Vulnerabilites related to oracle - solaris
Vulnerability from fkie_nvd
Published
2015-07-16 11:00
Modified
2024-11-21 02:27
Severity ?
Summary
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*", "matchCriteriaId": "2BA94552-7BD5-487C-A921-0B306BF2E00D", "versionEndIncluding": "5.5.43", "versionStartIncluding": "5.5.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*", "matchCriteriaId": "E831C63B-59EB-4664-885C-FEB2F7821F14", "versionEndIncluding": "5.6.24", "versionStartIncluding": "5.6.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*", "matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*", "matchCriteriaId": "49A63F39-30BE-443F-AF10-6245587D3359", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", "matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", "matchCriteriaId": "0355A15B-CA1A-4FC6-A56B-80867F7A3B65", "versionEndExcluding": "5.5.44", "versionStartIncluding": "5.5.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", "matchCriteriaId": "ADBF8224-90AF-4BDB-8F1B-C54BD72D863C", "versionEndExcluding": "10.0.20", "versionStartIncluding": "10.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "A67A7B7A-998D-4B8C-8831-6E58406565FE", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "AE1D81A1-CD24-4B17-8AFD-DC95E90AD7D0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "807C024A-F8E8-4B48-A349-4C68CD252CA1", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML." }, { "lang": "es", "value": "Vulnerabilidad no especificada en Oracle MySQL Server 5.5.43 y anteriores y 5.6.24 y anteriores, permite a usuarios remotos autenticados afectar la disponibilidad a trav\u00e9s de vectores relacionados con DML." } ], "id": "CVE-2015-2648", "lastModified": "2024-11-21T02:27:46.657", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2015-07-16T11:00:08.190", "references": [ { "source": "secalert_us@oracle.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1628.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1629.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1630.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1646.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1647.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1665.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2015/dsa-3308" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2015/dsa-3311" }, { "source": "secalert_us@oracle.com", "tags": [ "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/75822" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1032911" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2674-1" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201610-06" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1628.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1629.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1630.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1646.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1647.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1665.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2015/dsa-3308" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2015/dsa-3311" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/75822" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1032911" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2674-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201610-06" } ], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2014-03-19 10:55
Modified
2024-11-21 02:04
Severity ?
Summary
The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not properly validate a certain key type, which allows remote attackers to cause a denial of service (application crash) via vectors that trigger generation of a key that supports the Elliptic Curve ec-dual-use algorithm.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
suse | linux_enterprise_desktop | 11 | |
suse | linux_enterprise_server | 11 | |
suse | linux_enterprise_server | 11 | |
suse | linux_enterprise_software_development_kit | 11 | |
oracle | solaris | 11.3 | |
opensuse | opensuse | 13.1 | |
opensuse_project | opensuse | 11.4 | |
opensuse_project | opensuse | 12.3 | |
mozilla | seamonkey | * | |
mozilla | firefox | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*", "matchCriteriaId": "3ED68ADD-BBDA-4485-BC76-58F011D72311", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:*:*:*", "matchCriteriaId": "8B072472-B463-4647-885D-E40B0115C810", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*", "matchCriteriaId": "2470C6E8-2024-4CF5-9982-CFF50E88EAE9", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*", "matchCriteriaId": "2F7F8866-DEAD-44D1-AB10-21EE611AA026", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse_project:opensuse:11.4:*:*:*:*:*:*:*", "matchCriteriaId": "EE8EFFB8-9411-4826-9BFC-A06BA042FC30", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse_project:opensuse:12.3:*:*:*:*:*:*:*", "matchCriteriaId": "1B91DE6A-D759-4B2C-982B-AF036B43798D", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*", "matchCriteriaId": "097F1C3A-4546-43F3-8CC2-50F8AF05B791", "versionEndExcluding": "2.25", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "422EC5FE-DA03-4C14-ADED-D6212BE074D5", "versionEndExcluding": "28.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not properly validate a certain key type, which allows remote attackers to cause a denial of service (application crash) via vectors that trigger generation of a key that supports the Elliptic Curve ec-dual-use algorithm." }, { "lang": "es", "value": "El m\u00e9todo crypto.generateCRMFRequest en Mozilla Firefox anterior a 28.0 y SeaMonkey anterior a 2.25 no valida debidamente cierto tipo de clave, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de vectores que provocan la generaci\u00f3n de una clave que soporta el algoritmo Elliptic Curve ec-dual-use." } ], "id": "CVE-2014-1498", "lastModified": "2024-11-21T02:04:24.647", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2014-03-19T10:55:06.350", "references": [ { "source": "security@mozilla.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html" }, { "source": "security@mozilla.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" }, { "source": "security@mozilla.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html" }, { "source": "security@mozilla.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00016.html" }, { "source": "security@mozilla.org", "tags": [ "Vendor Advisory" ], "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-18.html" }, { "source": "security@mozilla.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "source": "security@mozilla.org", "tags": [ "Issue Tracking", "Vendor Advisory" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=935618" }, { "source": "security@mozilla.org", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201504-01" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00016.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-18.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Vendor Advisory" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=935618" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201504-01" } ], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-347" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2013-12-11 15:55
Modified
2024-11-21 01:57
Severity ?
Summary
Multiple integer overflows in the binary-search implementation in SpiderMonkey in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 might allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JavaScript code.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
opensuse | opensuse | 12.2 | |
opensuse | opensuse | 13.1 | |
suse | linux_enterprise_desktop | 11 | |
suse | linux_enterprise_server | 11 | |
suse | linux_enterprise_server | 11 | |
suse | linux_enterprise_software_development_kit | 11 | |
mozilla | firefox | * | |
mozilla | seamonkey | * | |
canonical | ubuntu_linux | 12.04 | |
canonical | ubuntu_linux | 12.10 | |
canonical | ubuntu_linux | 13.04 | |
canonical | ubuntu_linux | 13.10 | |
fedoraproject | fedora | 19 | |
fedoraproject | fedora | 20 | |
oracle | solaris | 11.3 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*", "matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*", "matchCriteriaId": "3ED68ADD-BBDA-4485-BC76-58F011D72311", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*", "matchCriteriaId": "E534C201-BCC5-473C-AAA7-AAB97CEB5437", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*", "matchCriteriaId": "2470C6E8-2024-4CF5-9982-CFF50E88EAE9", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*", "matchCriteriaId": "2F7F8866-DEAD-44D1-AB10-21EE611AA026", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "50A3A702-C2B1-4311-9EBC-D62079E3DCD5", "versionEndExcluding": "26.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*", "matchCriteriaId": "D337932C-EF9D-4511-87DB-54262C6635D9", "versionEndExcluding": "2.23", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*", "matchCriteriaId": "EFAA48D9-BEB4-4E49-AD50-325C262D46D9", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*", "matchCriteriaId": "7F61F047-129C-41A6-8A27-FFCBB8563E91", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*", "matchCriteriaId": "5991814D-CA77-4C25-90D2-DB542B17E0AD", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", "matchCriteriaId": "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Multiple integer overflows in the binary-search implementation in SpiderMonkey in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 might allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JavaScript code." }, { "lang": "es", "value": "M\u00faltiples desbordamientos de enteros en la implementaci\u00f3n binary-search de SpiderMonkey de Mozilla Firefox anterior a la versi\u00f3n 26.0 y SeaMonkey anterior a 2.23 podr\u00eda permite a atacantes remotos provocar una denegaci\u00f3n de servicio (acceso a array fuera de l\u00edmites) o posiblemente tener otro impacto no especificado a trav\u00e9s de c\u00f3digo JavaScript." } ], "id": "CVE-2013-5619", "lastModified": "2024-11-21T01:57:50.520", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2013-12-11T15:55:13.073", "references": [ { "source": "security@mozilla.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html" }, { "source": "security@mozilla.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html" }, { "source": "security@mozilla.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00010.html" }, { "source": "security@mozilla.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.html" }, { "source": "security@mozilla.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00086.html" }, { "source": "security@mozilla.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00087.html" }, { "source": "security@mozilla.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00002.html" }, { "source": "security@mozilla.org", "tags": [ "Vendor Advisory" ], "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-110.html" }, { "source": "security@mozilla.org", "tags": [ "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "source": "security@mozilla.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1029470" }, { "source": "security@mozilla.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1029476" }, { "source": "security@mozilla.org", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2052-1" }, { "source": "security@mozilla.org", "tags": [ "Issue Tracking", "Vendor Advisory" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=917841" }, { "source": "security@mozilla.org", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201504-01" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00010.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00086.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00087.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00002.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-110.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1029470" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1029476" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2052-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Vendor Advisory" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=917841" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201504-01" } ], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-190" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2015-08-24 14:59
Modified
2024-11-21 02:34
Severity ?
Summary
The (1) contrib.sessions.backends.base.SessionBase.flush and (2) cache_db.SessionStore.flush functions in Django 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions create empty sessions in certain circumstances, which allows remote attackers to cause a denial of service (session store consumption) via unspecified vectors.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:djangoproject:django:1.4:*:*:*:*:*:*:*", "matchCriteriaId": "9A79FF7F-8F92-4FEB-96CC-6B15D0CE920D", "vulnerable": true }, { "criteria": "cpe:2.3:a:djangoproject:django:1.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "13EF02D4-406C-4146-9B8F-FAC906E7B6E5", "vulnerable": true }, { "criteria": "cpe:2.3:a:djangoproject:django:1.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "DC462CE5-1BE0-41E0-A28D-291350F021AA", "vulnerable": true }, { "criteria": "cpe:2.3:a:djangoproject:django:1.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "4166ADA9-D5B4-47D6-BD93-C98841108275", "vulnerable": true }, { "criteria": "cpe:2.3:a:djangoproject:django:1.4.5:*:*:*:*:*:*:*", "matchCriteriaId": "080D43D0-C0FF-4F89-910C-D466943816C6", "vulnerable": true }, { "criteria": "cpe:2.3:a:djangoproject:django:1.4.6:*:*:*:*:*:*:*", "matchCriteriaId": "E04AE832-9059-42AB-AD39-D01E7A633615", "vulnerable": true }, { "criteria": "cpe:2.3:a:djangoproject:django:1.4.7:*:*:*:*:*:*:*", "matchCriteriaId": "693EEF6B-810B-4684-9AB5-1BDC95DFA4CF", "vulnerable": true }, { "criteria": "cpe:2.3:a:djangoproject:django:1.4.8:*:*:*:*:*:*:*", "matchCriteriaId": "C9EF4268-0DB7-4150-B8E7-53C6D7F02E04", "vulnerable": true }, { "criteria": "cpe:2.3:a:djangoproject:django:1.4.9:*:*:*:*:*:*:*", "matchCriteriaId": "C571F85F-9F49-48B6-9AD9-16CD81655F73", "vulnerable": true }, { "criteria": "cpe:2.3:a:djangoproject:django:1.4.10:*:*:*:*:*:*:*", "matchCriteriaId": "41F0F1FA-E3EC-421C-9F72-11FC857F6F72", "vulnerable": true }, { "criteria": "cpe:2.3:a:djangoproject:django:1.4.11:*:*:*:*:*:*:*", "matchCriteriaId": "D4031E5F-B5D6-4E7D-96FC-A4ACF9C306A2", "vulnerable": true }, { "criteria": "cpe:2.3:a:djangoproject:django:1.4.12:*:*:*:*:*:*:*", "matchCriteriaId": "7B1577DD-B40E-404B-8E55-3A93AB8A8F62", "vulnerable": true }, { "criteria": "cpe:2.3:a:djangoproject:django:1.4.13:*:*:*:*:*:*:*", "matchCriteriaId": "10CE2864-1EF6-4197-9D1F-051497F1CC5A", "vulnerable": true }, { "criteria": "cpe:2.3:a:djangoproject:django:1.4.14:*:*:*:*:*:*:*", "matchCriteriaId": "ED485DA4-0614-4788-B278-5F1F43F5A579", "vulnerable": true }, { "criteria": "cpe:2.3:a:djangoproject:django:1.4.17:*:*:*:*:*:*:*", "matchCriteriaId": "1C3B4B46-383E-498C-8EFD-8C3FB1F494B9", "vulnerable": true }, { "criteria": "cpe:2.3:a:djangoproject:django:1.4.19:*:*:*:*:*:*:*", "matchCriteriaId": "1E1359DE-835F-4748-95F4-D2990DBF6A8A", "vulnerable": true }, { "criteria": "cpe:2.3:a:djangoproject:django:1.4.20:*:*:*:*:*:*:*", "matchCriteriaId": "DE466393-EE2B-44AD-8C69-D4C34A773FFB", "vulnerable": true }, { "criteria": "cpe:2.3:a:djangoproject:django:1.4.21:*:*:*:*:*:*:*", "matchCriteriaId": "B3C103B6-2FB6-4BF5-B88C-A68DEBABBBCE", "vulnerable": true }, { "criteria": "cpe:2.3:a:djangoproject:django:1.7:beta1:*:*:*:*:*:*", "matchCriteriaId": "BB1EF6D7-0AF4-4146-BA37-961F7048C1C0", "vulnerable": true }, { "criteria": "cpe:2.3:a:djangoproject:django:1.7:beta2:*:*:*:*:*:*", "matchCriteriaId": "5E4CCE84-425C-4B9C-98B7-D858B64B3418", "vulnerable": true }, { "criteria": "cpe:2.3:a:djangoproject:django:1.7:beta3:*:*:*:*:*:*", "matchCriteriaId": "B6B77FCE-F26A-41CB-8D72-E9EF0E352288", "vulnerable": true }, { "criteria": "cpe:2.3:a:djangoproject:django:1.7:beta4:*:*:*:*:*:*", "matchCriteriaId": "985884FE-AEB9-4D93-806E-ADFCC576FF99", "vulnerable": true }, { "criteria": "cpe:2.3:a:djangoproject:django:1.7:rc1:*:*:*:*:*:*", "matchCriteriaId": "D81EE1B4-9CB4-4776-A7CE-44B023C67CA7", "vulnerable": true }, { "criteria": "cpe:2.3:a:djangoproject:django:1.7:rc2:*:*:*:*:*:*", "matchCriteriaId": "81798B3D-A000-40D5-A369-C9A0BEF79A5E", "vulnerable": true }, { "criteria": "cpe:2.3:a:djangoproject:django:1.7:rc3:*:*:*:*:*:*", "matchCriteriaId": "32DDDBEB-6F2F-4BA9-876D-38D41BA29726", "vulnerable": true }, { "criteria": "cpe:2.3:a:djangoproject:django:1.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "06513AE1-11E4-4A9C-BDA4-D0511A9DCFC8", "vulnerable": true }, { "criteria": "cpe:2.3:a:djangoproject:django:1.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "6004EA17-A2B4-4E4C-A738-210FCAC2CA32", "vulnerable": true }, { "criteria": "cpe:2.3:a:djangoproject:django:1.7.3:*:*:*:*:*:*:*", "matchCriteriaId": "61680046-51CD-4217-AC1E-C11265205DB3", "vulnerable": true }, { "criteria": "cpe:2.3:a:djangoproject:django:1.7.4:*:*:*:*:*:*:*", "matchCriteriaId": "4320AE65-B4A7-4CC3-8BE0-6CD4FFBC24C5", "vulnerable": true }, { "criteria": "cpe:2.3:a:djangoproject:django:1.7.5:*:*:*:*:*:*:*", "matchCriteriaId": "18E5B08A-E6FC-440C-A2F8-1D8B727D55E0", "vulnerable": true }, { "criteria": "cpe:2.3:a:djangoproject:django:1.7.6:*:*:*:*:*:*:*", "matchCriteriaId": "6DAD077F-A239-4021-890E-AD4D9D9A388D", "vulnerable": true }, { "criteria": "cpe:2.3:a:djangoproject:django:1.7.7:*:*:*:*:*:*:*", "matchCriteriaId": "B2DCD8E1-EF0F-4878-8952-E0F729A524C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:djangoproject:django:1.7.8:*:*:*:*:*:*:*", "matchCriteriaId": "B3CB49AF-2A89-4277-B2E9-67803A395A23", "vulnerable": true }, { "criteria": "cpe:2.3:a:djangoproject:django:1.7.9:*:*:*:*:*:*:*", "matchCriteriaId": "8086E8D8-25AD-4F63-BFB2-4AA3FA25484D", "vulnerable": true }, { "criteria": "cpe:2.3:a:djangoproject:django:1.8:beta1:*:*:*:*:*:*", "matchCriteriaId": "DC23A3EC-942C-4B8D-A3D1-AC7C6526BF1E", "vulnerable": true }, { "criteria": "cpe:2.3:a:djangoproject:django:1.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "02D3C0FF-C342-40F1-A187-CD212C16FE8F", "vulnerable": true }, { "criteria": "cpe:2.3:a:djangoproject:django:1.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "2510BAD7-1FB6-4F6F-A2CC-9DE9AD39B4FF", "vulnerable": true }, { "criteria": "cpe:2.3:a:djangoproject:django:1.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "D1B388C7-ED4E-4416-969F-32263E7D7AA8", "vulnerable": true }, { "criteria": "cpe:2.3:a:djangoproject:django:1.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "63D36984-4C8E-4CDB-8D15-445705FCECF9", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", "matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The (1) contrib.sessions.backends.base.SessionBase.flush and (2) cache_db.SessionStore.flush functions in Django 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions create empty sessions in certain circumstances, which allows remote attackers to cause a denial of service (session store consumption) via unspecified vectors." }, { "lang": "es", "value": "Vulnerabilidad en las funciones (1) contrib.sessions.backends.base.SessionBase.flush y (2) cache_db.SessionStore.flush en Django 1.7.x en versiones anteriores a 1.7.10, 1.4.x en versiones anteriores a 1.4.22 y posiblemente en otras versiones, crea sesiones vac\u00edas en ciertas circunstancias, que permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumo de almac\u00e9n de sesi\u00f3n) a trav\u00e9s de vectores no especificados." } ], "id": "CVE-2015-5964", "lastModified": "2024-11-21T02:34:13.863", "metrics": { "cvssMetricV2": [ { "acInsufInfo": true, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2015-08-24T14:59:09.837", "references": [ { "source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172084.html" }, { "source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2015-1766.html" }, { "source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2015-1767.html" }, { "source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2015-1894.html" }, { "source": "cve@mitre.org", "url": "http://www.debian.org/security/2015/dsa-3338" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/76440" }, { "source": "cve@mitre.org", "url": "http://www.securitytracker.com/id/1033318" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2720-1" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://www.djangoproject.com/weblog/2015/aug/18/security-releases/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172084.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2015-1766.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2015-1767.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2015-1894.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2015/dsa-3338" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/76440" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1033318" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2720-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://www.djangoproject.com/weblog/2015/aug/18/security-releases/" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-399" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-07-23 23:15
Modified
2024-11-21 04:41
Severity ?
Summary
Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Zones). The supported version that is affected is 11.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris. CVSS 3.0 Base Score 3.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L).
References
▼ | URL | Tags | |
---|---|---|---|
secalert_us@oracle.com | http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | Patch, Vendor Advisory |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*", "matchCriteriaId": "BC3F1DDC-DF8F-4F64-8454-C4A7C60C8462", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Zones). The supported version that is affected is 11.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris. CVSS 3.0 Base Score 3.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L)." }, { "lang": "es", "value": "Una vulnerabilidad en el componente Oracle Solaris de Sun Systems Products Suite de Oracle (subcomponente: Zones). La versi\u00f3n compatible que est\u00e1 afectada es 11.4. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante poco privilegiado con inicio de sesi\u00f3n en la infraestructura donde se ejecuta Oracle Solaris comprometer a Oracle Solaris. Los ataques con \u00e9xito requieren la interacci\u00f3n humana de otra persona distinta al atacante. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en actualizaciones no autorizadas, insertar o eliminar el acceso a algunos de los datos accesibles de Oracle Solaris y en una capacidad no autorizada para causar una denegaci\u00f3n de servicio parcial (DOS parcial) de Oracle Solaris. CVSS 3.0 Puntuaci\u00f3n Base 3.9 (Impactos de integridad y disponibilidad). Vector CVSS: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L)." } ], "id": "CVE-2019-2807", "lastModified": "2024-11-21T04:41:36.107", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 3.4, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.9, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "version": "3.0" }, "exploitabilityScore": 1.3, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-07-23T23:15:42.710", "references": [ { "source": "secalert_us@oracle.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" } ], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2014-10-15 22:55
Modified
2024-11-21 02:14
Severity ?
Summary
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6494.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
juniper | junos_space | * | |
oracle | solaris | 11.3 | |
mariadb | mariadb | * | |
mariadb | mariadb | * | |
oracle | mysql | * | |
oracle | mysql | * | |
suse | linux_enterprise_desktop | 12 | |
suse | linux_enterprise_server | 12 | |
suse | linux_enterprise_software_development_kit | 12 | |
suse | linux_enterprise_workstation_extension | 12 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:juniper:junos_space:*:*:*:*:*:*:*:*", "matchCriteriaId": "6133CA80-A291-487F-AE06-85D4AA154727", "versionEndIncluding": "15.1", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", "matchCriteriaId": "AF35B328-2B85-4093-9288-2EF6043AA8DF", "versionEndExcluding": "5.5.40", "versionStartIncluding": "5.5.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", "matchCriteriaId": "2C55CD8E-8ADC-470C-9042-5C63221A2F09", "versionEndExcluding": "10.0.15", "versionStartIncluding": "10.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*", "matchCriteriaId": "CAA995C3-9B96-4B6F-A3E9-587F8468F551", "versionEndIncluding": "5.5.39", "versionStartIncluding": "5.5.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*", "matchCriteriaId": "D3E71621-9463-4E83-A99C-1D51E6352770", "versionEndIncluding": "5.6.20", "versionStartIncluding": "5.6.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*", "matchCriteriaId": "D2DF4815-B8CB-4AD3-B91D-2E09A8E318E9", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*", "matchCriteriaId": "15FC9014-BD85-4382-9D04-C0703E901D7A", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-:*:*:*:*:*:*", "matchCriteriaId": "1831D45A-EE6E-4220-8F8C-248B69520948", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:-:*:*:*:*:*:*", "matchCriteriaId": "028ABA8F-4E7B-4CD0-B6FC-3A0941E254BA", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6494." }, { "lang": "es", "value": "Vulnerabilidad sin especificar en Oracle MySQL Server 5.5.39 y anteriores y 5.6.20 y anteriores, permite a atacantes remotos afectar la disponibilidad a trav\u00e9s de vectores relacionados con CLIENT:SSL:yaSSL, una vulnerabilidad diferente a CVE-2014-6494." } ], "id": "CVE-2014-6496", "lastModified": "2024-11-21T02:14:30.450", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2014-10-15T22:55:06.077", "references": [ { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10698" }, { "source": "secalert_us@oracle.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Not Applicable" ], "url": "http://secunia.com/advisories/61579" }, { "source": "secalert_us@oracle.com", "tags": [ "Not Applicable" ], "url": "http://secunia.com/advisories/62073" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "http://security.gentoo.org/glsa/glsa-201411-02.xml" }, { "source": "secalert_us@oracle.com", "tags": [ "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/70469" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10698" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Not Applicable" ], "url": "http://secunia.com/advisories/61579" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Not Applicable" ], "url": "http://secunia.com/advisories/62073" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://security.gentoo.org/glsa/glsa-201411-02.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/70469" } ], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-04-08 15:29
Modified
2024-11-21 04:00
Severity ?
Summary
In a certain atypical IBM Spectrum Protect 7.1 and 8.1 configurations, the node password could be displayed in plain text in the IBM Spectrum Protect client trace file. IBM X-Force ID: 151968.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=ibm10869208 | Patch, Vendor Advisory | |
psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=ibm10869436 | Patch, Vendor Advisory | |
psirt@us.ibm.com | http://www.securityfocus.com/bid/107861 | Broken Link | |
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/151968 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=ibm10869208 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=ibm10869436 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/107861 | Broken Link | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/151968 | VDB Entry, Vendor Advisory |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:spectrum_protect_backup-archive_client:*:*:*:*:*:*:*:*", "matchCriteriaId": "A07049D6-D64A-4C2D-9B94-FA231F79C320", "versionEndIncluding": "7.1.8.4", "versionStartIncluding": "7.1.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:spectrum_protect_backup-archive_client:*:*:*:*:*:*:*:*", "matchCriteriaId": "4AB149B9-0E00-4D7D-88E2-B731EBE32BEF", "versionEndIncluding": "8.1.6.1", "versionStartIncluding": "8.1.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E", "vulnerable": false }, { "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89", "vulnerable": false }, { "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false }, { "criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*", "matchCriteriaId": "91F372EA-3A78-4703-A457-751B2C98D796", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:spectrum_protect_for_virtual_environments:*:*:*:*:*:vmware:*:*", "matchCriteriaId": "C81D2A2E-5AE2-4B97-93A8-1467A727D468", "versionEndIncluding": "7.1.8.4", "versionStartIncluding": "7.1.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:spectrum_protect_for_virtual_environments:*:*:*:*:*:vmware:*:*", "matchCriteriaId": "7250BE6D-FDA2-4A6F-8F9B-DED557388A59", "versionEndIncluding": "8.1.6.1", "versionStartIncluding": "8.1.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:spectrum_protect_for_virtual_environments:*:*:*:*:*:hyper-v:*:*", "matchCriteriaId": "0E542501-5E67-4324-9417-A76F9F044FEF", "versionEndIncluding": "7.1.8.0", "versionStartIncluding": "7.1.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:spectrum_protect_for_virtual_environments:*:*:*:*:*:hyper-v:*:*", "matchCriteriaId": "3402CA4B-063B-43CF-9B9B-DFA90FE342C9", "versionEndIncluding": "8.1.6.1", "versionStartIncluding": "8.1.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "In a certain atypical IBM Spectrum Protect 7.1 and 8.1 configurations, the node password could be displayed in plain text in the IBM Spectrum Protect client trace file. IBM X-Force ID: 151968." }, { "lang": "es", "value": "En ciertas configuraciones at\u00edpicas de IBM Spectrum Protect versiones 7.1 y 8.1, la contrase\u00f1a del nodo podr\u00eda mostrarse en texto plano en el archivo de rastreo del cliente de IBM Spectrum Protect. ID de IBM X-Force: 151968." } ], "id": "CVE-2018-1882", "lastModified": "2024-11-21T04:00:31.730", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 1.9, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 3.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "exploitabilityScore": 1.0, "impactScore": 3.6, "source": "psirt@us.ibm.com", "type": "Secondary" } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 1.0, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-04-08T15:29:00.623", "references": [ { "source": "psirt@us.ibm.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.ibm.com/support/docview.wss?uid=ibm10869208" }, { "source": "psirt@us.ibm.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.ibm.com/support/docview.wss?uid=ibm10869436" }, { "source": "psirt@us.ibm.com", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/107861" }, { "source": "psirt@us.ibm.com", "tags": [ "VDB Entry", "Vendor Advisory" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/151968" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.ibm.com/support/docview.wss?uid=ibm10869208" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.ibm.com/support/docview.wss?uid=ibm10869436" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/107861" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "VDB Entry", "Vendor Advisory" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/151968" } ], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-312" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-12-05 01:15
Modified
2024-11-21 04:34
Severity ?
Summary
In Wireshark 3.0.0 to 3.0.6 and 2.6.0 to 2.6.12, the CMS dissector could crash. This was addressed in epan/dissectors/asn1/cms/packet-cms-template.c by ensuring that an object identifier is set to NULL after a ContentInfo dissection.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*", "matchCriteriaId": "A0752410-D63C-4F3C-8C15-8A051A8A1646", "versionEndIncluding": "2.6.12", "versionStartIncluding": "2.6.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*", "matchCriteriaId": "9BAF8C20-973C-430C-85B3-6A60D758E928", "versionEndIncluding": "3.0.6", "versionStartIncluding": "3.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:oracle:solaris:11:*:*:*:*:*:*:*", "matchCriteriaId": "8E8C192B-8044-4BF9-9F1F-57371FC0E8FD", "vulnerable": true }, { "criteria": "cpe:2.3:o:oracle:zfs_storage_appliance:8.8:*:*:*:*:*:*:*", "matchCriteriaId": "18096778-19E1-434F-BD96-A9FBF11A8C81", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "In Wireshark 3.0.0 to 3.0.6 and 2.6.0 to 2.6.12, the CMS dissector could crash. This was addressed in epan/dissectors/asn1/cms/packet-cms-template.c by ensuring that an object identifier is set to NULL after a ContentInfo dissection." }, { "lang": "es", "value": "En Wireshark versiones 3.0.0 hasta 3.0.6 y versiones 2.6.0 hasta 2.6.12, el disector de CMS se podr\u00eda bloquear. Esto fue abordado en el archivo epan/dissectors/asn1/cms/packet-cms-template.c asegur\u00e1ndose de que un identificador de objeto sea establecido en NULL despu\u00e9s de una disecci\u00f3n de ContentInfo." } ], "id": "CVE-2019-19553", "lastModified": "2024-11-21T04:34:57.417", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-12-05T01:15:14.237", "references": [ { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html" }, { "source": "cve@mitre.org", "tags": [ "Issue Tracking", "Vendor Advisory" ], "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15961" }, { "source": "cve@mitre.org", "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=34d2e0d5318d0a7e9889498c721639e5cbf4ce45" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00008.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "https://www.wireshark.org/security/wnpa-sec-2019-22.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Vendor Advisory" ], "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15961" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=34d2e0d5318d0a7e9889498c721639e5cbf4ce45" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00008.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.wireshark.org/security/wnpa-sec-2019-22.html" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-909" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2010-07-13 22:30
Modified
2024-11-21 01:16
Severity ?
Summary
Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and OpenSolaris, allows local users to affect availability via unknown vectors related to GigaSwift Ethernet Driver.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:oracle:opensolaris:*:*:*:*:*:*:*:*", "matchCriteriaId": "7D7F3547-5085-43B2-8179-4AC23F4A9CE6", "vulnerable": true }, { "criteria": "cpe:2.3:o:oracle:solaris:8:*:*:*:*:*:*:*", "matchCriteriaId": "722A52CF-4C6E-44D3-90C4-D2F72A40EF58", "vulnerable": true }, { "criteria": "cpe:2.3:o:oracle:solaris:9:*:*:*:*:*:*:*", "matchCriteriaId": "4F864AD7-53A2-4225-870F-062876CE45DD", "vulnerable": true }, { "criteria": "cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*", "matchCriteriaId": "964B57CD-CB8A-4520-B358-1C93EC5EF2DC", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and OpenSolaris, allows local users to affect availability via unknown vectors related to GigaSwift Ethernet Driver." }, { "lang": "es", "value": "Vulnerabilidad sin especificar en Oracle Solaris 8, 9 y 10 y OpenSolaris, permite a usuarios locales comprometer la disponibilidad a trav\u00e9s de vectores desconocidos relacionados con GigaSwift Ethernet Driver." } ], "id": "CVE-2010-2386", "lastModified": "2024-11-21T01:16:32.947", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2010-07-13T22:30:02.907", "references": [ { "source": "secalert_us@oracle.com", "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" } ], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2021-05-20 15:15
Modified
2024-11-21 06:01
Severity ?
Summary
IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 199997
References
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/199997 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6454587 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/199997 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6454587 | Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
ibm | security_identity_manager | 7.0.2 | |
ibm | aix | - | |
linux | linux_kernel | - | |
microsoft | windows | - | |
oracle | solaris | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:security_identity_manager:7.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "55FD51C9-A42C-4B88-8F54-0C754CB24497", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89", "vulnerable": false }, { "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false }, { "criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*", "matchCriteriaId": "F5027746-8216-452D-83C5-2F8E9546F2A5", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 199997" }, { "lang": "es", "value": "IBM Security Identity Manager versi\u00f3n 7.0.2, podr\u00eda permitir a un atacante remoto obtener informaci\u00f3n confidencial cuando es devuelto un mensaje de error t\u00e9cnico detallado en el navegador.\u0026#xa0;Esta informaci\u00f3n podr\u00eda ser usada en nuevos ataques contra el sistema.\u0026#xa0;IBM X-Force ID: 199997" } ], "id": "CVE-2021-29682", "lastModified": "2024-11-21T06:01:38.157", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0" }, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "psirt@us.ibm.com", "type": "Secondary" } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2021-05-20T15:15:07.757", "references": [ { "source": "psirt@us.ibm.com", "tags": [ "VDB Entry", "Vendor Advisory" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199997" }, { "source": "psirt@us.ibm.com", "tags": [ "Vendor Advisory" ], "url": "https://www.ibm.com/support/pages/node/6454587" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "VDB Entry", "Vendor Advisory" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199997" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.ibm.com/support/pages/node/6454587" } ], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-209" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2020-07-15 18:15
Modified
2024-11-21 05:03
Severity ?
5.0 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:L
5.0 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:L
5.0 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:L
Summary
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Device Driver Utility). The supported version that is affected is 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris. CVSS 3.1 Base Score 5.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:L).
References
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:oracle:solaris:11:*:*:*:*:*:*:*", "matchCriteriaId": "8E8C192B-8044-4BF9-9F1F-57371FC0E8FD", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Oracle Solaris product of Oracle Systems (component: Device Driver Utility). The supported version that is affected is 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris. CVSS 3.1 Base Score 5.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:L)." }, { "lang": "es", "value": "Vulnerabilidad en el producto Oracle Solaris de Oracle Systems (componente: Device Driver Utility). La versi\u00f3n compatible que est\u00e1 afectada es 11. La vulnerabilidad dif\u00edcil de explotar permite a un atacante poco privilegiado iniciar sesi\u00f3n en la infraestructura donde Oracle Solaris se ejecuta comprometer a Oracle Solaris. Los ataques con \u00e9xito requieren la interacci\u00f3n humana de una persona diferente del atacante. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en la creaci\u00f3n, eliminaci\u00f3n o modificaci\u00f3n no autorizadas del acceso a datos cr\u00edticos o a todos los datos accesibles de Oracle Solaris y en una capacidad no autorizada de causar una denegaci\u00f3n de servicio parcial (DOS parcial) de Oracle Solaris. CVSS 3.1 Puntuaci\u00f3n Base 5.0 (Impactos de Integridad y Disponibilidad). Vector CVSS: (CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:L)" } ], "id": "CVE-2020-14545", "lastModified": "2024-11-21T05:03:30.233", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 3.4, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:L", "version": "3.1" }, "exploitabilityScore": 0.8, "impactScore": 4.2, "source": "secalert_us@oracle.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:L", "version": "3.1" }, "exploitabilityScore": 0.8, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2020-07-15T18:15:16.287", "references": [ { "source": "secalert_us@oracle.com", "tags": [ "Vendor Advisory" ], "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.oracle.com/security-alerts/cpujul2020.html" } ], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-08-16 19:15
Modified
2024-11-21 06:18
Severity ?
Summary
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 could allow an authenticated user to obtain sensitive information due to improper permission controls. IBM X-Force ID: 216109.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/216109 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6612541 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/216109 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6612541 | Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
ibm | sterling_b2b_integrator | * | |
ibm | sterling_b2b_integrator | * | |
ibm | sterling_b2b_integrator | * | |
hp | hp-ux | - | |
ibm | aix | - | |
linux | linux_kernel | - | |
microsoft | windows | - | |
oracle | solaris | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:sterling_b2b_integrator:*:*:*:*:standard:*:*:*", "matchCriteriaId": "25D53F0D-AE92-4740-8C7D-2A3BD878C5FC", "versionEndExcluding": "6.0.3.6", "versionStartIncluding": "6.0.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:sterling_b2b_integrator:*:*:*:*:standard:*:*:*", "matchCriteriaId": "3ACC2324-54C5-4A65-9D4D-D6C463A56759", "versionEndExcluding": "6.1.0.5", "versionStartIncluding": "6.1.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:sterling_b2b_integrator:*:*:*:*:standard:*:*:*", "matchCriteriaId": "2E15F4DE-ED44-4CA0-99E9-61EBAC6A33DE", "versionEndExcluding": "6.1.1.2", "versionStartIncluding": "6.1.1.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*", "matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C", "vulnerable": false }, { "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89", "vulnerable": false }, { "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false }, { "criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*", "matchCriteriaId": "F5027746-8216-452D-83C5-2F8E9546F2A5", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 could allow an authenticated user to obtain sensitive information due to improper permission controls. IBM X-Force ID: 216109." }, { "lang": "es", "value": "IBM Sterling B2B Integrator Standard Edition versiones 6.0.0.0 hasta 6.0.3.5, 6.1.0.0 hasta 6.1.0.4, y 6.1.1.0 hasta 6.1.1.1, podr\u00eda permitir a un usuario autenticado obtener informaci\u00f3n confidencial debido a controles de permisos inapropiados. IBM X-Force ID: 216109." } ], "id": "CVE-2021-39087", "lastModified": "2024-11-21T06:18:34.523", "metrics": { "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0" }, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "psirt@us.ibm.com", "type": "Secondary" } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-08-16T19:15:08.510", "references": [ { "source": "psirt@us.ibm.com", "tags": [ "VDB Entry", "Vendor Advisory" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/216109" }, { "source": "psirt@us.ibm.com", "tags": [ "Vendor Advisory" ], "url": "https://www.ibm.com/support/pages/node/6612541" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "VDB Entry", "Vendor Advisory" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/216109" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.ibm.com/support/pages/node/6612541" } ], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-276" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2011-06-06 19:55
Modified
2024-11-21 01:27
Severity ?
Summary
mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x before 3.1.4, VMware Fusion 3.1.x before 3.1.3, VMware ESXi 3.5 through 4.1, and VMware ESX 3.0.3 through 4.1, when a Solaris or FreeBSD guest OS is used, allows guest OS users to modify arbitrary guest OS files via unspecified vectors, related to a "procedural error."
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
vmware | esx | 3.0.3 | |
vmware | esx | 3.5 | |
vmware | esx | 4.0 | |
vmware | esx | 4.1 | |
vmware | esxi | 3.5 | |
vmware | esxi | 4.0 | |
vmware | esxi | 4.1 | |
vmware | fusion | 3.1 | |
vmware | fusion | 3.1.1 | |
vmware | fusion | 3.1.2 | |
vmware | player | 3.1 | |
vmware | player | 3.1.1 | |
vmware | player | 3.1.2 | |
vmware | player | 3.1.3 | |
vmware | workstation | 7.1.1 | |
vmware | workstation | 7.1.2 | |
vmware | workstation | 7.1.3 | |
freebsd | freebsd | * | |
oracle | solaris | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:vmware:esx:3.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "5B6F7416-E694-4EC9-9FE5-0C24448ECB34", "vulnerable": true }, { "criteria": "cpe:2.3:a:vmware:esx:3.5:*:*:*:*:*:*:*", "matchCriteriaId": "EE5ECA1B-7415-4390-8018-670F2C3CDF35", "vulnerable": true }, { "criteria": "cpe:2.3:a:vmware:esx:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "889DE9BE-886F-4BEF-A794-5B5DE73D2322", "vulnerable": true }, { "criteria": "cpe:2.3:a:vmware:esx:4.1:*:*:*:*:*:*:*", "matchCriteriaId": "4D3C6FC4-DAE3-42DB-B845-593BBD2A50BF", "vulnerable": true }, { "criteria": "cpe:2.3:a:vmware:esxi:3.5:*:*:*:*:*:*:*", "matchCriteriaId": "BD59C463-F352-4F6C-853F-415E3FB4ABDD", "vulnerable": true }, { "criteria": "cpe:2.3:a:vmware:esxi:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "6BDAA7C8-8F2F-4037-A517-2C1EDB70B203", "vulnerable": true }, { "criteria": "cpe:2.3:a:vmware:esxi:4.1:*:*:*:*:*:*:*", "matchCriteriaId": "73C9E205-87EE-4CE2-A252-DED7BB6D4EAE", "vulnerable": true }, { "criteria": "cpe:2.3:a:vmware:fusion:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "051D820C-E5F4-4DA2-8914-5A33FCFF2D1B", "vulnerable": true }, { "criteria": "cpe:2.3:a:vmware:fusion:3.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "69FFA61C-2258-4006-AECA-D324F5700990", "vulnerable": true }, { "criteria": "cpe:2.3:a:vmware:fusion:3.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "50D2840A-5AF2-4AC4-9243-07CE93E9E9B1", "vulnerable": true }, { "criteria": "cpe:2.3:a:vmware:player:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "C158CD97-41BA-4422-9A55-B1A8650A0900", "vulnerable": true }, { "criteria": "cpe:2.3:a:vmware:player:3.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "477D5F22-7DDD-461D-9CD1-2B2A968F6CB7", "vulnerable": true }, { "criteria": "cpe:2.3:a:vmware:player:3.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "C174C452-7249-4B26-9F26-DFE9B3476874", "vulnerable": true }, { "criteria": "cpe:2.3:a:vmware:player:3.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "DAA72ED8-3229-4220-BE75-712CA6E21062", "vulnerable": true }, { "criteria": "cpe:2.3:a:vmware:workstation:7.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "13A31E93-7671-492E-A78F-89CF4703B04D", "vulnerable": true }, { "criteria": "cpe:2.3:a:vmware:workstation:7.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "99ADA116-A571-4788-8DF2-09E8A2AF92F4", "vulnerable": true }, { "criteria": "cpe:2.3:a:vmware:workstation:7.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "2818FD22-8BC5-4803-8D62-D7C7C22556F9", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*", "matchCriteriaId": "D9EC02F3-3905-460D-8949-3B26394215CA", "vulnerable": false }, { "criteria": "cpe:2.3:o:oracle:solaris:*:*:*:*:*:*:*:*", "matchCriteriaId": "05924C67-F9A0-450E-A5B8-059651DD32E3", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x before 3.1.4, VMware Fusion 3.1.x before 3.1.3, VMware ESXi 3.5 through 4.1, and VMware ESX 3.0.3 through 4.1, when a Solaris or FreeBSD guest OS is used, allows guest OS users to modify arbitrary guest OS files via unspecified vectors, related to a \"procedural error.\"" }, { "lang": "es", "value": "mount.vmhgfs en el Host Guest File System (HGFS) de VMware en VMware Workstation versiones 7.1.x anteriores a 7.1.4, VMware Player versiones 3.1.x anteriores a 3.1.4, VMware Fusion versiones 3.1.x anteriores a 3.1.3, VMware ESXi versiones 3.5 hasta 4.1, y VMware ESX versiones 3.0.3 hasta 4.1, cuando es utilizado un Sistema Operativo invitado de Solaris o FreeBSD, permite a los usuarios del sistema operativo invitado modificar archivos del sistema operativo invitado arbitrarios por medio de vectores no especificados, relacionados con un \"procedural error\"." } ], "id": "CVE-2011-2145", "lastModified": "2024-11-21T01:27:41.140", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.3, "confidentialityImpact": "NONE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:N/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 3.4, "impactScore": 9.2, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2011-06-06T19:55:02.833", "references": [ { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/44840" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/44904" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/48098" }, { "source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1025601" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.vmware.com/security/advisories/VMSA-2011-0009.html" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67815" }, { "source": "cve@mitre.org", "url": "https://hermes.opensuse.org/messages/8711677" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/44840" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/44904" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/48098" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1025601" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.vmware.com/security/advisories/VMSA-2011-0009.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67815" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://hermes.opensuse.org/messages/8711677" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-264" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2015-07-22 01:59
Modified
2024-11-21 02:31
Severity ?
Summary
The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.6 does not properly determine whether enough memory is available for storing IP address strings, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:wireshark:wireshark:1.12.0:*:*:*:*:*:*:*", "matchCriteriaId": "29AC5E99-9C21-4C2E-AE68-A4B887318577", "vulnerable": true }, { "criteria": "cpe:2.3:a:wireshark:wireshark:1.12.1:*:*:*:*:*:*:*", "matchCriteriaId": "B90C8934-01D8-4027-8A38-0B3230CC5077", "vulnerable": true }, { "criteria": "cpe:2.3:a:wireshark:wireshark:1.12.2:*:*:*:*:*:*:*", "matchCriteriaId": "49C89A62-69E2-40C5-9C75-FA6601A935A2", "vulnerable": true }, { "criteria": "cpe:2.3:a:wireshark:wireshark:1.12.3:*:*:*:*:*:*:*", "matchCriteriaId": "1946DDC9-E49F-4601-8448-E73B0480C880", "vulnerable": true }, { "criteria": "cpe:2.3:a:wireshark:wireshark:1.12.4:*:*:*:*:*:*:*", "matchCriteriaId": "E2F85560-F43E-46C5-9CD1-1A1D66E21580", "vulnerable": true }, { "criteria": "cpe:2.3:a:wireshark:wireshark:1.12.5:*:*:*:*:*:*:*", "matchCriteriaId": "2518D86A-623D-431E-9574-32B677D5FB94", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.6 does not properly determine whether enough memory is available for storing IP address strings, which allows remote attackers to cause a denial of service (application crash) via a crafted packet." }, { "lang": "es", "value": "Vulnerabilidad en la funci\u00f3n dissect_wccp2r1_address_table_info en epan/dissectors/packet-wccp.c en el WCCP dissector de Wireshark en su versi\u00f3n 1.12.x anteriores a 1.12.6 no determina adecuadamente si hay suficiente memoria disponible para almacenar cadenas de direcci\u00f3n IP, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio mediante la ca\u00edda de la aplicaci\u00f3n a trav\u00e9s de un paquete manipulado." } ], "id": "CVE-2015-4651", "lastModified": "2024-11-21T02:31:29.197", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2015-07-22T01:59:03.157", "references": [ { "source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00020.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2015/dsa-3294" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/75317" }, { "source": "cve@mitre.org", "url": "http://www.securitytracker.com/id/1032662" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.wireshark.org/security/wnpa-sec-2015-19.html" }, { "source": "cve@mitre.org", "tags": [ "Issue Tracking" ], "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11153" }, { "source": "cve@mitre.org", "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=524ed1df6e6126cd63ba419ccb82c83636d77ee4" }, { "source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201510-03" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00020.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2015/dsa-3294" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/75317" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1032662" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.wireshark.org/security/wnpa-sec-2015-19.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking" ], "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11153" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=524ed1df6e6126cd63ba419ccb82c83636d77ee4" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201510-03" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-399" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-07-01 15:15
Modified
2024-11-21 04:43
Severity ?
Summary
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158092.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | http://www.securityfocus.com/bid/109026 | Broken Link, Third Party Advisory, VDB Entry | |
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/158092 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10880743 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/109026 | Broken Link, Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/158092 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10880743 | Patch, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
ibm | db2 | 9.7.0.0 | |
ibm | db2 | 9.7.0.1 | |
ibm | db2 | 9.7.0.2 | |
ibm | db2 | 9.7.0.3 | |
ibm | db2 | 9.7.0.4 | |
ibm | db2 | 9.7.0.5 | |
ibm | db2 | 9.7.0.6 | |
ibm | db2 | 9.7.0.7 | |
ibm | db2 | 9.7.0.8 | |
ibm | db2 | 9.7.0.9 | |
ibm | db2 | 9.7.0.10 | |
ibm | db2 | 9.7.0.11 | |
ibm | db2 | 10.1.0.0 | |
ibm | db2 | 10.1.0.1 | |
ibm | db2 | 10.1.0.2 | |
ibm | db2 | 10.1.0.3 | |
ibm | db2 | 10.1.0.4 | |
ibm | db2 | 10.1.0.5 | |
ibm | db2 | 10.1.0.6 | |
ibm | db2 | 10.5.0.0 | |
ibm | db2 | 10.5.0.1 | |
ibm | db2 | 10.5.0.2 | |
ibm | db2 | 10.5.0.3 | |
ibm | db2 | 10.5.0.4 | |
ibm | db2 | 10.5.0.5 | |
ibm | db2 | 10.5.0.6 | |
ibm | db2 | 10.5.0.7 | |
ibm | db2 | 10.5.0.8 | |
ibm | db2 | 10.5.0.9 | |
ibm | db2 | 10.5.0.10 | |
ibm | db2 | 11.1.0.0 | |
ibm | db2 | 11.1.1.1 | |
ibm | db2 | 11.1.2.2 | |
ibm | db2 | 11.1.3.3 | |
ibm | db2 | 11.1.4.4 | |
hp | hp-ux | - | |
ibm | aix | - | |
linux | linux_kernel | - | |
microsoft | windows | - | |
oracle | solaris | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:db2:9.7.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "37B04412-3F3F-4918-A1DE-C99AF2EE9605", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:db2:9.7.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "A8A8E221-7045-4BAD-9B29-ABBC5216559D", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:db2:9.7.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "56C39DC1-AD23-4F26-9727-EC0FBDF84BEE", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:db2:9.7.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "2513D42C-E558-4CC7-88D3-BB44F1B40157", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:db2:9.7.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "6F441BE8-AEC0-44F0-875E-03C65A45CF68", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:db2:9.7.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "036E9715-CFAA-4F2A-B432-181EDCA3D812", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:db2:9.7.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "9A55FBA0-4DFC-493D-91EF-EB56C241F9CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:db2:9.7.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "B539123F-B8AC-4051-9458-A780C68E9667", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:db2:9.7.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "D3958E50-1F97-4C06-AF22-C635FB2557A0", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:db2:9.7.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "57AC4D14-805A-42F6-9348-D13C9A48136F", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:db2:9.7.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "0B54C55B-9288-4E04-B0D6-6765E5217DFE", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:db2:9.7.0.11:*:*:*:*:*:*:*", "matchCriteriaId": "AA99C5A3-D43E-4942-AE87-8DA46FCDCD47", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:db2:10.1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "BC0406EF-7EEF-4616-B1AD-A6E498FB6516", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:db2:10.1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "E5FA4086-9B5D-4352-B717-3F826DE17D4B", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:db2:10.1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "AD79FF24-6C10-437B-86AF-E211B8C6FDC5", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:db2:10.1.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "7ABB145C-44EE-47F5-9439-DE6433F8008E", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:db2:10.1.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "0F138E08-6808-4371-9E9C-096B01126B1C", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:db2:10.1.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "813AE6CA-39B5-448C-8781-F2C3B499160A", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:db2:10.1.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "E19D90B2-0B71-498B-8428-B27950E1D2A7", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:db2:10.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "1C577979-79CC-4DE2-8433-64595190A5E0", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:db2:10.5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "4B27E1F7-888C-40EE-85FF-B5DC099828C3", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:db2:10.5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "57DCF076-B475-41E6-B1ED-44FBC99238C2", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:db2:10.5.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "BDB1972D-F7FC-4ABA-9DEE-9953D2572944", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:db2:10.5.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "1D276299-D403-4C41-ACBF-A23383CB3FD6", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:db2:10.5.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "5830263A-6970-43B8-BF08-2886327004A6", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:db2:10.5.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "1F67DD01-F0E6-420E-A144-A8DD001BBBA2", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:db2:10.5.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "3AA78533-899B-4482-97A7-7E2730C18C7D", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:db2:10.5.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "E036B621-7EE1-41E0-AAEC-D13FCB17B2EB", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:db2:10.5.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "5EB95E38-7A78-4798-B0E2-814DAE1153A8", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:db2:10.5.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "1B95F778-8E2B-4A6D-BA3B-254F87B492BE", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:db2:11.1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "8E17D042-0EE4-4F81-8E39-D8730D792BCE", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:db2:11.1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "62B40593-EA0D-4134-BBA0-35DA70D3C6B9", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:db2:11.1.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "177780EE-76F9-41D9-83C9-48C5DFCF8702", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:db2:11.1.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "3E38BC34-066B-4B4D-929F-4E5C6BCB1442", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:db2:11.1.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "23910ECC-960A-44DF-BA8D-C1553D088EAF", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*", "matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C", "vulnerable": false }, { "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89", "vulnerable": false }, { "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false }, { "criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*", "matchCriteriaId": "F5027746-8216-452D-83C5-2F8E9546F2A5", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158092." }, { "lang": "es", "value": "IBM DB2 para Linux, UNIX y Windows (incluye DB2 Connect Server) versiones 9.7, 10.1, 10.5, y 11.0 usa algoritmos criptogr\u00e1ficos m\u00e1s d\u00e9biles de lo esperado que permitir\u00eda que un atacante descifre informaci\u00f3n muy confidencial. ID de IBM X-Force: 158092." } ], "id": "CVE-2019-4102", "lastModified": "2024-11-21T04:43:10.823", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "psirt@us.ibm.com", "type": "Secondary" } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-07-01T15:15:12.117", "references": [ { "source": "psirt@us.ibm.com", "tags": [ "Broken Link", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/109026" }, { "source": "psirt@us.ibm.com", "tags": [ "VDB Entry", "Vendor Advisory" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158092" }, { "source": "psirt@us.ibm.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880743" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/109026" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "VDB Entry", "Vendor Advisory" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158092" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880743" } ], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-326" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2014-10-15 15:55
Modified
2024-11-21 02:14
Severity ?
Summary
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:OPTIMIZER.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
mariadb | mariadb | * | |
mariadb | mariadb | * | |
oracle | mysql | * | |
oracle | mysql | * | |
oracle | solaris | 11.3 | |
suse | linux_enterprise_desktop | 12 | |
suse | linux_enterprise_server | 12 | |
suse | linux_enterprise_software_development_kit | 12 | |
suse | linux_enterprise_workstation_extension | 12 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", "matchCriteriaId": "AF35B328-2B85-4093-9288-2EF6043AA8DF", "versionEndExcluding": "5.5.40", "versionStartIncluding": "5.5.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", "matchCriteriaId": "2C55CD8E-8ADC-470C-9042-5C63221A2F09", "versionEndExcluding": "10.0.15", "versionStartIncluding": "10.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*", "matchCriteriaId": "CAA995C3-9B96-4B6F-A3E9-587F8468F551", "versionEndIncluding": "5.5.39", "versionStartIncluding": "5.5.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*", "matchCriteriaId": "D3E71621-9463-4E83-A99C-1D51E6352770", "versionEndIncluding": "5.6.20", "versionStartIncluding": "5.6.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*", "matchCriteriaId": "D2DF4815-B8CB-4AD3-B91D-2E09A8E318E9", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*", "matchCriteriaId": "15FC9014-BD85-4382-9D04-C0703E901D7A", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-:*:*:*:*:*:*", "matchCriteriaId": "1831D45A-EE6E-4220-8F8C-248B69520948", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:*:*:*:*:*:*:*", "matchCriteriaId": "9DFA18B6-2642-470A-A350-68947529EE5D", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:OPTIMIZER." }, { "lang": "es", "value": "Vulnerabilidad no especificada en Oracle MySQL Server 5.5.39 y versiones anteriores y 5.6.20 y versiones anteriores permite a usuarios remotos autenticados afectar la disponibilidad a trav\u00e9s de vectores relacionados con SERVER:OPTIMIZER." } ], "id": "CVE-2014-6469", "lastModified": "2024-11-21T02:14:27.057", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 6.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C", "version": "2.0" }, "exploitabilityScore": 8.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2014-10-15T15:55:08.387", "references": [ { "source": "secalert_us@oracle.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Not Applicable" ], "url": "http://secunia.com/advisories/61579" }, { "source": "secalert_us@oracle.com", "tags": [ "Not Applicable" ], "url": "http://secunia.com/advisories/62073" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "http://security.gentoo.org/glsa/glsa-201411-02.xml" }, { "source": "secalert_us@oracle.com", "tags": [ "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/70446" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Not Applicable" ], "url": "http://secunia.com/advisories/61579" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Not Applicable" ], "url": "http://secunia.com/advisories/62073" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://security.gentoo.org/glsa/glsa-201411-02.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/70446" } ], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2023-01-26 21:17
Modified
2024-11-21 07:27
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
IBM WebSphere Application Server 8.5 and 9.0 traditional container uses weaker than expected cryptographic keys that could allow an attacker to decrypt sensitive information. This affects only the containerized version of WebSphere Application Server traditional. IBM X-Force ID: 241045.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/241045 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6857007 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/241045 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6857007 | Patch, Vendor Advisory |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:traditional:*:*:*", "matchCriteriaId": "6C43FBAC-2DD2-43CB-AC5F-56741BB2A31C", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:traditional:*:*:*", "matchCriteriaId": "04523EB8-4CE0-4A44-B319-C3BB59B3B034", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*", "matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C", "vulnerable": false }, { "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89", "vulnerable": false }, { "criteria": "cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:*", "matchCriteriaId": "C684FC45-C9BA-4EF0-BD06-BB289450DD21", "vulnerable": false }, { "criteria": "cpe:2.3:o:ibm:z\\/os:-:*:*:*:*:*:*:*", "matchCriteriaId": "0E97A964-6F9E-4C87-9B90-21AE2C1DF52F", "vulnerable": false }, { "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false }, { "criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*", "matchCriteriaId": "F5027746-8216-452D-83C5-2F8E9546F2A5", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "\nIBM WebSphere Application Server 8.5 and 9.0 traditional container uses weaker than expected cryptographic keys that could allow an attacker to decrypt sensitive information. This affects only the containerized version of WebSphere Application Server traditional. IBM X-Force ID: 241045.\n\n" }, { "lang": "es", "value": "El contenedor tradicional IBM WebSphere Application Server 8.5 y 9.0 utiliza claves criptogr\u00e1ficas m\u00e1s d\u00e9biles de lo esperado que podr\u00edan permitir a un atacante descifrar informaci\u00f3n confidencial. Esto afecta s\u00f3lo a la versi\u00f3n en contenedores de WebSphere Application Server tradicional. ID de IBM X-Force: 241045." } ], "id": "CVE-2022-43917", "lastModified": "2024-11-21T07:27:21.630", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "psirt@us.ibm.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-01-26T21:17:49.503", "references": [ { "source": "psirt@us.ibm.com", "tags": [ "VDB Entry", "Vendor Advisory" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/241045" }, { "source": "psirt@us.ibm.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://www.ibm.com/support/pages/node/6857007" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "VDB Entry", "Vendor Advisory" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/241045" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://www.ibm.com/support/pages/node/6857007" } ], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-327" } ], "source": "psirt@us.ibm.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-327" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-06-10 12:29
Modified
2024-11-25 18:12
Severity ?
Summary
In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
twisted | twisted | * | |
fedoraproject | fedora | 29 | |
canonical | ubuntu_linux | 14.04 | |
canonical | ubuntu_linux | 16.04 | |
canonical | ubuntu_linux | 18.04 | |
canonical | ubuntu_linux | 19.10 | |
oracle | zfs_storage_appliance_kit | 8.8 | |
oracle | solaris | 11 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:twisted:twisted:*:*:*:*:*:*:*:*", "matchCriteriaId": "1E158350-303B-4ECB-AF5F-E076C149980E", "versionEndExcluding": "19.2.1", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", "matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*", "matchCriteriaId": "D3E503FB-6279-4D4A-91D8-E237ECF9D2B0", "vulnerable": true }, { "criteria": "cpe:2.3:o:oracle:solaris:11:*:*:*:*:*:*:*", "matchCriteriaId": "8E8C192B-8044-4BF9-9F1F-57371FC0E8FD", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF." }, { "lang": "es", "value": "En las versiones anteriores a 19.2.1. de Twisted, twisted.web no valid\u00f3 ni sane\u00f3 los URIs o los m\u00e9todos HTTP, permitiendo que un atacante inyecte caracteres no v\u00e1lidos tales como CRLF." } ], "id": "CVE-2019-12387", "lastModified": "2024-11-25T18:12:24.673", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-06-10T12:29:00.287", "references": [ { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00030.html" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00042.html" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/twisted/twisted/commit/6c61fc4503ae39ab8ecee52d10f10ee2c371d7e2" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Release Notes", "Vendor Advisory" ], "url": "https://labs.twistedmatrix.com/2019/06/twisted-1921-released.html" }, { "source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2G5RPDQ4BNB336HL6WW5ZJ344MAWNN7N/" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Release Notes", "Vendor Advisory" ], "url": "https://twistedmatrix.com/pipermail/twisted-python/2019-June/032352.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4308-1/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4308-2/" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00030.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00042.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/twisted/twisted/commit/6c61fc4503ae39ab8ecee52d10f10ee2c371d7e2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Release Notes", "Vendor Advisory" ], "url": "https://labs.twistedmatrix.com/2019/06/twisted-1921-released.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2G5RPDQ4BNB336HL6WW5ZJ344MAWNN7N/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Release Notes", "Vendor Advisory" ], "url": "https://twistedmatrix.com/pipermail/twisted-python/2019-June/032352.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4308-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4308-2/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-74" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2015-08-24 23:59
Modified
2024-11-21 02:34
Severity ?
Summary
The dissect_wa_payload function in epan/dissectors/packet-waveagent.c in the WaveAgent dissector in Wireshark 1.12.x before 1.12.7 mishandles large tag values, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*", "matchCriteriaId": "104DA87B-DEE4-4262-AE50-8E6BC43B228B", "vulnerable": true }, { "criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:wireshark:wireshark:1.12.0:*:*:*:*:*:*:*", "matchCriteriaId": "29AC5E99-9C21-4C2E-AE68-A4B887318577", "vulnerable": true }, { "criteria": "cpe:2.3:a:wireshark:wireshark:1.12.1:*:*:*:*:*:*:*", "matchCriteriaId": "B90C8934-01D8-4027-8A38-0B3230CC5077", "vulnerable": true }, { "criteria": "cpe:2.3:a:wireshark:wireshark:1.12.2:*:*:*:*:*:*:*", "matchCriteriaId": "49C89A62-69E2-40C5-9C75-FA6601A935A2", "vulnerable": true }, { "criteria": "cpe:2.3:a:wireshark:wireshark:1.12.3:*:*:*:*:*:*:*", "matchCriteriaId": "1946DDC9-E49F-4601-8448-E73B0480C880", "vulnerable": true }, { "criteria": "cpe:2.3:a:wireshark:wireshark:1.12.4:*:*:*:*:*:*:*", "matchCriteriaId": "E2F85560-F43E-46C5-9CD1-1A1D66E21580", "vulnerable": true }, { "criteria": "cpe:2.3:a:wireshark:wireshark:1.12.5:*:*:*:*:*:*:*", "matchCriteriaId": "2518D86A-623D-431E-9574-32B677D5FB94", "vulnerable": true }, { "criteria": "cpe:2.3:a:wireshark:wireshark:1.12.6:*:*:*:*:*:*:*", "matchCriteriaId": "FEA2B085-01D2-4707-A9F7-6545E4D6D99A", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The dissect_wa_payload function in epan/dissectors/packet-waveagent.c in the WaveAgent dissector in Wireshark 1.12.x before 1.12.7 mishandles large tag values, which allows remote attackers to cause a denial of service (application crash) via a crafted packet." }, { "lang": "es", "value": "Vulnerabilidad en la funci\u00f3n dissect_wa_payload en epan/dissectors/packet-waveagent.c en el disector WaveAgent en Wireshark 1.12.x en versiones anteriores a 1.12.7, no maneja adecuadamente los valores de etiqueta grandes, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de un paquete manipulado." } ], "id": "CVE-2015-6246", "lastModified": "2024-11-21T02:34:37.773", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2015-08-24T23:59:06.443", "references": [ { "source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168837.html" }, { "source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165509.html" }, { "source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00053.html" }, { "source": "cve@mitre.org", "url": "http://www.debian.org/security/2015/dsa-3367" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/76381" }, { "source": "cve@mitre.org", "url": "http://www.securitytracker.com/id/1033272" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.wireshark.org/security/wnpa-sec-2015-26.html" }, { "source": "cve@mitre.org", "tags": [ "Issue Tracking" ], "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11358" }, { "source": "cve@mitre.org", "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=5523726e6960fe9d7e301376fd7a94599f65fd42" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168837.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165509.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00053.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2015/dsa-3367" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/76381" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1033272" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.wireshark.org/security/wnpa-sec-2015-26.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking" ], "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11358" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=5523726e6960fe9d7e301376fd7a94599f65fd42" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-20" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2016-01-14 22:59
Modified
2024-11-21 02:42
Severity ?
Summary
The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
oracle | linux | 7 | |
oracle | solaris | 11.3 | |
openbsd | openssh | 5.4 | |
openbsd | openssh | 5.4 | |
openbsd | openssh | 5.5 | |
openbsd | openssh | 5.5 | |
openbsd | openssh | 5.6 | |
openbsd | openssh | 5.6 | |
openbsd | openssh | 5.7 | |
openbsd | openssh | 5.7 | |
openbsd | openssh | 5.8 | |
openbsd | openssh | 5.8 | |
openbsd | openssh | 5.9 | |
openbsd | openssh | 5.9 | |
openbsd | openssh | 6.0 | |
openbsd | openssh | 6.0 | |
openbsd | openssh | 6.1 | |
openbsd | openssh | 6.1 | |
openbsd | openssh | 6.2 | |
openbsd | openssh | 6.2 | |
openbsd | openssh | 6.2 | |
openbsd | openssh | 6.3 | |
openbsd | openssh | 6.3 | |
openbsd | openssh | 6.4 | |
openbsd | openssh | 6.4 | |
openbsd | openssh | 6.5 | |
openbsd | openssh | 6.5 | |
openbsd | openssh | 6.6 | |
openbsd | openssh | 6.6 | |
openbsd | openssh | 6.7 | |
openbsd | openssh | 6.7 | |
openbsd | openssh | 6.8 | |
openbsd | openssh | 6.8 | |
openbsd | openssh | 6.9 | |
openbsd | openssh | 6.9 | |
openbsd | openssh | 7.0 | |
openbsd | openssh | 7.0 | |
openbsd | openssh | 7.1 | |
openbsd | openssh | 7.1 | |
apple | mac_os_x | * | |
apple | mac_os_x | * | |
apple | mac_os_x | * | |
hp | virtual_customer_access_system | * | |
sophos | unified_threat_management_software | 9.353 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*", "matchCriteriaId": "104DA87B-DEE4-4262-AE50-8E6BC43B228B", "vulnerable": true }, { "criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:openbsd:openssh:5.4:*:*:*:*:*:*:*", "matchCriteriaId": "3356FDFD-BEA5-45A5-A36B-D1153AFE6C23", "vulnerable": true }, { "criteria": "cpe:2.3:a:openbsd:openssh:5.4:p1:*:*:*:*:*:*", "matchCriteriaId": "AA9D704A-D1E7-4989-9136-1EAD72EF6BE5", "vulnerable": true }, { "criteria": "cpe:2.3:a:openbsd:openssh:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "9394B8AD-AB22-4955-8774-C6BA2B56A260", "vulnerable": true }, { "criteria": "cpe:2.3:a:openbsd:openssh:5.5:p1:*:*:*:*:*:*", "matchCriteriaId": "78735121-6BA0-4158-B3D5-E4BACCA5E95A", "vulnerable": true }, { "criteria": "cpe:2.3:a:openbsd:openssh:5.6:*:*:*:*:*:*:*", "matchCriteriaId": "0C5D4A9B-1194-4D63-AAC2-8701C890BB0D", "vulnerable": true }, { "criteria": "cpe:2.3:a:openbsd:openssh:5.6:p1:*:*:*:*:*:*", "matchCriteriaId": "270BABBA-70A8-4FC7-962D-0D0D40F4497F", "vulnerable": true }, { "criteria": "cpe:2.3:a:openbsd:openssh:5.7:*:*:*:*:*:*:*", "matchCriteriaId": "F75DB5AE-E99D-4827-B290-823E015AEE34", "vulnerable": true }, { "criteria": "cpe:2.3:a:openbsd:openssh:5.7:p1:*:*:*:*:*:*", "matchCriteriaId": "A710EC9F-1352-4DF0-B1CF-9C51ACB078CB", "vulnerable": true }, { "criteria": "cpe:2.3:a:openbsd:openssh:5.8:*:*:*:*:*:*:*", "matchCriteriaId": "DA4F797B-8E2C-41AC-AA29-D6B50A539B2F", "vulnerable": true }, { "criteria": "cpe:2.3:a:openbsd:openssh:5.8:p1:*:*:*:*:*:*", "matchCriteriaId": "7F482203-0CF1-403C-A25C-9B0DA24F6282", "vulnerable": true }, { "criteria": "cpe:2.3:a:openbsd:openssh:5.9:*:*:*:*:*:*:*", "matchCriteriaId": "1E74684E-71D3-4458-A8BA-5248982273F3", "vulnerable": true }, { "criteria": "cpe:2.3:a:openbsd:openssh:5.9:p1:*:*:*:*:*:*", "matchCriteriaId": "9F3D478C-221F-4A07-8520-CD8856A75DCA", "vulnerable": true }, { "criteria": "cpe:2.3:a:openbsd:openssh:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A9754B4A-3042-49B8-86F7-2D60E25400C9", "vulnerable": true }, { "criteria": "cpe:2.3:a:openbsd:openssh:6.0:p1:*:*:*:*:*:*", "matchCriteriaId": "B018B05B-1311-4E0F-A9D0-620C1BF904A1", "vulnerable": true }, { "criteria": "cpe:2.3:a:openbsd:openssh:6.1:*:*:*:*:*:*:*", "matchCriteriaId": "3872787F-2C1C-40C0-B9CF-A3C0CEAAB400", "vulnerable": true }, { "criteria": "cpe:2.3:a:openbsd:openssh:6.1:p1:*:*:*:*:*:*", "matchCriteriaId": "728372F8-6561-473D-B54D-1DB41DA1CF55", "vulnerable": true }, { "criteria": "cpe:2.3:a:openbsd:openssh:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "39D1E296-3040-4CC9-B95B-3E07D73F1150", "vulnerable": true }, { "criteria": "cpe:2.3:a:openbsd:openssh:6.2:p1:*:*:*:*:*:*", "matchCriteriaId": "11BDA49F-C3E7-4D32-8105-E75525BFB2D4", "vulnerable": true }, { "criteria": "cpe:2.3:a:openbsd:openssh:6.2:p2:*:*:*:*:*:*", "matchCriteriaId": "CE153B9F-721D-42ED-A662-C2597B7BF073", "vulnerable": true }, { "criteria": "cpe:2.3:a:openbsd:openssh:6.3:*:*:*:*:*:*:*", "matchCriteriaId": "FCEE2677-16EE-484F-B2FB-FCA377E0D76B", "vulnerable": true }, { "criteria": "cpe:2.3:a:openbsd:openssh:6.3:p1:*:*:*:*:*:*", "matchCriteriaId": "254243DD-2E3E-48ED-A92C-8F4FD405DA57", "vulnerable": true }, { "criteria": "cpe:2.3:a:openbsd:openssh:6.4:*:*:*:*:*:*:*", "matchCriteriaId": "90798B9A-A1C6-4EC5-96BF-AF9C6FEFB63D", "vulnerable": true }, { "criteria": "cpe:2.3:a:openbsd:openssh:6.4:p1:*:*:*:*:*:*", "matchCriteriaId": "BCF734D8-1F01-498C-A917-5B528BFD9CAA", "vulnerable": true }, { "criteria": "cpe:2.3:a:openbsd:openssh:6.5:*:*:*:*:*:*:*", "matchCriteriaId": "5A8ABE51-1535-44D9-B2A1-CC91021A29D9", "vulnerable": true }, { "criteria": "cpe:2.3:a:openbsd:openssh:6.5:p1:*:*:*:*:*:*", "matchCriteriaId": "492F661C-45E4-4B9B-AD26-1873D91DBEA6", "vulnerable": true }, { "criteria": "cpe:2.3:a:openbsd:openssh:6.6:*:*:*:*:*:*:*", "matchCriteriaId": "546EB570-C2AC-473B-BED8-C47167D2593A", "vulnerable": true }, { "criteria": "cpe:2.3:a:openbsd:openssh:6.6:p1:*:*:*:*:*:*", "matchCriteriaId": "CA2C8269-9C66-4E41-A56C-ACC709DC2053", "vulnerable": true }, { "criteria": "cpe:2.3:a:openbsd:openssh:6.7:*:*:*:*:*:*:*", "matchCriteriaId": "64382F2C-15AC-41FE-A936-CEB44C1AFB9F", "vulnerable": true }, { "criteria": "cpe:2.3:a:openbsd:openssh:6.7:p1:*:*:*:*:*:*", "matchCriteriaId": "20B099B9-3D7E-47A4-94A5-B89759189D26", "vulnerable": true }, { "criteria": "cpe:2.3:a:openbsd:openssh:6.8:*:*:*:*:*:*:*", "matchCriteriaId": "65A8629A-CFAE-4403-BEE7-622912483702", "vulnerable": true }, { "criteria": "cpe:2.3:a:openbsd:openssh:6.8:p1:*:*:*:*:*:*", "matchCriteriaId": "50836FA3-8116-4D58-B73E-B4830FB3A551", "vulnerable": true }, { "criteria": "cpe:2.3:a:openbsd:openssh:6.9:*:*:*:*:*:*:*", "matchCriteriaId": "D0607649-62FE-41CB-9444-53CD9C5B67C0", "vulnerable": true }, { "criteria": "cpe:2.3:a:openbsd:openssh:6.9:p1:*:*:*:*:*:*", "matchCriteriaId": "3397D8DC-3410-401F-8854-BFCC35AD6686", "vulnerable": true }, { "criteria": "cpe:2.3:a:openbsd:openssh:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "0B0FB8D5-75CB-4691-AB9F-B4FA46973421", "vulnerable": true }, { "criteria": "cpe:2.3:a:openbsd:openssh:7.0:p1:*:*:*:*:*:*", "matchCriteriaId": "42DCED2D-76C5-49D1-A72D-E578CF686F5A", "vulnerable": true }, { "criteria": "cpe:2.3:a:openbsd:openssh:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "67E1B240-BD86-41D3-BAC1-96005CB31DEE", "vulnerable": true }, { "criteria": "cpe:2.3:a:openbsd:openssh:7.1:p1:*:*:*:*:*:*", "matchCriteriaId": "4BFC8587-FB9E-4FE2-B725-81CE3CE590F8", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "9A5FFEDD-1D4A-42A1-964A-88696925859A", "versionEndIncluding": "10.9.5", "versionStartIncluding": "10.9.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "6E4E9ED2-42E1-47F3-AFB4-C92A4E4FB554", "versionEndIncluding": "10.10.5", "versionStartIncluding": "10.10.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "2461051C-EB76-4022-8BBC-B3D26635240B", "versionEndIncluding": "10.11.3", "versionStartIncluding": "10.11.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:hp:virtual_customer_access_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "58F4BE0A-DBE6-45F7-9FA6-6A0BE2566631", "versionEndIncluding": "15.07", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:sophos:unified_threat_management_software:9.353:*:*:*:*:*:*:*", "matchCriteriaId": "9857D3A8-7942-4624-B3D6-9943D34030B8", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings." }, { "lang": "es", "value": "Las funciones (1) roaming_read y (2) roaming_write en roaming_common.c en el cliente en OpenSSH 5.x, 6.x y 7.x en versiones anteriores a 7.1p2, cuando ciertas opciones proxy y forward se encuentran habilitadas, no mantiene adecuadamente los descriptores de archivo de conexi\u00f3n, lo que permite a servidores remotos causar una denegaci\u00f3n de servicio (desbordamiento de buffer basado en memoria din\u00e1mica) o posiblemente tener otro impacto no especificado mediante la petici\u00f3n de varios reenv\u00edos." } ], "id": "CVE-2016-0778", "lastModified": "2024-11-21T02:42:21.793", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2016-01-14T22:59:02.280", "references": [ { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10734" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Release Notes", "Third Party Advisory" ], "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://seclists.org/fulldisclosure/2016/Jan/44" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2016/dsa-3446" }, { "source": "secalert@redhat.com", "tags": [ "Patch", "Release Notes", "Vendor Advisory" ], "url": "http://www.openssh.com/txt/release-7.1p2" }, { "source": "secalert@redhat.com", "tags": [ "Exploit", "Mailing List", "Technical Description", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2016/01/14/7" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/archive/1/537295/100/0/threaded" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/80698" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1034671" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2869-1" }, { "source": "secalert@redhat.com", "tags": [ "Release Notes", "Vendor Advisory" ], "url": "https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/" }, { "source": "secalert@redhat.com", "tags": [ "Release Notes", "Vendor Advisory" ], "url": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://bto.bluecoat.com/security-advisory/sa109" }, { "source": "secalert@redhat.com", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201601-01" }, { "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ], "url": "https://support.apple.com/HT206167" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10734" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Release Notes", "Third Party Advisory" ], "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://seclists.org/fulldisclosure/2016/Jan/44" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2016/dsa-3446" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Release Notes", "Vendor Advisory" ], "url": "http://www.openssh.com/txt/release-7.1p2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Mailing List", "Technical Description", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2016/01/14/7" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/archive/1/537295/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/80698" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1034671" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2869-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Release Notes", "Vendor Advisory" ], "url": "https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Release Notes", "Vendor Advisory" ], "url": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://bto.bluecoat.com/security-advisory/sa109" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201601-01" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://support.apple.com/HT206167" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-119" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2017-01-27 22:59
Modified
2024-11-21 03:01
Severity ?
Summary
The casrvc program in CA Common Services, as used in CA Client Automation 12.8, 12.9, and 14.0; CA SystemEDGE 5.8.2 and 5.9; CA Systems Performance for Infrastructure Managers 12.8 and 12.9; CA Universal Job Management Agent 11.2; CA Virtual Assurance for Infrastructure Managers 12.8 and 12.9; CA Workload Automation AE 11, 11.3, 11.3.5, and 11.3.6 on AIX, HP-UX, Linux, and Solaris allows local users to modify arbitrary files and consequently gain root privileges via vectors related to insufficient validation.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
broadcom | ca_workload_automation_ae | 11.0 | |
broadcom | ca_workload_automation_ae | 11.3 | |
broadcom | ca_workload_automation_ae | 11.3.5 | |
broadcom | ca_workload_automation_ae | 11.3.6 | |
broadcom | client_automation | 12.8 | |
broadcom | client_automation | 12.9 | |
broadcom | client_automation | 14.0 | |
broadcom | systemedge | 5.8.2 | |
broadcom | systemedge | 5.9 | |
broadcom | systems_performance_for_infrastructure_managers | 12.8 | |
broadcom | systems_performance_for_infrastructure_managers | 12.9 | |
ca | universal_job_management_agent | 11.2 | |
ca | virtual_assurance_for_infrastructure_managers | 12.8 | |
ca | virtual_assurance_for_infrastructure_managers | 12.9 | |
hp | hp-ux | * | |
ibm | aix | * | |
linux | linux_kernel | * | |
oracle | solaris | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:broadcom:ca_workload_automation_ae:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "ACC707BC-3838-4020-9C96-A70588C72174", "vulnerable": true }, { "criteria": "cpe:2.3:a:broadcom:ca_workload_automation_ae:11.3:*:*:*:*:*:*:*", "matchCriteriaId": "E2F5DC90-D003-4578-8057-41E14B48B955", "vulnerable": true }, { "criteria": "cpe:2.3:a:broadcom:ca_workload_automation_ae:11.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "C9F7FAAA-D5BB-4EB2-A461-5791E83FC841", "vulnerable": true }, { "criteria": "cpe:2.3:a:broadcom:ca_workload_automation_ae:11.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "A211A974-F62C-4FDB-BCFA-014FAF6034A8", "vulnerable": true }, { "criteria": "cpe:2.3:a:broadcom:client_automation:12.8:*:*:*:*:*:*:*", "matchCriteriaId": "04C3CC5B-ABA3-4983-804D-9750407F843B", "vulnerable": true }, { "criteria": "cpe:2.3:a:broadcom:client_automation:12.9:*:*:*:*:*:*:*", "matchCriteriaId": "22DB3489-2FDD-4781-87C4-65DB7BAC0F6B", "vulnerable": true }, { "criteria": "cpe:2.3:a:broadcom:client_automation:14.0:*:*:*:*:*:*:*", "matchCriteriaId": "48505905-DB88-428F-B3D7-929EA2321F6A", "vulnerable": true }, { "criteria": "cpe:2.3:a:broadcom:systemedge:5.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "30E64970-338B-4AE7-9EA1-54D6A6241DC0", "vulnerable": true }, { "criteria": "cpe:2.3:a:broadcom:systemedge:5.9:*:*:*:*:*:*:*", "matchCriteriaId": "CB89C4C3-4964-4D65-AC8C-58E998D1E1EE", "vulnerable": true }, { "criteria": "cpe:2.3:a:broadcom:systems_performance_for_infrastructure_managers:12.8:*:*:*:*:*:*:*", "matchCriteriaId": "703F0FDD-D2BE-4E1B-893B-223985668A5E", "vulnerable": true }, { "criteria": "cpe:2.3:a:broadcom:systems_performance_for_infrastructure_managers:12.9:*:*:*:*:*:*:*", "matchCriteriaId": "E793CCF3-5CFB-4670-9C1E-46FCD0738994", "vulnerable": true }, { "criteria": "cpe:2.3:a:ca:universal_job_management_agent:11.2:*:*:*:*:*:*:*", "matchCriteriaId": "2CA05936-4D9F-4D3D-B2AF-48AB986EB2EC", "vulnerable": true }, { "criteria": "cpe:2.3:a:ca:virtual_assurance_for_infrastructure_managers:12.8:*:*:*:*:*:*:*", "matchCriteriaId": "99DD6651-7B25-4FA6-B579-932FB77BF3CD", "vulnerable": true }, { "criteria": "cpe:2.3:a:ca:virtual_assurance_for_infrastructure_managers:12.9:*:*:*:*:*:*:*", "matchCriteriaId": "EC386DBF-5C12-4710-B79F-D8FF7AA13115", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:hp:hp-ux:*:*:*:*:*:*:*:*", "matchCriteriaId": "61A4F116-1FEE-450E-99AE-6AD9ACDDE570", "vulnerable": false }, { "criteria": "cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*", "matchCriteriaId": "F7F01A55-7C37-4BAF-A4D4-61E8AC54FF79", "vulnerable": false }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37", "vulnerable": false }, { "criteria": "cpe:2.3:o:oracle:solaris:*:*:*:*:*:*:*:*", "matchCriteriaId": "05924C67-F9A0-450E-A5B8-059651DD32E3", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The casrvc program in CA Common Services, as used in CA Client Automation 12.8, 12.9, and 14.0; CA SystemEDGE 5.8.2 and 5.9; CA Systems Performance for Infrastructure Managers 12.8 and 12.9; CA Universal Job Management Agent 11.2; CA Virtual Assurance for Infrastructure Managers 12.8 and 12.9; CA Workload Automation AE 11, 11.3, 11.3.5, and 11.3.6 on AIX, HP-UX, Linux, and Solaris allows local users to modify arbitrary files and consequently gain root privileges via vectors related to insufficient validation." }, { "lang": "es", "value": "El programa casrvc en CA Common Services, tal como se usa en CA Client Automation 12.8, 12.9, y 14.0; CA SystemEDGE 5.8.2 y 5.9; CA Systems Performance for Infrastructure Managers 12.8 y 12.9; CA Universal Job Management Agent 11.2; CA Virtual Assurance for Infrastructure Managers 12.8 y 12.9; CA Workload Automation AE 11, 11.3, 11.3.5 y 11.3.6 en AIX, HP-UX, Linux y Solaris permite a usuarios locales modificar archivos arbitrarios y consecuentemente obtener privilegios de root a trav\u00e9s de vectores relacionados con validaci\u00f3n insuficiente." } ], "id": "CVE-2016-9795", "lastModified": "2024-11-21T03:01:44.663", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-01-27T22:59:02.100", "references": [ { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/archive/1/540062/100/0/threaded" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/95819" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1037730" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20170126-01--security-notice-for-ca-common-services-casrvc.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/archive/1/540062/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/95819" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1037730" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20170126-01--security-notice-for-ca-common-services-casrvc.html" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-20" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2017-02-01 20:59
Modified
2024-11-21 03:00
Severity ?
Summary
IBM BigFix Inventory v9 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg21995037 | Vendor Advisory | |
psirt@us.ibm.com | http://www.securityfocus.com/bid/95128 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg21995037 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/95128 | Third Party Advisory, VDB Entry |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
ibm | license_metric_tool | 9.2.0 | |
hp | hp-ux | * | |
ibm | aix | * | |
linux | linux_kernel | * | |
microsoft | windows | * | |
oracle | solaris | * | |
ibm | bigfix_inventory | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:license_metric_tool:9.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "7A9465A8-0C19-40C5-ADEB-B0EE8EC964CE", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:hp:hp-ux:*:*:*:*:*:*:*:*", "matchCriteriaId": "61A4F116-1FEE-450E-99AE-6AD9ACDDE570", "vulnerable": false }, { "criteria": "cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*", "matchCriteriaId": "F7F01A55-7C37-4BAF-A4D4-61E8AC54FF79", "vulnerable": false }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256", "vulnerable": false }, { "criteria": "cpe:2.3:o:oracle:solaris:*:*:*:*:*:*:*:*", "matchCriteriaId": "05924C67-F9A0-450E-A5B8-059651DD32E3", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:bigfix_inventory:*:*:*:*:*:*:*:*", "matchCriteriaId": "E8C15EB9-71EE-4096-9D08-F3061A81AACA", "versionEndIncluding": "9.2", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "IBM BigFix Inventory v9 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim." }, { "lang": "es", "value": "IBM BigFix Inventory v9 podr\u00eda permitir a un atacante remoto realizar ataques de phishing, utilizando un ataque de redirecci\u00f3n abierto. Persuadiendo a una v\u00edctima para que visite una web especialmente manipulada, un atacante remoto podr\u00eda explotar esta vulnerabilidad para falsificar la URL mostrada para redirigir a un usuario a un sitio web malicioso que parecer\u00eda ser de confianza. Esto podr\u00eda permitir al atacante obtener informaci\u00f3n altamente sensible o realizar nuevos ataques contra la v\u00edctima." } ], "id": "CVE-2016-8961", "lastModified": "2024-11-21T03:00:22.603", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0" }, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-02-01T20:59:03.020", "references": [ { "source": "psirt@us.ibm.com", "tags": [ "Vendor Advisory" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg21995037" }, { "source": "psirt@us.ibm.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/95128" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg21995037" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/95128" } ], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-601" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2021-01-26 15:15
Modified
2024-11-21 05:33
Severity ?
Summary
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 192025.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/192025 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6408244 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/192025 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6408244 | Patch, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
ibm | websphere_application_server | * | |
ibm | websphere_application_server | * | |
ibm | websphere_application_server | * | |
ibm | websphere_application_server | * | |
hp | hp-ux | - | |
ibm | aix | - | |
ibm | i | - | |
ibm | z\/os | - | |
linux | linux_kernel | - | |
microsoft | windows | - | |
oracle | solaris | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "9FBC4C46-A044-4A5C-80EF-2BCBF9351CEB", "versionEndIncluding": "7.0.0.45", "versionStartIncluding": "7.0.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "E596AE8A-34AD-43F3-A97E-DC79CE517C8B", "versionEndIncluding": "8.0.0.15", "versionStartIncluding": "8.0.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "382E5CBC-38E3-4F5C-8110-CA35E92DC943", "versionEndIncluding": "8.5.5.18", "versionStartIncluding": "8.5.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "F390039E-A164-4AFF-8C63-0ED129F17C04", "versionEndIncluding": "9.0.5.6", "versionStartIncluding": "9.0.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*", "matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C", "vulnerable": false }, { "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89", "vulnerable": false }, { "criteria": "cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:*", "matchCriteriaId": "C684FC45-C9BA-4EF0-BD06-BB289450DD21", "vulnerable": false }, { "criteria": "cpe:2.3:o:ibm:z\\/os:-:*:*:*:*:*:*:*", "matchCriteriaId": "0E97A964-6F9E-4C87-9B90-21AE2C1DF52F", "vulnerable": false }, { "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false }, { "criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*", "matchCriteriaId": "F5027746-8216-452D-83C5-2F8E9546F2A5", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 192025." }, { "lang": "es", "value": "IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0, es vulnerable a un ataque de tipo XML External Entity Injection (XXE) al procesar datos XML.\u0026#xa0;Un atacante remoto podr\u00eda aprovechar esta vulnerabilidad para exponer informaci\u00f3n confidencial o consumir recursos de memoria.\u0026#xa0;IBM X-Force ID: 192025" } ], "id": "CVE-2020-4949", "lastModified": "2024-11-21T05:33:27.897", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L", "version": "3.0" }, "exploitabilityScore": 3.9, "impactScore": 4.2, "source": "psirt@us.ibm.com", "type": "Secondary" } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2021-01-26T15:15:13.493", "references": [ { "source": "psirt@us.ibm.com", "tags": [ "VDB Entry", "Vendor Advisory" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192025" }, { "source": "psirt@us.ibm.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://www.ibm.com/support/pages/node/6408244" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "VDB Entry", "Vendor Advisory" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192025" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://www.ibm.com/support/pages/node/6408244" } ], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-611" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2015-05-14 10:59
Modified
2024-11-21 02:27
Severity ?
Summary
Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
mozilla | firefox | * | |
novell | suse_linux_enterprise_software_development_kit | 12.0 | |
novell | suse_linux_enterprise_desktop | 12.0 | |
novell | suse_linux_enterprise_server | 12.0 | |
opensuse | opensuse | 13.1 | |
opensuse | opensuse | 13.2 | |
mozilla | thunderbird | * | |
oracle | solaris | 11.3 | |
mozilla | firefox | 31.0 | |
mozilla | firefox | 31.1.0 | |
mozilla | firefox | 31.1.1 | |
mozilla | firefox | 31.3.0 | |
mozilla | firefox | 31.5.1 | |
mozilla | firefox | 31.5.2 | |
mozilla | firefox | 31.5.3 | |
mozilla | firefox_esr | 31.1 | |
mozilla | firefox_esr | 31.2 | |
mozilla | firefox_esr | 31.3 | |
mozilla | firefox_esr | 31.4 | |
mozilla | firefox_esr | 31.5 | |
mozilla | firefox_esr | 31.6.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "7CF7EA41-388C-43CA-82A3-BBED9947CD49", "versionEndIncluding": "37.0.2", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "336EC5B8-6FD8-42BB-9530-58A15238CEE1", "vulnerable": true }, { "criteria": "cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "EA04C9F1-6257-4D82-BA0B-37DE66D94736", "vulnerable": true }, { "criteria": "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "C384D0B6-8A5C-45CA-8CD9-7F4E967FE4F0", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "FC3823E9-1BAA-4402-95E2-7AF5B793DEBE", "versionEndIncluding": "31.5", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:mozilla:firefox:31.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11F024A-A8B7-405B-8A13-4BF406FBDB22", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:31.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "D81A3698-797C-4CD9-BB02-A9182E0A6E11", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:31.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "84E8D7C7-B578-4623-9EA2-D13965DBE1F3", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:31.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "C3E5D043-71F8-4A61-BEA4-176153E26FD6", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:31.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "51CBE0A9-1D05-4F88-B5B5-1592D4A4687E", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:31.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "902BF23B-C1B9-41F2-BF5D-C1722C3DBFFD", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:31.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "60521E93-3495-40F7-AA72-EE531F8FA09D", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox_esr:31.1:*:*:*:*:*:*:*", "matchCriteriaId": "6D7AAC77-57A3-4747-B760-0EE3CD53E4DE", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox_esr:31.2:*:*:*:*:*:*:*", "matchCriteriaId": "7DCA6959-24B7-4F86-BE25-0A8A7C1A3D13", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox_esr:31.3:*:*:*:*:*:*:*", "matchCriteriaId": "697EA344-F982-4E9F-9EC8-CCCB5829582B", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox_esr:31.4:*:*:*:*:*:*:*", "matchCriteriaId": "61304847-1DC8-442C-8194-28E52B3C1293", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox_esr:31.5:*:*:*:*:*:*:*", "matchCriteriaId": "8DF9724E-93B2-4BC7-8181-6D9521A6CC37", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox_esr:31.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9DAF8682-9B5E-4DE7-AEB0-71D5E4E6E01C", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283." }, { "lang": "es", "value": "Desbordamiento de buffer en el analizador XML en Mozilla Firefox en versiones anteriores a 38.0, Firefox ESR 31.x en versiones anteriores a 31.7 y Thunderbird en versiones anteriores a 31.7 permite a atacantes remotos ejecutar c\u00f3digo arbitrario proporcionando una gran cantidad de datos XML comprimidos, un problema relacionado con CVE-2015-1283." } ], "id": "CVE-2015-2716", "lastModified": "2024-11-21T02:27:54.340", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2015-05-14T10:59:09.117", "references": [ { "source": "security@mozilla.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html" }, { "source": "security@mozilla.org", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00054.html" }, { "source": "security@mozilla.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00000.html" }, { "source": "security@mozilla.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html" }, { "source": "security@mozilla.org", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html" }, { "source": "security@mozilla.org", "url": "http://rhn.redhat.com/errata/RHSA-2015-0988.html" }, { "source": "security@mozilla.org", "url": "http://rhn.redhat.com/errata/RHSA-2015-1012.html" }, { "source": "security@mozilla.org", "url": "http://www.debian.org/security/2015/dsa-3260" }, { "source": "security@mozilla.org", "url": "http://www.debian.org/security/2015/dsa-3264" }, { "source": "security@mozilla.org", "tags": [ "Vendor Advisory" ], "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-54.html" }, { "source": "security@mozilla.org", "tags": [ "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "source": "security@mozilla.org", "url": "http://www.securityfocus.com/bid/74611" }, { "source": "security@mozilla.org", "url": "http://www.ubuntu.com/usn/USN-2602-1" }, { "source": "security@mozilla.org", "url": "http://www.ubuntu.com/usn/USN-2603-1" }, { "source": "security@mozilla.org", "tags": [ "Issue Tracking" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1140537" }, { "source": "security@mozilla.org", "url": "https://hg.mozilla.org/releases/mozilla-esr31/rev/2f3e78643f5c" }, { "source": "security@mozilla.org", "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365" }, { "source": "security@mozilla.org", "url": "https://security.gentoo.org/glsa/201605-06" }, { "source": "security@mozilla.org", "url": "https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird31.7" }, { "source": "security@mozilla.org", "url": "https://www.tenable.com/security/tns-2016-20" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00054.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00000.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2015-0988.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2015-1012.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2015/dsa-3260" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2015/dsa-3264" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-54.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/74611" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-2602-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-2603-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1140537" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://hg.mozilla.org/releases/mozilla-esr31/rev/2f3e78643f5c" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201605-06" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird31.7" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.tenable.com/security/tns-2016-20" } ], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-119" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2016-01-20 16:59
Modified
2024-11-21 02:32
Severity ?
Summary
The template-validate command in OpenStack Orchestration API (Heat) before 2015.1.3 (kilo) and 5.0.x before 5.0.1 (liberty) allows remote authenticated users to cause a denial of service (memory consumption) or determine the existence of local files via the resource type in a template, as demonstrated by file:///dev/zero.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
openstack | orchestration_api | * | |
openstack | orchestration_api | * | |
redhat | openstack | 7.0 | |
fedoraproject | fedora | 23 | |
oracle | solaris | 11.3 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:openstack:orchestration_api:*:*:*:*:*:*:*:*", "matchCriteriaId": "8062966E-5693-4940-A6CC-5031B6A5719E", "versionEndExcluding": "5.0.1", "versionStartIncluding": "5.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:openstack:orchestration_api:*:*:*:*:*:*:*:*", "matchCriteriaId": "C75BAD38-70DD-4B13-A3A8-AEA14F77808D", "versionEndExcluding": "2015.1.3", "versionStartIncluding": "2015.1.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "9DAA72A4-AC7D-4544-89D4-5B07961D5A95", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*", "matchCriteriaId": "E79AB8DD-C907-4038-A931-1A5A4CFB6A5B", "vulnerable": true }, { "criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The template-validate command in OpenStack Orchestration API (Heat) before 2015.1.3 (kilo) and 5.0.x before 5.0.1 (liberty) allows remote authenticated users to cause a denial of service (memory consumption) or determine the existence of local files via the resource type in a template, as demonstrated by file:///dev/zero." }, { "lang": "es", "value": "El comando template-validate en OpenStack Orchestration API (Heat) en versiones anteriores a 2015.1.3 (kilo) y 5.0.x en versiones anteriores a 5.0.1 (liberty) permite a usuarios remotos autenticados provocar una denegaci\u00f3n de servicio (consumo de memoria) o determinar la existencia de archivos locales a trav\u00e9s del tipo de recurso en una plantilla, seg\u00fan lo demostrado por el archivo:///dev/zero." } ], "id": "CVE-2015-5295", "lastModified": "2024-11-21T02:32:43.990", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 5.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 8.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "version": "3.0" }, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2016-01-20T16:59:00.113", "references": [ { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176700.html" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0266.html" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/81438" }, { "source": "secalert@redhat.com", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://bugs.launchpad.net/heat/+bug/1496277" }, { "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ], "url": "https://security.openstack.org/ossa/OSSA-2016-003.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176700.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0266.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/81438" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://bugs.launchpad.net/heat/+bug/1496277" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://security.openstack.org/ossa/OSSA-2016-003.html" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-119" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2016-04-21 11:00
Modified
2024-11-21 02:50
Severity ?
Summary
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect availability via vectors related to ZFS.
References
▼ | URL | Tags | |
---|---|---|---|
secalert_us@oracle.com | http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | Patch, Vendor Advisory | |
secalert_us@oracle.com | http://www.securitytracker.com/id/1035629 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1035629 | Third Party Advisory, VDB Entry |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect availability via vectors related to ZFS." }, { "lang": "es", "value": "Vulnerabilidad no especificada en Oracle Sun Solaris 10 y 11.3 permite a usuarios locales afectar la disponibilidad a trav\u00e9s de vectores relacionados con ZFS." } ], "id": "CVE-2016-3465", "lastModified": "2024-11-21T02:50:03.810", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2016-04-21T11:00:43.980", "references": [ { "source": "secalert_us@oracle.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1035629" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1035629" } ], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2018-01-18 02:29
Modified
2024-11-21 04:04
Severity ?
Summary
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: SPARC Platform). Supported versions that are affected are 10 and 11.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Solaris accessible data as well as unauthorized access to critical data or complete access to all Solaris accessible data. CVSS 3.0 Base Score 6.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N).
References
▼ | URL | Tags | |
---|---|---|---|
secalert_us@oracle.com | http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | Patch, Vendor Advisory | |
secalert_us@oracle.com | http://www.securityfocus.com/bid/102613 | Third Party Advisory, VDB Entry | |
secalert_us@oracle.com | http://www.securitytracker.com/id/1040215 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102613 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040215 | Third Party Advisory, VDB Entry |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:oracle:solaris:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "FC633250-EB1E-4484-9BCB-977C8F9EB0B2", "vulnerable": true }, { "criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: SPARC Platform). Supported versions that are affected are 10 and 11.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Solaris accessible data as well as unauthorized access to critical data or complete access to all Solaris accessible data. CVSS 3.0 Base Score 6.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N)." }, { "lang": "es", "value": "Vulnerabilidad en el componente Solaris de Oracle Sun Systems Products Suite (subcomponente: SPARC Platform). Las versiones compatibles que se han visto afectadas son la 10 y la 11.3. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con pocos privilegios que tenga permisos de inicio de sesi\u00f3n en la infraestructura en la que se ejecuta Solaris comprometa la seguridad de Solaris. Para que los ataques tengan \u00e9xito, se necesita la participaci\u00f3n de otra persona diferente del atacante. Los ataques exitosos a esta vulnerabilidad pueden resultar en el acceso no autorizado a la actualizaci\u00f3n, inserci\u00f3n o supresi\u00f3n de datos confidenciales o de todos los datos accesibles de Solaris, as\u00ed como el acceso sin autorizaci\u00f3n a datos confidenciales o todos los datos accesibles de Solaris. CVSS 3.0 Base Score 6.6 (impactos de confidencialidad e integridad). Vector CVSS: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N)." } ], "id": "CVE-2018-2717", "lastModified": "2024-11-21T04:04:19.030", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 3.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 3.4, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "version": "3.0" }, "exploitabilityScore": 1.3, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2018-01-18T02:29:24.773", "references": [ { "source": "secalert_us@oracle.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/102613" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1040215" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/102613" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1040215" } ], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2015-08-16 01:59
Modified
2024-11-21 02:31
Severity ?
Summary
The js::jit::AssemblerX86Shared::lock_addl function in the JavaScript implementation in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to cause a denial of service (application crash) by leveraging the use of shared memory and accessing (1) an Atomics object or (2) a SharedArrayBuffer object.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", "matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "40AB4FC4-00EA-4C4E-81D8-170BD068B28B", "versionEndIncluding": "39.0.3", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:38.0:*:*:*:*:*:*:*", "matchCriteriaId": "35BF0AFB-26BA-4BEA-B6B8-11CF88E951DE", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:38.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "1F007CC6-9391-4E1C-A747-F3DE5E572FA5", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:38.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "45E9641F-430C-4B3A-BD63-EC13DBD3D1E4", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:38.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "5AADD23B-A8AF-4679-990D-C29A1D6EB5CD", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The js::jit::AssemblerX86Shared::lock_addl function in the JavaScript implementation in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to cause a denial of service (application crash) by leveraging the use of shared memory and accessing (1) an Atomics object or (2) a SharedArrayBuffer object." }, { "lang": "es", "value": "Vulnerabilidad en la funci\u00f3n js::jit::AssemblerX86Shared::lock_addl en la implementaci\u00f3n de JavaScript en Mozilla Firefox en versiones anteriores a 40.0 y Firefox ESR 38.x en versiones anteriores a 38.2, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) mediante del aprovechamiento del uso memoria compartida y el acceso (1) a un objeto Atomics o (2) a un objeto SharedArrayBuffer." } ], "id": "CVE-2015-4484", "lastModified": "2024-11-21T02:31:10.377", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2015-08-16T01:59:12.050", "references": [ { "source": "security@mozilla.org", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html" }, { "source": "security@mozilla.org", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html" }, { "source": "security@mozilla.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html" }, { "source": "security@mozilla.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html" }, { "source": "security@mozilla.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html" }, { "source": "security@mozilla.org", "url": "http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html" }, { "source": "security@mozilla.org", "url": "http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html" }, { "source": "security@mozilla.org", "url": "http://rhn.redhat.com/errata/RHSA-2015-1586.html" }, { "source": "security@mozilla.org", "url": "http://www.debian.org/security/2015/dsa-3333" }, { "source": "security@mozilla.org", "tags": [ "Vendor Advisory" ], "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-87.html" }, { "source": "security@mozilla.org", "tags": [ "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "source": "security@mozilla.org", "url": "http://www.securitytracker.com/id/1033247" }, { "source": "security@mozilla.org", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2702-1" }, { "source": "security@mozilla.org", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2702-2" }, { "source": "security@mozilla.org", "url": "http://www.ubuntu.com/usn/USN-2702-3" }, { "source": "security@mozilla.org", "tags": [ "Issue Tracking" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1171540" }, { "source": "security@mozilla.org", "url": "https://security.gentoo.org/glsa/201605-06" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2015-1586.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2015/dsa-3333" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-87.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1033247" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2702-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2702-2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-2702-3" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1171540" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201605-06" } ], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-119" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2010-10-14 02:00
Modified
2024-11-21 01:18
Severity ?
Summary
Unspecified vulnerability in Oracle Solaris 9 and 10, and OpenSolaris, allows local users to affect integrity and availability via unknown vectors related to Device Drivers.
References
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:oracle:opensolaris:*:*:*:*:*:*:*:*", "matchCriteriaId": "7D7F3547-5085-43B2-8179-4AC23F4A9CE6", "vulnerable": true }, { "criteria": "cpe:2.3:o:oracle:solaris:9:*:*:*:*:*:*:*", "matchCriteriaId": "4F864AD7-53A2-4225-870F-062876CE45DD", "vulnerable": true }, { "criteria": "cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*", "matchCriteriaId": "964B57CD-CB8A-4520-B358-1C93EC5EF2DC", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in Oracle Solaris 9 and 10, and OpenSolaris, allows local users to affect integrity and availability via unknown vectors related to Device Drivers." }, { "lang": "es", "value": "Vulnerabilidad no especificada en Oracle Solaris v9 y v10, y OpenSolaris, permite a usuarios locales afectar a la integridad y disponibilidad a trav\u00e9s de vectores desconocidos relacionados con Device Drivers." } ], "id": "CVE-2010-3513", "lastModified": "2024-11-21T01:18:54.163", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 2.4, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:H/Au:S/C:N/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 1.5, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2010-10-14T02:00:03.180", "references": [ { "source": "secalert_us@oracle.com", "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" }, { "source": "secalert_us@oracle.com", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html" } ], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2023-07-10 16:15
Modified
2024-11-21 07:53
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked class instantiation when providing plugin classes. By sending a specially crafted request using the named pluginClassName class, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 249516.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:db2:10.5.0.11:*:*:*:*:*:*:*", "matchCriteriaId": "522925FD-12E1-4F2A-9036-58B630EBBA09", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:db2:11.1.4.7:*:*:*:*:*:*:*", "matchCriteriaId": "112E9B7F-FA07-4B44-9EAE-2CB1121EA33F", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:-:*:*", "matchCriteriaId": "2788AA73-3346-4454-948E-9C1556DDDEBA", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*", "matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C", "vulnerable": false }, { "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89", "vulnerable": false }, { "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false }, { "criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*", "matchCriteriaId": "91F372EA-3A78-4703-A457-751B2C98D796", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked class instantiation when providing plugin classes. By sending a specially crafted request using the named pluginClassName class, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 249516." } ], "id": "CVE-2023-27868", "lastModified": "2024-11-21T07:53:36.427", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "psirt@us.ibm.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-07-10T16:15:50.127", "references": [ { "source": "psirt@us.ibm.com", "tags": [ "VDB Entry", "Vendor Advisory" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/249516" }, { "source": "psirt@us.ibm.com", "url": "https://security.netapp.com/advisory/ntap-20230803-0006/" }, { "source": "psirt@us.ibm.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://www.ibm.com/support/pages/node/7010029" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "VDB Entry", "Vendor Advisory" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/249516" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20230803-0006/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://www.ibm.com/support/pages/node/7010029" } ], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-94" } ], "source": "psirt@us.ibm.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-94" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2018-07-18 13:29
Modified
2024-11-21 04:04
Severity ?
Summary
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Availability Suite Service). Supported versions that are affected are 10 and 11.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in takeover of Solaris. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
References
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:oracle:solaris:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "FC633250-EB1E-4484-9BCB-977C8F9EB0B2", "vulnerable": true }, { "criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Availability Suite Service). Supported versions that are affected are 10 and 11.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in takeover of Solaris. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)." }, { "lang": "es", "value": "Vulnerabilidad en el componente Solaris de Oracle Sun Systems Products Suite (subcomponente: Availability Suite Service). Las versiones soportadas que se han visto afectadas son la 10 y la 11.3. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con pocos privilegios que tenga permisos de inicio de sesi\u00f3n en la infraestructura en la que se ejecuta Solaris comprometa la seguridad de Solaris. Los ataques exitosos a esta vulnerabilidad pueden resultar en la toma de control de Solaris. CVSS 3.0 Base Score 7.8 (impactos en la confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)." } ], "id": "CVE-2018-2892", "lastModified": "2024-11-21T04:04:41.793", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2018-07-18T13:29:00.570", "references": [ { "source": "secalert_us@oracle.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" }, { "source": "secalert_us@oracle.com", "url": "http://www.securityfocus.com/bid/104799" }, { "source": "secalert_us@oracle.com", "url": "http://www.securitytracker.com/id/1041303" }, { "source": "secalert_us@oracle.com", "url": "https://www.exploit-db.com/exploits/45126/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/104799" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1041303" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/45126/" } ], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2014-09-03 10:55
Modified
2024-11-21 02:04
Severity ?
Summary
Use-after-free vulnerability in the mozilla::DOMSVGLength::GetTearOff function in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an SVG animation with DOM interaction that triggers incorrect cycle collection.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:opensuse:evergreen:11.4:*:*:*:*:*:*:*", "matchCriteriaId": "CCE4D64E-8C4B-4F21-A9B0-90637C85C1D0", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "4D8AEBE9-C88E-47F0-8ACC-18DADFD571A0", "versionEndIncluding": "31.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:30.0:*:*:*:*:*:*:*", "matchCriteriaId": "38EBC9E7-46AD-4DCD-AA7B-5071F55E3755", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:31.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11F024A-A8B7-405B-8A13-4BF406FBDB22", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:thunderbird:31.0:*:*:*:*:*:*:*", "matchCriteriaId": "707DE052-DE3E-4FC3-994C-52FF7B5373C1", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Use-after-free vulnerability in the mozilla::DOMSVGLength::GetTearOff function in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an SVG animation with DOM interaction that triggers incorrect cycle collection." }, { "lang": "es", "value": "Vulnerabilidad de uso despu\u00e9s de liberaci\u00f3n en la funci\u00f3n mozilla::DOMSVGLength::GetTearOff en Mozilla Firefox anterior a 32.0, Firefox ESR 31.x anterior a 31.1 y Thunderbird 31.x anterior a 31.1 permite a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de la memoria din\u00e1mica) a trav\u00e9s de una animaci\u00f3n SVG con interacci\u00f3n DOM que provoca la recolecci\u00f3n incorrecta de ciclos." } ], "evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/416.html\" target=\"_blank\"\u003eCWE-416: Use After Free\u003c/a\u003e", "id": "CVE-2014-1563", "lastModified": "2024-11-21T02:04:35.387", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2014-09-03T10:55:06.590", "references": [ { "source": "security@mozilla.org", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00003.html" }, { "source": "security@mozilla.org", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html" }, { "source": "security@mozilla.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html" }, { "source": "security@mozilla.org", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00011.html" }, { "source": "security@mozilla.org", "url": "http://secunia.com/advisories/60148" }, { "source": "security@mozilla.org", "url": "http://secunia.com/advisories/61114" }, { "source": "security@mozilla.org", "tags": [ "Vendor Advisory" ], "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-68.html" }, { "source": "security@mozilla.org", "tags": [ "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "source": "security@mozilla.org", "url": "http://www.securityfocus.com/bid/69523" }, { "source": "security@mozilla.org", "url": "http://www.securitytracker.com/id/1030793" }, { "source": "security@mozilla.org", "url": "http://www.securitytracker.com/id/1030794" }, { "source": "security@mozilla.org", "tags": [ "Issue Tracking" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1018524" }, { "source": "security@mozilla.org", "url": "https://security.gentoo.org/glsa/201504-01" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00003.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00011.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/60148" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/61114" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-68.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/69523" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1030793" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1030794" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1018524" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201504-01" } ], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-416" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2017-02-01 20:59
Modified
2024-11-21 03:00
Severity ?
Summary
IBM BigFix Inventory v9 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg21995013 | Vendor Advisory | |
psirt@us.ibm.com | http://www.securityfocus.com/bid/95141 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg21995013 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/95141 | Third Party Advisory, VDB Entry |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
ibm | license_metric_tool | 9.2.0 | |
hp | hp-ux | * | |
ibm | aix | * | |
linux | linux_kernel | * | |
microsoft | windows | * | |
oracle | solaris | * | |
ibm | bigfix_inventory | 9.2 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:license_metric_tool:9.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "7A9465A8-0C19-40C5-ADEB-B0EE8EC964CE", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:hp:hp-ux:*:*:*:*:*:*:*:*", "matchCriteriaId": "61A4F116-1FEE-450E-99AE-6AD9ACDDE570", "vulnerable": false }, { "criteria": "cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*", "matchCriteriaId": "F7F01A55-7C37-4BAF-A4D4-61E8AC54FF79", "vulnerable": false }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256", "vulnerable": false }, { "criteria": "cpe:2.3:o:oracle:solaris:*:*:*:*:*:*:*:*", "matchCriteriaId": "05924C67-F9A0-450E-A5B8-059651DD32E3", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:bigfix_inventory:9.2:*:*:*:*:*:*:*", "matchCriteriaId": "756EF6F6-8E1F-41BB-9A88-C12A6806F0D0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "IBM BigFix Inventory v9 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources." }, { "lang": "es", "value": "IBM BigFix Inventory v9 es vulnerable a una denegaci\u00f3n de servicio, provocada por un error XML Entity Injection (XXE) al procesar datos XML. Un atacante remoto podr\u00eda explotar esta vulnerabilidad para exponer informaci\u00f3n altamente sensible o consumir todos los recursos de memoria disponibles." } ], "id": "CVE-2016-8980", "lastModified": "2024-11-21T03:00:24.280", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:C", "version": "2.0" }, "exploitabilityScore": 8.0, "impactScore": 7.8, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.0" }, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-02-01T20:59:03.097", "references": [ { "source": "psirt@us.ibm.com", "tags": [ "Vendor Advisory" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg21995013" }, { "source": "psirt@us.ibm.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/95141" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg21995013" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/95141" } ], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-611" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2020-01-28 19:15
Modified
2024-11-21 04:43
Severity ?
Summary
IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS could allow a remote attacker with intimate knowledge of the server to cause a denial of service when receiving data on the channel. IBM X-Force ID: 166629.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/166629 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/1106517 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/166629 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/1106517 | Vendor Advisory |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:mq:*:*:*:*:*:*:*:*", "matchCriteriaId": "307594DE-42ED-4BCA-9E0B-E8ECA97DB799", "versionEndExcluding": "8.0.0.14", "versionStartIncluding": "8.0.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:mq:*:*:*:*:lts:*:*:*", "matchCriteriaId": "8455D1E8-4FF2-40B1-AE62-453218308BFA", "versionEndExcluding": "9.0.0.8", "versionStartIncluding": "9.0.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:*:*:*:*", "matchCriteriaId": "540183D8-751B-4442-9A2A-95D26AB8D23B", "versionEndExcluding": "8.0.0.14", "versionStartIncluding": "8.0.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*", "matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C", "vulnerable": false }, { "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89", "vulnerable": false }, { "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false }, { "criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*", "matchCriteriaId": "91F372EA-3A78-4703-A457-751B2C98D796", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS could allow a remote attacker with intimate knowledge of the server to cause a denial of service when receiving data on the channel. IBM X-Force ID: 166629." }, { "lang": "es", "value": "IBM MQ e IBM MQ Appliance versiones 8.0 y 9.0 LTS, podr\u00edan permitir a un atacante remoto con un conocimiento \u00edntimo del servidor causar una denegaci\u00f3n de servicio cuando son recibidos datos en el canal. ID de IBM X-Force: 166629." } ], "id": "CVE-2019-4568", "lastModified": "2024-11-21T04:43:45.067", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "psirt@us.ibm.com", "type": "Secondary" } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2020-01-28T19:15:13.017", "references": [ { "source": "psirt@us.ibm.com", "tags": [ "VDB Entry", "Vendor Advisory" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/166629" }, { "source": "psirt@us.ibm.com", "tags": [ "Vendor Advisory" ], "url": "https://www.ibm.com/support/pages/node/1106517" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "VDB Entry", "Vendor Advisory" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/166629" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.ibm.com/support/pages/node/1106517" } ], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2013-11-19 04:50
Modified
2024-11-21 01:59
Severity ?
Summary
The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
chrome | * | ||
oracle | solaris | 11.3 | |
artifex | gpl_ghostscript | * | |
libjpeg-turbo | libjpeg-turbo | * | |
fedoraproject | fedora | 18 | |
fedoraproject | fedora | 19 | |
fedoraproject | fedora | 20 | |
opensuse | opensuse | 12.2 | |
opensuse | opensuse | 12.3 | |
opensuse | opensuse | 13.1 | |
canonical | ubuntu_linux | 10.04 | |
canonical | ubuntu_linux | 12.04 | |
canonical | ubuntu_linux | 12.10 | |
canonical | ubuntu_linux | 13.04 | |
canonical | ubuntu_linux | 13.10 | |
debian | debian_linux | 7.0 | |
debian | debian_linux | 8.0 | |
mozilla | firefox | * | |
mozilla | firefox_esr | * | |
mozilla | seamonkey | * | |
mozilla | thunderbird | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "matchCriteriaId": "9AC57EF9-A495-423F-AD0D-2425218CC1C4", "versionEndExcluding": "31.0.1650.48", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:artifex:gpl_ghostscript:*:*:*:*:*:*:*:*", "matchCriteriaId": "48EA0775-5691-4AF4-8C0C-2E0E0CF435D0", "versionEndExcluding": "9.03", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:*:*:*:*:*:*:*:*", "matchCriteriaId": "032082CC-42FC-458A-9F96-1D16BAABDDF0", "versionEndExcluding": "1.3.1", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*", "matchCriteriaId": "E14271AE-1309-48F3-B9C6-D7DEEC488279", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*", "matchCriteriaId": "5991814D-CA77-4C25-90D2-DB542B17E0AD", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", "matchCriteriaId": "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*", "matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*", "matchCriteriaId": "01EDA41C-6B2E-49AF-B503-EB3882265C11", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*", "matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*", "matchCriteriaId": "EFAA48D9-BEB4-4E49-AD50-325C262D46D9", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*", "matchCriteriaId": "7F61F047-129C-41A6-8A27-FFCBB8563E91", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "50A3A702-C2B1-4311-9EBC-D62079E3DCD5", "versionEndExcluding": "26.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", "matchCriteriaId": "C9F9FD5D-37C7-4FEC-8BA9-A630C5FC4CDD", "versionEndExcluding": "24.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*", "matchCriteriaId": "D337932C-EF9D-4511-87DB-54262C6635D9", "versionEndExcluding": "2.23", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "60375410-A29A-427B-B090-F0E131EC08B5", "versionEndExcluding": "24.2.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image." }, { "lang": "es", "value": "La funci\u00f3n get_sos de jdmarker.c en libjpeg 6b y libjpeg-turbo hasta la versi\u00f3n 1.3.0, tal y como se usa en Google Chrome anterior a la versi\u00f3n 31.0.1650.48, Ghostscript y otros productos, no comprueba ciertas duplicaciones de datos de componentes durante la lectura de segmentos que siguen marcadores Start Of Scan (SOS), lo que permite a atacantes remotos obtener informaci\u00f3n sensible desde localizaciones de memoria sin inicializar a trav\u00e9s de una imagen JPEG manipulada." } ], "id": "CVE-2013-6629", "lastModified": "2024-11-21T01:59:23.963", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2013-11-19T04:50:56.250", "references": [ { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://advisories.mageia.org/MGASA-2013-0333.html" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0080.html" }, { "source": "cve@mitre.org", "tags": [ "Issue Tracking", "Vendor Advisory" ], "url": "http://bugs.ghostscript.com/show_bug.cgi?id=686980" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124108.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/125470.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00026.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00086.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00087.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00119.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00120.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00121.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00002.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html" }, { "source": "cve@mitre.org", "tags": [ "Issue Tracking", "Mailing List", "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=140852886808946\u0026w=2" }, { "source": "cve@mitre.org", "tags": [ "Issue Tracking", "Mailing List", "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=140852886808946\u0026w=2" }, { "source": "cve@mitre.org", "tags": [ "Issue Tracking", "Mailing List", "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=140852974709252\u0026w=2" }, { "source": "cve@mitre.org", "tags": [ "Issue Tracking", "Mailing List", "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=140852974709252\u0026w=2" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1803.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1804.html" }, { "source": "cve@mitre.org", "tags": [ "Not Applicable" ], "url": "http://secunia.com/advisories/56175" }, { "source": "cve@mitre.org", "tags": [ "Not Applicable" ], "url": "http://secunia.com/advisories/58974" }, { "source": "cve@mitre.org", "tags": [ "Not Applicable" ], "url": "http://secunia.com/advisories/59058" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://support.apple.com/kb/HT6150" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://support.apple.com/kb/HT6162" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://support.apple.com/kb/HT6163" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672080" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676746" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2013/dsa-2799" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:273" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-116.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" }, { "source": "cve@mitre.org", "tags": [ "Broken Link", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/63676" }, { "source": "cve@mitre.org", "tags": [ "Broken Link", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1029470" }, { "source": "cve@mitre.org", "tags": [ "Broken Link", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1029476" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2052-1" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2053-1" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2060-1" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2014:0413" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2014:0414" }, { "source": "cve@mitre.org", "tags": [ "Issue Tracking", "Patch", "Third Party Advisory" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=891693" }, { "source": "cve@mitre.org", "tags": [ "Issue Tracking", "Third Party Advisory" ], "url": "https://code.google.com/p/chromium/issues/detail?id=258723" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2013-6629" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201606-03" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://src.chromium.org/viewvc/chrome?revision=229729\u0026view=revision" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://www.ibm.com/support/docview.wss?uid=swg21675973" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://advisories.mageia.org/MGASA-2013-0333.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0080.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Vendor Advisory" ], "url": "http://bugs.ghostscript.com/show_bug.cgi?id=686980" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124108.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/125470.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00026.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00086.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00087.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00119.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00120.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00121.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00002.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Mailing List", "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=140852886808946\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Mailing List", "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=140852886808946\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Mailing List", "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=140852974709252\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Mailing List", "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=140852974709252\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1803.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1804.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Not Applicable" ], "url": "http://secunia.com/advisories/56175" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Not Applicable" ], "url": "http://secunia.com/advisories/58974" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Not Applicable" ], "url": "http://secunia.com/advisories/59058" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://support.apple.com/kb/HT6150" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://support.apple.com/kb/HT6162" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://support.apple.com/kb/HT6163" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672080" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676746" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2013/dsa-2799" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:273" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-116.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/63676" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1029470" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1029476" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2052-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2053-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2060-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2014:0413" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2014:0414" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Patch", "Third Party Advisory" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=891693" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Third Party Advisory" ], "url": "https://code.google.com/p/chromium/issues/detail?id=258723" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2013-6629" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201606-03" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://src.chromium.org/viewvc/chrome?revision=229729\u0026view=revision" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.ibm.com/support/docview.wss?uid=swg21675973" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-200" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-09-13 21:15
Modified
2024-11-21 06:46
Severity ?
Summary
IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to an information disclosure in some scenarios due to unauthorized access caused by improper privilege management when CREATE OR REPLACE command is used. IBM X-Force ID: 225979.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
ibm | db2 | 9.7.0.0 | |
ibm | db2 | 9.7.0.0 | |
ibm | db2 | 9.7.0.0 | |
ibm | db2 | 10.1 | |
ibm | db2 | 10.1 | |
ibm | db2 | 10.1 | |
ibm | db2 | 10.5 | |
ibm | db2 | 10.5 | |
ibm | db2 | 10.5 | |
ibm | db2 | 11.1 | |
ibm | db2 | 11.1 | |
ibm | db2 | 11.1 | |
ibm | db2 | 11.5 | |
ibm | db2 | 11.5 | |
ibm | db2 | 11.5 | |
hp | hp-ux | - | |
ibm | aix | - | |
linux | linux_kernel | - | |
microsoft | windows | - | |
oracle | solaris | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:db2:9.7.0.0:*:*:*:*:linux:*:*", "matchCriteriaId": "B086C74D-FD81-4032-9F70-290CE183B0E0", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:db2:9.7.0.0:*:*:*:*:unix:*:*", "matchCriteriaId": "78D395FE-473A-44D1-A2E5-451111B36255", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:db2:9.7.0.0:*:*:*:*:windows:*:*", "matchCriteriaId": "316E63FD-A22E-42DC-BF9F-DA0B932C3384", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:linux:*:*", "matchCriteriaId": "719EC236-1B9A-4D32-AE10-E092AA0673FE", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:unix:*:*", "matchCriteriaId": "837A367A-5376-402B-8584-F1D93392AC04", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:windows:*:*", "matchCriteriaId": "34F92819-22F3-451A-94D8-1112D426BD17", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:linux:*:*", "matchCriteriaId": "C9AB7540-A007-4554-A0E6-F75FDECB41FE", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:unix:*:*", "matchCriteriaId": "E48B9069-E7BD-480F-90B3-3791D5D2E79E", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:windows:*:*", "matchCriteriaId": "9A04E067-F41C-494B-B59A-92B9FA001122", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:linux:*:*", "matchCriteriaId": "A2ED357E-CBC6-454F-9B9E-E98E9A139376", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:unix:*:*", "matchCriteriaId": "33D92200-08A1-42F4-98B8-52584342C18B", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:windows:*:*", "matchCriteriaId": "A49F8B60-EAC8-46B6-9F48-6C877E41D615", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:linux:*:*", "matchCriteriaId": "42CB728E-ECA8-40DE-83E7-8AF390AA61FA", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:unix:*:*", "matchCriteriaId": "9105BCAD-F2C6-4568-B497-D72424753B58", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:windows:*:*", "matchCriteriaId": "ADF7E611-0330-437D-9535-B710EC2FDA00", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*", "matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C", "vulnerable": false }, { "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89", "vulnerable": false }, { "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false }, { "criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*", "matchCriteriaId": "F5027746-8216-452D-83C5-2F8E9546F2A5", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to an information disclosure in some scenarios due to unauthorized access caused by improper privilege management when CREATE OR REPLACE command is used. IBM X-Force ID: 225979." }, { "lang": "es", "value": "IBM Db2 para Linux, UNIX y Windows versiones 9.7, 10.1, 10.5, 11.1 y 11.5, es vulnerable a una divulgaci\u00f3n de informaci\u00f3n en algunos escenarios debido a un acceso no autorizado causado por una administraci\u00f3n de privilegios inapropiada cuando es usado el comando CREATE OR REPLACE. IBM X-Force ID: 225979" } ], "id": "CVE-2022-22483", "lastModified": "2024-11-21T06:46:52.733", "metrics": { "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "psirt@us.ibm.com", "type": "Secondary" } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-09-13T21:15:09.107", "references": [ { "source": "psirt@us.ibm.com", "tags": [ "VDB Entry", "Vendor Advisory" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/225979" }, { "source": "psirt@us.ibm.com", "url": "https://security.netapp.com/advisory/ntap-20230921-0004/" }, { "source": "psirt@us.ibm.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://www.ibm.com/support/pages/node/6618779" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "VDB Entry", "Vendor Advisory" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/225979" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20230921-0004/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://www.ibm.com/support/pages/node/6618779" } ], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-269" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2021-04-30 16:15
Modified
2024-11-21 05:46
Severity ?
Summary
IBM Informix Dynamic Server 14.10 is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A local privileged user could overflow a buffer and execute arbitrary code on the system or cause a denial of service condition. IBM X-Force ID: 198366.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/198366 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6448568 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/198366 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6448568 | Patch, Vendor Advisory |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:14.10:*:*:*:*:*:*:*", "matchCriteriaId": "B33D65F4-09CB-4C6C-8D0D-D9EA513F4E07", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*", "matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C", "vulnerable": false }, { "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89", "vulnerable": false }, { "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false }, { "criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*", "matchCriteriaId": "F5027746-8216-452D-83C5-2F8E9546F2A5", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "IBM Informix Dynamic Server 14.10 is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A local privileged user could overflow a buffer and execute arbitrary code on the system or cause a denial of service condition. IBM X-Force ID: 198366." }, { "lang": "es", "value": "IBM Informix Dynamic Server versi\u00f3n 14.10, es vulnerable a un desbordamiento del b\u00fafer en la regi\u00f3n stack de la memoria, causado por una comprobaci\u00f3n de l\u00edmites inapropiada.\u0026#xa0;Un usuario privilegiado local podr\u00eda desbordar un b\u00fafer y ejecutar c\u00f3digo arbitrario en el sistema o causar una condici\u00f3n de denegaci\u00f3n de servicio.\u0026#xa0; IBM X-Force ID: 198366." } ], "id": "CVE-2021-20515", "lastModified": "2024-11-21T05:46:42.370", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "psirt@us.ibm.com", "type": "Secondary" } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2021-04-30T16:15:07.587", "references": [ { "source": "psirt@us.ibm.com", "tags": [ "VDB Entry", "Vendor Advisory" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198366" }, { "source": "psirt@us.ibm.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://www.ibm.com/support/pages/node/6448568" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "VDB Entry", "Vendor Advisory" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198366" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://www.ibm.com/support/pages/node/6448568" } ], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-787" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2021-08-30 17:15
Modified
2024-11-21 06:01
Severity ?
Summary
IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 201095.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/201095 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6484681 | Patch, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6484685 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/201095 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6484681 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6484685 | Patch, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
ibm | sterling_external_authentication_server | 2.4.3.2 | |
ibm | sterling_external_authentication_server | 6.0.1.0 | |
ibm | sterling_external_authentication_server | 6.0.2.0 | |
ibm | sterling_secure_proxy | 3.4.3.2 | |
ibm | sterling_secure_proxy | 6.0.1 | |
ibm | sterling_secure_proxy | 6.0.2 | |
hp | hp-ux | - | |
ibm | aix | - | |
ibm | linux_on_ibm_z | - | |
linux | linux_kernel | - | |
microsoft | windows | - | |
oracle | solaris | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:sterling_external_authentication_server:2.4.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "36EA9E71-6071-4461-9084-61DBFA9563EA", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:sterling_external_authentication_server:6.0.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "4299C0FA-56DD-4577-8247-35BB68E5B754", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:sterling_external_authentication_server:6.0.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "41BDBD94-2DF8-48AC-9B26-2E72C9788385", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:sterling_secure_proxy:3.4.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "C577B025-AAD0-425B-A5D1-754D45904D5A", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:sterling_secure_proxy:6.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "93E61906-5B5D-4C82-8132-B537F8538957", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:sterling_secure_proxy:6.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "2092419E-7646-489D-941A-8501411C5AE9", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*", "matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C", "vulnerable": false }, { "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89", "vulnerable": false }, { "criteria": "cpe:2.3:o:ibm:linux_on_ibm_z:-:*:*:*:*:*:*:*", "matchCriteriaId": "B955E472-47E3-4C32-847B-F6BB05594BA3", "vulnerable": false }, { "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false }, { "criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*", "matchCriteriaId": "F5027746-8216-452D-83C5-2F8E9546F2A5", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 201095." }, { "lang": "es", "value": "IBM Sterling Secure Proxy versiones 6.0.1, 6.0.2, 2.4.3.2 y 3.4.3.2, usa algoritmos criptogr\u00e1ficos m\u00e1s d\u00e9biles de lo esperado que podr\u00edan permitir a un atacante descifrar informaci\u00f3n altamente confidencial. IBM X-Force ID: 201095." } ], "id": "CVE-2021-29722", "lastModified": "2024-11-21T06:01:41.643", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "psirt@us.ibm.com", "type": "Secondary" } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2021-08-30T17:15:07.413", "references": [ { "source": "psirt@us.ibm.com", "tags": [ "VDB Entry", "Vendor Advisory" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/201095" }, { "source": "psirt@us.ibm.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://www.ibm.com/support/pages/node/6484681" }, { "source": "psirt@us.ibm.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://www.ibm.com/support/pages/node/6484685" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "VDB Entry", "Vendor Advisory" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/201095" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://www.ibm.com/support/pages/node/6484681" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://www.ibm.com/support/pages/node/6484685" } ], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-327" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2010-10-14 02:00
Modified
2024-11-21 01:18
Severity ?
Summary
Unspecified vulnerability in the Solaris component in Oracle Solaris 9 and 10, and OpenSolaris, allows local users to affect availability via unknown vectors related to Kernel/Disk Driver.
References
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:oracle:opensolaris:*:*:*:*:*:*:*:*", "matchCriteriaId": "7D7F3547-5085-43B2-8179-4AC23F4A9CE6", "vulnerable": true }, { "criteria": "cpe:2.3:o:oracle:solaris:9:*:*:*:*:*:*:*", "matchCriteriaId": "4F864AD7-53A2-4225-870F-062876CE45DD", "vulnerable": true }, { "criteria": "cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*", "matchCriteriaId": "964B57CD-CB8A-4520-B358-1C93EC5EF2DC", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in the Solaris component in Oracle Solaris 9 and 10, and OpenSolaris, allows local users to affect availability via unknown vectors related to Kernel/Disk Driver." }, { "lang": "es", "value": "Vulnerabilidad no especificada en el componente de Solaris, en Oracle Solaris v9 y v10, y OpenSolaris, permite a usuarios locales afectar la disponibilidad a trav\u00e9s de vectores desconocidos relacionados con Kernel/Disk Driver." } ], "id": "CVE-2010-3515", "lastModified": "2024-11-21T01:18:54.367", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:H/Au:N/C:N/I:N/A:C", "version": "2.0" }, "exploitabilityScore": 1.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2010-10-14T02:00:03.260", "references": [ { "source": "secalert_us@oracle.com", "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" }, { "source": "secalert_us@oracle.com", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html" } ], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2020-05-14 16:15
Modified
2024-11-21 05:32
Severity ?
Summary
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 could expose sensitive information to a user through a specially crafted HTTP request. IBM X-Force ID: 176606.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/176606 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6208041 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/176606 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6208041 | Vendor Advisory |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:sterling_file_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "741A91A5-9394-4951-8D24-DD6F144E3C8F", "versionEndIncluding": "5.2.6.5_1", "versionStartIncluding": "5.2.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:sterling_file_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "B96C8437-56A8-4B0A-8339-5FFBCE070243", "versionEndIncluding": "6.0.3.1", "versionStartIncluding": "6.0.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*", "matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C", "vulnerable": false }, { "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89", "vulnerable": false }, { "criteria": "cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:*", "matchCriteriaId": "C684FC45-C9BA-4EF0-BD06-BB289450DD21", "vulnerable": false }, { "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false }, { "criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*", "matchCriteriaId": "91F372EA-3A78-4703-A457-751B2C98D796", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 could expose sensitive information to a user through a specially crafted HTTP request. IBM X-Force ID: 176606." }, { "lang": "es", "value": "IBM Sterling B2B Integrator Standard Edition versiones 5.2.0.0 hasta 6.0.3.1, podr\u00eda exponer informaci\u00f3n confidencial a un usuario por medio de una petici\u00f3n HTTP especialmente dise\u00f1ada. IBM X-Force ID: 176606." } ], "id": "CVE-2020-4299", "lastModified": "2024-11-21T05:32:32.837", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0" }, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "psirt@us.ibm.com", "type": "Secondary" } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2020-05-14T16:15:15.327", "references": [ { "source": "psirt@us.ibm.com", "tags": [ "VDB Entry", "Vendor Advisory" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/176606" }, { "source": "psirt@us.ibm.com", "tags": [ "Vendor Advisory" ], "url": "https://www.ibm.com/support/pages/node/6208041" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "VDB Entry", "Vendor Advisory" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/176606" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.ibm.com/support/pages/node/6208041" } ], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2015-02-08 11:59
Modified
2024-11-21 02:21
Severity ?
Summary
The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
oracle | solaris | 10.0 | |
oracle | solaris | 11.2 | |
canonical | ubuntu_linux | 10.04 | |
canonical | ubuntu_linux | 12.04 | |
canonical | ubuntu_linux | 14.04 | |
canonical | ubuntu_linux | 14.10 | |
canonical | ubuntu_linux | 15.04 | |
fedoraproject | fedora | 20 | |
fedoraproject | fedora | 21 | |
freetype | freetype | * | |
debian | debian_linux | 7.0 | |
opensuse | opensuse | 13.1 | |
opensuse | opensuse | 13.2 | |
redhat | enterprise_linux_desktop | 6.0 | |
redhat | enterprise_linux_desktop | 7.0 | |
redhat | enterprise_linux_hpc_node | 6 | |
redhat | enterprise_linux_hpc_node | 7.0 | |
redhat | enterprise_linux_hpc_node_eus | 7.1 | |
redhat | enterprise_linux_server | 6.0 | |
redhat | enterprise_linux_server | 7.0 | |
redhat | enterprise_linux_server_eus | 6.6.z | |
redhat | enterprise_linux_server_eus | 7.1 | |
redhat | enterprise_linux_workstation | 6.0 | |
redhat | enterprise_linux_workstation | 7.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:oracle:solaris:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "FC633250-EB1E-4484-9BCB-977C8F9EB0B2", "vulnerable": true }, { "criteria": "cpe:2.3:o:oracle:solaris:11.2:*:*:*:*:*:*:*", "matchCriteriaId": "0B1C288F-326B-497B-B26C-D26E01262DDB", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*", "matchCriteriaId": "5D37DF0F-F863-45AC-853A-3E04F9FEC7CA", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*", "matchCriteriaId": "49A63F39-30BE-443F-AF10-6245587D3359", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", "matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", "matchCriteriaId": "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*", "matchCriteriaId": "56BDB5A0-0839-4A20-A003-B8CD56F48171", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:freetype:freetype:*:*:*:*:*:*:*:*", "matchCriteriaId": "05EE9A32-E91F-4C68-B3A9-AC5AB35C2BB3", "versionEndIncluding": "2.5.3", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:6:*:*:*:*:*:*:*", "matchCriteriaId": "8CDFD93B-693D-46DC-9C39-FDECB3E619E8", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "3C84489B-B08C-4854-8A12-D01B6E45CF79", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "7071F0C7-E43E-4F2E-9FEB-E8FB3DEA4749", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.6.z:*:*:*:*:*:*:*", "matchCriteriaId": "3FB4F7C3-1521-42B6-9820-15C2B156BAD6", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "0E8CD4EF-DC90-40BB-A721-6EC087507906", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font." }, { "lang": "es", "value": "La funci\u00f3n tt_face_load_kern en sfnt/ttkern.c en FreeType anterior a 2.5.4 fuerza una longitud de tabla m\u00ednima incorrecta, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (lectura fuera de rango) o posiblemente tener otro impacto no especificado a trav\u00e9s de una fuente TrueType manipulada." } ], "id": "CVE-2014-9658", "lastModified": "2024-11-21T02:21:21.737", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2015-02-08T11:59:20.647", "references": [ { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://advisories.mageia.org/MGASA-2015-0083.html" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://code.google.com/p/google-security-research/issues/detail?id=194" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f70d9342e65cd2cb44e9f26b6d7edeedf191fc6c" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0696.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2015/dsa-3188" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:055" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/72986" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2510-1" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2739-1" }, { "source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201503-05" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://advisories.mageia.org/MGASA-2015-0083.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://code.google.com/p/google-security-research/issues/detail?id=194" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f70d9342e65cd2cb44e9f26b6d7edeedf191fc6c" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0696.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2015/dsa-3188" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:055" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/72986" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2510-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2739-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201503-05" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-125" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2016-07-05 01:59
Modified
2024-11-21 02:53
Severity ?
Summary
ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
ntp | ntp | * | |
ntp | ntp | * | |
ntp | ntp | 4.2.8 | |
ntp | ntp | 4.2.8 | |
ntp | ntp | 4.2.8 | |
ntp | ntp | 4.2.8 | |
ntp | ntp | 4.2.8 | |
ntp | ntp | 4.2.8 | |
ntp | ntp | 4.2.8 | |
ntp | ntp | 4.2.8 | |
ntp | ntp | 4.2.8 | |
ntp | ntp | 4.2.8 | |
ntp | ntp | 4.2.8 | |
ntp | ntp | 4.2.8 | |
ntp | ntp | 4.2.8 | |
ntp | ntp | 4.2.8 | |
ntp | ntp | 4.2.8 | |
ntp | ntp | 4.2.8 | |
ntp | ntp | 4.2.8 | |
ntp | ntp | 4.2.8 | |
ntp | ntp | 4.2.8 | |
ntp | ntp | 4.2.8 | |
ntp | ntp | 4.2.8 | |
oracle | solaris | 10 | |
oracle | solaris | 11.3 | |
suse | manager | 2.1 | |
suse | manager_proxy | 2.1 | |
suse | openstack_cloud | 5 | |
opensuse | leap | 42.1 | |
opensuse | opensuse | 13.2 | |
suse | linux_enterprise_desktop | 12 | |
suse | linux_enterprise_server | 11 | |
suse | linux_enterprise_server | 11 | |
suse | linux_enterprise_server | 11 | |
suse | linux_enterprise_server | 12 | |
siemens | simatic_net_cp_443-1_opc_ua_firmware | * | |
siemens | simatic_net_cp_443-1_opc_ua | - | |
siemens | tim_4r-ie_firmware | * | |
siemens | tim_4r-ie | - | |
siemens | tim_4r-ie_dnp3_firmware | * | |
siemens | tim_4r-ie_dnp3 |