso a datos cr\u00edticos o todos los datos accesibles de Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition.\u0026#xa0;Nota: Esta vulnerabilidad se aplica a las implementaciones de Java que cargan y ejecutan c\u00f3digo que no es confiable (p. Ej.,\u0026#xa0;c\u00f3digo que proviene de Internet) y conf\u00eda en el sandbox de Java para la seguridad.\u0026#xa0;Tambi\u00e9n puede ser explotado proporcionando datos no confiables a las API en el Componente especificado.\u0026#xa0;CVSS 3.1 Puntuaci\u00f3n Base 5.9 (Impactos en la Integridad).\u0026#xa0;Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)"
}
],
"id": "CVE-2021-2161",
"lastModified": "2024-11-21T06:02:30.543",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "secalert_us@oracle.com",
"type": "Secondary"
}
]
},
"published": "2021-04-22T22:15:13.037",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
],
"url": "https://docs.azul.com/core/zulu-openjdk/release-notes/april-2021.html#fixed-common-vulnerabilities-and-exposures"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10366"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00021.html"
},
{
"source": "secalert_us@oracle.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5ACX4JEVYH6H4PSMGMYWTGABPOFPH3TS/"
},
{
"source": "secalert_us@oracle.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CFXOKM2233JVGYDOWW77BN54X3GZTIBK/"
},
{
"source": "secalert_us@oracle.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CG7EWXSO6JUCVHP7R3SOZQ7WPNBOISJH/"
},
{
"source": "secalert_us@oracle.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MAULPCQFLAMBJIS27YLNNX6IHRFJMVP4/"
},
{
"source": "secalert_us@oracle.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MVDY4T5XMSYDQT6RRKPMRCV4MVGS7KXF/"
},
{
"source": "secalert_us@oracle.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UD3JEP4HPLK7MNZHVUMKIJPBP74M3A2V/"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202209-05"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210513-0001/"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4899"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://docs.azul.com/core/zulu-openjdk/release-notes/april-2021.html#fixed-common-vulnerabilities-and-exposures"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10366"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5ACX4JEVYH6H4PSMGMYWTGABPOFPH3TS/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CFXOKM2233JVGYDOWW77BN54X3GZTIBK/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CG7EWXSO6JUCVHP7R3SOZQ7WPNBOISJH/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MAULPCQFLAMBJIS27YLNNX6IHRFJMVP4/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MVDY4T5XMSYDQT6RRKPMRCV4MVGS7KXF/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UD3JEP4HPLK7MNZHVUMKIJPBP74M3A2V/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202209-05"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210513-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4899"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-14 20:15
Modified
2024-11-21 05:38
Severity ?
Summary
A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4938AC8-A83F-48D8-861C-042B90B75CAA",
"versionEndIncluding": "7.73.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FE996B1-6951-4F85-AA58-B99A379D2163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02DEB4FB-A21D-4CB1-B522-EEE5093E8521",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1C767AA1-88B7-48F0-9F31-A89D16DCD52C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E76BECE-0843-4B9F-90DE-7690764701B0",
"versionEndExcluding": "10.14.6",
"versionStartIncluding": "10.14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB8A73F8-3074-4B32-B9F6-343B6B1988C5",
"versionEndExcluding": "10.15.7",
"versionStartIncluding": "10.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:*",
"matchCriteriaId": "CFE26ECC-A2C2-4501-9950-510DE0E1BD86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:*",
"matchCriteriaId": "26108BEF-0847-4AB0-BD98-35344DFA7835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-004:*:*:*:*:*:*",
"matchCriteriaId": "A369D48B-6A0A-47AE-9513-D5E2E6F30931",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-005:*:*:*:*:*:*",
"matchCriteriaId": "510F8317-94DA-498E-927A-83D5F41AF54A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-006:*:*:*:*:*:*",
"matchCriteriaId": "0D5D1970-6D2A-42CA-A203-42023D71730D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-007:*:*:*:*:*:*",
"matchCriteriaId": "C68AE52B-5139-40A4-AE9A-E752DBF07D1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*",
"matchCriteriaId": "0FD3467D-7679-479F-9C0B-A93F7CD0929D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*",
"matchCriteriaId": "D4C6098E-EDBD-4A85-8282-B2E9D9333872",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-003:*:*:*:*:*:*",
"matchCriteriaId": "518BB47B-DD76-4E8C-9F10-7EBC1E146191",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-004:*:*:*:*:*:*",
"matchCriteriaId": "63940A55-D851-46EB-9668-D82BEFC1FE95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-005:*:*:*:*:*:*",
"matchCriteriaId": "68C7A97A-3801-44FA-96CA-10298FA39883",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-006:*:*:*:*:*:*",
"matchCriteriaId": "6D69914D-46C7-4A0E-A075-C863C1692D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-007:*:*:*:*:*:*",
"matchCriteriaId": "9CDB4476-B521-43E4-A129-8718A8E0A8CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2021-001:*:*:*:*:*:*",
"matchCriteriaId": "9D072B77-BE3F-4A2E-B66A-E2C8DC3781E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2021-002:*:*:*:*:*:*",
"matchCriteriaId": "A4A6BF78-B772-435C-AC1A-2199027CCF9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:supplemental_update:*:*:*:*:*:*",
"matchCriteriaId": "2C88BD98-46F5-447F-963A-FB9B167E31BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:supplemental_update_2:*:*:*:*:*:*",
"matchCriteriaId": "C7A0615B-D958-4BBF-B53F-AA839A0FE845",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*",
"matchCriteriaId": "A654B8A2-FC30-4171-B0BB-366CD7ED4B6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020:*:*:*:*:*:*",
"matchCriteriaId": "F12CC8B5-C1EB-419E-8496-B9A3864656AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*",
"matchCriteriaId": "F1F4BF7F-90D4-4668-B4E6-B06F4070F448",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-005:*:*:*:*:*:*",
"matchCriteriaId": "7FD7176C-F4D1-43A7-9E49-BA92CA0D9980",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-007:*:*:*:*:*:*",
"matchCriteriaId": "2703DE0B-8A9E-4A9D-9AE8-028E22BF47CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*",
"matchCriteriaId": "0F441A43-1669-478D-9EC8-E96882DE4F9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:supplemental_update:*:*:*:*:*:*",
"matchCriteriaId": "C1C795B9-E58D-467C-83A8-2D45C792292F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:macos:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "96C3F2DF-96A5-40F2-B5C7-E961C2EE4489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:macos:11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D120FD05-70E5-46AE-9B43-4F97BC8E05FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:macos:11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "752548E2-BB8F-49AB-9D80-38182232989B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E39D442D-1997-49AF-8B02-5640BE2A26CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4479F76A-4B67-41CC-98C7-C76B81050F8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:essbase:21.2:*:*:*:*:*:*:*",
"matchCriteriaId": "394A16F2-CCD4-44E5-BF6B-E0C782A9FA38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
"matchCriteriaId": "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5E63B7B2-409A-476E-BA12-2A2D2F3B85DE",
"versionEndExcluding": "xcp2410",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "983D27DE-BC89-454E-AE47-95A26A3651E2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ADB5D4C9-DA14-4188-9181-17336F9445F6",
"versionEndExcluding": "xcp2410",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5825AEE1-B668-40BD-86A9-2799430C742C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B65E2F3-57EC-46C0-BB4A-0A0F3F8D387E",
"versionEndExcluding": "xcp2410",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3DA2D526-BDCF-4A65-914A-B3BA3A0CD613",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "90B7CFBF-761C-4EAA-A322-EF5E294AADED",
"versionEndExcluding": "xcp2410",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EE0CF40B-E5BD-4558-9321-184D58EF621D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48B28ABF-7E1A-4A1E-8F78-0D95D7BDF886",
"versionEndExcluding": "xcp2410",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F3C9C09-7B2B-4DB6-8BE0-35302ED35776",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E74AAF52-1388-4BD9-B17B-3A6A32CA3608",
"versionEndExcluding": "xcp2410",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95503CE5-1D06-4092-A60D-D310AADCAFB1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A107698C-9C63-44A9-8A2B-81EDD5702B4C",
"versionEndExcluding": "xcp3110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "983D27DE-BC89-454E-AE47-95A26A3651E2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0FC0460E-4695-44FB-99EE-28B2C957B760",
"versionEndExcluding": "xcp3110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5825AEE1-B668-40BD-86A9-2799430C742C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD54A092-85A7-4459-9C69-19E6E24AC24B",
"versionEndExcluding": "xcp3110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3DA2D526-BDCF-4A65-914A-B3BA3A0CD613",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F813DBC-BA1E-4C73-AA11-1BD3F9508372",
"versionEndExcluding": "xcp3110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EE0CF40B-E5BD-4558-9321-184D58EF621D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EFDF4F39-1C6C-4AD3-99CF-BD5B44B8C71B",
"versionEndExcluding": "xcp3110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F3C9C09-7B2B-4DB6-8BE0-35302ED35776",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "416B805F-799A-4466-AC5A-93D083A2ABBD",
"versionEndExcluding": "xcp3110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95503CE5-1D06-4092-A60D-D310AADCAFB1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B0F46497-4AB0-49A7-9453-CC26837BF253",
"versionEndExcluding": "1.0.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5722E753-75DE-4944-A11B-556CB299B57D",
"versionEndExcluding": "8.2.12",
"versionStartIncluding": "8.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC0F9351-81A4-4FEA-B6B5-6E960A933D32",
"versionEndExcluding": "9.0.6",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions."
},
{
"lang": "es",
"value": "Un servidor malicioso puede usar la respuesta FTP PASV para enga\u00f1ar a curl versiones 7.73.0 y anteriores, para que se conecte de nuevo a una direcci\u00f3n IP y puerto determinados, y de esta manera potencialmente hacer que curl extraiga informaci\u00f3n sobre servicios que de otro modo ser\u00edan privados y no divulgados, por ejemplo, haciendo escaneo de puerto y extracciones del banner de servicio"
}
],
"id": "CVE-2020-8284",
"lastModified": "2024-11-21T05:38:39.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-14T20:15:13.903",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
],
"url": "https://curl.se/docs/CVE-2020-8284.html"
},
{
"source": "support@hackerone.com",
"tags": [
"Permissions Required"
],
"url": "https://hackerone.com/reports/1040166"
},
{
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html"
},
{
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/"
},
{
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202012-14"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210122-0007/"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT212325"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT212326"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT212327"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4881"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://curl.se/docs/CVE-2020-8284.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://hackerone.com/reports/1040166"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202012-14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210122-0007/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT212325"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT212326"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT212327"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4881"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-19 21:15
Modified
2024-11-21 06:44
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | graalvm | 20.3.5 | |
| oracle | graalvm | 21.3.1 | |
| oracle | graalvm | 22.0.0.2 | |
| oracle | java_se | 7u331 | |
| oracle | java_se | 8u321 | |
| oracle | java_se | 11.0.14 | |
| oracle | java_se | 17.0.2 | |
| oracle | java_se | 18 | |
| netapp | active_iq_unified_manager | - | |
| netapp | active_iq_unified_manager | - | |
| netapp | cloud_insights_acquisition_unit | - | |
| netapp | cloud_secure_agent | - | |
| netapp | e-series_santricity_os_controller | * | |
| netapp | e-series_santricity_storage_manager | - | |
| netapp | e-series_santricity_web_services | - | |
| netapp | element_software | - | |
| netapp | hci_management_node | - | |
| netapp | oncommand_insight | - | |
| netapp | santricity_unified_manager | - | |
| netapp | solidfire | - | |
| netapp | bootstrap_os | - | |
| netapp | hci_compute_node | - | |
| debian | debian_linux | 9.0 | |
| azul | zulu | 6.45 | |
| azul | zulu | 7.52 | |
| azul | zulu | 8.60 | |
| azul | zulu | 11.54 | |
| azul | zulu | 13.46 | |
| azul | zulu | 15.38 | |
| azul | zulu | 17.32 | |
| azul | zulu | 18.28 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:graalvm:20.3.5:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "079F2588-2746-408B-9BB0-9A569289985B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:graalvm:21.3.1:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "51600424-E294-41E0-9C8B-12D0C3456027",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:graalvm:22.0.0.2:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "C3D12B98-032F-49A6-B237-E0CAD32D9A25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:java_se:7u331:*:*:*:*:*:*:*",
"matchCriteriaId": "C15F860C-6B33-4950-B443-E2A7D4639573",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:java_se:8u321:*:*:*:*:*:*:*",
"matchCriteriaId": "696E27A2-34A2-49A8-BEF4-61718D11DD2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:java_se:11.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "2A9F8A53-6CBE-45EF-A920-4D448B9CE31F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:java_se:17.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "00AC1B6D-9156-40A3-B606-845CCC33D724",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:java_se:18:*:*:*:*:*:*:*",
"matchCriteriaId": "022EC03C-1574-4421-9AB7-0EEF0D089322",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
"matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF971916-C526-43A9-BD80-985BCC476569",
"versionEndIncluding": "11.70.1",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
"matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:azul:zulu:6.45:*:*:*:*:*:*:*",
"matchCriteriaId": "850B5359-7804-406B-9DC9-D22D65ACEE40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azul:zulu:7.52:*:*:*:*:*:*:*",
"matchCriteriaId": "5522AD81-A23E-47D3-82E4-6D71ECEB1DBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azul:zulu:8.60:*:*:*:*:*:*:*",
"matchCriteriaId": "6AC61C25-871B-4F6F-A5F0-77359F373681",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azul:zulu:11.54:*:*:*:*:*:*:*",
"matchCriteriaId": "12A59E25-5ED3-4A6D-95F6-45750866E0D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azul:zulu:13.46:*:*:*:*:*:*:*",
"matchCriteriaId": "FC0DC492-706E-42FE-8757-71873B53C417",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azul:zulu:15.38:*:*:*:*:*:*:*",
"matchCriteriaId": "C1441FE9-45C5-46C4-BF78-FD5D30F9C80C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azul:zulu:17.32:*:*:*:*:*:*:*",
"matchCriteriaId": "28D25E37-5479-4876-B46C-28FF87384852",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azul:zulu:18.28:*:*:*:*:*:*:*",
"matchCriteriaId": "7AD8BF00-C510-4E63-8949-CB64E9043610",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: JNDI). Las versiones afectadas son Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 y 22.0.0.2. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante no autenticado con acceso a la red por medio de m\u00faltiples protocolos comprometer Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en una actualizaci\u00f3n no autorizada, insertar o eliminar el acceso a algunos de los datos accesibles de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad es aplicada a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start o applets Java con sandbox, que cargan y ejecutan c\u00f3digo no confiable (por ejemplo, c\u00f3digo procedente de Internet) y que dependen del sandbox de Java para su seguridad. Esta vulnerabilidad tambi\u00e9n puede ser explotada mediante el uso de APIs en el componente especificado, por ejemplo, mediante un servicio web que suministra datos a las APIs. CVSS 3.1, Puntuaci\u00f3n Base 5.3 (impactos en la Integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)"
}
],
"id": "CVE-2022-21496",
"lastModified": "2024-11-21T06:44:50.123",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "secalert_us@oracle.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-19T21:15:18.497",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220429-0006/"
},
{
"source": "secalert_us@oracle.com",
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5128"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5131"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220429-0006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5128"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5131"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-18 06:15
Modified
2024-11-21 04:34
Severity ?
Summary
A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-a7b2df76b42b.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB2904AC-AD7A-498D-8619-CBB421E9165D",
"versionEndIncluding": "5.3.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:aff_baseboard_management_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C0ADE5D-F91D-4E0D-B6C5-3511B19665F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0EF46487-B64A-454E-AECC-D74B83170ACD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8AFF1109-26F3-43A5-A4CB-0F169FDBC0DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5AF71C49-ADEF-4EE2-802C-6159ADD51355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.20:*:*:*:*:*:*:*",
"matchCriteriaId": "B3BC6E59-2134-4A28-AAD2-77C8AE236BCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.25:*:*:*:*:*:*:*",
"matchCriteriaId": "24377899-5389-4BDC-AC82-0E4186F4DE53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.30:*:*:*:*:*:*:*",
"matchCriteriaId": "23FE83DE-AE7C-4313-88E3-886110C31302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.30.5r3:*:*:*:*:*:*:*",
"matchCriteriaId": "490B327B-AC20-419B-BB76-8AB6971304BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40:*:*:*:*:*:*:*",
"matchCriteriaId": "8DCE2754-7A9E-4B3B-91D1-DCF90C1BABE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40.3r2:*:*:*:*:*:*:*",
"matchCriteriaId": "6CA74E8B-51E2-4A7C-8A98-0583D31134A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7B64AB37-A1D9-4163-A51B-4C780361F1F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7BE9C9D7-9CED-4184-A190-1024A6FB8C82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.2:-:*:*:*:*:*:*",
"matchCriteriaId": "B73D4C3C-A511-4E14-B19F-91F561ACB1B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.2:p1:*:*:*:*:*:*",
"matchCriteriaId": "0C47D72C-9B6B-4E52-AF0E-56AD58E4A930",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60:*:*:*:*:*:*:*",
"matchCriteriaId": "039C3790-5AA2-4895-AEAE-CC84A71DB907",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4592238-D1F2-43D6-9BAB-2F63ECF9C965",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BA78068-80E9-4E49-9056-88EAB7E3682C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.3:*:*:*:*:*:*:*",
"matchCriteriaId": "092F366C-E8B0-4BE5-B106-0B7A73B08D34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.70.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7992E92-B159-4810-B895-01A9B944058A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.70.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5BDD7AAB-2BF3-4E8C-BEE2-5217E2926C11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:fas\\/aff_baseboard_management_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66EEA3CA-8CC7-4F0B-8204-6132D4114873",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:hci_baseboard_management_controller:h610s:*:*:*:*:*:*:*",
"matchCriteriaId": "DE7C6010-F736-4BDA-9E3B-C4370BBFA149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire\\,_enterprise_sds_\\\u0026_hci_storage_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DAA3919C-B2B1-4CB5-BA76-7A079AAFFC52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire_\\\u0026_hci_management_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6D700C5-F67F-4FFB-BE69-D524592A3D2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:brocade_fabric_operating_system_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B2748912-FC54-47F6-8C0C-B96784765B8E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F921BC85-568E-4B69-A3CD-CF75C76672F1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB9B8171-F6CA-427D-81E0-6536D3BBFA8D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "090AA6F4-4404-4E26-82AB-C3A22636F276",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-a7b2df76b42b."
},
{
"lang": "es",
"value": "Una p\u00e9rdida de memoria en la funci\u00f3n cx23888_ir_probe() en el archivo drivers/media/pci/cx23885/cx23888-ir.c en el kernel de Linux versiones hasta la versi\u00f3n 5.3.11, permite a atacantes causar una denegaci\u00f3n de servicio (consumo de memoria) al desencadenar fallos de la funci\u00f3n de kfifo_alloc(), tambi\u00e9n se conoce como CID-a7b2df76b42b."
}
],
"id": "CVE-2019-19054",
"lastModified": "2024-11-21T04:34:05.090",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.7,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-18T06:15:11.967",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/torvalds/linux/commit/a7b2df76b42bdd026e3106cf2ba97db41345a177"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20191205-0001/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4525-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4526-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4527-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/torvalds/linux/commit/a7b2df76b42bdd026e3106cf2ba97db41345a177"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20191205-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4525-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4526-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4527-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-401"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-19 21:15
Modified
2024-11-21 06:44
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.2 and 18; Oracle GraalVM Enterprise Edition: 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | graalvm | 21.3.1 | |
| oracle | graalvm | 22.0.0.2 | |
| oracle | jdk | 17.0.2 | |
| oracle | jdk | 18 | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 | |
| netapp | 7-mode_transition_tool | - | |
| netapp | active_iq_unified_manager | - | |
| netapp | active_iq_unified_manager | - | |
| netapp | cloud_insights | - | |
| netapp | e-series_santricity_os_controller | 11.0 | |
| netapp | e-series_santricity_storage_manager | - | |
| netapp | e-series_santricity_web_services | - | |
| netapp | oncommand_insight | - | |
| netapp | oncommand_workflow_automation | - | |
| netapp | santricity_unified_manager | - | |
| netapp | solidfire\,_enterprise_sds_\&_hci_storage_node | - | |
| netapp | solidfire_\&_hci_management_node | - | |
| netapp | hci_compute_node | - | |
| azul | zulu | 15.38 | |
| azul | zulu | 17.32 | |
| azul | zulu | 18.28 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:graalvm:21.3.1:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "51600424-E294-41E0-9C8B-12D0C3456027",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:graalvm:22.0.0.2:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "C3D12B98-032F-49A6-B237-E0CAD32D9A25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdk:17.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A29CF53D-7DDC-4B60-8232-6C173083101F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdk:18:*:*:*:*:*:*:*",
"matchCriteriaId": "FBA091EC-B5A9-468D-B99C-BB6F333E7B64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vsphere:*:*",
"matchCriteriaId": "E8F29E19-3A64-4426-A2AA-F169440267CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
"matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:cloud_insights:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26FCA75B-4282-4E0F-95B4-640A82C8E91C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8AFF1109-26F3-43A5-A4CB-0F169FDBC0DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:*:*:*",
"matchCriteriaId": "680ECEAE-D73F-47D2-8AF8-7704469CF3EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire\\,_enterprise_sds_\\\u0026_hci_storage_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DAA3919C-B2B1-4CB5-BA76-7A079AAFFC52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire_\\\u0026_hci_management_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6D700C5-F67F-4FFB-BE69-D524592A3D2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:azul:zulu:15.38:*:*:*:*:*:*:*",
"matchCriteriaId": "C1441FE9-45C5-46C4-BF78-FD5D30F9C80C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azul:zulu:17.32:*:*:*:*:*:*:*",
"matchCriteriaId": "28D25E37-5479-4876-B46C-28FF87384852",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azul:zulu:18.28:*:*:*:*:*:*:*",
"matchCriteriaId": "7AD8BF00-C510-4E63-8949-CB64E9043610",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.2 and 18; Oracle GraalVM Enterprise Edition: 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Bibliotecas). Las versiones afectadas son Oracle Java SE: 17.0.2 y 18; Oracle GraalVM Enterprise Edition: 21.3.1 y 22.0.0.2. La vulnerabilidad f\u00e1cilmente explotable permite a un atacante no autentificado con acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometer Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques exitosos de esta vulnerabilidad pueden resultar en la creaci\u00f3n no autorizada, la eliminaci\u00f3n o el acceso a la modificaci\u00f3n de datos cr\u00edticos o todos los datos accesibles de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad se aplica a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start o applets Java con caja de arena, que cargan y ejecutan c\u00f3digo no fiable (por ejemplo, c\u00f3digo procedente de Internet) y que dependen de la caja de arena de Java para su seguridad. Esta vulnerabilidad tambi\u00e9n puede ser explotada mediante el uso de APIs en el componente especificado, por ejemplo, a trav\u00e9s de un servicio web que suministra datos a las APIs. Puntuaci\u00f3n de base CVSS 3.1: 7,5 (impactos en la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)"
}
],
"id": "CVE-2022-21449",
"lastModified": "2024-11-21T06:44:43.570",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "secalert_us@oracle.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
},
"published": "2022-04-19T21:15:16.127",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/04/28/2"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/04/28/3"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2022/04/28/4"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/04/28/5"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/04/28/6"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/04/28/7"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/04/29/1"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/04/30/1"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/04/30/2"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/04/30/3"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/04/30/4"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/05/01/1"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/05/01/2"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/05/02/1"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220429-0006/"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5128"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5131"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/04/28/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/04/28/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2022/04/28/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/04/28/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/04/28/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/04/28/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/04/29/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/04/30/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/04/30/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/04/30/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/04/30/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/05/01/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/05/01/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/05/02/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220429-0006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5128"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5131"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-29 13:15
Modified
2024-11-21 04:58
Severity ?
Summary
In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails to protect against a concurrent page table upgrade, aka CID-3f777e19d171. A crash could also occur.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0FB4B86-B8D8-473E-8D1D-3C058D143AF6",
"versionEndExcluding": "4.19.119",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0ABDE4F3-29C6-459E-B0B7-751B93447AF0",
"versionEndExcluding": "5.4.36",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D62C084A-6676-40AF-868A-D90CDFAB7DDD",
"versionEndExcluding": "5.6.8",
"versionStartIncluding": "5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "090AA6F4-4404-4E26-82AB-C3A22636F276",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDD92BFA-9117-4E6E-A13F-ED064B4B7284",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:a700s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B7DA42F-5D64-4967-A2D4-6210FE507841",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "108A2215-50FB-4074-94CF-C130FA14566D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "32F0B6C0-F930-480D-962B-3F4EFDCC13C7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "803BC414-B250-4E3A-A478-A3881340D6B8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FEB3337-BFDE-462A-908B-176F92053CEC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "736AEAE9-782B-4F71-9893-DED53367E102",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89612649-BACF-4FAC-9BA4-324724FD93A6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h610c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3D9B255-C1AF-42D1-BF9B-13642FBDC080",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD7CFE0E-9D1E-4495-B302-89C3096FC0DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F63A3FA7-AAED-4A9D-9FDE-6195302DA0F6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails to protect against a concurrent page table upgrade, aka CID-3f777e19d171. A crash could also occur."
},
{
"lang": "es",
"value": "En el kernel de Linux versi\u00f3n 4.9 hasta la versi\u00f3n 5.6.7, en la plataforma s390, una ejecuci\u00f3n de c\u00f3digo puede presentarse debido a una condici\u00f3n de carrera, como es demostrado por el c\u00f3digo en la funci\u00f3n enable_sacf_uaccess en el archivo arch/s390/lib/uaccess.c que presenta un fallo al proteger contra una actualizaci\u00f3n concurrente de la tabla de p\u00e1gina, tambi\u00e9n se conoce como CID-3f777e19d171. Tamb\u00eden podr\u00eda ocurrir un bloqueo"
}
],
"id": "CVE-2020-11884",
"lastModified": "2024-11-21T04:58:49.463",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-29T13:15:11.647",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=215d1f3928713d6eaec67244bcda72105b898000"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3f777e19d171670ab558a6d5e6b1ac7f9b6c574f"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3TZBP2HINNAX7HKHCOUMIFVQPV6GWMCZ/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AQUVKC3IPUC5B374VVAZV4J5P3GAUGSW/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKVJMS4GQRH5SO35WM5GINCFAGXQ3ZW6/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4342-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4343-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4345-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4667"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=215d1f3928713d6eaec67244bcda72105b898000"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3f777e19d171670ab558a6d5e6b1ac7f9b6c574f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3TZBP2HINNAX7HKHCOUMIFVQPV6GWMCZ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AQUVKC3IPUC5B374VVAZV4J5P3GAUGSW/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKVJMS4GQRH5SO35WM5GINCFAGXQ3ZW6/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4342-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4343-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4345-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4667"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-01-04 15:15
Modified
2024-11-21 05:27
Severity ?
Summary
There's a flaw in binutils /bfd/pef.c. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat from this flaw is to application availability. This flaw affects binutils versions prior to 2.34.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1911441 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| secalert@redhat.com | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KOK3QWSVOUJWJ54HVGIFWNLWQ5ZY4S6/ | ||
| secalert@redhat.com | https://security.gentoo.org/glsa/202107-24 | Third Party Advisory | |
| secalert@redhat.com | https://security.netapp.com/advisory/ntap-20210212-0007/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1911441 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KOK3QWSVOUJWJ54HVGIFWNLWQ5ZY4S6/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202107-24 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20210212-0007/ | Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:binutils:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FF09EA1-994B-4950-B853-1FB4F936A162",
"versionEndExcluding": "2.34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7CF3019-975D-40BB-A8A4-894E62BD3797",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire\\,_enterprise_sds_\\\u0026_hci_storage_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DAA3919C-B2B1-4CB5-BA76-7A079AAFFC52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire_\\\u0026_hci_management_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6D700C5-F67F-4FFB-BE69-D524592A3D2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:brocade_fabric_operating_system_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B2748912-FC54-47F6-8C0C-B96784765B8E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F921BC85-568E-4B69-A3CD-CF75C76672F1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There\u0027s a flaw in binutils /bfd/pef.c. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat from this flaw is to application availability. This flaw affects binutils versions prior to 2.34."
},
{
"lang": "es",
"value": "Se presenta un fallo en el archivo /bfd/pef.c de binutils.\u0026#xa0;Un atacante que sea capaz de enviar un archivo de entrada dise\u00f1ado para que sea procesado por el programa objdump podr\u00eda causar una desreferencia del puntero null.\u0026#xa0;La mayor amenaza de este fallo es la disponibilidad de la aplicaci\u00f3n.\u0026#xa0;Este fallo afecta a binutils versiones anteriores a la 2.34."
}
],
"id": "CVE-2020-35495",
"lastModified": "2024-11-21T05:27:25.380",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-04T15:15:13.667",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1911441"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KOK3QWSVOUJWJ54HVGIFWNLWQ5ZY4S6/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202107-24"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210212-0007/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1911441"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KOK3QWSVOUJWJ54HVGIFWNLWQ5ZY4S6/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202107-24"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210212-0007/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-17 13:15
Modified
2025-04-03 20:28
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments.
References
Impacted products
{
"cisaActionDue": "2022-06-10",
"cisaExploitAdd": "2021-12-10",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Linux Kernel Improper Privilege Management Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA88B130-CD8A-4E14-A1F5-4D1DB031D60E",
"versionEndExcluding": "3.16.71",
"versionStartIncluding": "3.16.52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD709672-0E6A-4086-8700-B6C2FDD8599C",
"versionEndExcluding": "4.2",
"versionStartIncluding": "4.1.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "19FB5FC5-740B-418F-B83A-3EA6095270C0",
"versionEndExcluding": "4.4.185",
"versionStartIncluding": "4.4.40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66431BA1-01B5-476A-B483-AE4E7B830BA7",
"versionEndExcluding": "4.9",
"versionStartIncluding": "4.8.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8A719867-AEB7-4E95-A1DE-B96EA092D9FE",
"versionEndExcluding": "4.9.185",
"versionStartIncluding": "4.9.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "00D95A2F-5B17-46D9-80D7-2E0D1779C2CE",
"versionEndExcluding": "4.14.133",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F921620B-E2A7-421F-8C89-016C51723C17",
"versionEndExcluding": "4.19.58",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7049E422-0D4B-45FD-8B06-04BACD44A66E",
"versionEndExcluding": "5.1.17",
"versionStartIncluding": "4.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
"matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "B3293E55-5506-4587-A318-D1734F781C09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
"matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:7.0_aarch64:*:*:*:*:*:*:*",
"matchCriteriaId": "AA559D29-DF65-48AF-96DB-D20A50474758",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0_s390x:*:*:*:*:*:*:*",
"matchCriteriaId": "2148300C-ECBD-4ED5-A164-79629859DD43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_real_time:8:*:*:*:*:*:*:*",
"matchCriteriaId": "CBF9BCF3-187F-410A-96CA-9C47D3ED6924",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "782C86CD-1B68-410A-A096-E5170AD24DA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "77C61DDC-81F3-4E2D-9CAA-17A256C85443",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B6B0DA79-DF12-4418-B075-F048C9E2979A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6D5DE3C5-B090-4CE7-9AF2-DEB379D7D5FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DF7275A1-8853-469E-939B-7533E9E8C499",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B92409A9-0D6B-4B7E-8847-1B63837D201F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C5C5860E-9FEB-4259-92FD-A85911E2F99E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CCE99A08-D6F7-4937-8154-65062BC88009",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "665DF1D3-EB88-4A17-B888-3B3CE298269B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:aff_a700s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "952F55C9-7E7C-4539-9D08-E736B3488569",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:aff_a700s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9FED1B0D-F901-413A-85D9-05D4C427570D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD7CFE0E-9D1E-4495-B302-89C3096FC0DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F63A3FA7-AAED-4A9D-9FDE-6195302DA0F6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24B8DB06-590A-4008-B0AB-FCD1401C77C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD1E9594-C46F-40D1-8BC2-6B16635B55C4",
"versionEndIncluding": "11.60.3",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:-:*:*:*:*:*:*:*",
"matchCriteriaId": "146A767F-DC04-454B-9913-17D3A2B5AAA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit\u0027s pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments."
},
{
"lang": "es",
"value": "En el kernel de Linux anterior a versi\u00f3n 5.1.17, ptrace_link en el archivo kernel/ptrace.c maneja inapropiadamente la grabaci\u00f3n de las credenciales de un proceso que desea crear una relaci\u00f3n de ptrace, que permite a los usuarios locales obtener acceso de root aprovechando determinados escenarios con un relaci\u00f3n de proceso padre-hijo, donde un padre elimina los privilegios y llama a execve (permitiendo potencialmente el control por parte de un atacante). Un factor que contribuye es un problema de vida \u00fatil del objeto (que tambi\u00e9n puede causar un p\u00e1nico). Otro factor que contribuye es el marcado incorrecto de una relaci\u00f3n de ptrace como privilegiada, que puede ser explotada mediante (por ejemplo) el ayudante pkexec de Polkit con PTRACE_TRACEME. NOTA: deny_ptrace de SELinux puede ser una soluci\u00f3n \u00fatil en algunos entornos."
}
],
"id": "CVE-2019-13272",
"lastModified": "2025-04-03T20:28:35.577",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2019-07-17T13:15:10.687",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/153663/Linux-PTRACE_TRACEME-Broken-Permission-Object-Lifetime-Handling.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154957/Linux-Polkit-pkexec-Helper-PTRACE_TRACEME-Local-Root.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/156929/Linux-PTRACE_TRACEME-Local-Root.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/165051/Linux-Kernel-5.1.x-PTRACE_TRACEME-pkexec-Local-Privilege-Escalation.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2405"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2411"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2809"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1903"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730895"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1140671"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.17"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6994eefb0053799d2e07cd140df6c2ea106c41ee"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/torvalds/linux/commit/6994eefb0053799d2e07cd140df6c2ea106c41ee"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00022.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00023.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OGRK5LYWBJ4E4SRI4DKX367NHYSI3VOH/"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Jul/30"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Jul/33"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190806-0001/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.f5.com/csp/article/K91025336"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.f5.com/csp/article/K91025336?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4093-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4094-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4095-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4117-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4118-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4484"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/153663/Linux-PTRACE_TRACEME-Broken-Permission-Object-Lifetime-Handling.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154957/Linux-Polkit-pkexec-Helper-PTRACE_TRACEME-Local-Root.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/156929/Linux-PTRACE_TRACEME-Local-Root.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/165051/Linux-Kernel-5.1.x-PTRACE_TRACEME-pkexec-Local-Privilege-Escalation.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2405"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2411"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2809"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1903"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730895"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1140671"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6994eefb0053799d2e07cd140df6c2ea106c41ee"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/torvalds/linux/commit/6994eefb0053799d2e07cd140df6c2ea106c41ee"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OGRK5LYWBJ4E4SRI4DKX367NHYSI3VOH/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Jul/30"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Jul/33"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190806-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.f5.com/csp/article/K91025336"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.f5.com/csp/article/K91025336?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4093-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4094-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4095-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4117-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4118-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4484"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-05-12 05:15
Modified
2024-11-21 07:02
Severity ?
Summary
The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| netapp | solidfire\,_enterprise_sds_\&_hci_storage_node | - | |
| netapp | solidfire_\&_hci_management_node | - | |
| netapp | hci_compute_node | - | |
| netapp | 8300_firmware | - | |
| netapp | 8300 | - | |
| netapp | 8700_firmware | - | |
| netapp | 8700 | - | |
| netapp | a400_firmware | - | |
| netapp | a400 | - | |
| netapp | h300s_firmware | - | |
| netapp | h300s | - | |
| netapp | h500s_firmware | - | |
| netapp | h500s | - | |
| netapp | h700s_firmware | - | |
| netapp | h700s | - | |
| netapp | h410s_firmware | - | |
| netapp | h410s | - | |
| netapp | h410c_firmware | - | |
| netapp | h410c | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0B62342-F287-4C6B-92AA-C1BC61DDAFFA",
"versionEndExcluding": "4.19.238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8CB6E8F5-C2B1-46F3-A807-0F6104AC340F",
"versionEndExcluding": "5.4.189",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6FB6A7BA-92AE-4423-9814-EBEED5876483",
"versionEndExcluding": "5.10.110",
"versionStartIncluding": "5.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "27C42AE8-B387-43E2-938A-E1C8B40BE6D5",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D765FECA-B64D-4F49-9CD1-07C9337ADB2C",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "210C679C-CF84-44A3-8939-E629C87E54BF",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "5.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:solidfire\\,_enterprise_sds_\\\u0026_hci_storage_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DAA3919C-B2B1-4CB5-BA76-7A079AAFFC52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire_\\\u0026_hci_management_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6D700C5-F67F-4FFB-BE69-D524592A3D2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:8300_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E73901F-666D-4D8B-BDFD-93DD2F70C74B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:8300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0FD5AED-42CF-4918-B32C-D675738EF15C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:8700_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "34B25BEF-8708-4E2C-8BA6-EBCD5267EB04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:8700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE0F11D2-B5D9-46B4-BFC5-C86BC87D516A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:a400_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "04E3BD77-8915-4FFC-8483-5DB5D610F829",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:a400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97E94ECB-BB51-4364-BEDD-8648C193196F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag."
},
{
"lang": "es",
"value": "El kernel de Linux versiones anteriores a 5.17.2, maneja inapropiadamente los permisos de seccomp. La ruta de c\u00f3digo PTRACE_SEIZE permite a atacantes omitir las restricciones previstas al establecer el flag PT_SUSPEND_SECCOMP"
}
],
"id": "CVE-2022-30594",
"lastModified": "2024-11-21T07:02:59.423",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-12T05:15:06.657",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/167386/Kernel-Live-Patch-Security-Notice-LSN-0086-1.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/170362/Linux-PT_SUSPEND_SECCOMP-Permission-Bypass-Ptracer-Death-Race.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2276"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.2"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee1fee900537b5d9560e9f937402de5ddc8412f3"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/torvalds/linux/commit/ee1fee900537b5d9560e9f937402de5ddc8412f3"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220707-0001/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5173"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/167386/Kernel-Live-Patch-Security-Notice-LSN-0086-1.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/170362/Linux-PT_SUSPEND_SECCOMP-Permission-Bypass-Ptracer-Death-Race.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2276"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee1fee900537b5d9560e9f937402de5ddc8412f3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/torvalds/linux/commit/ee1fee900537b5d9560e9f937402de5ddc8412f3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220707-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5173"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-05-15 18:15
Modified
2024-11-21 05:00
Severity ?
Summary
The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF8D3C1A-7029-4267-B1EA-3D12CAC1EA55",
"versionEndIncluding": "5.6.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB9B8171-F6CA-427D-81E0-6536D3BBFA8D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "090AA6F4-4404-4E26-82AB-C3A22636F276",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDD92BFA-9117-4E6E-A13F-ED064B4B7284",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:a700s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B7DA42F-5D64-4967-A2D4-6210FE507841",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "108A2215-50FB-4074-94CF-C130FA14566D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "32F0B6C0-F930-480D-962B-3F4EFDCC13C7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "803BC414-B250-4E3A-A478-A3881340D6B8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FEB3337-BFDE-462A-908B-176F92053CEC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "736AEAE9-782B-4F71-9893-DED53367E102",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89612649-BACF-4FAC-9BA4-324724FD93A6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h610c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3D9B255-C1AF-42D1-BF9B-13642FBDC080",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD7CFE0E-9D1E-4495-B302-89C3096FC0DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F63A3FA7-AAED-4A9D-9FDE-6195302DA0F6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h615c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5921A877-18BF-43FE-915C-D226E140ACFC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h615c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7296A1F2-D315-4FD5-8A73-65C480C855BE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space."
},
{
"lang": "es",
"value": "El controlador VFIO PCI en el kernel de Linux versiones hasta 5.6.13, maneja inapropiadamente los intentos para acceder al espacio de memoria deshabilitado."
}
],
"id": "CVE-2020-12888",
"lastModified": "2024-11-21T05:00:29.897",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.7,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-15T18:15:13.650",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/05/19/6"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBEHRQQZTKJTPQFPY3JAO7MQ4JAFEQNW/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXGMJHWTMQI34NJZ4BHL3ZVF264AWBF2/"
},
{
"source": "cve@mitre.org",
"url": "https://lore.kernel.org/kvm/158871401328.15589.17598154478222071285.stgit%40gimli.home/"
},
{
"source": "cve@mitre.org",
"url": "https://lore.kernel.org/kvm/158871570274.15589.10563806532874116326.stgit%40gimli.home/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4525-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4526-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/05/19/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBEHRQQZTKJTPQFPY3JAO7MQ4JAFEQNW/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXGMJHWTMQI34NJZ4BHL3ZVF264AWBF2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lore.kernel.org/kvm/158871401328.15589.17598154478222071285.stgit%40gimli.home/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lore.kernel.org/kvm/158871570274.15589.10563806532874116326.stgit%40gimli.home/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4525-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4526-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-755"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-11-28 07:15
Modified
2024-11-21 05:23
Severity ?
Summary
An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| netapp | cloud_backup | - | |
| netapp | element_software | - | |
| netapp | hci_management_node | - | |
| netapp | solidfire | - | |
| netapp | hci_bootstrap_os | - | |
| netapp | hci_compute_node | - | |
| netapp | h410c_firmware | - | |
| netapp | h410c | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9F533643-6482-466F-87F2-9446C8214FF5",
"versionEndExcluding": "4.9.228",
"versionStartIncluding": "4.5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82A795AE-6C0D-4C70-93E8-CB1183C8F147",
"versionEndExcluding": "4.14.185",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "96593438-C71A-47FD-B19B-F54C6E65BDA5",
"versionEndExcluding": "4.19.129",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "55E407BF-74C3-42AB-8591-2385D5732960",
"versionEndExcluding": "5.4.48",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45E1B7E8-BF1C-4AFA-9862-DAE3916A8846",
"versionEndExcluding": "5.7.5",
"versionStartIncluding": "5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1C767AA1-88B7-48F0-9F31-A89D16DCD52C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en la funci\u00f3n __split_huge_pmd en el archivo mm/huge_memory.c en el kernel de Linux versiones anteriores a 5.7.5. La implementaci\u00f3n copy-on-write puede otorgar acceso de escritura no previsto debido a una condici\u00f3n de carrera en una comprobaci\u00f3n de conteo de mapas THP, tambi\u00e9n se conoce como CID-c444eb564fb1"
}
],
"id": "CVE-2020-29368",
"lastModified": "2024-11-21T05:23:55.457",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-11-28T07:15:11.460",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2045"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.5"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c444eb564fb16645c172d550359cb3d75fe8a040"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210108-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2045"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c444eb564fb16645c172d550359cb3d75fe8a040"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210108-0002/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-08 20:15
Modified
2024-11-21 06:16
Severity ?
Summary
btrfs in the Linux kernel before 5.13.4 allows attackers to cause a denial of service (deadlock) via processes that trigger allocation of new system chunks during times when there is a shortage of free space in the system space_info.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4 | Mailing List, Patch, Vendor Advisory | |
| cve@mitre.org | https://github.com/torvalds/linux/commit/1cb3db1cf383a3c7dbda1aa0ce748b0958759947 | Exploit, Patch, Third Party Advisory | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20210902-0010/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4 | Mailing List, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/torvalds/linux/commit/1cb3db1cf383a3c7dbda1aa0ce748b0958759947 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20210902-0010/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| netapp | hci_bootstrap_os | - | |
| netapp | hci_compute_node | - | |
| netapp | hci_management_node | - | |
| netapp | solidfire | - | |
| netapp | element_software | - | |
| netapp | hci_storage_node | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C85356F-2C6C-4FB9-B0CA-949711182223",
"versionEndExcluding": "5.13.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1C767AA1-88B7-48F0-9F31-A89D16DCD52C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02DEB4FB-A21D-4CB1-B522-EEE5093E8521",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "btrfs in the Linux kernel before 5.13.4 allows attackers to cause a denial of service (deadlock) via processes that trigger allocation of new system chunks during times when there is a shortage of free space in the system space_info."
},
{
"lang": "es",
"value": "btrfs en el kernel de Linux versiones anteriores a 5.13.4, permite a atacantes causar una denegaci\u00f3n de servicio (bloqueo) por medio de procesos que desencadenan la asignaci\u00f3n de nuevos trozos del sistema durante los momentos en que hay una escasez de espacio libre en el space_info del sistema"
}
],
"id": "CVE-2021-38203",
"lastModified": "2024-11-21T06:16:39.090",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-08T20:15:07.217",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/torvalds/linux/commit/1cb3db1cf383a3c7dbda1aa0ce748b0958759947"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210902-0010/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/torvalds/linux/commit/1cb3db1cf383a3c7dbda1aa0ce748b0958759947"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210902-0010/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-667"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-19 22:15
Modified
2024-11-21 06:44
Severity ?
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.3.1; Oracle GraalVM Enterprise Edition: 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | graalvm | 21.3.2 | |
| oracle | graalvm | 22.1.0 | |
| oracle | jdk | 17.0.3.1 | |
| oracle | jre | 17.0.3.1 | |
| azul | zulu | 17.34 | |
| fedoraproject | fedora | 35 | |
| fedoraproject | fedora | 36 | |
| debian | debian_linux | 11.0 | |
| netapp | 7-mode_transition_tool | - | |
| netapp | active_iq_unified_manager | - | |
| netapp | active_iq_unified_manager | - | |
| netapp | cloud_insights_acquisition_unit | - | |
| netapp | cloud_secure_agent | - | |
| netapp | hci_management_node | - | |
| netapp | oncommand_insight | - | |
| netapp | solidfire | - | |
| netapp | hci_compute_node | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:graalvm:21.3.2:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "601D92C4-F71F-47E2-9041-5C286D2137F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:graalvm:22.1.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "B18FE85D-C53D-44E9-8992-715820D1264B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdk:17.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7AF3539B-0434-4310-AE88-F46864C7C20F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jre:17.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0DF70EEA-EC9D-4FFC-B7BE-76F50C34D999",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:azul:zulu:17.34:*:*:*:*:*:*:*",
"matchCriteriaId": "B6302149-28AA-481E-BC6C-87D05E73768A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
"matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.3.1; Oracle GraalVM Enterprise Edition: 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Libraries). Las versiones afectadas son Oracle Java SE: 17.0.3.1; Oracle GraalVM Enterprise Edition: 21.3.2 y 22.1.0. La vulnerabilidad f\u00e1cilmente explotable permite a un atacante no autenticado con acceso a la red por medio de m\u00faltiples protocolos comprometer a Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en el acceso no autorizado a la actualizaci\u00f3n, inserci\u00f3n o eliminaci\u00f3n de algunos de los datos accesibles de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad es aplicada a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start con sandbox o applets Java con sandbox, que cargan y ejecutan c\u00f3digo que no es confiable (por ejemplo, c\u00f3digo que viene de Internet) y dependen de la sandbox de Java para la seguridad. Esta vulnerabilidad tambi\u00e9n puede ser explotada mediante el uso de APIs en el componente especificado, por ejemplo, mediante un servicio web que suministra datos a las APIs. CVSS 3.1, Puntuaci\u00f3n Base 5.3 (impactos en la Integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)."
}
],
"id": "CVE-2022-21549",
"lastModified": "2024-11-21T06:44:56.113",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "secalert_us@oracle.com",
"type": "Primary"
}
]
},
"published": "2022-07-19T22:15:12.147",
"references": [
{
"source": "secalert_us@oracle.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NQICCJXXAYMCCXOO24R4W7Q3RSKCYDMX/"
},
{
"source": "secalert_us@oracle.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKJCLA2GDNF4B7ZRKORQ2TIR56AHJ4VC/"
},
{
"source": "secalert_us@oracle.com",
"url": "https://security.gentoo.org/glsa/202401-25"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220729-0009/"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5192"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NQICCJXXAYMCCXOO24R4W7Q3RSKCYDMX/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKJCLA2GDNF4B7ZRKORQ2TIR56AHJ4VC/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202401-25"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220729-0009/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5192"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-08 20:15
Modified
2024-11-21 06:16
Severity ?
Summary
fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which allows operators of remote NFSv4 servers to cause a denial of service (hanging of mounts) by arranging for those servers to be unreachable during trunking detection.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| netapp | hci_bootstrap_os | - | |
| netapp | hci_compute_node | - | |
| netapp | hci_management_node | - | |
| netapp | solidfire | - | |
| netapp | element_software | - | |
| netapp | hci_storage_node | - | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 11.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C85356F-2C6C-4FB9-B0CA-949711182223",
"versionEndExcluding": "5.13.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1C767AA1-88B7-48F0-9F31-A89D16DCD52C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02DEB4FB-A21D-4CB1-B522-EEE5093E8521",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which allows operators of remote NFSv4 servers to cause a denial of service (hanging of mounts) by arranging for those servers to be unreachable during trunking detection."
},
{
"lang": "es",
"value": "El archivo fs/nfs/nfs4client.c en el kernel de Linux versiones anteriores a 5.13.4, presenta un ordenamiento incorrecto de la configuraci\u00f3n de la conexi\u00f3n, que permite a operadores de servidores NFSv4 remotos causar una denegaci\u00f3n de servicio (cuelgue de montajes) al disponer de que esos servidores sean inalcanzables durante la detecci\u00f3n de trunking"
}
],
"id": "CVE-2021-38199",
"lastModified": "2024-11-21T06:16:38.240",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-08T20:15:07.073",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/torvalds/linux/commit/dd99e9f98fbf423ff6d365b37a98e8879170f17c"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210902-0010/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4978"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/torvalds/linux/commit/dd99e9f98fbf423ff6d365b37a98e8879170f17c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210902-0010/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4978"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-17 02:15
Modified
2024-11-21 05:57
Severity ?
Summary
An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation. Unfortunately, when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively implying their success from the success of related batch elements. In other cases, errors resulting from one batch element lead to further batch elements not being inspected, and hence successful ones to not be possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and drivers/xen/gntdev.c.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| fedoraproject | fedora | 32 | |
| fedoraproject | fedora | 33 | |
| debian | debian_linux | 9.0 | |
| netapp | cloud_backup | - | |
| netapp | solidfire\,_enterprise_sds_\&_hci_storage_node | - | |
| netapp | solidfire_\&_hci_management_node | - | |
| netapp | hci_compute_node | - | |
| netapp | hci_h410c_firmware | - | |
| netapp | hci_h410c | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02DED9BD-F021-49CC-B2D3-C92E5DBEF3AF",
"versionEndIncluding": "5.10.16",
"versionStartIncluding": "3.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire\\,_enterprise_sds_\\\u0026_hci_storage_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DAA3919C-B2B1-4CB5-BA76-7A079AAFFC52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire_\\\u0026_hci_management_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6D700C5-F67F-4FFB-BE69-D524592A3D2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4AFE5CAF-ACA7-4F82-BEC1-69562D75E66E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:hci_h410c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "08C564D8-E21F-403C-B4BB-7B14B7FB5DAE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:hci_h410c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8532F5F0-00A1-4FA9-A80B-09E46D03F74F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation. Unfortunately, when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively implying their success from the success of related batch elements. In other cases, errors resulting from one batch element lead to further batch elements not being inspected, and hence successful ones to not be possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and drivers/xen/gntdev.c."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en el kernel de Linux versiones 3.2 hasta 5.10.16, tal como es usado Xen.\u0026#xa0;Las operaciones de mapeo de concesiones a menudo ocurren hiperllamadas por lotes, donde se realizan varias operaciones en una sola hiperllamada, el \u00e9xito o el fallo de cada una es reportada al controlador del backend, y el controlador del backend luego recorre los resultados, llevando a cabo acciones de seguimiento en funci\u00f3n del \u00e9xito o fallo de cada operaci\u00f3n.\u0026#xa0;Desafortunadamente, cuando se ejecuta en modo PV, los controladores del backend de Linux manejan inapropiadamente esto: algunos errores son ignorados, lo que implica efectivamente su \u00e9xito por el \u00e9xito de los elementos de lote relacionados.\u0026#xa0;En otros casos, los errores que resultan de un elemento del lote conllevan a que no se inspeccionen m\u00e1s elementos del lote y, por lo tanto, no es posible desasignar apropiadamente los correctos tras la recuperaci\u00f3n del error.\u0026#xa0;Solo los sistemas con backends de Linux que se ejecutan en modo PV son vulnerables.\u0026#xa0;Los backends de Linux que se ejecutan en modos HVM / PVH no son vulnerables.\u0026#xa0;Esto afecta a los archivos arch/*/xen/p2m.c y drivers/xen/gntdev.c"
}
],
"id": "CVE-2021-26932",
"lastModified": "2024-11-21T05:57:04.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 1.9,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-17T02:15:13.033",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://xenbits.xen.org/xsa/advisory-361.html"
},
{
"source": "cve@mitre.org",
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ebee0eab08594b2bd5db716288a4f1ae5936e9bc"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2XQR52ICKRK3GC4HDWLMWF2U55YGAR63/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GWQWPWYZRXVFJI5M3VCM72X27IB7CKOB/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210326-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://xenbits.xen.org/xsa/advisory-361.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ebee0eab08594b2bd5db716288a4f1ae5936e9bc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2XQR52ICKRK3GC4HDWLMWF2U55YGAR63/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GWQWPWYZRXVFJI5M3VCM72X27IB7CKOB/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210326-0001/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-08 05:15
Modified
2024-11-21 06:57
Severity ?
Summary
jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.1 | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://github.com/torvalds/linux/commit/cc16eecae687912238ee6efbff71ad31e2bc414e | Patch, Third Party Advisory | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20220506-0006/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.1 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/torvalds/linux/commit/cc16eecae687912238ee6efbff71ad31e2bc414e | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20220506-0006/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| redhat | enterprise_linux | 6.0 | |
| redhat | enterprise_linux | 7.0 | |
| fedoraproject | fedora | 35 | |
| netapp | active_iq_unified_manager | - | |
| netapp | solidfire\,_enterprise_sds_\&_hci_storage_node | - | |
| netapp | solidfire_\&_hci_management_node | - | |
| netapp | hci_compute_node_firmware | - | |
| netapp | hci_compute_node | - | |
| netapp | h300s_firmware | - | |
| netapp | h300s | - | |
| netapp | h500s_firmware | - | |
| netapp | h500s | - | |
| netapp | h700s_firmware | - | |
| netapp | h700s | - | |
| netapp | h300e_firmware | - | |
| netapp | h300e | - | |
| netapp | h500e_firmware | - | |
| netapp | h500e | - | |
| netapp | h700e_firmware | - | |
| netapp | h700e | - | |
| netapp | h410s_firmware | - | |
| netapp | h410s | - | |
| netapp | h410c_firmware | - | |
| netapp | h410c | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3004D9BF-0093-4C9C-8560-F3E91AFAE409",
"versionEndExcluding": "5.17.1",
"versionStartIncluding": "5.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vsphere:*:*",
"matchCriteriaId": "E8F29E19-3A64-4426-A2AA-F169440267CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire\\,_enterprise_sds_\\\u0026_hci_storage_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DAA3919C-B2B1-4CB5-BA76-7A079AAFFC52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire_\\\u0026_hci_management_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6D700C5-F67F-4FFB-BE69-D524592A3D2E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F921BC85-568E-4B69-A3CD-CF75C76672F1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "108A2215-50FB-4074-94CF-C130FA14566D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "32F0B6C0-F930-480D-962B-3F4EFDCC13C7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "803BC414-B250-4E3A-A478-A3881340D6B8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FEB3337-BFDE-462A-908B-176F92053CEC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "736AEAE9-782B-4F71-9893-DED53367E102",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition."
},
{
"lang": "es",
"value": "La funci\u00f3n jbd2_journal_wait_updates en el archivo fs/jbd2/transaction.c en el kernel de Linux versiones anteriores a 5.17.1, presenta un uso de memoria previamente liberada causado por una condici\u00f3n de carrera transaction_t"
}
],
"id": "CVE-2022-28796",
"lastModified": "2024-11-21T06:57:57.140",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-08T05:15:07.067",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/torvalds/linux/commit/cc16eecae687912238ee6efbff71ad31e2bc414e"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220506-0006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/torvalds/linux/commit/cc16eecae687912238ee6efbff71ad31e2bc414e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220506-0006/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-05-25 15:15
Modified
2024-11-21 06:41
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| netapp | active_iq_unified_manager | - | |
| netapp | cloud_volumes_ontap_mediator | - | |
| netapp | e-series_santricity_os_controller | * | |
| netapp | element_software | - | |
| netapp | hci_management_node | - | |
| netapp | solidfire | - | |
| netapp | storagegrid | - | |
| netapp | bootstrap_os | - | |
| netapp | hci_compute_node | - | |
| netapp | h300s_firmware | - | |
| netapp | h300s | - | |
| netapp | h500s_firmware | - | |
| netapp | h500s | - | |
| netapp | h700s_firmware | - | |
| netapp | h700s | - | |
| netapp | h300e_firmware | - | |
| netapp | h300e | - | |
| netapp | h500e_firmware | - | |
| netapp | h500e | - | |
| netapp | h700e_firmware | - | |
| netapp | h700e | - | |
| netapp | h410s_firmware | - | |
| netapp | h410s | - | |
| netapp | h410c_firmware | - | |
| netapp | h410c | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B2A2E0DA-9949-495C-AC30-A21F364D71E1",
"versionEndIncluding": "4.19",
"versionStartIncluding": "4.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:cloud_volumes_ontap_mediator:-:*:*:*:*:*:*:*",
"matchCriteriaId": "280AA828-6FA9-4260-8EC1-019423B966E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A0DA944C-4992-424D-BC82-474585DAC5DF",
"versionEndIncluding": "11.70.2",
"versionStartIncluding": "11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8ADFF451-740F-4DBA-BD23-3881945D3E40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "108A2215-50FB-4074-94CF-C130FA14566D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "32F0B6C0-F930-480D-962B-3F4EFDCC13C7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "803BC414-B250-4E3A-A478-A3881340D6B8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FEB3337-BFDE-462A-908B-176F92053CEC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "736AEAE9-782B-4F71-9893-DED53367E102",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients."
},
{
"lang": "es",
"value": "Se ha detectado un problema en el Kernel de Linux de la 4.18 a 4.19, una actualizaci\u00f3n inapropiada de la referencia sock en el paso TCP puede conllevar a una p\u00e9rdida de memoria/netns, que puede ser usada por clientes remotos"
}
],
"id": "CVE-2022-1678",
"lastModified": "2024-11-21T06:41:14.133",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "security@openanolis.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-25T15:15:07.887",
"references": [
{
"source": "security@openanolis.org",
"tags": [
"Third Party Advisory"
],
"url": "https://anas.openanolis.cn/cves/detail/CVE-2022-1678"
},
{
"source": "security@openanolis.org",
"tags": [
"Third Party Advisory"
],
"url": "https://anas.openanolis.cn/errata/detail/ANSA-2022:0143"
},
{
"source": "security@openanolis.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=61"
},
{
"source": "security@openanolis.org",
"tags": [
"Permissions Required"
],
"url": "https://gitee.com/anolis/cloud-kernel/commit/bed537da691b"
},
{
"source": "security@openanolis.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/torvalds/linux/commit/0a70f118475e037732557796accd0878a00fc25a"
},
{
"source": "security@openanolis.org",
"url": "https://lore.kernel.org/all/20200602080425.93712-1-kerneljasonxing%40gmail.com/"
},
{
"source": "security@openanolis.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220715-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://anas.openanolis.cn/cves/detail/CVE-2022-1678"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://anas.openanolis.cn/errata/detail/ANSA-2022:0143"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=61"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://gitee.com/anolis/cloud-kernel/commit/bed537da691b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/torvalds/linux/commit/0a70f118475e037732557796accd0878a00fc25a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lore.kernel.org/all/20200602080425.93712-1-kerneljasonxing%40gmail.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220715-0001/"
}
],
"sourceIdentifier": "security@openanolis.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-911"
}
],
"source": "security@openanolis.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-04-11 14:15
Modified
2025-06-17 20:50
Severity ?
Summary
eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a "TuDoor" attack. In other words, dnspython does not have the preferred behavior in which the DNS name resolution algorithm would proceed, within the full time window, in order to wait for a valid packet. NOTE: dnspython 2.6.0 is unusable for a different reason that was addressed in 2.6.1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| eventlet | eventlet | * | |
| dnspython | dnspython | * | |
| fedoraproject | fedora | 38 | |
| fedoraproject | fedora | 39 | |
| fedoraproject | fedora | 40 | |
| netapp | bootstrap_os | - | |
| netapp | hci_compute_node | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:eventlet:eventlet:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A4D34E2-32E0-4D02-9CCE-C51CABE65099",
"versionEndExcluding": "0.35.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dnspython:dnspython:*:*:*:*:*:*:*:*",
"matchCriteriaId": "97627580-395B-4E07-8634-01CB4DC5CD62",
"versionEndExcluding": "2.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*",
"matchCriteriaId": "CA277A6C-83EC-4536-9125-97B84C4FAF59",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a \"TuDoor\" attack. In other words, dnspython does not have the preferred behavior in which the DNS name resolution algorithm would proceed, within the full time window, in order to wait for a valid packet. NOTE: dnspython 2.6.0 is unusable for a different reason that was addressed in 2.6.1."
},
{
"lang": "es",
"value": "eventlet anterior a 0.35.2, como se usa en dnspython anterior a 2.6.0, permite a atacantes remotos interferir con la resoluci\u00f3n de nombres DNS enviando r\u00e1pidamente un paquete no v\u00e1lido desde la direcci\u00f3n IP y el puerto de origen esperados, tambi\u00e9n conocido como un ataque \"TuDoor\". En otras palabras, dnspython no tiene el comportamiento preferido en el que proceder\u00eda el algoritmo de resoluci\u00f3n de nombres DNS, dentro de la ventana de tiempo completa, para esperar un paquete v\u00e1lido. NOTA: dnspython 2.6.0 no se puede utilizar por un motivo diferente al que se abord\u00f3 en 2.6.1."
}
],
"id": "CVE-2023-29483",
"lastModified": "2025-06-17T20:50:56.137",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 4.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-04-11T14:15:12.010",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://github.com/eventlet/eventlet/issues/913"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://github.com/eventlet/eventlet/releases/tag/v0.35.2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://github.com/rthalley/dnspython/issues/1045"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://github.com/rthalley/dnspython/releases/tag/v2.6.0"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NLRKR57IFVKQC2GCXZBFLCLBAWBWL3F6/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOHJOO3OM65UIUUUVDEXMCTXNM6LXZEH/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3BNSIK5NFYSAP53Y45GOCMOQHHDLGIF/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20240510-0001/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.snyk.io/vuln/SNYK-PYTHON-DNSPYTHON-6241713"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.dnspython.org/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://github.com/eventlet/eventlet/issues/913"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://github.com/eventlet/eventlet/releases/tag/v0.35.2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://github.com/rthalley/dnspython/issues/1045"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://github.com/rthalley/dnspython/releases/tag/v2.6.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NLRKR57IFVKQC2GCXZBFLCLBAWBWL3F6/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOHJOO3OM65UIUUUVDEXMCTXNM6LXZEH/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3BNSIK5NFYSAP53Y45GOCMOQHHDLGIF/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20240510-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.snyk.io/vuln/SNYK-PYTHON-DNSPYTHON-6241713"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.dnspython.org/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-292"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-05-27 15:15
Modified
2024-11-21 05:01
Severity ?
Summary
SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sqlite | sqlite | * | |
| fedoraproject | fedora | 32 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.10 | |
| canonical | ubuntu_linux | 20.04 | |
| netapp | cloud_backup | - | |
| netapp | solidfire\,_enterprise_sds_\&_hci_storage_node | - | |
| brocade | fabric_operating_system | - | |
| netapp | hci_compute_node_firmware | - | |
| netapp | hci_compute_node | - | |
| siemens | sinec_infrastructure_network_services | * | |
| apple | icloud | * | |
| apple | itunes | * | |
| apple | ipados | * | |
| apple | iphone_os | * | |
| apple | macos | * | |
| apple | tvos | * | |
| apple | watchos | * | |
| oracle | communications_network_charging_and_control | * | |
| oracle | communications_network_charging_and_control | 6.0.1 | |
| oracle | outside_in_technology | 8.5.4 | |
| oracle | outside_in_technology | 8.5.5 | |
| oracle | zfs_storage_appliance_kit | 8.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B0C3C64-D3B1-4B06-B792-F2E07743D0FE",
"versionEndExcluding": "3.32.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire\\,_enterprise_sds_\\\u0026_hci_storage_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DAA3919C-B2B1-4CB5-BA76-7A079AAFFC52",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:brocade:fabric_operating_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "41CD1160-B681-41EF-9EB4-06CE0F53C501",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F921BC85-568E-4B69-A3CD-CF75C76672F1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B0F46497-4AB0-49A7-9453-CC26837BF253",
"versionEndExcluding": "1.0.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "5AD2710B-E1DB-4D6C-9A0E-1EC033AEC709",
"versionEndExcluding": "11.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "82AF1567-8217-464E-896E-874EBB0FE463",
"versionEndExcluding": "12.10.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10CC9ED4-9AE1-415A-94FF-60CB209506CA",
"versionEndExcluding": "14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16AF4D2F-3C55-4DCC-A253-3F8CB4F453EF",
"versionEndExcluding": "14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2EE75CC-3796-416A-9E58-64788BB89240",
"versionEndExcluding": "11.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D16EC4D-D2E7-476D-BFBC-3703C8F0B45E",
"versionEndExcluding": "14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C117BCCF-7789-40BB-AD25-1E712F6DCF7C",
"versionEndExcluding": "7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2AB443D1-D8E0-4253-9E1C-B62AEBBE582A",
"versionEndIncluding": "12.0.3",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ECC00750-1DBF-401F-886E-E0E65A277409",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:outside_in_technology:8.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "72F1A960-EBA5-4BDB-B629-20F0D2384562",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:outside_in_technology:8.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3198F822-43F8-4CB3-97F7-C2982FDA5CBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D3E503FB-6279-4D4A-91D8-E237ECF9D2B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c."
},
{
"lang": "es",
"value": "SQLite versiones anteriores a la versi\u00f3n 3.32.0, permite que una tabla virtual sea renombrada con el nombre de una de sus tablas shadow, relacionada con los archivos alter.c y build.c."
}
],
"id": "CVE-2020-13631",
"lastModified": "2024-11-21T05:01:38.243",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-27T15:15:12.947",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2020/Dec/32"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2020/Nov/19"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2020/Nov/20"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2020/Nov/22"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/chromium/issues/detail?id=1080459"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3Cissues.guacamole.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202007-26"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200608-0002/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://sqlite.org/src/info/eca0ba2cf4c0fdf7"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT211843"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT211844"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT211850"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT211931"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT211935"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT211952"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4394-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2020/Dec/32"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2020/Nov/19"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2020/Nov/20"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2020/Nov/22"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/chromium/issues/detail?id=1080459"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3Cissues.guacamole.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202007-26"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200608-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://sqlite.org/src/info/eca0ba2cf4c0fdf7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT211843"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT211844"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT211850"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT211931"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT211935"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT211952"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4394-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-19 22:15
Modified
2024-11-21 06:44
Severity ?
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:graalvm:20.3.6:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "7D961E24-EA18-4217-B5F5-F847726D84E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:graalvm:21.3.2:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "601D92C4-F71F-47E2-9041-5C286D2137F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:graalvm:22.1.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "B18FE85D-C53D-44E9-8992-715820D1264B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update343:*:*:*:*:*:*",
"matchCriteriaId": "6E3C0BA3-FCD3-4CB8-B8C7-F931090A7DBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update333:*:*:*:*:*:*",
"matchCriteriaId": "EB2A5440-7FA7-4A86-AA19-E2ABBD809B19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdk:11.0.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C0485FC-E4B2-464E-8228-1387AC5F353B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdk:17.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7AF3539B-0434-4310-AE88-F46864C7C20F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdk:18.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F5CC9398-71B6-4480-95ED-EDCE838D157E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update343:*:*:*:*:*:*",
"matchCriteriaId": "60614E43-090E-44D7-94AD-FFAE38FF111F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.8.0:update333:*:*:*:*:*:*",
"matchCriteriaId": "131E1C9E-721C-4176-B78B-69C01F90A9A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jre:11.0.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AD4BFA12-588A-4D8D-B45F-648A55EC674C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jre:17.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0DF70EEA-EC9D-4FFC-B7BE-76F50C34D999",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jre:18.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4EF9CFB1-CEC9-483E-BECF-618190C03944",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DD2ADA66-DCD0-4D28-80B2-77A0265CE7B9",
"versionEndIncluding": "11.0.15",
"versionStartIncluding": "11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8CA6BC07-2BDA-4913-AF2B-FD2146B0E539",
"versionEndIncluding": "13.0.11",
"versionStartIncluding": "13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A2E366B-549D-48C5-B3FB-AD0E8C75AE08",
"versionEndIncluding": "15.0.7",
"versionStartIncluding": "15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "15FD6A0B-BB1A-4875-926C-AB1B6EC1A053",
"versionEndIncluding": "17.0.3",
"versionStartIncluding": "17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*",
"matchCriteriaId": "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*",
"matchCriteriaId": "02011EDC-20A7-4A16-A592-7C76E0037997",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*",
"matchCriteriaId": "AC6D4652-1226-4C60-BEDF-01EBF8AC0849",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:*",
"matchCriteriaId": "3C1F9ED7-7D93-41F4-9130-15BA734420AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*",
"matchCriteriaId": "1CF9CDF1-95D3-4125-A73F-396D2280FC4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:*",
"matchCriteriaId": "A13266DC-F8D9-4F30-987F-65BBEAF8D3A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:*",
"matchCriteriaId": "C28388AB-CFC9-4749-A90F-383F5B905EA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*",
"matchCriteriaId": "DA1B00F9-A81C-48B7-8DAA-F394DDF323F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:*",
"matchCriteriaId": "CA7AD457-6CE6-4925-8D94-A907B40233D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:*",
"matchCriteriaId": "A6F3FDD1-7CAC-4B84-ABB7-64E9D3FBD708",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*",
"matchCriteriaId": "5480E5AD-DB46-474A-9B57-84ED088A75FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*",
"matchCriteriaId": "881A4AE9-6012-4E91-98BE-0A352CC20703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*",
"matchCriteriaId": "7E1E1079-57D9-473B-A017-964F4745F329",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*",
"matchCriteriaId": "B8D6446E-2915-4F12-87BE-E7420BC2626E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*",
"matchCriteriaId": "564EDCE3-16E6-401D-8A43-032D1F8875E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*",
"matchCriteriaId": "08278802-D31B-488A-BA6A-EBC816DF883A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*",
"matchCriteriaId": "72BDA05A-C8BD-472E-8465-EE1F3E5D8CF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*",
"matchCriteriaId": "7BBB0969-565E-43E2-B067-A10AAA5F1958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*",
"matchCriteriaId": "D78BE95D-6270-469A-8035-FCDDB398F952",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*",
"matchCriteriaId": "88C24F40-3150-4584-93D9-8307DE04EEE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*",
"matchCriteriaId": "E0FC5A03-FF11-4787-BBF1-3ACF93A21F2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*",
"matchCriteriaId": "19626B36-62FC-4497-A2E1-7D6CD9839B19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*",
"matchCriteriaId": "5713AEBD-35F6-44E8-A0CC-A42830D7AE20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*",
"matchCriteriaId": "8BE0C04B-440E-4B35-ACC8-6264514F764C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:*",
"matchCriteriaId": "555EC2A6-0475-48ED-AE0C-B306714A9333",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*",
"matchCriteriaId": "EC1CF2AD-3F7A-4EF3-BD41-117A21553A9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update261:*:*:*:*:*:*",
"matchCriteriaId": "02C55E2E-AEDE-455C-B128-168C918B5D97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update271:*:*:*:*:*:*",
"matchCriteriaId": "81831D37-6597-441B-87DE-38F7191BEA42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update281:*:*:*:*:*:*",
"matchCriteriaId": "EEA1594D-0AB5-436D-9E60-C26EE2175753",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update291:*:*:*:*:*:*",
"matchCriteriaId": "B868FA41-C71B-491C-880B-484740B30C72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*",
"matchCriteriaId": "C242D3BE-9114-4A9E-BB78-45754C7CC450",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update301:*:*:*:*:*:*",
"matchCriteriaId": "95954182-9541-4181-9647-B17FA5A79F9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update311:*:*:*:*:*:*",
"matchCriteriaId": "9F6F0137-F91F-4028-BED2-C29640D52C23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update321:*:*:*:*:*:*",
"matchCriteriaId": "EAFB6B15-4AE6-47FC-8847-9DFADB7AE253",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update4:*:*:*:*:*:*",
"matchCriteriaId": "D61068FE-18EE-4ADB-BC69-A3ECE8724575",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update40:*:*:*:*:*:*",
"matchCriteriaId": "EFB59E80-4EC4-4399-BF40-6733E4E475A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update45:*:*:*:*:*:*",
"matchCriteriaId": "84E31265-22E1-4E91-BFCB-D2AFF445926A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update5:*:*:*:*:*:*",
"matchCriteriaId": "AB3A58C3-94BB-4120-BE1D-AAF8BBF7F22B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update51:*:*:*:*:*:*",
"matchCriteriaId": "50319E52-8739-47C5-B61E-3CA9B6A9A48F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update55:*:*:*:*:*:*",
"matchCriteriaId": "7ED515B9-DC74-4DC5-B98A-08D87D85E11E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update6:*:*:*:*:*:*",
"matchCriteriaId": "6D1D4868-1F9F-43F7-968C-6469B67D3F1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update60:*:*:*:*:*:*",
"matchCriteriaId": "568F1AC4-B0D7-4438-82E5-0E61500F2240",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update65:*:*:*:*:*:*",
"matchCriteriaId": "F5E99B4A-EDAD-4471-81C4-7E9C775C9D9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update67:*:*:*:*:*:*",
"matchCriteriaId": "14E9133E-9FF3-40DB-9A11-7469EF5FD265",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update7:*:*:*:*:*:*",
"matchCriteriaId": "94834710-3FA9-49D9-8600-B514CBCA4270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update72:*:*:*:*:*:*",
"matchCriteriaId": "4228D9E1-7D82-4B49-9669-9CDAD7187432",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update76:*:*:*:*:*:*",
"matchCriteriaId": "F6231F48-2936-4F7D-96D5-4BA11F78EBE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*",
"matchCriteriaId": "D96D5061-4A81-497E-9AD6-A8381B3B454C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*",
"matchCriteriaId": "5345C21E-A01B-43B9-9A20-F2783D921C60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update9:*:*:*:*:*:*",
"matchCriteriaId": "B219F360-83BD-4111-AB59-C9D4F55AF4C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update91:*:*:*:*:*:*",
"matchCriteriaId": "D25377EA-8E8F-4C76-8EA9-3BBDFB352815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update95:*:*:*:*:*:*",
"matchCriteriaId": "59FEFE05-269A-4EAF-A80F-E4C2107B1197",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update97:*:*:*:*:*:*",
"matchCriteriaId": "E7E2AA7C-F602-4DB7-9EC1-0708C46C253C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update99:*:*:*:*:*:*",
"matchCriteriaId": "FB70E154-A304-429E-80F5-8D87B00E32D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*",
"matchCriteriaId": "70892D06-6E75-4425-BBF0-4B684EC62A1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone1:*:*:*:*:*:*",
"matchCriteriaId": "7A165D71-71CC-4E6A-AA4F-FF8DB5B9A5AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone2:*:*:*:*:*:*",
"matchCriteriaId": "7417B2BB-9AC2-4AF4-A828-C89A0735AD92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone3:*:*:*:*:*:*",
"matchCriteriaId": "6A0A57B5-6F88-4288-9CDE-F6613FE068D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone4:*:*:*:*:*:*",
"matchCriteriaId": "67ED8559-C348-4932-B7CE-CB96976A30EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone5:*:*:*:*:*:*",
"matchCriteriaId": "40AC3D91-263F-4345-9FAA-0E573EA64590",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone6:*:*:*:*:*:*",
"matchCriteriaId": "DD92AFA9-81F8-48D4-B79A-E7F066F69A99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone7:*:*:*:*:*:*",
"matchCriteriaId": "2C4B2F24-A730-4818-90C8-A2D90C081F03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone8:*:*:*:*:*:*",
"matchCriteriaId": "464087F2-C285-4574-957E-CE0663F07DE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone9:*:*:*:*:*:*",
"matchCriteriaId": "3E9BB880-A4F6-4887-8BB9-47AA298753D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*",
"matchCriteriaId": "18DCFF53-B298-4534-AB5C-8A5EF59C616F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*",
"matchCriteriaId": "083419F8-FDDF-4E36-88F8-857DB317C1D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*",
"matchCriteriaId": "D7A74F65-57E8-4C9A-BA96-5EF401504F13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*",
"matchCriteriaId": "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*",
"matchCriteriaId": "07812576-3C35-404C-A7D7-9BE9E3D76E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*",
"matchCriteriaId": "00C52B1C-5447-4282-9667-9EBE0720B423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*",
"matchCriteriaId": "92BB9EB0-0C12-4E77-89EE-FB77097841B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*",
"matchCriteriaId": "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*",
"matchCriteriaId": "ABC0E7BB-F8B7-4369-9910-71240E4073A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*",
"matchCriteriaId": "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*",
"matchCriteriaId": "0AE30779-48FB-451E-8CE1-F469F93B8772",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*",
"matchCriteriaId": "60590FDE-7156-4314-A012-AA38BD2ADDC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*",
"matchCriteriaId": "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*",
"matchCriteriaId": "F24F6122-2256-41B6-9033-794C6424ED99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*",
"matchCriteriaId": "0EAFA79E-8C7A-48CF-8868-11378FE4B26F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*",
"matchCriteriaId": "D1D6F19F-59B5-4BB6-AD35-013384025970",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*",
"matchCriteriaId": "E7BA97BC-3ADA-465A-835B-6C3C5F416B56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*",
"matchCriteriaId": "B71F77A4-B7EB-47A1-AAFD-431A7D040B86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*",
"matchCriteriaId": "91D6BEA9-5943-44A4-946D-CEAA9BA99376",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*",
"matchCriteriaId": "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*",
"matchCriteriaId": "2CB74086-14B8-4237-8357-E0C6B5BB8313",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*",
"matchCriteriaId": "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*",
"matchCriteriaId": "00C2B9C9-1177-4DA6-96CE-55F37F383F99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*",
"matchCriteriaId": "435CF189-0BD8-40DF-A0DC-99862CDEAF8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*",
"matchCriteriaId": "12A3F367-33AD-47C3-BFDC-871A17E72C94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*",
"matchCriteriaId": "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*",
"matchCriteriaId": "78261932-7373-4F16-91E0-1A72ADBEBC3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update242:*:*:*:*:*:*",
"matchCriteriaId": "9BD90D3D-9B3A-4101-9A8A-5090F0A9719F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*",
"matchCriteriaId": "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update252:*:*:*:*:*:*",
"matchCriteriaId": "F5A40B8A-D428-4008-9F21-AF21394C51D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update262:*:*:*:*:*:*",
"matchCriteriaId": "FEC5B777-01E1-45EE-AF95-C3BD1F098B2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update271:*:*:*:*:*:*",
"matchCriteriaId": "3B504718-5DCE-43B4-B19A-C6B6E7444BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update281:*:*:*:*:*:*",
"matchCriteriaId": "3102AA10-99A8-49A9-867E-7EEC56865680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update282:*:*:*:*:*:*",
"matchCriteriaId": "5A55CBC7-A7B2-4B89-8AB5-ED30DBE6814E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update291:*:*:*:*:*:*",
"matchCriteriaId": "15BA8A26-2CDA-442B-A549-6BE92DCCD205",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*",
"matchCriteriaId": "56F2883B-6A1B-4081-8877-07AF3A73F6CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update302:*:*:*:*:*:*",
"matchCriteriaId": "98C0742E-ACDD-4DB4-8A4C-B96702C8976C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*",
"matchCriteriaId": "F8483034-DD5A-445D-892F-CDE90A7D58EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update312:*:*:*:*:*:*",
"matchCriteriaId": "1716A5CD-1C32-4F19-9DDE-F9C7CCB6B420",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update322:*:*:*:*:*:*",
"matchCriteriaId": "DAB4F663-BCAF-43DB-BCC3-24C060B0CBAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update332:*:*:*:*:*:*",
"matchCriteriaId": "A8EF5BB8-7DAF-49B0-A11E-14E89EF7377A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*",
"matchCriteriaId": "8279718F-878F-4868-8859-1728D13CD0D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*",
"matchCriteriaId": "2C024E1A-FD2C-42E8-B227-C2AFD3040436",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*",
"matchCriteriaId": "4F24389D-DDD0-4204-AA24-31C920A4F47E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*",
"matchCriteriaId": "966979BE-1F21-4729-B6B8-610F74648344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*",
"matchCriteriaId": "F8534265-33BF-460D-BF74-5F55FDE50F29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*",
"matchCriteriaId": "F77AFC25-1466-4E56-9D5F-6988F3288E16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*",
"matchCriteriaId": "A650BEB8-E56F-4E42-9361-8D2DB083F0F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*",
"matchCriteriaId": "799FFECD-E80A-44B3-953D-CDB5E195F3AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*",
"matchCriteriaId": "A7047507-7CAF-4A14-AA9A-5CEF806EDE98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*",
"matchCriteriaId": "CFC7B179-95D3-4F94-84F6-73F1034A1AF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*",
"matchCriteriaId": "9FB28526-9385-44CA-AF08-1899E6C3AE4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*",
"matchCriteriaId": "E26B69E4-0B43-415F-A82B-52FDCB262B3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*",
"matchCriteriaId": "27BC4150-70EC-462B-8FC5-20B3442CBB31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*",
"matchCriteriaId": "02646989-ECD9-40AE-A83E-EFF4080C69B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:18:*:*:*:*:*:*:*",
"matchCriteriaId": "56CBFC1F-C120-44F2-877A-C1C880AA89C4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
"matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:azul:zulu:7.54:*:*:*:*:*:*:*",
"matchCriteriaId": "50C77346-8893-44F0-B0D1-5D4D30A9CA3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azul:zulu:8.62:*:*:*:*:*:*:*",
"matchCriteriaId": "63E58DE0-A96A-452E-986F-3BD2FEA7C723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azul:zulu:11.56:*:*:*:*:*:*:*",
"matchCriteriaId": "D3FB1BF4-3FCF-4007-A9E3-97C35483D6A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azul:zulu:13.48:*:*:*:*:*:*:*",
"matchCriteriaId": "BD7A33EC-DE03-424F-9796-E5EA071FF6CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azul:zulu:15.40:*:*:*:*:*:*:*",
"matchCriteriaId": "CCDAFFA9-0AA4-4C70-9154-8DA4BB255FD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azul:zulu:17.34:*:*:*:*:*:*:*",
"matchCriteriaId": "B6302149-28AA-481E-BC6C-87D05E73768A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azul:zulu:18.30:*:*:*:*:*:*:*",
"matchCriteriaId": "20DFD9D8-8648-40F7-81B8-04F852A337FA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Hotspot). Las versiones afectadas son Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 y 22.1.0. Una vulnerabilidad dif\u00edcil de explotar permite a un atacante no autenticado con acceso a la red por medio de m\u00faltiples protocolos comprometer a Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en la creaci\u00f3n no autorizada, la eliminaci\u00f3n o el acceso a la modificaci\u00f3n de datos cr\u00edticos o de todos los datos accesibles de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad es aplicada a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start o applets Java con sandbox, que cargan y ejecutan c\u00f3digo no confiable (por ejemplo, c\u00f3digo procedente de Internet) y que dependen de la sandbox de Java para su seguridad. Esta vulnerabilidad tambi\u00e9n puede ser explotada mediante el uso de APIs en el componente especificado, por ejemplo, mediante un servicio web que suministra datos a las APIs. CVSS 3.1, Puntuaci\u00f3n Base 5.9 (impactos en la Integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)."
}
],
"id": "CVE-2022-21541",
"lastModified": "2024-11-21T06:44:55.193",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "secalert_us@oracle.com",
"type": "Primary"
}
]
},
"published": "2022-07-19T22:15:11.783",
"references": [
{
"source": "secalert_us@oracle.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/"
},
{
"source": "secalert_us@oracle.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/"
},
{
"source": "secalert_us@oracle.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/"
},
{
"source": "secalert_us@oracle.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/"
},
{
"source": "secalert_us@oracle.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/"
},
{
"source": "secalert_us@oracle.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/"
},
{
"source": "secalert_us@oracle.com",
"url": "https://security.gentoo.org/glsa/202401-25"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220729-0009/"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5188"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5192"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202401-25"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220729-0009/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5188"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5192"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-29 19:15
Modified
2024-11-21 04:59
Severity ?
Summary
An array overflow was discovered in mt76_add_fragment in drivers/net/wireless/mediatek/mt76/dma.c in the Linux kernel before 5.5.10, aka CID-b102f0c522cf. An oversized packet with too many rx fragments can corrupt memory of adjacent pages.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0542D4E3-231E-4A77-86D4-89BC72DCBAB7",
"versionEndExcluding": "4.19.111",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "969EAF10-7774-45A4-99A8-E946B33706E6",
"versionEndExcluding": "5.4.26",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "935FAEA6-8487-40DA-A460-9A459030B182",
"versionEndExcluding": "5.5.10",
"versionStartIncluding": "5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:hci_baseboard_management_controller:h300s:*:*:*:*:*:*:*",
"matchCriteriaId": "27227B35-932A-4035-B39F-6A455753C0D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:hci_baseboard_management_controller:h410c:*:*:*:*:*:*:*",
"matchCriteriaId": "489D20B9-166F-423D-8C48-A23D3026E33B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:hci_baseboard_management_controller:h410s:*:*:*:*:*:*:*",
"matchCriteriaId": "A4AD592C-222D-4C6F-B176-8145A1A5AFEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:hci_baseboard_management_controller:h500s:*:*:*:*:*:*:*",
"matchCriteriaId": "8603654B-A8A9-4DEB-B0DD-C82E1C885749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:hci_baseboard_management_controller:h610c:*:*:*:*:*:*:*",
"matchCriteriaId": "78BE572F-45C1-467F-918F-FB1276F6B495",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:hci_baseboard_management_controller:h610s:*:*:*:*:*:*:*",
"matchCriteriaId": "DE7C6010-F736-4BDA-9E3B-C4370BBFA149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:hci_baseboard_management_controller:h615c:*:*:*:*:*:*:*",
"matchCriteriaId": "646FFC2B-6DC4-4BD8-AAE0-81895D397700",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:hci_baseboard_management_controller:h700s:*:*:*:*:*:*:*",
"matchCriteriaId": "C855C933-F271-45E6-8E85-8D7CF2EF1BE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire_\\\u0026_hci_management_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6D700C5-F67F-4FFB-BE69-D524592A3D2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:netapp:aff_baseboard_management_controller:a700s:*:*:*:*:*:*:*",
"matchCriteriaId": "804B2D7C-D890-4C4C-8A76-1760552E11BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "090AA6F4-4404-4E26-82AB-C3A22636F276",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An array overflow was discovered in mt76_add_fragment in drivers/net/wireless/mediatek/mt76/dma.c in the Linux kernel before 5.5.10, aka CID-b102f0c522cf. An oversized packet with too many rx fragments can corrupt memory of adjacent pages."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un desbordamiento de matriz en la funci\u00f3n mt76_add_fragment en el archivo drivers/net/wireless/mediatek/mt76/dma.c en el kernel de Linux versiones anteriores a la versi\u00f3n 5.5.10, tambi\u00e9n se conoce como CID-b102f0c522cf. Un paquete de gran tama\u00f1o con muchos fragmentos rx puede corromper la memoria de p\u00e1ginas adyacentes."
}
],
"id": "CVE-2020-12465",
"lastModified": "2024-11-21T04:59:45.510",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-29T19:15:12.907",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.10"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b102f0c522cf668c8382c56a4f771b37d011cda2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/torvalds/linux/commit/b102f0c522cf668c8382c56a4f771b37d011cda2"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b102f0c522cf668c8382c56a4f771b37d011cda2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/torvalds/linux/commit/b102f0c522cf668c8382c56a4f771b37d011cda2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-07 21:15
Modified
2024-11-21 07:00
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| eclipse | jetty | * | |
| eclipse | jetty | * | |
| eclipse | jetty | * | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 | |
| netapp | element_plug-in_for_vcenter_server | - | |
| netapp | management_services_for_element_software_and_netapp_hci | - | |
| netapp | snapcenter | - | |
| netapp | solidfire_\&_hci_storage_node | - | |
| netapp | hci_compute_node | - | |
| jenkins | jenkins | * | |
| jenkins | jenkins | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A055068C-4D71-4DDD-AEFF-E39982FD8DC7",
"versionEndExcluding": "9.4.47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB90B12D-86AF-4A9F-8C44-0213FA056919",
"versionEndExcluding": "10.0.9",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC65CE45-D006-4A65-81EA-B7D0397DCA2B",
"versionEndExcluding": "11.0.9",
"versionStartIncluding": "11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:element_plug-in_for_vcenter_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "214712B6-59AF-4B5E-84BF-AF3C74A390EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:management_services_for_element_software_and_netapp_hci:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDAC85F0-93AF-4BE3-AE1A-8ADAF1CDF9AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire_\\\u0026_hci_storage_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D452B464-1200-4B72-9A89-42DC58486191",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB750FC4-A7B8-464B-9CF1-02BAC0A5121B",
"versionEndExcluding": "2.263",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "F1570EF2-F7AD-4D7A-B13C-5F729E218E0F",
"versionEndExcluding": "2.361.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests."
},
{
"lang": "es",
"value": "En la implementaci\u00f3n del servidor Eclipse Jetty HTTP/2, cuando es encontrada una petici\u00f3n HTTP/2 no v\u00e1lida, el manejo de errores presenta un error que puede terminar por no limpiar apropiadamente las conexiones activas y los recursos asociados. Esto puede conllevar a un escenario de denegaci\u00f3n de servicio en el que no queden recursos suficientes para procesar las peticiones buenas"
}
],
"id": "CVE-2022-2048",
"lastModified": "2024-11-21T07:00:13.980",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "emo@eclipse.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-07T21:15:10.150",
"references": [
{
"source": "emo@eclipse.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/09/09/2"
},
{
"source": "emo@eclipse.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j"
},
{
"source": "emo@eclipse.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html"
},
{
"source": "emo@eclipse.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220901-0006/"
},
{
"source": "emo@eclipse.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5198"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/09/09/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220901-0006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5198"
}
],
"sourceIdentifier": "emo@eclipse.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-410"
},
{
"lang": "en",
"value": "CWE-664"
}
],
"source": "emo@eclipse.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-02 14:15
Modified
2024-11-21 07:02
Severity ?
Summary
Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. This mechanism could be bypassed if the host name in the given URL used atrailing dot while not using one when it built the HSTS cache. Or the otherway around - by having the trailing dot in the HSTS cache and *not* using thetrailing dot in the URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| haxx | curl | * | |
| netapp | hci_bootstrap_os | - | |
| netapp | hci_compute_node | - | |
| netapp | clustered_data_ontap | - | |
| netapp | solidfire\,_enterprise_sds_\&_hci_storage_node | - | |
| netapp | solidfire_\&_hci_management_node | - | |
| netapp | h300s_firmware | - | |
| netapp | h300s | - | |
| netapp | h500s_firmware | - | |
| netapp | h500s | - | |
| netapp | h700s_firmware | - | |
| netapp | h700s | - | |
| netapp | h410s_firmware | - | |
| netapp | h410s | - | |
| splunk | universal_forwarder | * | |
| splunk | universal_forwarder | * | |
| splunk | universal_forwarder | 9.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "847EB547-3EB5-4A0C-83DF-D9EFE7FA8B89",
"versionEndExcluding": "7.83.1",
"versionStartIncluding": "7.82.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1C767AA1-88B7-48F0-9F31-A89D16DCD52C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FE996B1-6951-4F85-AA58-B99A379D2163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire\\,_enterprise_sds_\\\u0026_hci_storage_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DAA3919C-B2B1-4CB5-BA76-7A079AAFFC52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire_\\\u0026_hci_management_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6D700C5-F67F-4FFB-BE69-D524592A3D2E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5722E753-75DE-4944-A11B-556CB299B57D",
"versionEndExcluding": "8.2.12",
"versionStartIncluding": "8.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC0F9351-81A4-4FEA-B6B5-6E960A933D32",
"versionEndExcluding": "9.0.6",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. This mechanism could be bypassed if the host name in the given URL used atrailing dot while not using one when it built the HSTS cache. Or the otherway around - by having the trailing dot in the HSTS cache and *not* using thetrailing dot in the URL."
},
{
"lang": "es",
"value": "usando su soporte HSTS, curl puede ser instruido para usar HTTPS directamente en lugar de usar un paso no seguro de texto sin cifrar HTTP incluso cuando HTTP es proporcionado en la URL. Este mecanismo podr\u00eda ser omitido si el nombre de host en la URL dada usara un endpoint mientras no es usado uno cuando es construida la cach\u00e9 HSTS. O al rev\u00e9s, si el endpoint estuviera en la cach\u00e9 HSTS y *no* es usado el punto al final en la URL"
}
],
"id": "CVE-2022-30115",
"lastModified": "2024-11-21T07:02:11.457",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-02T14:15:51.507",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/10/26/4"
},
{
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/12/21/1"
},
{
"source": "support@hackerone.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1557449"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202212-01"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220609-0009/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/10/26/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/12/21/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1557449"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202212-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220609-0009/"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-325"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-319"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-13 20:15
Modified
2024-11-21 05:18
Severity ?
Summary
A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| linux | linux_kernel | 5.9.0 | |
| linux | linux_kernel | 5.9.0 | |
| linux | linux_kernel | 5.9.0 | |
| linux | linux_kernel | 5.9.0 | |
| linux | linux_kernel | 5.9.0 | |
| linux | linux_kernel | 5.9.0 | |
| linux | linux_kernel | 5.9.0 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| netapp | solidfire_\&_hci_management_node | - | |
| netapp | solidfire_\&_hci_storage_node | - | |
| opensuse | leap | 15.1 | |
| opensuse | leap | 15.2 | |
| netapp | hci_compute_node_bios | - | |
| netapp | hci_compute_node | - | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 20.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C9CA5EDA-9CA4-49FA-AF86-7B150825868E",
"versionEndExcluding": "5.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:5.9.0:-:*:*:*:*:*:*",
"matchCriteriaId": "B2C150C3-165E-42D6-80D4-87B11340B08C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:5.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "21F51360-AF61-433B-9FD9-D7DE742FABF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:5.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AFF43A64-F1B2-49B5-9B1A-3C5287E30CC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:5.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7CD5DFA0-15FB-44C2-8C2F-DCABACB998B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:5.9.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "DEA3DDD5-5114-44C0-8805-0A0579BB0034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:5.9.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "573B49F4-C6E1-4032-B46F-70506FE98562",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:5.9.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "78F80706-7471-472D-B9A8-ABDB3C714B4B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:solidfire_\\\u0026_hci_management_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6D700C5-F67F-4FFB-BE69-D524592A3D2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire_\\\u0026_hci_storage_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D452B464-1200-4B72-9A89-42DC58486191",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:hci_compute_node_bios:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7C61DF9A-ABDE-44A2-A060-B088428D5064",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un fallo en el kernel de Linux en versiones anteriores a 5.9-rc7.\u0026#xa0;El tr\u00e1fico entre dos endpoints Geneve puede no estar cifrado cuando IPsec est\u00e1 configurado para cifrar el tr\u00e1fico para el puerto UDP espec\u00edfico usado por el t\u00fanel GENEVE, permitiendo a cualquier persona entre los dos endpoints leer el tr\u00e1fico sin cifrar.\u0026#xa0;La principal amenaza de esta vulnerabilidad es la confidencialidad de los datos"
}
],
"id": "CVE-2020-25645",
"lastModified": "2024-11-21T05:18:19.557",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-13T20:15:12.570",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00035.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00042.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/161229/Kernel-Live-Patch-Security-Notice-LSN-0074-1.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1883988"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00028.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20201103-0004/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4774"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00035.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00042.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/161229/Kernel-Live-Patch-Security-Notice-LSN-0074-1.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1883988"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00028.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20201103-0004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4774"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-319"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-319"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-02-27 23:29
Modified
2024-11-21 04:36
Severity ?
Summary
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1FB0EC34-4625-4B2A-8AB9-0764D9D9E6BC",
"versionEndExcluding": "1.0.2r",
"versionStartIncluding": "1.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
"versionStartIncluding": "7.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
"versionStartIncluding": "9.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
"matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:altavault:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E878102-1EA0-4D83-9F36-955DCF902211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*",
"matchCriteriaId": "62347994-1353-497C-9C4A-D5D8D95F67E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:hyper_converged_infrastructure:-:*:*:*:*:*:*:*",
"matchCriteriaId": "893C0367-DD1A-4754-B9E0-4944344108EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C18CA4B5-28FD-4199-B1F0-B1E59E920370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:vsphere:*:*",
"matchCriteriaId": "EB2FB857-5F1F-46E5-A90C-AFB990BF1660",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_unified_manager_core_package:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A4D418D-B526-46B9-B439-E1963BF88C0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:ontap_select_deploy:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E968916-8CE0-4165-851F-14E37ECEA948",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7CF3019-975D-40BB-A8A4-894E62BD3797",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*",
"matchCriteriaId": "361B791A-D336-4431-8F68-8135BEFFAEA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:-:*:*:*:*:*:*:*",
"matchCriteriaId": "146A767F-DC04-454B-9913-17D3A2B5AAA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4BB0FDCF-3750-44C6-AC5C-0CC2AAD14093",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:unix:*:*",
"matchCriteriaId": "61D7EF01-F618-497F-9375-8003CEA3D380",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:windows:*:*",
"matchCriteriaId": "BEDE62C6-D571-4AF8-B85E-CBBCE4AF98B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snapprotect:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F74F467A-0C81-40D9-BA06-40FB8EF02C04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7B7A6697-98CC-4E36-93DB-B7160F8399F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D239B58A-9386-443D-B579-B56AE2A500BC",
"versionEndIncluding": "9.0.4",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8ADFF451-740F-4DBA-BD23-3881945D3E40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3B5688-0235-4D4F-A26C-440FF24A1B43",
"versionEndIncluding": "12.1.5",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "706316DC-8C24-4D9E-B7B4-F62CB52106B8",
"versionEndIncluding": "13.1.3",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCBAF5C1-3761-47BB-AD8E-A55A64D33AF3",
"versionEndIncluding": "14.1.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EFBB9E7C-08D1-4B30-AD3B-CADBF30D756B",
"versionEndIncluding": "15.1.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "151ED6D1-AA85-4213-8F3A-8167CBEC4721",
"versionEndIncluding": "12.1.5",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BFA83D61-1A50-47F5-B9BE-15D672A6DDAD",
"versionEndIncluding": "13.1.3",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "925049D0-082E-4CED-9996-A55620A220CF",
"versionEndIncluding": "14.1.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "830028B5-9BAF-439C-8166-1053C0CB9836",
"versionEndIncluding": "15.1.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D5AA99B-08E7-4959-A3B4-41AA527B4B22",
"versionEndIncluding": "12.1.5",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22C64069-68D1-445F-B20D-FD1FF8DB0F71",
"versionEndIncluding": "13.1.3",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6D87C038-B96D-4EA8-AB03-0401B2C9BB24",
"versionEndIncluding": "14.1.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01BC2A57-030F-4A13-B584-BE2627EA3FE7",
"versionEndIncluding": "15.1.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9DC86A5F-C793-4848-901F-04BFB57A07F6",
"versionEndIncluding": "12.1.5",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9CE03A8F-DAE1-4923-9741-DC89FA8A6FD8",
"versionEndIncluding": "13.1.3",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "037C035C-9CFC-4224-8264-6132252D11FD",
"versionEndIncluding": "14.1.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD91F1A1-67F5-4547-848B-21664A9CC685",
"versionEndIncluding": "15.1.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E5552A3-91CD-4B97-AD33-4F1FB4C8827A",
"versionEndIncluding": "12.1.5",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A7E616EB-F2F9-43BF-A23D-8FD0650DA85B",
"versionEndIncluding": "13.1.3",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE66A673-75EF-4AB3-AD4D-A1E70C7EFB08",
"versionEndIncluding": "14.1.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10367A28-787A-4FAB-80AD-ADD67A751732",
"versionEndIncluding": "15.1.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "55C2EC23-E78F-4447-BACF-21FC36ABF155",
"versionEndIncluding": "12.1.5",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "180D2770-61F3-4CFB-B5FA-1CF1796D4B3E",
"versionEndIncluding": "13.1.3",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46712630-407A-4E61-B62F-3AB156353A1D",
"versionEndIncluding": "14.1.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21E18EA5-2210-41B1-87B0-55AB16514FE2",
"versionEndIncluding": "15.1.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EFFCCCFF-8B66-4C8B-A99A-32964855EF98",
"versionEndIncluding": "12.1.5",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D0BD10F-735D-4442-828B-0B90207ABEAD",
"versionEndIncluding": "13.1.3",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "448BB033-AE0F-46A0-8E98-3A6AE36EADAE",
"versionEndIncluding": "14.1.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CC06609D-C362-4214-8487-2278161B5EAD",
"versionEndIncluding": "15.1.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "945A19E8-51EB-42FE-9BF1-12DAC78B5286",
"versionEndIncluding": "12.1.5",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2008DD47-CC1D-430F-8478-E90617F5F998",
"versionEndIncluding": "13.1.3",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC39F6EE-478A-4638-B97D-3C25FD318F3D",
"versionEndIncluding": "14.1.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "317C50A2-FE92-4C78-A94A-062274E6A6A8",
"versionEndIncluding": "15.1.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB5007D0-BBDB-4D74-9C88-98FBA74757D1",
"versionEndIncluding": "12.1.5",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "389B6330-3041-4892-97D5-B5A6D9CE1487",
"versionEndIncluding": "13.1.3",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C556587-6963-49CF-8A2B-00431B386D78",
"versionEndIncluding": "14.1.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D748001D-340C-45C4-A2D0-0575538C5CEC",
"versionEndIncluding": "15.1.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7725810-66D2-4460-A174-9F3BFAD966F2",
"versionEndIncluding": "12.1.5",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7854954-A9A4-487B-B6C7-8DC1F83F4BD7",
"versionEndIncluding": "13.1.3",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "572B1078-60C4-4A71-A0F4-2E2F4FBC4102",
"versionEndIncluding": "14.1.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0371EB7C-3D41-4B8C-8FA9-DC6F42442448",
"versionEndIncluding": "15.1.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EFD760FE-4347-4D36-B5C6-4009398060F2",
"versionEndIncluding": "12.1.5",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB7588DA-75D3-4374-8871-D92E95509C91",
"versionEndIncluding": "13.1.3",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C95403E8-A078-47E8-9B2F-F572D24C79EF",
"versionEndIncluding": "14.1.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C1BC0A8-5868-4FCA-80A5-661C3870EB7D",
"versionEndIncluding": "15.1.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "65B76F53-7D8B-477E-8B6E-91AC0A9009FF",
"versionEndIncluding": "12.1.5",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E824BD72-428F-4A8D-ABE6-2A45EB9A4E3A",
"versionEndIncluding": "13.1.3",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "57A92EE2-FFC9-45C9-9454-7DFAB1F7EE11",
"versionEndIncluding": "14.1.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0585424E-3F74-400E-8199-ED964317F89F",
"versionEndIncluding": "15.1.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "69338CB1-B6E2-44E7-BEC1-6B9EAD560C8B",
"versionEndIncluding": "12.1.5",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A6CF6F4-D68A-45C3-A36E-A8B3AF61367F",
"versionEndIncluding": "13.1.3",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2ADF37B-FCEB-4735-82D9-4241E3A4DE64",
"versionEndIncluding": "14.1.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7722F39-9B7E-4267-B757-B9570B039323",
"versionEndIncluding": "15.1.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F37D18F2-8C6A-4557-85DC-2A751595423C",
"versionEndIncluding": "6.1.0",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C88B0206-093A-4A18-8322-A1CD1D4ACF2A",
"versionEndIncluding": "7.1.0",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E52F91D-3F39-4D89-8069-EC422FB1F700",
"versionEndIncluding": "5.1.0",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:traffix_signaling_delivery_controller:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3D71A781-FBD8-4084-8D9C-00D7B6ECB9A1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "427DA624-2397-4A61-A2ED-23F5C22C174E",
"versionEndIncluding": "8.2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:cn1610_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB30733E-68FC-49C4-86C0-7FEE75C366BF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:cn1610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6361DAC6-600F-4B15-8797-D67F298F46FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:a320_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6ADE5E80-06D3-4A1B-A655-FBB6CCA03939",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:a320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8FD5E05-3C58-465F-9D4F-ECC2CD78DCFF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:c190_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "75A43965-CB2E-4C28-AFC3-1ADE7A6B845C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:c190:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0D421A96-E6E9-4B27-ADE0-D8E87A82EEDE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:a220_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4F2D2745-242C-4603-899E-70C9025BDDD2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:a220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EFB4541D-5EF7-4266-BFF3-2DDEC95E8012",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:fas2720_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FD1DA9-7980-4643-B378-7095892DA176",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:fas2720:-:*:*:*:*:*:*:*",
"matchCriteriaId": "347E9E3E-941C-4109-B59F-B9BB05486B34",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:fas2750_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD661062-0D5B-4671-9D92-FEF8D7395C1E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:fas2750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8155BF5F-DD1B-4AB4-81F8-9BCE6A8821AE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:a800_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B36CECA5-4545-49C2-92EB-B739407B207F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:a800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D8E7549A-DE35-4274-B3F6-22D51C7A6613",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
"matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mcafee:agent:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CBD9362E-F36F-4820-A29E-5BDDF6AC3ACE",
"versionEndIncluding": "5.6.4",
"versionStartIncluding": "5.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:data_exchange_layer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02630E85-191E-4C58-B81B-4DAF93A26856",
"versionEndExcluding": "6.0.0",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "65D5476E-FBF9-474B-87E1-B6459E52736C",
"versionEndExcluding": "3.0.0",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DDD5E877-978C-4A16-B6C5-41A30D020B54",
"versionEndExcluding": "9.0.0",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_web_server:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E0F04157-FB34-4F22-B328-6BE1F2373DEE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6BBD7A51-0590-4DDF-8249-5AFA8D645CB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BB28F9AF-3D06-4532-B397-96D7E4792503",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A5553591-073B-45E3-999F-21B8BA2EEE22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:business_intelligence:11.1.1.9.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "523CD57C-43D4-4C79-BA00-A9A65C6588E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "77C3DD16-1D81-40E1-B312-50FBD275507C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "81DAC8C0-D342-44B5-9432-6B88D389584F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A9317C01-22AA-452B-BBBF-5FAFFFB8BEA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4534CF9-D9FD-4936-9D8C-077387028A05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D60384BD-284C-4A68-9EEF-0FAFDF0C21F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CDA8DD5B-8A34-4CB3-B0FB-F82C73B25007",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F6E5E8B0-EDE5-4FE4-880C-766FAE1EA42C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_performance_intelligence_center:10.4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D8EDA23C-7F75-4712-AF3F-B0E3597810B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_border_controller:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5D139E52-0528-4D05-8502-1AB9AB10CA9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_border_controller:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1F59AE20-7B9D-47A5-9E0D-A73F4A0E7D34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_border_controller:8.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1D4AF039-F3B6-45EB-A87E-8BCCF822AE23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_border_controller:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2B9F6415-2950-49FE-9CAF-8BCA4DB6DF4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_border_controller:8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C05190B9-237F-4E2E-91EA-DB1B738864AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_router:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D5D0F0C0-75EB-4685-A4CD-E58D1F2C6FDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_router:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B59717B5-34D5-4C83-904A-884ED30DFC19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_router:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19BA6F25-B88A-42A1-A9E3-2DCF4E8F51A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_router:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4E28B437-64A8-456C-98A1-4ADF5B6A2F60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_router:8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2D705705-0D0D-468B-A140-C9A1B7A6CE6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_unified_session_manager:7.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "07BB35D4-9CCD-43D3-B482-E0BEB3BF2351",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_unified_session_manager:8.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FB468FEE-A0F4-49A0-BBEE-10D0733C87D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:endeca_server:7.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DB290045-2140-47EE-9BB4-35BAE8F1599C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "98F3E643-4B65-4668-BB11-C61ED54D5A53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "459B4A5F-A6BD-4A1C-B6B7-C979F005EB70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CDCE0E90-495E-4437-8529-3C36441FB69D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "37209C6F-EF99-4D21-9608-B3A06D283D24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "41684398-18A4-4DC6-B8A2-3EBAA0CBF9A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jd_edwards_world_security:a9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "83800E2F-804C-485D-A8FA-F4B32CDB4548",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jd_edwards_world_security:a9.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "60BEB1C6-C279-4BB0-972C-BE28A6605C09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1CAD50-749F-4ADB-A046-BF3585677A58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C637AC8A-F5F7-447E-A7F6-D6BA7AB45DF9",
"versionEndIncluding": "5.6.43",
"versionStartIncluding": "5.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA988288-7D0C-4ADE-BE61-484D2D555A8A",
"versionEndIncluding": "5.7.25",
"versionStartIncluding": "5.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E106D13-CBF8-4A2C-8E89-A66C6EF5D408",
"versionEndIncluding": "8.0.15",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DFBC7A65-3C0B-4B17-B087-250E69EE5B12",
"versionEndIncluding": "4.0.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A443D73A-63BE-4D1F-B605-0F7D20915518",
"versionEndIncluding": "8.0.14",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*",
"matchCriteriaId": "71CD99E7-3FE7-42E2-B480-7AA0E543340E",
"versionEndIncluding": "8.0.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*",
"matchCriteriaId": "45CB30A1-B2C9-4BF5-B510-1F2F18B60C64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*",
"matchCriteriaId": "D0A735B4-4F3C-416B-8C08-9CB21BAD2889",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
"matchCriteriaId": "7E1E416B-920B-49A0-9523-382898C2979D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:secure_global_desktop:5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B5265C91-FF5C-4451-A7C2-D388A65ACFA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:services_tools_bundle:19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "62DAD71E-A6D5-4CA9-A016-100F2D5114A6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F457852F-D998-4BCF-99FE-09C6DFC8851A",
"versionEndExcluding": "7.1.15",
"versionStartIncluding": "7.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ACA311D7-0ADC-497A-8A47-5AB864F201DE",
"versionEndExcluding": "8.0.20",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0F57DBD8-DCA7-43FB-AC9E-6BDBB3EBE500",
"versionEndExcluding": "8.1.8",
"versionStartIncluding": "8.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD1987BB-8F42-48F0-8FE2-70ABD689F434",
"versionEndExcluding": "9.0.2",
"versionStartIncluding": "9.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "D107EC29-67E7-40C3-8E5A-324C9105C5E4",
"versionEndIncluding": "6.8.1",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "FD2FB20C-EC88-4CD3-BC6E-1E65FAFADC36",
"versionEndExcluding": "6.17.0",
"versionStartIncluding": "6.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "74FB695D-2C76-47AB-988E-5629D2E695E5",
"versionEndIncluding": "8.8.1",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "A94F4836-1873-43F4-916E-9D9B302A053A",
"versionEndExcluding": "8.15.1",
"versionStartIncluding": "8.9.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q)."
},
{
"lang": "es",
"value": "Si una aplicaci\u00f3n encuentra un error de protocolo \"fatal\" y llama a SSL_shutdown() dos veces (una vez para enviar un close_notify y otra vez para recibir uno de \u00e9stos), posteriormente OpenSLL puede responder de manera diferente a la aplicaci\u00f3n llamante si un registro de 0 byte se recibe con un relleno inv\u00e1lido, comparado con si un registro de 0 bytes se recibe con un MAC inv\u00e1lido."
}
],
"id": "CVE-2019-1559",
"lastModified": "2024-11-21T04:36:48.960",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-02-27T23:29:00.277",
"references": [
{
"source": "openssl-security@openssl.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/107174"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2304"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2437"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2439"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2471"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3929"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3931"
},
{
"source": "openssl-security@openssl.org",
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10282"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html"
},
{
"source": "openssl-security@openssl.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/"
},
{
"source": "openssl-security@openssl.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/"
},
{
"source": "openssl-security@openssl.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201903-10"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190301-0001/"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190301-0002/"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190423-0002/"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.f5.com/csp/article/K18549143"
},
{
"source": "openssl-security@openssl.org",
"url": "https://support.f5.com/csp/article/K18549143?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3899-1/"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Broken Link"
],
"url": "https://usn.ubuntu.com/4376-2/"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4400"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openssl.org/news/secadv/20190226.txt"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2019-02"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2019-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/107174"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2304"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2437"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2439"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2471"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3929"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3931"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10282"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201903-10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190301-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190301-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190423-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.f5.com/csp/article/K18549143"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.f5.com/csp/article/K18549143?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3899-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://usn.ubuntu.com/4376-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4400"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openssl.org/news/secadv/20190226.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2019-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2019-03"
}
],
"sourceIdentifier": "openssl-security@openssl.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-05-09 21:15
Modified
2024-11-21 05:00
Severity ?
Summary
An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CDB8BD32-CDED-49F6-9973-4CE2DC1F79A4",
"versionEndIncluding": "5.6.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDD92BFA-9117-4E6E-A13F-ED064B4B7284",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:a700s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B7DA42F-5D64-4967-A2D4-6210FE507841",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "108A2215-50FB-4074-94CF-C130FA14566D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "32F0B6C0-F930-480D-962B-3F4EFDCC13C7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "803BC414-B250-4E3A-A478-A3881340D6B8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FEB3337-BFDE-462A-908B-176F92053CEC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "736AEAE9-782B-4F71-9893-DED53367E102",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89612649-BACF-4FAC-9BA4-324724FD93A6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h610c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3D9B255-C1AF-42D1-BF9B-13642FBDC080",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD7CFE0E-9D1E-4495-B302-89C3096FC0DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F63A3FA7-AAED-4A9D-9FDE-6195302DA0F6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h615c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5921A877-18BF-43FE-915C-D226E140ACFC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h615c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7296A1F2-D315-4FD5-8A73-65C480C855BE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en el kernel de Linux versiones hasta 5.6.11. La funci\u00f3n sg_write, carece de una llamada a sg_remove_request en un determinado caso de fallo, tambi\u00e9n se conoce como CID-83c6f2390040."
}
],
"id": "CVE-2020-12770",
"lastModified": "2024-11-21T05:00:15.243",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-09T21:15:11.163",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=83c6f2390040f188cc25b270b4befeb5628c1aee"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ES5C6ZCMALBEBMKNNCTBSLLSYGFZG3FF/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IO5XIQSRI747P4RVVTNX7TUPEOCF4OPU/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R54VC7B6MDYKP57AWC2HN7AUJYH62RKI/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://lkml.org/lkml/2020/4/13/870"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4411-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4412-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4413-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4414-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4419-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4698"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4699"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=83c6f2390040f188cc25b270b4befeb5628c1aee"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ES5C6ZCMALBEBMKNNCTBSLLSYGFZG3FF/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IO5XIQSRI747P4RVVTNX7TUPEOCF4OPU/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R54VC7B6MDYKP57AWC2HN7AUJYH62RKI/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://lkml.org/lkml/2020/4/13/870"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4411-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4412-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4413-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4414-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4419-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4698"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4699"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-14 20:15
Modified
2024-11-21 05:38
Severity ?
Summary
curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61666FBE-C3B7-4449-89C3-07288182D638",
"versionEndExcluding": "7.74.0",
"versionStartIncluding": "7.21.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FE996B1-6951-4F85-AA58-B99A379D2163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1C767AA1-88B7-48F0-9F31-A89D16DCD52C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:hci_storage_node_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4BC4299D-05D3-4875-BC79-C3DC02C88ECE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02DEB4FB-A21D-4CB1-B522-EEE5093E8521",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B0E97851-4DFF-4852-A339-183331F4ACBC",
"versionEndExcluding": "10.14.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB8A73F8-3074-4B32-B9F6-343B6B1988C5",
"versionEndExcluding": "10.15.7",
"versionStartIncluding": "10.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:-:*:*:*:*:*:*",
"matchCriteriaId": "693E7DAE-BBF0-4D48-9F8A-20DDBD4AAC0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:*",
"matchCriteriaId": "CFE26ECC-A2C2-4501-9950-510DE0E1BD86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:*",
"matchCriteriaId": "26108BEF-0847-4AB0-BD98-35344DFA7835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*",
"matchCriteriaId": "0FD3467D-7679-479F-9C0B-A93F7CD0929D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*",
"matchCriteriaId": "D4C6098E-EDBD-4A85-8282-B2E9D9333872",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-003:*:*:*:*:*:*",
"matchCriteriaId": "518BB47B-DD76-4E8C-9F10-7EBC1E146191",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-004:*:*:*:*:*:*",
"matchCriteriaId": "63940A55-D851-46EB-9668-D82BEFC1FE95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-005:*:*:*:*:*:*",
"matchCriteriaId": "68C7A97A-3801-44FA-96CA-10298FA39883",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-006:*:*:*:*:*:*",
"matchCriteriaId": "6D69914D-46C7-4A0E-A075-C863C1692D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-007:*:*:*:*:*:*",
"matchCriteriaId": "9CDB4476-B521-43E4-A129-8718A8E0A8CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2021-001:*:*:*:*:*:*",
"matchCriteriaId": "9D072B77-BE3F-4A2E-B66A-E2C8DC3781E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*",
"matchCriteriaId": "A654B8A2-FC30-4171-B0BB-366CD7ED4B6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*",
"matchCriteriaId": "F1F4BF7F-90D4-4668-B4E6-B06F4070F448",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*",
"matchCriteriaId": "0F441A43-1669-478D-9EC8-E96882DE4F9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:supplemental_update:*:*:*:*:*:*",
"matchCriteriaId": "C1C795B9-E58D-467C-83A8-2D45C792292F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E699CCC-31F5-458E-A59C-79B3AF143747",
"versionEndExcluding": "11.3",
"versionStartIncluding": "11.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:communicatio