Vulnerabilites related to pyyaml - libyaml
var-201404-0592
Vulnerability from variot

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. LibYAML is prone to a remote heap-based buffer-overflow vulnerability because it fails to properly sanitize user-supplied input. Successful exploits allow remote attackers to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts likely result in denial-of-service conditions. Versions prior to LibYAML 0.1.6 are vulnerable. HP StoreEver ESL G3 Tape Libraries with MCB rev 2 OpenSSL version 1.0.1f for the following firmware versions:

671H_GS00601 665H_GS12501 663H_GS04601

HP StoreEver ESL G3 Tape Libraries with MCB rev 1 Open SSL version 1.0.1e in 655H firmware versions:

655H_GS10201

HP StoreEver Enterprise Library LTO-6 Tape Drives: all firmware versions. If the library firmware cannot be updated, HP recommends following the Mitigation Instructions below.

Mitigation Instructions

The following configuration options that allow access to the Heartbeat function in the vulnerable versions of OpenSSL are not enabled by default. Verify that the following options are "disabled" using the Tape Library GUI:

Product Configuration Options to Disable TLS Heartbeat Functions

Secure SMI-S CVTL User

Note: Disabling these features blocks the vulnerable OpenSSL function in both the ESL G3 Tape Library and the StoreEver Enterprise Library LTO-6 Tape Drives. The basic functionality of the library is not affected by these configuration changes and SSL access to the user interface is not affected by this configuration change or setting. vulnerability was detected in specific OpenSSL versions. vulnerability.

NOTE: The .Heartbleed. A new version of the CloudSystem Foundation component is provided, specified as version 8.01. All other CloudSystem download files remain at version 8.0. The combination of these files available at the link below make up the overall CloudSystem solution. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Multiple Vulnerabilities in Cisco TelePresence System MXP Series

Advisory ID: cisco-sa-20140430-mxp

Revision 1.0

For Public Release 2014 April 30 16:00 UTC (GMT)

Summary

Cisco TelePresence System MXP Series Software contains the following vulnerabilities: Three SIP denial of service vulnerabilities Three H.225 denial of service vulnerabilities

Successful exploitation of these vulnerabilities may allow an attacker to cause system instability and the affected system to reload. There are no workarounds that mitigate these vulnerabilities. ============================================================================ Ubuntu Security Notice USN-2165-1 April 07, 2014

openssl vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 13.10
  • Ubuntu 12.10
  • Ubuntu 12.04 LTS

Summary:

OpenSSL could be made to expose sensitive information over the network, possibly including private keys.

Software Description: - openssl: Secure Socket Layer (SSL) cryptographic library and tools

Details:

Neel Mehta discovered that OpenSSL incorrectly handled memory in the TLS heartbeat extension. An attacker could use this issue to obtain up to 64k of memory contents from the client or server, possibly leading to the disclosure of private keys and other sensitive information. (CVE-2014-0160)

Yuval Yarom and Naomi Benger discovered that OpenSSL incorrectly handled timing during swap operations in the Montgomery ladder implementation. An attacker could use this issue to perform side-channel attacks and possibly recover ECDSA nonces. (CVE-2014-0076)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 13.10: libssl1.0.0 1.0.1e-3ubuntu1.2

Ubuntu 12.10: libssl1.0.0 1.0.1c-3ubuntu2.7

Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.12

After a standard system update you need to reboot your computer to make all the necessary changes. Since this issue may have resulted in compromised private keys, it is recommended to regenerate them.

References: http://www.ubuntu.com/usn/usn-2165-1 CVE-2014-0076, CVE-2014-0160

Package Information: https://launchpad.net/ubuntu/+source/openssl/1.0.1e-3ubuntu1.2 https://launchpad.net/ubuntu/+source/openssl/1.0.1c-3ubuntu2.7 https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.12 . Please see the table below. To obtain the updated firmware, follow the below steps to obtain the firmware Update. Obtain the firmware update from www.hp.com/go/support

Select "Drivers & Downloads". Enter the product name listed in the table below into the search field. Click on "Go". Click on the appropriate product. Under "Select operating system" select any Windows operating system from the list. Select the appropriate firmware update under "Firmware". This bulletin will be revised when the software updates are released.

Until the software updates are available, HP recommends restricting administrative access to the MSA on a secure and isolated private management network. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201412-11

                                        http://security.gentoo.org/

Severity: Normal Title: AMD64 x86 emulation base libraries: Multiple vulnerabilities Date: December 12, 2014 Bugs: #196865, #335508, #483632, #508322 ID: 201412-11

Synopsis

Multiple vulnerabilities have been found in AMD64 x86 emulation base libraries, the worst of which may allow remote execution of arbitrary code.

Background

AMD64 x86 emulation base libraries provides pre-compiled 32-bit libraries.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 app-emulation/emul-linux-x86-baselibs < 20140406-r1 >= 20140406-r1

Description

Multiple vulnerabilities have been discovered in AMD64 x86 emulation base libraries. Please review the CVE identifiers referenced below for details.

Workaround

There is no known workaround at this time.

Resolution

All users of the AMD64 x86 emulation base libraries should upgrade to the latest version:

# emerge --sync # emerge -1av ">=app-emulation/emul-linux-x86-baselibs-20140406-r1"

NOTE: One or more of the issues described in this advisory have been fixed in previous updates. They are included in this advisory for the sake of completeness. It is likely that your system is already no longer affected by them.

References

[ 1 ] CVE-2007-0720 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0720 [ 2 ] CVE-2007-1536 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1536 [ 3 ] CVE-2007-2026 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2026 [ 4 ] CVE-2007-2445 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2445 [ 5 ] CVE-2007-2741 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2741 [ 6 ] CVE-2007-3108 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3108 [ 7 ] CVE-2007-4995 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4995 [ 8 ] CVE-2007-5116 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5116 [ 9 ] CVE-2007-5135 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5135 [ 10 ] CVE-2007-5266 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5266 [ 11 ] CVE-2007-5268 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5268 [ 12 ] CVE-2007-5269 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5269 [ 13 ] CVE-2007-5849 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5849 [ 14 ] CVE-2010-1205 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1205 [ 15 ] CVE-2013-0338 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0338 [ 16 ] CVE-2013-0339 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0339 [ 17 ] CVE-2013-1664 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1664 [ 18 ] CVE-2013-1969 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1969 [ 19 ] CVE-2013-2877 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2877 [ 20 ] CVE-2014-0160 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0160

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201412-11.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

APPLE-SA-2014-04-22-4 AirPort Base Station Firmware Update 7.7.3

AirPort Base Station Firmware Update 7.7.3 is now available and addresses the following:

Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: An attacker in a privileged network position may obtain memory contents Description: An out-of-bounds read issue existed in the OpenSSL library when handling TLS heartbeat extension packets. An attacker in a privileged network position could obtain information from process memory. This issue was addressed through additional bounds checking. Only AirPort Extreme and AirPort Time Capsule base stations with 802.11ac are affected, and only if they have Back to My Mac or Send Diagnostics enabled. Other AirPort base stations are not impacted by this issue. CVE-ID CVE-2014-0160 : Riku, Antti, and Matti of Codenomicon and Neel Mehta of Google Security

Installation note for Firmware version 7.7.3

Firmware version 7.7.3 is installed on AirPort Extreme or AirPort Time Capsule base stations with 802.11ac using AirPort Utility for Mac or iOS.

Use AirPort Utility 6.3.1 or later on OS X, or AirPort Utility 1.3.1 or later on iOS to upgrade to Firmware version 7.7.3.

AirPort Utility for Mac is a free download from http://www.apple.com/support/downloads/ and AirPort Utility for iOS is a free download from the App Store. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04236102

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04236102 Version: 5

HPSBMU02995 rev.5 - HP Software HP Service Manager, Asset Manager, UCMDB Browser, UCMDB Configuration Manager, Executive Scorecard, Server Automation, Diagnostics, LoadRunner, and Performance Center, running OpenSSL, Remote Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2014-04-11 Last Updated: 2014-04-23

Potential Security Impact: Remote disclosure of information

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY The Heartbleed vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability.

Note: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL product cryptographic software library product. This weakness potentially allows disclosure of information protected, under normal conditions, by the SSL/TLS protocol. The impacted products appear in the list below are vulnerable due to embedding OpenSSL standard release software.

References: CVE-2014-0160 (SSRT101499)

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Product Impacted HP Product Versions Notes

HP Service Manager v9.32, v9.33 Security bulletin HPSBGN03008: https://h20564.www2.hp.com/portal/site/hpsc/p ublic/kb/docDisplay/?docId=emr_na-c04248997

HP Asset Manager v9.40, v9.40 CSC Security Bulletin HPSBMU03018: https://h20564.www2.hp.com/portal/site/hpsc/p ublic/kb/docDisplay/?docId=emr_na-c04260505

HP UCMDB Browser v1.x, v2.x, v3.x Security bulletin HPSBMU03019: https://h20564.www2.hp.com/portal/site/hpsc/p ublic/kb/docDisplay/?docId=emr_na-c04260353

note: APR enabled on Tomcat includes an affected OpenSSL version

HP UCMDB Configuration Manager v9.1x, v9.2x, v9.3x, v10.01, v10.10 Security bulletin HPSBMU03019: https://h20564.www2.hp.com/portal/site/hpsc/p ublic/kb/docDisplay/?docId=emr_na-c04260353

HP CIT (ConnectIT) v9.52, v9.53 Security bulletin HPSBMU03017: https://h20564.www2.hp.com/portal/site/hpsc/p ublic/kb/docDisplay/?docId=emr_na-c04260456

HP Executive Scorecard v9.40, v9.41

HP Server Automation v10.00, v10.01 Security bulletin HPSBGN03010: https://h20564.www2.hp.com/portal/site/hpsc/p ublic/kb/docDisplay/?docId=emr_na-c04250814

HP Diagnostics v9.23, v9.23 IP1

HP LoadRunner v11.52, v12.0 note: Controller/load generator communication channel

HP Performance Center v11.52, v12.0 note: Controller/load generator communication channel

HP Autonomy WorkSite Server v9.0 SP1 (on-premises software) Security bulletin HPSBMU02999: https://h20564.www2.hp.com/portal/site/hpsc/p ublic/kb/docDisplay/?docId=emr_na-c04239374

Impacted Versions table

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2014-0160 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP Software is working to address this vulnerability for all affected product versions. HP Software will release product specific security bulletins for each impacted product. Each bulletin will include a patch and/or mitigation guideline. HP will update this bulletin with references to security bulletins for each product in the impacted versions table.

Note: OpenSSL is an external product embedded in HP products.

Bulletin Applicability:

This bulletin applies to each OpenSSL component that is embedded within the HP products listed in the security bulletin. The bulletin does not apply to any other 3rd party application (e.g. operating system, web server, or application server) that may be required to be installed by the customer according instructions in the product install guide.

To learn more about HP Software Incident Response, please visit http://www8.h p.com/us/en/software-solutions/enterprise-software-security-center/response-c enter.html .

Software updates are available from HP Software Support Online at http://support.openview.hp.com/downloads.jsp

HISTORY Version:1 (rev.1) - 11 April 2014 Initial release Version:2 (rev.2) - 13 April 2014 Added HP UCMDB Configuration Manager as impacted, updated HP UCMDB Browser impacted versions Version:3 (rev.3) - 17 April 2014 Added HP Software Autonomy WorkSite Server as impacted. Added security bulletin pointers for Service Manager, Server Automation and Worksite Server Version:4 (rev.4) - 18 April 2014 Changed impacted version list for UCMDB Browser Version:5 (rev.5) - 23 April 2014 Added security bulletins pointers for HP Asset Manager, HP UCMDB Browser, HP UCMDB Configuration Manager and HP CIT (ConnectIT)

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX

Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux)

iEYEARECAAYFAlNX3QEACgkQ4B86/C0qfVkq0QCfb4bmMN8zZV4uat0BdaeDQVvD NnAAmwS+9PMSnpjlE8uQgBjuIDMzhpd2 =F9O3 -----END PGP SIGNATURE----- . HP Multimedia Service Environment (MSE) 2.1.1 HP Network Interactive Voice Response (NIVR) 2.1.0, Reactive Patches 001, 002, 003 HP Network Interactive Voice Response (NIVR) 2.0.7, Reactive Patch 003

Only the MSE (ACM TMP) database set up with Replication using SSL is impacted for the above versions

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201404-0592",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "server",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "filezilla",
        "version": "0.9.44"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.5"
      },
      {
        "model": "micollab",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mitel",
        "version": "7.3"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "13.1"
      },
      {
        "model": "storage",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "mivoice",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mitel",
        "version": "1.1.3.3"
      },
      {
        "model": "mivoice",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mitel",
        "version": "1.3.2.2"
      },
      {
        "model": "simatic s7-1500t",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.5"
      },
      {
        "model": "enterprise linux server tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.5"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "wincc open architecture",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.12"
      },
      {
        "model": "v100",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intellian",
        "version": "1.24"
      },
      {
        "model": "splunk",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "splunk",
        "version": "6.0.3"
      },
      {
        "model": "mivoice",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mitel",
        "version": "1.2.0.11"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "12.10"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "8.0"
      },
      {
        "model": "micollab",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mitel",
        "version": "6.0"
      },
      {
        "model": "s9922l",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ricon",
        "version": "16.10.3\\(3794\\)"
      },
      {
        "model": "v60",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intellian",
        "version": "1.25"
      },
      {
        "model": "symantec messaging gateway",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "10.6.1"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "12.04"
      },
      {
        "model": "micollab",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mitel",
        "version": "7.0"
      },
      {
        "model": "micollab",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mitel",
        "version": "7.3.0.104"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "19"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "v100",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intellian",
        "version": "1.20"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "12.3"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "13.10"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "20"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1g"
      },
      {
        "model": "v100",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intellian",
        "version": "1.21"
      },
      {
        "model": "micollab",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mitel",
        "version": "7.1"
      },
      {
        "model": "mivoice",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mitel",
        "version": "1.4.0.102"
      },
      {
        "model": "cp 1543-1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.1"
      },
      {
        "model": "splunk",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "splunk",
        "version": "6.0.0"
      },
      {
        "model": "virtualization",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "v60",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intellian",
        "version": "1.15"
      },
      {
        "model": "gluster storage",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "7.0"
      },
      {
        "model": "openssl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "application processing engine",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.0"
      },
      {
        "model": "mivoice",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mitel",
        "version": "1.1.2.5"
      },
      {
        "model": "symantec messaging gateway",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "10.6.0"
      },
      {
        "model": "elan-8.2",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "8.3.3"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.5"
      },
      {
        "model": "micollab",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mitel",
        "version": "7.2"
      },
      {
        "model": "simatic s7-1500",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.5"
      },
      {
        "model": "puppet enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "3.1.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.3"
      },
      {
        "model": "puppet enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "3.2"
      },
      {
        "model": "libyaml",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "pyyaml",
        "version": "0.1.6"
      },
      {
        "model": "puppet enterprise",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "3.2.2"
      },
      {
        "model": "business server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "1"
      },
      {
        "model": "chef",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "opscode",
        "version": "1.4.9"
      },
      {
        "model": "puppet enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "2.8.0"
      },
      {
        "model": "chef",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opscode",
        "version": "1.4.8"
      },
      {
        "model": "puppet enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "2.5.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "13.10"
      },
      {
        "model": "puppet enterprise",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "2.8.6"
      },
      {
        "model": "patterson psych",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "aaron",
        "version": "2.0.5"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "puppet enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "2.7.2"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "common for rhel server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "libyaml",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pyyaml",
        "version": "0.1.3"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.2"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4.0"
      },
      {
        "model": "libyaml",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pyyaml",
        "version": "0.1.1"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.10"
      },
      {
        "model": "puppet enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "2.0"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "puppet enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "3.0"
      },
      {
        "model": "patterson psych",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aaron",
        "version": "2.0.4"
      },
      {
        "model": "puppet enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "2.0.2"
      },
      {
        "model": "puppet enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "3.0.1"
      },
      {
        "model": "chef",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "opscode",
        "version": "11.1.3"
      },
      {
        "model": "puppet enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "3.1.2"
      },
      {
        "model": "enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "5"
      },
      {
        "model": "puppet enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "2.5.1"
      },
      {
        "model": "libyaml",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pyyaml",
        "version": "0.1.2"
      },
      {
        "model": "libyaml",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pyyaml",
        "version": "0.0.1"
      },
      {
        "model": "puppet enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "2.0.3"
      },
      {
        "model": "puppet enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "3.1.1"
      },
      {
        "model": "puppet enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "2.7.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.1"
      },
      {
        "model": "puppet enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "2.8.4"
      },
      {
        "model": "enterprise server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "5"
      },
      {
        "model": "chef",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opscode",
        "version": "11.1.2"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.5"
      },
      {
        "model": "puppet enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "3.1"
      },
      {
        "model": "puppet enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "2.6"
      },
      {
        "model": "puppet enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "2.7"
      },
      {
        "model": "openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3.0"
      },
      {
        "model": "libyaml",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pyyaml",
        "version": "0.1.4"
      },
      {
        "model": "puppet enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "2.8.3"
      },
      {
        "model": "puppet enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "2.6.1"
      },
      {
        "model": "chef",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "opscode",
        "version": "11.0.12"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.37"
      },
      {
        "model": "software collections for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "160"
      },
      {
        "model": "business server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "1x8664"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "puppet enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "2.0.1"
      },
      {
        "model": "libyaml",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pyyaml",
        "version": "0.1.5"
      },
      {
        "model": "chef",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opscode",
        "version": "11.0.11"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "0"
      },
      {
        "model": "puppet enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "puppetlabs",
        "version": "2.8.2"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.10"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "66478"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0160"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "HP",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "126360"
      },
      {
        "db": "PACKETSTORM",
        "id": "126165"
      },
      {
        "db": "PACKETSTORM",
        "id": "127749"
      },
      {
        "db": "PACKETSTORM",
        "id": "126283"
      },
      {
        "db": "PACKETSTORM",
        "id": "126458"
      },
      {
        "db": "PACKETSTORM",
        "id": "126563"
      },
      {
        "db": "PACKETSTORM",
        "id": "126450"
      },
      {
        "db": "PACKETSTORM",
        "id": "126304"
      },
      {
        "db": "PACKETSTORM",
        "id": "126208"
      },
      {
        "db": "PACKETSTORM",
        "id": "126774"
      },
      {
        "db": "PACKETSTORM",
        "id": "126454"
      },
      {
        "db": "PACKETSTORM",
        "id": "127279"
      }
    ],
    "trust": 1.2
  },
  "cve": "CVE-2014-0160",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2014-0160",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.1,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2014-0160",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2014-0160",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2014-0160",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-0160"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0160"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. LibYAML is prone to a remote heap-based buffer-overflow vulnerability because  it fails to properly sanitize user-supplied input. \nSuccessful exploits allow remote attackers to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts likely result in denial-of-service conditions. \nVersions prior to LibYAML 0.1.6 are vulnerable. \nHP StoreEver ESL G3 Tape Libraries with MCB rev 2  OpenSSL version 1.0.1f for\nthe following firmware versions:\n\n671H_GS00601\n665H_GS12501\n663H_GS04601\n\nHP StoreEver ESL G3 Tape Libraries with MCB rev 1  Open SSL version 1.0.1e in\n655H firmware versions:\n\n655H_GS10201\n\nHP StoreEver Enterprise Library LTO-6 Tape Drives: all firmware versions. \nIf the library firmware cannot be updated, HP recommends following the\nMitigation Instructions below. \n\nMitigation Instructions\n\nThe following configuration options that allow access to the Heartbeat\nfunction in the vulnerable versions of OpenSSL are not enabled by default. \nVerify that the following options are \"disabled\" using the Tape Library GUI:\n\nProduct Configuration Options to Disable TLS Heartbeat Functions\n\nSecure SMI-S\nCVTL User\n\nNote: Disabling these features blocks the vulnerable OpenSSL function in both\nthe ESL G3 Tape Library and the StoreEver Enterprise Library LTO-6 Tape\nDrives. The basic functionality of the library is not affected by these\nconfiguration changes and SSL access to the user interface is not affected by\nthis configuration change or setting. vulnerability was detected in specific OpenSSL versions. vulnerability. \n\nNOTE: The .Heartbleed. A new version of the CloudSystem Foundation component\nis provided, specified as version 8.01. All other CloudSystem download files\nremain at version 8.0. The combination of these files available at the link\nbelow make up the overall CloudSystem solution. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nMultiple Vulnerabilities in Cisco TelePresence System MXP Series\n\nAdvisory ID: cisco-sa-20140430-mxp\n\nRevision 1.0\n\nFor Public Release 2014 April 30 16:00  UTC (GMT)\n\nSummary\n=======\n\nCisco TelePresence System MXP Series Software contains the following vulnerabilities:\n\tThree SIP denial of service vulnerabilities\n\tThree H.225 denial of service vulnerabilities\n\nSuccessful exploitation of these vulnerabilities may allow an attacker to cause system instability and the affected system to reload. \nThere are no workarounds that mitigate these vulnerabilities. ============================================================================\nUbuntu Security Notice USN-2165-1\nApril 07, 2014\n\nopenssl vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 13.10\n- Ubuntu 12.10\n- Ubuntu 12.04 LTS\n\nSummary:\n\nOpenSSL could be made to expose sensitive information over the network,\npossibly including private keys. \n\nSoftware Description:\n- openssl: Secure Socket Layer (SSL) cryptographic library and tools\n\nDetails:\n\nNeel Mehta discovered that OpenSSL incorrectly handled memory in the TLS\nheartbeat extension. An attacker could use this issue to obtain up to 64k\nof memory contents from the client or server, possibly leading to the\ndisclosure of private keys and other sensitive information. (CVE-2014-0160)\n\nYuval Yarom and Naomi Benger discovered that OpenSSL incorrectly handled\ntiming during swap operations in the Montgomery ladder implementation. An\nattacker could use this issue to perform side-channel attacks and possibly\nrecover ECDSA nonces. (CVE-2014-0076)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 13.10:\n  libssl1.0.0                     1.0.1e-3ubuntu1.2\n\nUbuntu 12.10:\n  libssl1.0.0                     1.0.1c-3ubuntu2.7\n\nUbuntu 12.04 LTS:\n  libssl1.0.0                     1.0.1-4ubuntu5.12\n\nAfter a standard system update you need to reboot your computer to make all\nthe necessary changes. Since this issue may have resulted in compromised\nprivate keys, it is recommended to regenerate them. \n\nReferences:\n  http://www.ubuntu.com/usn/usn-2165-1\n  CVE-2014-0076, CVE-2014-0160\n\nPackage Information:\n  https://launchpad.net/ubuntu/+source/openssl/1.0.1e-3ubuntu1.2\n  https://launchpad.net/ubuntu/+source/openssl/1.0.1c-3ubuntu2.7\n  https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.12\n. Please see\nthe table below. To obtain the updated firmware, follow the below steps to\nobtain the firmware Update. Obtain the firmware update from\nwww.hp.com/go/support\n\nSelect \"Drivers \u0026 Downloads\". \nEnter the product name listed in the table below into the search field. \nClick on \"Go\". \nClick on the appropriate product. \nUnder \"Select operating system\" select any Windows operating system from the\nlist. \nSelect the appropriate firmware update under \"Firmware\". This bulletin will be revised when the\nsoftware updates are released. \n\nUntil the software updates are available, HP recommends restricting\nadministrative access to the MSA on a secure and isolated private management\nnetwork. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201412-11\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: AMD64 x86 emulation base libraries: Multiple vulnerabilities\n     Date: December 12, 2014\n     Bugs: #196865, #335508, #483632, #508322\n       ID: 201412-11\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in AMD64 x86 emulation base\nlibraries, the worst of which may allow remote execution of arbitrary\ncode. \n\nBackground\n==========\n\nAMD64 x86 emulation base libraries provides pre-compiled 32-bit\nlibraries. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  app-emulation/emul-linux-x86-baselibs\n                               \u003c 20140406-r1           \u003e= 20140406-r1\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in AMD64 x86 emulation\nbase libraries. Please review the CVE identifiers referenced below for\ndetails. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll users of the AMD64 x86 emulation base libraries should upgrade to\nthe latest version:\n\n  # emerge --sync\n  # emerge -1av \"\u003e=app-emulation/emul-linux-x86-baselibs-20140406-r1\"\n\nNOTE: One or more of the issues described in this advisory have been\nfixed in previous updates. They are included in this advisory for the\nsake of completeness. It is likely that your system is already no\nlonger affected by them. \n\nReferences\n==========\n\n[  1 ] CVE-2007-0720\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0720\n[  2 ] CVE-2007-1536\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1536\n[  3 ] CVE-2007-2026\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2026\n[  4 ] CVE-2007-2445\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2445\n[  5 ] CVE-2007-2741\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2741\n[  6 ] CVE-2007-3108\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3108\n[  7 ] CVE-2007-4995\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4995\n[  8 ] CVE-2007-5116\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5116\n[  9 ] CVE-2007-5135\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5135\n[ 10 ] CVE-2007-5266\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5266\n[ 11 ] CVE-2007-5268\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5268\n[ 12 ] CVE-2007-5269\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5269\n[ 13 ] CVE-2007-5849\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5849\n[ 14 ] CVE-2010-1205\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1205\n[ 15 ] CVE-2013-0338\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0338\n[ 16 ] CVE-2013-0339\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0339\n[ 17 ] CVE-2013-1664\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1664\n[ 18 ] CVE-2013-1969\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1969\n[ 19 ] CVE-2013-2877\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2877\n[ 20 ] CVE-2014-0160\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0160\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201412-11.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2014-04-22-4 AirPort Base Station Firmware Update 7.7.3\n\nAirPort Base Station Firmware Update 7.7.3 is now available and\naddresses the following:\n\nAvailable for:\nAirPort Extreme and AirPort Time Capsule base stations with 802.11ac\nImpact:  An attacker in a privileged network position may obtain\nmemory contents\nDescription:  An out-of-bounds read issue existed in the OpenSSL\nlibrary when handling TLS heartbeat extension packets. An attacker in\na privileged network position could obtain information from process\nmemory. This issue was addressed through additional bounds checking. \nOnly AirPort Extreme and AirPort Time Capsule base stations with\n802.11ac are affected, and only if they have Back to My Mac or Send\nDiagnostics enabled. Other AirPort base stations are not impacted by\nthis issue. \nCVE-ID\nCVE-2014-0160 : Riku, Antti, and Matti of Codenomicon and Neel Mehta\nof Google Security\n\n\nInstallation note for Firmware version 7.7.3\n\nFirmware version 7.7.3 is installed on AirPort Extreme or AirPort\nTime Capsule base stations with 802.11ac using AirPort Utility for\nMac or iOS. \n\nUse AirPort Utility 6.3.1 or later on OS X, or AirPort Utility 1.3.1\nor later on iOS to upgrade to Firmware version 7.7.3. \n\nAirPort Utility for Mac is a free download from\nhttp://www.apple.com/support/downloads/ and AirPort Utility for iOS\nis a free download from the App Store. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04236102\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04236102\nVersion: 5\n\nHPSBMU02995 rev.5 - HP Software HP Service Manager, Asset Manager, UCMDB\nBrowser, UCMDB Configuration Manager, Executive Scorecard, Server Automation,\nDiagnostics, LoadRunner, and Performance Center, running OpenSSL, Remote\nDisclosure of Information\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2014-04-11\nLast Updated: 2014-04-23\n\nPotential Security Impact: Remote disclosure of information\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nThe Heartbleed vulnerability was detected in specific OpenSSL versions. \nOpenSSL is a 3rd party product that is embedded with some of HP Software\nproducts. This bulletin objective is to notify HP Software customers about\nproducts affected by the Heartbleed vulnerability. \n\nNote: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found\nin the OpenSSL product cryptographic software library product. This weakness\npotentially allows disclosure of information protected, under normal\nconditions, by the SSL/TLS protocol. The impacted products appear in the list\nbelow are vulnerable due to embedding OpenSSL standard release software. \n\nReferences: CVE-2014-0160 (SSRT101499)\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP Product\n Impacted HP Product Versions\n Notes\n\nHP Service Manager\n v9.32, v9.33\n Security bulletin HPSBGN03008: https://h20564.www2.hp.com/portal/site/hpsc/p\nublic/kb/docDisplay/?docId=emr_na-c04248997\n\nHP Asset Manager\n v9.40, v9.40 CSC\n Security Bulletin HPSBMU03018: https://h20564.www2.hp.com/portal/site/hpsc/p\nublic/kb/docDisplay/?docId=emr_na-c04260505\n\nHP UCMDB Browser\n v1.x, v2.x, v3.x\n Security bulletin HPSBMU03019: https://h20564.www2.hp.com/portal/site/hpsc/p\nublic/kb/docDisplay/?docId=emr_na-c04260353\n\nnote: APR enabled on Tomcat includes an affected OpenSSL version\n\nHP UCMDB Configuration Manager\n v9.1x, v9.2x, v9.3x, v10.01, v10.10\n Security bulletin HPSBMU03019: https://h20564.www2.hp.com/portal/site/hpsc/p\nublic/kb/docDisplay/?docId=emr_na-c04260353\n\nHP CIT (ConnectIT)\n v9.52, v9.53\n Security bulletin HPSBMU03017: https://h20564.www2.hp.com/portal/site/hpsc/p\nublic/kb/docDisplay/?docId=emr_na-c04260456\n\nHP Executive Scorecard\n v9.40, v9.41\n\nHP Server Automation\n v10.00, v10.01\n Security bulletin HPSBGN03010: https://h20564.www2.hp.com/portal/site/hpsc/p\nublic/kb/docDisplay/?docId=emr_na-c04250814\n\nHP Diagnostics\n v9.23, v9.23 IP1\n\nHP LoadRunner\n v11.52, v12.0\n note: Controller/load generator communication channel\n\nHP Performance Center\n v11.52, v12.0\n note: Controller/load generator communication channel\n\nHP Autonomy WorkSite Server\n v9.0 SP1 (on-premises software)\n Security bulletin HPSBMU02999: https://h20564.www2.hp.com/portal/site/hpsc/p\nublic/kb/docDisplay/?docId=emr_na-c04239374\n\nImpacted Versions table\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2014-0160    (AV:N/AC:L/Au:N/C:P/I:N/A:N)       5.0\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP Software is working to address this vulnerability for all affected product\nversions. HP Software will release product specific security bulletins for\neach impacted product. Each bulletin will include a patch and/or mitigation\nguideline. HP will update this bulletin with references to security bulletins\nfor each product in the impacted versions table. \n\nNote: OpenSSL is an external product embedded in HP products. \n\nBulletin Applicability:\n\nThis bulletin applies to each OpenSSL component that is embedded within the\nHP products listed in the security bulletin. The bulletin does not apply to\nany other 3rd party application (e.g. operating system, web server, or\napplication server) that may be required to be installed by the customer\naccording instructions in the product install guide. \n\nTo learn more about HP Software Incident Response, please visit http://www8.h\np.com/us/en/software-solutions/enterprise-software-security-center/response-c\nenter.html . \n\nSoftware updates are available from HP Software Support Online at\nhttp://support.openview.hp.com/downloads.jsp\n\nHISTORY\nVersion:1 (rev.1) - 11 April 2014 Initial release\nVersion:2 (rev.2) - 13 April 2014 Added HP UCMDB Configuration Manager as\nimpacted, updated HP UCMDB Browser impacted versions\nVersion:3 (rev.3) - 17 April 2014 Added HP Software Autonomy WorkSite Server\nas impacted. Added security bulletin pointers for Service Manager, Server\nAutomation and Worksite Server\nVersion:4 (rev.4) - 18 April 2014 Changed impacted version list for UCMDB\nBrowser\nVersion:5 (rev.5) - 23 April 2014 Added security bulletins pointers for HP\nAsset Manager, HP UCMDB Browser, HP UCMDB Configuration Manager and HP CIT\n(ConnectIT)\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel.  For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2014 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.13 (GNU/Linux)\n\niEYEARECAAYFAlNX3QEACgkQ4B86/C0qfVkq0QCfb4bmMN8zZV4uat0BdaeDQVvD\nNnAAmwS+9PMSnpjlE8uQgBjuIDMzhpd2\n=F9O3\n-----END PGP SIGNATURE-----\n. \nHP Multimedia Service Environment (MSE) 2.1.1\nHP Network Interactive Voice Response (NIVR) 2.1.0, Reactive Patches 001,\n002, 003\nHP Network Interactive Voice Response (NIVR) 2.0.7, Reactive Patch 003\n\nOnly the MSE (ACM TMP) database set up with Replication using SSL is impacted\nfor the above versions",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-0160"
      },
      {
        "db": "BID",
        "id": "66478"
      },
      {
        "db": "PACKETSTORM",
        "id": "126450"
      },
      {
        "db": "PACKETSTORM",
        "id": "127279"
      },
      {
        "db": "PACKETSTORM",
        "id": "126454"
      },
      {
        "db": "PACKETSTORM",
        "id": "126420"
      },
      {
        "db": "PACKETSTORM",
        "id": "126045"
      },
      {
        "db": "PACKETSTORM",
        "id": "126774"
      },
      {
        "db": "PACKETSTORM",
        "id": "126208"
      },
      {
        "db": "PACKETSTORM",
        "id": "126304"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-0160"
      },
      {
        "db": "PACKETSTORM",
        "id": "126458"
      },
      {
        "db": "PACKETSTORM",
        "id": "129524"
      },
      {
        "db": "PACKETSTORM",
        "id": "126285"
      },
      {
        "db": "PACKETSTORM",
        "id": "126283"
      },
      {
        "db": "PACKETSTORM",
        "id": "127749"
      },
      {
        "db": "PACKETSTORM",
        "id": "126165"
      },
      {
        "db": "PACKETSTORM",
        "id": "126360"
      },
      {
        "db": "PACKETSTORM",
        "id": "126563"
      }
    ],
    "trust": 2.7
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=32745",
        "trust": 0.4,
        "type": "exploit"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-0160"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-0160",
        "trust": 3.0
      },
      {
        "db": "SECUNIA",
        "id": "57721",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59243",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "57836",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "57968",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59347",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "57966",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "57483",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "57347",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59139",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1030079",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1030074",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1030081",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1030080",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1030026",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1030077",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1030082",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1030078",
        "trust": 1.1
      },
      {
        "db": "BID",
        "id": "66690",
        "trust": 1.1
      },
      {
        "db": "EXPLOIT-DB",
        "id": "32745",
        "trust": 1.1
      },
      {
        "db": "EXPLOIT-DB",
        "id": "32764",
        "trust": 1.1
      },
      {
        "db": "USCERT",
        "id": "TA14-098A",
        "trust": 1.1
      },
      {
        "db": "SIEMENS",
        "id": "SSA-635659",
        "trust": 1.1
      },
      {
        "db": "CERT/CC",
        "id": "VU#720951",
        "trust": 1.1
      },
      {
        "db": "OCERT",
        "id": "OCERT-2014-003",
        "trust": 0.3
      },
      {
        "db": "BID",
        "id": "66478",
        "trust": 0.3
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-14-135-02",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-0160",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "126360",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "126165",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127749",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "126283",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "126285",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "129524",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "126458",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "126563",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "126450",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "126304",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "126208",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "126774",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "126045",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "126420",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "126454",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127279",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-0160"
      },
      {
        "db": "BID",
        "id": "66478"
      },
      {
        "db": "PACKETSTORM",
        "id": "126360"
      },
      {
        "db": "PACKETSTORM",
        "id": "126165"
      },
      {
        "db": "PACKETSTORM",
        "id": "127749"
      },
      {
        "db": "PACKETSTORM",
        "id": "126283"
      },
      {
        "db": "PACKETSTORM",
        "id": "126285"
      },
      {
        "db": "PACKETSTORM",
        "id": "129524"
      },
      {
        "db": "PACKETSTORM",
        "id": "126458"
      },
      {
        "db": "PACKETSTORM",
        "id": "126563"
      },
      {
        "db": "PACKETSTORM",
        "id": "126450"
      },
      {
        "db": "PACKETSTORM",
        "id": "126304"
      },
      {
        "db": "PACKETSTORM",
        "id": "126208"
      },
      {
        "db": "PACKETSTORM",
        "id": "126774"
      },
      {
        "db": "PACKETSTORM",
        "id": "126045"
      },
      {
        "db": "PACKETSTORM",
        "id": "126420"
      },
      {
        "db": "PACKETSTORM",
        "id": "126454"
      },
      {
        "db": "PACKETSTORM",
        "id": "127279"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0160"
      }
    ]
  },
  "id": "VAR-201404-0592",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.6038711649999999
  },
  "last_update_date": "2024-11-29T20:38:22.105000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "The Register",
        "trust": 0.2,
        "url": "https://www.theregister.co.uk/2017/01/23/heartbleed_2017/"
      },
      {
        "title": "The Register",
        "trust": 0.2,
        "url": "https://www.theregister.co.uk/2014/04/24/apple_posts_updates_for_heartbleed_flaw_in_airport/"
      },
      {
        "title": "The Register",
        "trust": 0.2,
        "url": "https://www.theregister.co.uk/2014/04/11/hackers_hammering_heartbleed/"
      },
      {
        "title": "The Register",
        "trust": 0.2,
        "url": "https://www.theregister.co.uk/2014/04/09/heartbleed_vuln_analysis/"
      },
      {
        "title": "Debian CVElist Bug Report Logs: CVE-2014-0160 heartbeat read overrun (heartbleed)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=e4799ab8fe4804274ba2db4d65cd867b"
      },
      {
        "title": "Debian Security Advisories: DSA-2896-1 openssl -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=264ec318be06a69e28012f62b2dc5bb7"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2165-1"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/Live-Hack-CVE/CVE-2014-0160 "
      },
      {
        "title": "exploits",
        "trust": 0.1,
        "url": "https://github.com/vs4vijay/exploits "
      },
      {
        "title": "VULNIX",
        "trust": 0.1,
        "url": "https://github.com/El-Palomo/VULNIX "
      },
      {
        "title": "openssl-heartbleed-fix",
        "trust": 0.1,
        "url": "https://github.com/sammyfung/openssl-heartbleed-fix "
      },
      {
        "title": "cve-2014-0160",
        "trust": 0.1,
        "url": "https://github.com/cved-sources/cve-2014-0160 "
      },
      {
        "title": "heartbleed_check",
        "trust": 0.1,
        "url": "https://github.com/ehoffmann-cp/heartbleed_check "
      },
      {
        "title": "heartbleed",
        "trust": 0.1,
        "url": "https://github.com/okrutnik420/heartbleed "
      },
      {
        "title": "heartbleed-test.crx",
        "trust": 0.1,
        "url": "https://github.com/iwaffles/heartbleed-test.crx "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/Maheshmaske111/te "
      },
      {
        "title": "AradSocket",
        "trust": 0.1,
        "url": "https://github.com/araditc/AradSocket "
      },
      {
        "title": "sslscan",
        "trust": 0.1,
        "url": "https://github.com/kaisenlinux/sslscan "
      },
      {
        "title": "Springboard_Capstone_Project",
        "trust": 0.1,
        "url": "https://github.com/jonahwinninghoff/Springboard_Capstone_Project "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/MrE-Fog/heartbleeder "
      },
      {
        "title": "buffer_overflow_exploit",
        "trust": 0.1,
        "url": "https://github.com/olivamadrigal/buffer_overflow_exploit "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/ashrafulislamcs/Ubuntu-Server-Hardening "
      },
      {
        "title": "insecure_project",
        "trust": 0.1,
        "url": "https://github.com/turtlesec-no/insecure_project "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/Maheshmaske111/ssl "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/H4R335HR/heartbleed "
      },
      {
        "title": "nmap-scripts",
        "trust": 0.1,
        "url": "https://github.com/takeshixx/nmap-scripts "
      },
      {
        "title": "knockbleed",
        "trust": 0.1,
        "url": "https://github.com/siddolo/knockbleed "
      },
      {
        "title": "heartbleed-masstest",
        "trust": 0.1,
        "url": "https://github.com/musalbas/heartbleed-masstest "
      },
      {
        "title": "HeartBleedDotNet",
        "trust": 0.1,
        "url": "https://github.com/ShawInnes/HeartBleedDotNet "
      },
      {
        "title": "heartbleed_test_openvpn",
        "trust": 0.1,
        "url": "https://github.com/weisslj/heartbleed_test_openvpn "
      },
      {
        "title": "paraffin",
        "trust": 0.1,
        "url": "https://github.com/vmeurisse/paraffin "
      },
      {
        "title": "sslscan",
        "trust": 0.1,
        "url": "https://github.com/rbsec/sslscan "
      },
      {
        "title": "Heartbleed_Dockerfile_with_Nginx",
        "trust": 0.1,
        "url": "https://github.com/froyo75/Heartbleed_Dockerfile_with_Nginx "
      },
      {
        "title": "heartbleed-bug",
        "trust": 0.1,
        "url": "https://github.com/cldme/heartbleed-bug "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/H4CK3RT3CH/awesome-web-hacking "
      },
      {
        "title": "Web-Hacking",
        "trust": 0.1,
        "url": "https://github.com/adm0i/Web-Hacking "
      },
      {
        "title": "cybersecurity-ethical-hacking",
        "trust": 0.1,
        "url": "https://github.com/paulveillard/cybersecurity-ethical-hacking "
      },
      {
        "title": "Lastest-Web-Hacking-Tools-vol-I",
        "trust": 0.1,
        "url": "https://github.com/SARATOGAMarine/Lastest-Web-Hacking-Tools-vol-I "
      },
      {
        "title": "HTBValentineWriteup",
        "trust": 0.1,
        "url": "https://github.com/zimmel15/HTBValentineWriteup "
      },
      {
        "title": "heartbleed-poc",
        "trust": 0.1,
        "url": "https://github.com/sensepost/heartbleed-poc "
      },
      {
        "title": "CVE-2014-0160",
        "trust": 0.1,
        "url": "https://github.com/0x90/CVE-2014-0160 "
      },
      {
        "title": "Certified-Ethical-Hacker-Exam-CEH-v10",
        "trust": 0.1,
        "url": "https://github.com/Tung0801/Certified-Ethical-Hacker-Exam-CEH-v10 "
      },
      {
        "title": "cs558heartbleed",
        "trust": 0.1,
        "url": "https://github.com/gkaptch1/cs558heartbleed "
      },
      {
        "title": "HeartBleed",
        "trust": 0.1,
        "url": "https://github.com/archaic-magnon/HeartBleed "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/undacmic/heartbleed-proof-of-concept "
      },
      {
        "title": "openvpn-jookk",
        "trust": 0.1,
        "url": "https://github.com/Jeypi04/openvpn-jookk "
      },
      {
        "title": "Heartbleed",
        "trust": 0.1,
        "url": "https://github.com/Saiprasad16/Heartbleed "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/KickFootCode/LoveYouALL "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/imesecan/LeakReducer-artifacts "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/TVernet/Kali-Tools-liste-et-description "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/k4u5h41/Heartbleed "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/ronaldogdm/Heartbleed "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/rochacbruno/my-awesome-stars "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/asadhasan73/temp_comp_sec "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/Aakaashzz/Heartbleed "
      },
      {
        "title": "tls-channel",
        "trust": 0.1,
        "url": "https://github.com/marianobarrios/tls-channel "
      },
      {
        "title": "fuzzx_cpp_demo",
        "trust": 0.1,
        "url": "https://github.com/guardstrikelab/fuzzx_cpp_demo "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/Ppamo/recon_net_tools "
      },
      {
        "title": "heatbleeding",
        "trust": 0.1,
        "url": "https://github.com/idkqh7/heatbleeding "
      },
      {
        "title": "HeartBleed-Vulnerability-Checker",
        "trust": 0.1,
        "url": "https://github.com/waqasjamal/HeartBleed-Vulnerability-Checker "
      },
      {
        "title": "heartbleed",
        "trust": 0.1,
        "url": "https://github.com/iSCInc/heartbleed "
      },
      {
        "title": "heartbleed-dtls",
        "trust": 0.1,
        "url": "https://github.com/hreese/heartbleed-dtls "
      },
      {
        "title": "heartbleedchecker",
        "trust": 0.1,
        "url": "https://github.com/roganartu/heartbleedchecker "
      },
      {
        "title": "nmap-heartbleed",
        "trust": 0.1,
        "url": "https://github.com/azet/nmap-heartbleed "
      },
      {
        "title": "sslscan",
        "trust": 0.1,
        "url": "https://github.com/delishen/sslscan "
      },
      {
        "title": "web-hacking",
        "trust": 0.1,
        "url": "https://github.com/hr-beast/web-hacking "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/Miss-Brain/Web-Application-Security "
      },
      {
        "title": "web-hacking",
        "trust": 0.1,
        "url": "https://github.com/Hemanthraju02/web-hacking "
      },
      {
        "title": "awesome-web-hacking",
        "trust": 0.1,
        "url": "https://github.com/QWERTSKIHACK/awesome-web-hacking "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/himera25/web-hacking-list "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/dorota-fiit/bp-Heartbleed-defense-game "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/Maheshmaske111/sslscan "
      },
      {
        "title": "Heart-bleed",
        "trust": 0.1,
        "url": "https://github.com/anonymouse327311/Heart-bleed "
      },
      {
        "title": "goScan",
        "trust": 0.1,
        "url": "https://github.com/stackviolator/goScan "
      },
      {
        "title": "sec-tool-list",
        "trust": 0.1,
        "url": "https://github.com/alphaSeclab/sec-tool-list "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/utensil/awesome-stars-test "
      },
      {
        "title": "insecure-cplusplus-dojo",
        "trust": 0.1,
        "url": "https://github.com/patricia-gallardo/insecure-cplusplus-dojo "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/jubalh/awesome-package-maintainer "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/Elnatty/tryhackme_labs "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/hzuiw33/OpenSSL "
      },
      {
        "title": "makeItBleed",
        "trust": 0.1,
        "url": "https://github.com/mcampa/makeItBleed "
      },
      {
        "title": "CVE-2014-0160-Chrome-Plugin",
        "trust": 0.1,
        "url": "https://github.com/Xyl2k/CVE-2014-0160-Chrome-Plugin "
      },
      {
        "title": "heartbleedfixer.com",
        "trust": 0.1,
        "url": "https://github.com/reenhanced/heartbleedfixer.com "
      },
      {
        "title": "CVE-2014-0160-Scanner",
        "trust": 0.1,
        "url": "https://github.com/obayesshelton/CVE-2014-0160-Scanner "
      },
      {
        "title": "openmagic",
        "trust": 0.1,
        "url": "https://github.com/isgroup-srl/openmagic "
      },
      {
        "title": "heartbleeder",
        "trust": 0.1,
        "url": "https://github.com/titanous/heartbleeder "
      },
      {
        "title": "cardiac-arrest",
        "trust": 0.1,
        "url": "https://github.com/ah8r/cardiac-arrest "
      },
      {
        "title": "heartbleed_openvpn_poc",
        "trust": 0.1,
        "url": "https://github.com/tam7t/heartbleed_openvpn_poc "
      },
      {
        "title": "docker-wheezy-with-heartbleed",
        "trust": 0.1,
        "url": "https://github.com/simonswine/docker-wheezy-with-heartbleed "
      },
      {
        "title": "docker-testssl",
        "trust": 0.1,
        "url": "https://github.com/mbentley/docker-testssl "
      },
      {
        "title": "heartbleedscanner",
        "trust": 0.1,
        "url": "https://github.com/hybridus/heartbleedscanner "
      },
      {
        "title": "HeartLeak",
        "trust": 0.1,
        "url": "https://github.com/OffensivePython/HeartLeak "
      },
      {
        "title": "HBL",
        "trust": 0.1,
        "url": "https://github.com/ssc-oscar/HBL "
      },
      {
        "title": "awesome-stars",
        "trust": 0.1,
        "url": "https://github.com/utensil/awesome-stars "
      },
      {
        "title": "SecurityTesting_web-hacking",
        "trust": 0.1,
        "url": "https://github.com/mostakimur/SecurityTesting_web-hacking "
      },
      {
        "title": "awesome-web-hacking",
        "trust": 0.1,
        "url": "https://github.com/winterwolf32/awesome-web-hacking "
      },
      {
        "title": "awesome-web-hacking-1",
        "trust": 0.1,
        "url": "https://github.com/winterwolf32/awesome-web-hacking-1 "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/Mehedi-Babu/ethical_hacking_cyber "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/drakyanerlanggarizkiwardhana/awesome-web-hacking "
      },
      {
        "title": "awesome-web-hacking",
        "trust": 0.1,
        "url": "https://github.com/thanshurc/awesome-web-hacking "
      },
      {
        "title": "hack",
        "trust": 0.1,
        "url": "https://github.com/nvnpsplt/hack "
      },
      {
        "title": "awesome-web-hacking",
        "trust": 0.1,
        "url": "https://github.com/noname1007/awesome-web-hacking "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/ImranTheThirdEye/awesome-web-hacking "
      },
      {
        "title": "web-hacking",
        "trust": 0.1,
        "url": "https://github.com/Ondrik8/web-hacking "
      },
      {
        "title": "CheckSSL-ciphersuite",
        "trust": 0.1,
        "url": "https://github.com/kal1gh0st/CheckSSL-ciphersuite "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/undacmic/HeartBleed-Demo "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/MrE-Fog/ssl-heartbleed.nse "
      },
      {
        "title": "welivesecurity",
        "trust": 0.1,
        "url": "https://www.welivesecurity.com/2015/08/03/worlds-biggest-bug-bounty-payouts/"
      },
      {
        "title": "Threatpost",
        "trust": 0.1,
        "url": "https://threatpost.com/oracle-gives-heartbleed-update-patches-14-products/105576/"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-0160"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-125",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-0160"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0160"
      },
      {
        "trust": 1.4,
        "url": "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/"
      },
      {
        "trust": 1.4,
        "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/"
      },
      {
        "trust": 1.4,
        "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/"
      },
      {
        "trust": 1.4,
        "url": "http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/"
      },
      {
        "trust": 1.2,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140409-heartbleed"
      },
      {
        "trust": 1.2,
        "url": "http://www.ubuntu.com/usn/usn-2165-1"
      },
      {
        "trust": 1.2,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
      },
      {
        "trust": 1.2,
        "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
      },
      {
        "trust": 1.1,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1084875"
      },
      {
        "trust": 1.1,
        "url": "http://www.openssl.org/news/secadv_20140407.txt"
      },
      {
        "trust": 1.1,
        "url": "http://heartbleed.com/"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1030078"
      },
      {
        "trust": 1.1,
        "url": "http://seclists.org/fulldisclosure/2014/apr/109"
      },
      {
        "trust": 1.1,
        "url": "http://seclists.org/fulldisclosure/2014/apr/190"
      },
      {
        "trust": 1.1,
        "url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-april/000184.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html"
      },
      {
        "trust": 1.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2014-0376.html"
      },
      {
        "trust": 1.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2014-0396.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1030082"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/57347"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=139722163017074\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1030077"
      },
      {
        "trust": 1.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670161"
      },
      {
        "trust": 1.1,
        "url": "http://www.debian.org/security/2014/dsa-2896"
      },
      {
        "trust": 1.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2014-0377.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1030080"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-april/131221.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1030074"
      },
      {
        "trust": 1.1,
        "url": "http://seclists.org/fulldisclosure/2014/apr/90"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1030081"
      },
      {
        "trust": 1.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2014-0378.html"
      },
      {
        "trust": 1.1,
        "url": "http://seclists.org/fulldisclosure/2014/apr/91"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/57483"
      },
      {
        "trust": 1.1,
        "url": "http://www.splunk.com/view/sp-caaamb3"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-april/131291.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1030079"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00004.html"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/57721"
      },
      {
        "trust": 1.1,
        "url": "http://www.blackberry.com/btsc/kb35882"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1030026"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00005.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/66690"
      },
      {
        "trust": 1.1,
        "url": "http://www.us-cert.gov/ncas/alerts/ta14-098a"
      },
      {
        "trust": 1.1,
        "url": "http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/"
      },
      {
        "trust": 1.1,
        "url": "https://blog.torproject.org/blog/openssl-bug-cve-2014-0160"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/57966"
      },
      {
        "trust": 1.1,
        "url": "http://www.f-secure.com/en/web/labs_global/fsc-2014-1"
      },
      {
        "trust": 1.1,
        "url": "http://seclists.org/fulldisclosure/2014/apr/173"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/57968"
      },
      {
        "trust": 1.1,
        "url": "https://code.google.com/p/mod-spdy/issues/detail?id=85"
      },
      {
        "trust": 1.1,
        "url": "http://www.exploit-db.com/exploits/32745"
      },
      {
        "trust": 1.1,
        "url": "http://www.kb.cert.org/vuls/id/720951"
      },
      {
        "trust": 1.1,
        "url": "https://www.cert.fi/en/reports/2014/vulnerability788210.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.exploit-db.com/exploits/32764"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/57836"
      },
      {
        "trust": 1.1,
        "url": "https://gist.github.com/chapmajs/10473815"
      },
      {
        "trust": 1.1,
        "url": "http://cogentdatahub.com/releasenotes.html"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=139905458328378\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=139869891830365\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=139889113431619\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://public.support.unisys.com/common/public/vulnerability/nvd_detail_rpt.aspx?id=1"
      },
      {
        "trust": 1.1,
        "url": "http://www.kerio.com/support/kerio-control/release-history"
      },
      {
        "trust": 1.1,
        "url": "http://public.support.unisys.com/common/public/vulnerability/nvd_detail_rpt.aspx?id=3"
      },
      {
        "trust": 1.1,
        "url": "http://advisories.mageia.org/mgasa-2014-0165.html"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hp.com/portal/site/hpsc/template.page/public/kb/docdisplay/?spf_p.tpst=kbdocdisplay\u0026spf_p.prp_kbdocdisplay=wsrp-navigationalstate%3ddocid%253demr_na-c04260637-4%257cdoclocale%253den_us%257ccalledby%253dsearch_result\u0026javax.portlet.begcachetok=com.vignette.cachetoken\u0026javax.portlet.endcachetok=com.vignette.cachetoken"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
      },
      {
        "trust": 1.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843"
      },
      {
        "trust": 1.1,
        "url": "https://filezilla-project.org/versions.php?type=server"
      },
      {
        "trust": 1.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841"
      },
      {
        "trust": 1.1,
        "url": "https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=141287864628122\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://seclists.org/fulldisclosure/2014/dec/23"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/security/advisories/vmsa-2014-0012.html"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://www.websense.com/support/article/kbarticle/vulnerabilities-resolved-in-triton-apx-version-8-0"
      },
      {
        "trust": 1.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:062"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=139817727317190\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=139757726426985\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=139758572430452\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=139905653828999\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=139842151128341\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=139905405728262\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=139833395230364\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=139824993005633\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=139843768401936\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=139905202427693\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=139774054614965\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=139889295732144\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=139835815211508\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=140724451518351\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=139808058921905\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=139836085512508\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=139869720529462\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=139905868529690\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=139765756720506\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=140015787404650\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=139824923705461\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=139757919027752\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=139774703817488\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=139905243827825\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=140075368411126\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=139905295427946\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=139835844111589\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=139757819327350\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=139817685517037\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=139905351928096\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=139817782017443\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=140752315422991\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160512_00"
      },
      {
        "trust": 1.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004661"
      },
      {
        "trust": 1.1,
        "url": "http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_release_notes.pdf"
      },
      {
        "trust": 1.1,
        "url": "http://www.apcmedia.com/salestools/sjhn-7rkgnm/sjhn-7rkgnm_r4_en.pdf"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59347"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59243"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59139"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136473.html"
      },
      {
        "trust": 1.1,
        "url": "http://download.schneider-electric.com/files?p_doc_ref=sevd%202014-119-01"
      },
      {
        "trust": 1.1,
        "url": "https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html"
      },
      {
        "trust": 1.1,
        "url": "http://support.citrix.com/article/ctx140605"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00061.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008"
      },
      {
        "trust": 1.1,
        "url": "https://sku11army.blogspot.com/2020/01/heartbleed-hearts-continue-to-bleed.html"
      },
      {
        "trust": 1.1,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-635659.pdf"
      },
      {
        "trust": 1.1,
        "url": "https://yunus-shn.medium.com/ricon-industrial-cellular-router-heartbleed-attack-2634221c02bd"
      },
      {
        "trust": 1.1,
        "url": "http://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=96db9023b881d7cd9f379b0c154650d6c108e9a3"
      },
      {
        "trust": 1.1,
        "url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 1.1,
        "url": "https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 1.1,
        "url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 1.1,
        "url": "https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 1.1,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.5,
        "url": "http://support.openview.hp.com/downloads.jsp"
      },
      {
        "trust": 0.3,
        "url": "http://www.ocert.org/advisories/ocert-2014-003.html"
      },
      {
        "trust": 0.3,
        "url": "https://bitbucket.org/xi/libyaml/commits/bce8b60f0b9af69fa9fab3093d0a41ba243de048"
      },
      {
        "trust": 0.3,
        "url": "https://www.ruby-lang.org/en/news/2014/03/29/heap-overflow-in-yaml-uri-escape-parsing-cve-2014-2525/"
      },
      {
        "trust": 0.3,
        "url": "http://pyyaml.org/wiki/libyaml"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2014-0353.html"
      },
      {
        "trust": 0.3,
        "url": "http://puppetlabs.com/security/cve/cve-2014-2525"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2014-0354.html"
      },
      {
        "trust": 0.3,
        "url": "https://rhn.redhat.com/errata/rhsa-2014-0355.html"
      },
      {
        "trust": 0.3,
        "url": "http://www8.hp.com/us/en/software-so"
      },
      {
        "trust": 0.2,
        "url": "http://www8.h"
      },
      {
        "trust": 0.2,
        "url": "http://gpgtools.org"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/125.html"
      },
      {
        "trust": 0.1,
        "url": "http://seclists.org/fulldisclosure/2019/jan/42"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/./dsa-2896"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://threatpost.com/oracle-gives-heartbleed-update-patches-14-products/105576/"
      },
      {
        "trust": 0.1,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-135-02"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2165-1/"
      },
      {
        "trust": 0.1,
        "url": "http://support.openview.hp.com/selfsolve/document/km00868126"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/p"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "http://support.apple.com/kb/ht1222"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-5116"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-5269"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-2741"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-5135"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0160"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-2026"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-5268"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-3108"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5266"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-2445"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0338"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5269"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5849"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-1536"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-3108"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1969"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-1536"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-5266"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-2741"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-1205"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1664"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0338"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/glsa/glsa-201412-11.xml"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-2026"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-0720"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2877"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5135"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0339"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1969"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-2445"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1205"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-0720"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-4995"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-5849"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-4995"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2877"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5268"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0339"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5116"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1664"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://support.openview.hp.com/selfsolve/document/lid/hpsm_00556"
      },
      {
        "trust": 0.1,
        "url": "http://support.openview.hp.com/selfsolve/document/km00843525"
      },
      {
        "trust": 0.1,
        "url": "http://support.openview.hp.com/selfsolve/document/lid/hpsm_00560"
      },
      {
        "trust": 0.1,
        "url": "http://support.openview.hp.com/selfsolve/document/lid/hpsm_00557"
      },
      {
        "trust": 0.1,
        "url": "http://support.openview.hp.com/selfsolve/document/lid/hpsm_00559"
      },
      {
        "trust": 0.1,
        "url": "http://support.openview.hp.com/selfsolve/document/lid/hpsm_00558"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_n"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_"
      },
      {
        "trust": 0.1,
        "url": "https://www.hp.com/go/support"
      },
      {
        "trust": 0.1,
        "url": "http://support.openview.hp.com/selfsolve/document/km00843314/binary/sa_alert_"
      },
      {
        "trust": 0.1,
        "url": "http://support.openview.hp.com/selfsolve/document/lid/lrlg_00051"
      },
      {
        "trust": 0.1,
        "url": "http://support.openview.hp.com/selfsolve/document/lid/lrlg_00052"
      },
      {
        "trust": 0.1,
        "url": "http://support.openview.hp.com/selfsolve/document/lid/lr_03304"
      },
      {
        "trust": 0.1,
        "url": "http://support.openview.hp.com/selfsolve/document/lid/lr_03333"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.12"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1e-3ubuntu1.2"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1c-3ubuntu2.7"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0076"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140430-mxp"
      },
      {
        "trust": 0.1,
        "url": "https://h20392.www2.hp.com/portal/swdepot/displayproductinfo.do?productnumber"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/support/eslg3"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-0160"
      },
      {
        "db": "BID",
        "id": "66478"
      },
      {
        "db": "PACKETSTORM",
        "id": "126360"
      },
      {
        "db": "PACKETSTORM",
        "id": "126165"
      },
      {
        "db": "PACKETSTORM",
        "id": "127749"
      },
      {
        "db": "PACKETSTORM",
        "id": "126283"
      },
      {
        "db": "PACKETSTORM",
        "id": "126285"
      },
      {
        "db": "PACKETSTORM",
        "id": "129524"
      },
      {
        "db": "PACKETSTORM",
        "id": "126458"
      },
      {
        "db": "PACKETSTORM",
        "id": "126563"
      },
      {
        "db": "PACKETSTORM",
        "id": "126450"
      },
      {
        "db": "PACKETSTORM",
        "id": "126304"
      },
      {
        "db": "PACKETSTORM",
        "id": "126208"
      },
      {
        "db": "PACKETSTORM",
        "id": "126774"
      },
      {
        "db": "PACKETSTORM",
        "id": "126045"
      },
      {
        "db": "PACKETSTORM",
        "id": "126420"
      },
      {
        "db": "PACKETSTORM",
        "id": "126454"
      },
      {
        "db": "PACKETSTORM",
        "id": "127279"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0160"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2014-0160"
      },
      {
        "db": "BID",
        "id": "66478"
      },
      {
        "db": "PACKETSTORM",
        "id": "126360"
      },
      {
        "db": "PACKETSTORM",
        "id": "126165"
      },
      {
        "db": "PACKETSTORM",
        "id": "127749"
      },
      {
        "db": "PACKETSTORM",
        "id": "126283"
      },
      {
        "db": "PACKETSTORM",
        "id": "126285"
      },
      {
        "db": "PACKETSTORM",
        "id": "129524"
      },
      {
        "db": "PACKETSTORM",
        "id": "126458"
      },
      {
        "db": "PACKETSTORM",
        "id": "126563"
      },
      {
        "db": "PACKETSTORM",
        "id": "126450"
      },
      {
        "db": "PACKETSTORM",
        "id": "126304"
      },
      {
        "db": "PACKETSTORM",
        "id": "126208"
      },
      {
        "db": "PACKETSTORM",
        "id": "126774"
      },
      {
        "db": "PACKETSTORM",
        "id": "126045"
      },
      {
        "db": "PACKETSTORM",
        "id": "126420"
      },
      {
        "db": "PACKETSTORM",
        "id": "126454"
      },
      {
        "db": "PACKETSTORM",
        "id": "127279"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0160"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-04-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-0160"
      },
      {
        "date": "2014-03-26T00:00:00",
        "db": "BID",
        "id": "66478"
      },
      {
        "date": "2014-04-28T20:35:41",
        "db": "PACKETSTORM",
        "id": "126360"
      },
      {
        "date": "2014-04-15T23:02:07",
        "db": "PACKETSTORM",
        "id": "126165"
      },
      {
        "date": "2014-08-05T21:06:31",
        "db": "PACKETSTORM",
        "id": "127749"
      },
      {
        "date": "2014-04-23T21:24:44",
        "db": "PACKETSTORM",
        "id": "126283"
      },
      {
        "date": "2014-04-23T21:26:11",
        "db": "PACKETSTORM",
        "id": "126285"
      },
      {
        "date": "2014-12-12T17:43:12",
        "db": "PACKETSTORM",
        "id": "129524"
      },
      {
        "date": "2014-05-03T02:17:11",
        "db": "PACKETSTORM",
        "id": "126458"
      },
      {
        "date": "2014-05-09T17:31:25",
        "db": "PACKETSTORM",
        "id": "126563"
      },
      {
        "date": "2014-05-02T23:02:22",
        "db": "PACKETSTORM",
        "id": "126450"
      },
      {
        "date": "2014-04-24T22:21:00",
        "db": "PACKETSTORM",
        "id": "126304"
      },
      {
        "date": "2014-04-17T22:04:49",
        "db": "PACKETSTORM",
        "id": "126208"
      },
      {
        "date": "2014-05-22T22:17:58",
        "db": "PACKETSTORM",
        "id": "126774"
      },
      {
        "date": "2014-04-07T22:44:13",
        "db": "PACKETSTORM",
        "id": "126045"
      },
      {
        "date": "2014-05-01T02:18:26",
        "db": "PACKETSTORM",
        "id": "126420"
      },
      {
        "date": "2014-05-03T02:07:11",
        "db": "PACKETSTORM",
        "id": "126454"
      },
      {
        "date": "2014-06-30T23:47:20",
        "db": "PACKETSTORM",
        "id": "127279"
      },
      {
        "date": "2014-04-07T22:55:03.893000",
        "db": "NVD",
        "id": "CVE-2014-0160"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-0160"
      },
      {
        "date": "2017-05-02T04:07:00",
        "db": "BID",
        "id": "66478"
      },
      {
        "date": "2024-11-21T02:01:30.317000",
        "db": "NVD",
        "id": "CVE-2014-0160"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "66478"
      }
    ],
    "trust": 0.3
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "LibYAML \u0027yaml_parser_scan_uri_escapes()\u0027 Function Remote Heap Based Buffer Overflow Vulnerability",
    "sources": [
      {
        "db": "BID",
        "id": "66478"
      }
    ],
    "trust": 0.3
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Input Validation Error",
    "sources": [
      {
        "db": "BID",
        "id": "66478"
      }
    ],
    "trust": 0.3
  }
}

Vulnerability from fkie_nvd
Published
2014-12-08 16:59
Modified
2024-11-21 02:20
Severity ?
Summary
scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent attackers to cause a denial of service (assertion failure and crash) via vectors involving line-wrapping.
References
cve@mitre.orghttp://advisories.mageia.org/MGASA-2014-0508.html
cve@mitre.orghttp://linux.oracle.com/errata/ELSA-2015-0100.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html
cve@mitre.orghttp://rhn.redhat.com/errata/RHSA-2015-0100.html
cve@mitre.orghttp://rhn.redhat.com/errata/RHSA-2015-0112.html
cve@mitre.orghttp://rhn.redhat.com/errata/RHSA-2015-0260.html
cve@mitre.orghttp://secunia.com/advisories/59947
cve@mitre.orghttp://secunia.com/advisories/60944
cve@mitre.orghttp://secunia.com/advisories/62164
cve@mitre.orghttp://secunia.com/advisories/62174
cve@mitre.orghttp://secunia.com/advisories/62176
cve@mitre.orghttp://secunia.com/advisories/62705
cve@mitre.orghttp://secunia.com/advisories/62723
cve@mitre.orghttp://secunia.com/advisories/62774
cve@mitre.orghttp://www.debian.org/security/2014/dsa-3102
cve@mitre.orghttp://www.debian.org/security/2014/dsa-3103
cve@mitre.orghttp://www.debian.org/security/2014/dsa-3115
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDVSA-2014:242
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDVSA-2015:060
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2014/11/28/1Exploit
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2014/11/28/8
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2014/11/29/3
cve@mitre.orghttp://www.securityfocus.com/bid/71349
cve@mitre.orghttp://www.ubuntu.com/usn/USN-2461-1
cve@mitre.orghttp://www.ubuntu.com/usn/USN-2461-2
cve@mitre.orghttp://www.ubuntu.com/usn/USN-2461-3
cve@mitre.orghttps://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2Exploit
cve@mitre.orghttps://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failureExploit
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/99047
cve@mitre.orghttps://puppet.com/security/cve/cve-2014-9130
af854a3a-2127-422b-91ae-364da2661108http://advisories.mageia.org/MGASA-2014-0508.html
af854a3a-2127-422b-91ae-364da2661108http://linux.oracle.com/errata/ELSA-2015-0100.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2015-0100.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2015-0112.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2015-0260.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59947
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/60944
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/62164
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/62174
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/62176
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/62705
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/62723
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/62774
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2014/dsa-3102
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2014/dsa-3103
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2014/dsa-3115
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2014:242
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2015:060
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2014/11/28/1Exploit
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2014/11/28/8
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2014/11/29/3
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/71349
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2461-1
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2461-2
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2461-3
af854a3a-2127-422b-91ae-364da2661108https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2Exploit
af854a3a-2127-422b-91ae-364da2661108https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failureExploit
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/99047
af854a3a-2127-422b-91ae-364da2661108https://puppet.com/security/cve/cve-2014-9130
Impacted products
Vendor Product Version
pyyaml libyaml 0.1.5
pyyaml libyaml 0.1.6



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:pyyaml:libyaml:0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D405B896-62ED-4064-9A84-EAD93843B2F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pyyaml:libyaml:0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E9B1BDC-8920-4D46-9879-0E491797F188",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent attackers to cause a denial of service (assertion failure and crash) via vectors involving line-wrapping."
    },
    {
      "lang": "es",
      "value": "scanner.c en LibYAML 0.1.5 y 0.1.6, utilizado en el m\u00f3dulo YAML-LibYAML (tambi\u00e9n conocido como YAML-XS) para Perl, permite a atacantes dependientes de contexto causar una denegaci\u00f3n de servicio (fallo de aserci\u00f3n y ca\u00edda) a trav\u00e9s de vectores que involucran la envoltura de l\u00edneas (line-wrapping)."
    }
  ],
  "id": "CVE-2014-9130",
  "lastModified": "2024-11-21T02:20:15.763",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-12-08T16:59:04.450",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://advisories.mageia.org/MGASA-2014-0508.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://linux.oracle.com/errata/ELSA-2015-0100.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0100.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0112.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0260.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/59947"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/60944"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/62164"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/62174"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/62176"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/62705"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/62723"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/62774"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2014/dsa-3102"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2014/dsa-3103"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2014/dsa-3115"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:242"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:060"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2014/11/28/1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2014/11/28/8"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2014/11/29/3"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/71349"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/USN-2461-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/USN-2461-2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/USN-2461-3"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99047"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://puppet.com/security/cve/cve-2014-9130"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://advisories.mageia.org/MGASA-2014-0508.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://linux.oracle.com/errata/ELSA-2015-0100.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0100.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0112.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0260.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59947"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/60944"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/62164"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/62174"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/62176"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/62705"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/62723"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/62774"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2014/dsa-3102"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2014/dsa-3103"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2014/dsa-3115"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:242"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:060"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2014/11/28/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2014/11/28/8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2014/11/29/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/71349"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2461-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2461-2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2461-3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99047"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://puppet.com/security/cve/cve-2014-9130"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-03-28 15:55
Modified
2024-11-21 02:06
Severity ?
Summary
Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file.
References
cve@mitre.orghttp://advisories.mageia.org/MGASA-2014-0150.htmlThird Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-updates/2014-04/msg00022.htmlThird Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-updates/2015-02/msg00078.htmlThird Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-updates/2016-04/msg00050.htmlThird Party Advisory
cve@mitre.orghttp://rhn.redhat.com/errata/RHSA-2014-0353.html
cve@mitre.orghttp://rhn.redhat.com/errata/RHSA-2014-0354.html
cve@mitre.orghttp://rhn.redhat.com/errata/RHSA-2014-0355.html
cve@mitre.orghttp://secunia.com/advisories/57836
cve@mitre.orghttp://secunia.com/advisories/57966
cve@mitre.orghttp://secunia.com/advisories/57968
cve@mitre.orghttp://support.apple.com/kb/HT6443
cve@mitre.orghttp://www.debian.org/security/2014/dsa-2884
cve@mitre.orghttp://www.debian.org/security/2014/dsa-2885
cve@mitre.orghttp://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/
cve@mitre.orghttp://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/
cve@mitre.orghttp://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDVSA-2015:060
cve@mitre.orghttp://www.ocert.org/advisories/ocert-2014-003.htmlUS Government Resource
cve@mitre.orghttp://www.securityfocus.com/bid/66478
cve@mitre.orghttp://www.ubuntu.com/usn/USN-2160-1
cve@mitre.orghttps://bitbucket.org/xi/libyaml/commits/bce8b60f0b9af69fa9fab3093d0a41ba243de048Exploit, Patch
cve@mitre.orghttps://puppet.com/security/cve/cve-2014-2525
af854a3a-2127-422b-91ae-364da2661108http://advisories.mageia.org/MGASA-2014-0150.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2014-04/msg00022.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2014-0353.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2014-0354.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2014-0355.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/57836
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/57966
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/57968
af854a3a-2127-422b-91ae-364da2661108http://support.apple.com/kb/HT6443
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2014/dsa-2884
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2014/dsa-2885
af854a3a-2127-422b-91ae-364da2661108http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/
af854a3a-2127-422b-91ae-364da2661108http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/
af854a3a-2127-422b-91ae-364da2661108http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2015:060
af854a3a-2127-422b-91ae-364da2661108http://www.ocert.org/advisories/ocert-2014-003.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/66478
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2160-1
af854a3a-2127-422b-91ae-364da2661108https://bitbucket.org/xi/libyaml/commits/bce8b60f0b9af69fa9fab3093d0a41ba243de048Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108https://puppet.com/security/cve/cve-2014-2525
Impacted products
Vendor Product Version
pyyaml libyaml *
pyyaml libyaml 0.0.1
pyyaml libyaml 0.1.1
pyyaml libyaml 0.1.2
pyyaml libyaml 0.1.3
pyyaml libyaml 0.1.4
opensuse leap 42.1
opensuse opensuse 13.1
opensuse opensuse 13.2



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:pyyaml:libyaml:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF15A6D7-D1CD-4B9A-8A90-81E441C531EF",
              "versionEndIncluding": "0.1.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pyyaml:libyaml:0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F454F77-1AB1-44CF-8E1F-47BD71966CB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pyyaml:libyaml:0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F2A3FC6-ADD6-4890-A91E-7B42138CB1B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pyyaml:libyaml:0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7892D90-243C-4588-92D0-F49B3443B3DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pyyaml:libyaml:0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9759A8FD-7010-4D10-9E26-A03FDDDA187B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pyyaml:libyaml:0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AE63A49-551A-4C0F-8ED9-AE1DB049B141",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de buffer basado en memoria din\u00e1mica en la funci\u00f3n yaml_parser_scan_uri_escapes en LibYAML anterior a 0.1.6 permite a atacantes dependientes de contexto ejecutar c\u00f3digo arbitrario a trav\u00e9s de una secuencia larga de caracteres codificados de porcentaje en una URI en un archivo YAML."
    }
  ],
  "id": "CVE-2014-2525",
  "lastModified": "2024-11-21T02:06:28.450",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-03-28T15:55:08.670",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://advisories.mageia.org/MGASA-2014-0150.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00022.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0353.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0354.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0355.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/57836"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/57966"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/57968"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.apple.com/kb/HT6443"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2014/dsa-2884"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2014/dsa-2885"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:060"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.ocert.org/advisories/ocert-2014-003.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/66478"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/USN-2160-1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "https://bitbucket.org/xi/libyaml/commits/bce8b60f0b9af69fa9fab3093d0a41ba243de048"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://puppet.com/security/cve/cve-2014-2525"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://advisories.mageia.org/MGASA-2014-0150.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0353.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0354.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0355.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/57836"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/57966"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/57968"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT6443"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2014/dsa-2884"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2014/dsa-2885"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:060"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.ocert.org/advisories/ocert-2014-003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/66478"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2160-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "https://bitbucket.org/xi/libyaml/commits/bce8b60f0b9af69fa9fab3093d0a41ba243de048"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://puppet.com/security/cve/cve-2014-2525"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-02-06 22:55
Modified
2024-11-21 01:59
Severity ?
Summary
The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow.
References
secalert@redhat.comhttp://advisories.mageia.org/MGASA-2014-0040.htmlThird Party Advisory
secalert@redhat.comhttp://archives.neohapsis.com/archives/bugtraq/2014-04/0134.htmlBroken Link
secalert@redhat.comhttp://archives.neohapsis.com/archives/bugtraq/2014-10/0103.htmlBroken Link
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2014-02/msg00064.htmlThird Party Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2014-02/msg00065.htmlThird Party Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2015-02/msg00078.htmlThird Party Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2016-04/msg00050.htmlThird Party Advisory
secalert@redhat.comhttp://osvdb.org/102716
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2014-0353.htmlThird Party Advisory
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2014-0354.htmlThird Party Advisory
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2014-0355.htmlThird Party Advisory
secalert@redhat.comhttp://www.debian.org/security/2014/dsa-2850Third Party Advisory
secalert@redhat.comhttp://www.debian.org/security/2014/dsa-2870Third Party Advisory
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2015:060Third Party Advisory
secalert@redhat.comhttp://www.securityfocus.com/bid/65258Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-2098-1Third Party Advisory
secalert@redhat.comhttps://bitbucket.org/xi/libyaml/commits/tag/0.1.5Issue Tracking
secalert@redhat.comhttps://bugzilla.redhat.com/attachment.cgi?id=847926&action=diffIssue Tracking
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=1033990Issue Tracking, Patch
secalert@redhat.comhttps://puppet.com/security/cve/cve-2013-6393
secalert@redhat.comhttps://support.apple.com/kb/HT6536Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://advisories.mageia.org/MGASA-2014-0040.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2014-02/msg00064.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2014-02/msg00065.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/102716
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2014-0353.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2014-0354.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2014-0355.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2014/dsa-2850Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2014/dsa-2870Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2015:060Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/65258Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2098-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bitbucket.org/xi/libyaml/commits/tag/0.1.5Issue Tracking
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/attachment.cgi?id=847926&action=diffIssue Tracking
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=1033990Issue Tracking, Patch
af854a3a-2127-422b-91ae-364da2661108https://puppet.com/security/cve/cve-2013-6393
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT6536Third Party Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:pyyaml:libyaml:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "64CF0E49-704A-4190-9BA8-6332F1B12430",
              "versionEndIncluding": "0.1.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pyyaml:libyaml:0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F454F77-1AB1-44CF-8E1F-47BD71966CB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pyyaml:libyaml:0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F2A3FC6-ADD6-4890-A91E-7B42138CB1B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pyyaml:libyaml:0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7892D90-243C-4588-92D0-F49B3443B3DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pyyaml:libyaml:0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9759A8FD-7010-4D10-9E26-A03FDDDA187B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F61F047-129C-41A6-8A27-FFCBB8563E91",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:openstack:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6533B15B-F748-4A5D-AB86-31D38DFAE60F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1802FDB8-C919-4D5E-A8AD-4C5B72525090",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n yaml_parser_scan_tag_uri en scanner.c en LibYAML anterior a 0.1.5 lleva a cabo un \"cast\" incorrecto, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) y probablemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de etiquetas manipuladas en YAML."
    }
  ],
  "id": "CVE-2013-6393",
  "lastModified": "2024-11-21T01:59:08.313",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-02-06T22:55:03.217",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://advisories.mageia.org/MGASA-2014-0040.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00064.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00065.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://osvdb.org/102716"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0353.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0354.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0355.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2014/dsa-2850"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2014/dsa-2870"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:060"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/65258"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2098-1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bitbucket.org/xi/libyaml/commits/tag/0.1.5"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.redhat.com/attachment.cgi?id=847926\u0026action=diff"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1033990"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://puppet.com/security/cve/cve-2013-6393"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.apple.com/kb/HT6536"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://advisories.mageia.org/MGASA-2014-0040.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00064.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00065.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/102716"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0353.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0354.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0355.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2014/dsa-2850"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2014/dsa-2870"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:060"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/65258"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2098-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bitbucket.org/xi/libyaml/commits/tag/0.1.5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.redhat.com/attachment.cgi?id=847926\u0026action=diff"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1033990"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://puppet.com/security/cve/cve-2013-6393"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.apple.com/kb/HT6536"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2013-6393
Vulnerability from cvelistv5
Published
2014-02-06 22:00
Modified
2024-08-06 17:39
Severity ?
Summary
The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow.
References
http://lists.opensuse.org/opensuse-updates/2014-02/msg00065.htmlvendor-advisory, x_refsource_SUSE
http://www.debian.org/security/2014/dsa-2870vendor-advisory, x_refsource_DEBIAN
http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.htmlvendor-advisory, x_refsource_APPLE
https://bugzilla.redhat.com/show_bug.cgi?id=1033990x_refsource_CONFIRM
http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.htmlvendor-advisory, x_refsource_APPLE
http://osvdb.org/102716vdb-entry, x_refsource_OSVDB
https://bugzilla.redhat.com/attachment.cgi?id=847926&action=diffx_refsource_MISC
http://www.mandriva.com/security/advisories?name=MDVSA-2015:060vendor-advisory, x_refsource_MANDRIVA
http://www.securityfocus.com/bid/65258vdb-entry, x_refsource_BID
http://advisories.mageia.org/MGASA-2014-0040.htmlx_refsource_CONFIRM
http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.htmlvendor-advisory, x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2014-0355.htmlvendor-advisory, x_refsource_REDHAT
http://lists.opensuse.org/opensuse-updates/2014-02/msg00064.htmlvendor-advisory, x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2014-0354.htmlvendor-advisory, x_refsource_REDHAT
https://support.apple.com/kb/HT6536x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.htmlvendor-advisory, x_refsource_SUSE
http://www.debian.org/security/2014/dsa-2850vendor-advisory, x_refsource_DEBIAN
http://rhn.redhat.com/errata/RHSA-2014-0353.htmlvendor-advisory, x_refsource_REDHAT
https://bitbucket.org/xi/libyaml/commits/tag/0.1.5x_refsource_CONFIRM
https://puppet.com/security/cve/cve-2013-6393x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-2098-1vendor-advisory, x_refsource_UBUNTU
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:39:01.258Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "openSUSE-SU-2014:0273",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00065.html"
          },
          {
            "name": "DSA-2870",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-2870"
          },
          {
            "name": "APPLE-SA-2014-10-16-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1033990"
          },
          {
            "name": "APPLE-SA-2014-04-22-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html"
          },
          {
            "name": "102716",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/102716"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/attachment.cgi?id=847926\u0026action=diff"
          },
          {
            "name": "MDVSA-2015:060",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:060"
          },
          {
            "name": "65258",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/65258"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://advisories.mageia.org/MGASA-2014-0040.html"
          },
          {
            "name": "openSUSE-SU-2015:0319",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html"
          },
          {
            "name": "RHSA-2014:0355",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-0355.html"
          },
          {
            "name": "openSUSE-SU-2014:0272",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00064.html"
          },
          {
            "name": "RHSA-2014:0354",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-0354.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT6536"
          },
          {
            "name": "openSUSE-SU-2016:1067",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html"
          },
          {
            "name": "DSA-2850",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-2850"
          },
          {
            "name": "RHSA-2014:0353",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-0353.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bitbucket.org/xi/libyaml/commits/tag/0.1.5"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://puppet.com/security/cve/cve-2013-6393"
          },
          {
            "name": "USN-2098-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2098-1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-11-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-08T10:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "openSUSE-SU-2014:0273",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00065.html"
        },
        {
          "name": "DSA-2870",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-2870"
        },
        {
          "name": "APPLE-SA-2014-10-16-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1033990"
        },
        {
          "name": "APPLE-SA-2014-04-22-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html"
        },
        {
          "name": "102716",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/102716"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/attachment.cgi?id=847926\u0026action=diff"
        },
        {
          "name": "MDVSA-2015:060",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:060"
        },
        {
          "name": "65258",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/65258"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://advisories.mageia.org/MGASA-2014-0040.html"
        },
        {
          "name": "openSUSE-SU-2015:0319",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html"
        },
        {
          "name": "RHSA-2014:0355",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-0355.html"
        },
        {
          "name": "openSUSE-SU-2014:0272",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00064.html"
        },
        {
          "name": "RHSA-2014:0354",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-0354.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/kb/HT6536"
        },
        {
          "name": "openSUSE-SU-2016:1067",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html"
        },
        {
          "name": "DSA-2850",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-2850"
        },
        {
          "name": "RHSA-2014:0353",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-0353.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bitbucket.org/xi/libyaml/commits/tag/0.1.5"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://puppet.com/security/cve/cve-2013-6393"
        },
        {
          "name": "USN-2098-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2098-1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2013-6393",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "openSUSE-SU-2014:0273",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00065.html"
            },
            {
              "name": "DSA-2870",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2014/dsa-2870"
            },
            {
              "name": "APPLE-SA-2014-10-16-3",
              "refsource": "APPLE",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1033990",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1033990"
            },
            {
              "name": "APPLE-SA-2014-04-22-1",
              "refsource": "APPLE",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html"
            },
            {
              "name": "102716",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/102716"
            },
            {
              "name": "https://bugzilla.redhat.com/attachment.cgi?id=847926\u0026action=diff",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/attachment.cgi?id=847926\u0026action=diff"
            },
            {
              "name": "MDVSA-2015:060",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:060"
            },
            {
              "name": "65258",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/65258"
            },
            {
              "name": "http://advisories.mageia.org/MGASA-2014-0040.html",
              "refsource": "CONFIRM",
              "url": "http://advisories.mageia.org/MGASA-2014-0040.html"
            },
            {
              "name": "openSUSE-SU-2015:0319",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html"
            },
            {
              "name": "RHSA-2014:0355",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0355.html"
            },
            {
              "name": "openSUSE-SU-2014:0272",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00064.html"
            },
            {
              "name": "RHSA-2014:0354",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0354.html"
            },
            {
              "name": "https://support.apple.com/kb/HT6536",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/kb/HT6536"
            },
            {
              "name": "openSUSE-SU-2016:1067",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html"
            },
            {
              "name": "DSA-2850",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2014/dsa-2850"
            },
            {
              "name": "RHSA-2014:0353",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0353.html"
            },
            {
              "name": "https://bitbucket.org/xi/libyaml/commits/tag/0.1.5",
              "refsource": "CONFIRM",
              "url": "https://bitbucket.org/xi/libyaml/commits/tag/0.1.5"
            },
            {
              "name": "https://puppet.com/security/cve/cve-2013-6393",
              "refsource": "CONFIRM",
              "url": "https://puppet.com/security/cve/cve-2013-6393"
            },
            {
              "name": "USN-2098-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2098-1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-6393",
    "datePublished": "2014-02-06T22:00:00",
    "dateReserved": "2013-11-04T00:00:00",
    "dateUpdated": "2024-08-06T17:39:01.258Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-2525
Vulnerability from cvelistv5
Published
2014-03-28 15:00
Modified
2024-08-06 10:14
Severity ?
Summary
Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file.
References
http://www.securityfocus.com/bid/66478vdb-entry, x_refsource_BID
http://secunia.com/advisories/57836third-party-advisory, x_refsource_SECUNIA
https://puppet.com/security/cve/cve-2014-2525x_refsource_CONFIRM
http://www.mandriva.com/security/advisories?name=MDVSA-2015:060vendor-advisory, x_refsource_MANDRIVA
http://www.ocert.org/advisories/ocert-2014-003.htmlx_refsource_MISC
http://www.debian.org/security/2014/dsa-2885vendor-advisory, x_refsource_DEBIAN
http://www.ubuntu.com/usn/USN-2160-1vendor-advisory, x_refsource_UBUNTU
http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.htmlvendor-advisory, x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2014-0355.htmlvendor-advisory, x_refsource_REDHAT
http://www.debian.org/security/2014/dsa-2884vendor-advisory, x_refsource_DEBIAN
http://rhn.redhat.com/errata/RHSA-2014-0354.htmlvendor-advisory, x_refsource_REDHAT
http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/x_refsource_CONFIRM
https://bitbucket.org/xi/libyaml/commits/bce8b60f0b9af69fa9fab3093d0a41ba243de048x_refsource_CONFIRM
http://advisories.mageia.org/MGASA-2014-0150.htmlx_refsource_CONFIRM
http://lists.opensuse.org/opensuse-updates/2014-04/msg00022.htmlvendor-advisory, x_refsource_SUSE
http://support.apple.com/kb/HT6443x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.htmlvendor-advisory, x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2014-0353.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/57968third-party-advisory, x_refsource_SECUNIA
http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/x_refsource_CONFIRM
http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/x_refsource_CONFIRM
http://secunia.com/advisories/57966third-party-advisory, x_refsource_SECUNIA
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:14:26.613Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "66478",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/66478"
          },
          {
            "name": "57836",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/57836"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://puppet.com/security/cve/cve-2014-2525"
          },
          {
            "name": "MDVSA-2015:060",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:060"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.ocert.org/advisories/ocert-2014-003.html"
          },
          {
            "name": "DSA-2885",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-2885"
          },
          {
            "name": "USN-2160-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2160-1"
          },
          {
            "name": "openSUSE-SU-2015:0319",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html"
          },
          {
            "name": "RHSA-2014:0355",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-0355.html"
          },
          {
            "name": "DSA-2884",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-2884"
          },
          {
            "name": "RHSA-2014:0354",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-0354.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bitbucket.org/xi/libyaml/commits/bce8b60f0b9af69fa9fab3093d0a41ba243de048"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://advisories.mageia.org/MGASA-2014-0150.html"
          },
          {
            "name": "openSUSE-SU-2014:0500",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00022.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT6443"
          },
          {
            "name": "openSUSE-SU-2016:1067",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html"
          },
          {
            "name": "RHSA-2014:0353",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-0353.html"
          },
          {
            "name": "57968",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/57968"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/"
          },
          {
            "name": "57966",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/57966"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-03-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-08T10:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "66478",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/66478"
        },
        {
          "name": "57836",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/57836"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://puppet.com/security/cve/cve-2014-2525"
        },
        {
          "name": "MDVSA-2015:060",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:060"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.ocert.org/advisories/ocert-2014-003.html"
        },
        {
          "name": "DSA-2885",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-2885"
        },
        {
          "name": "USN-2160-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2160-1"
        },
        {
          "name": "openSUSE-SU-2015:0319",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html"
        },
        {
          "name": "RHSA-2014:0355",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-0355.html"
        },
        {
          "name": "DSA-2884",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-2884"
        },
        {
          "name": "RHSA-2014:0354",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-0354.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bitbucket.org/xi/libyaml/commits/bce8b60f0b9af69fa9fab3093d0a41ba243de048"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://advisories.mageia.org/MGASA-2014-0150.html"
        },
        {
          "name": "openSUSE-SU-2014:0500",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00022.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT6443"
        },
        {
          "name": "openSUSE-SU-2016:1067",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html"
        },
        {
          "name": "RHSA-2014:0353",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-0353.html"
        },
        {
          "name": "57968",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/57968"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/"
        },
        {
          "name": "57966",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/57966"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-2525",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "66478",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/66478"
            },
            {
              "name": "57836",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/57836"
            },
            {
              "name": "https://puppet.com/security/cve/cve-2014-2525",
              "refsource": "CONFIRM",
              "url": "https://puppet.com/security/cve/cve-2014-2525"
            },
            {
              "name": "MDVSA-2015:060",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:060"
            },
            {
              "name": "http://www.ocert.org/advisories/ocert-2014-003.html",
              "refsource": "MISC",
              "url": "http://www.ocert.org/advisories/ocert-2014-003.html"
            },
            {
              "name": "DSA-2885",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2014/dsa-2885"
            },
            {
              "name": "USN-2160-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2160-1"
            },
            {
              "name": "openSUSE-SU-2015:0319",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html"
            },
            {
              "name": "RHSA-2014:0355",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0355.html"
            },
            {
              "name": "DSA-2884",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2014/dsa-2884"
            },
            {
              "name": "RHSA-2014:0354",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0354.html"
            },
            {
              "name": "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/",
              "refsource": "CONFIRM",
              "url": "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/"
            },
            {
              "name": "https://bitbucket.org/xi/libyaml/commits/bce8b60f0b9af69fa9fab3093d0a41ba243de048",
              "refsource": "CONFIRM",
              "url": "https://bitbucket.org/xi/libyaml/commits/bce8b60f0b9af69fa9fab3093d0a41ba243de048"
            },
            {
              "name": "http://advisories.mageia.org/MGASA-2014-0150.html",
              "refsource": "CONFIRM",
              "url": "http://advisories.mageia.org/MGASA-2014-0150.html"
            },
            {
              "name": "openSUSE-SU-2014:0500",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00022.html"
            },
            {
              "name": "http://support.apple.com/kb/HT6443",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT6443"
            },
            {
              "name": "openSUSE-SU-2016:1067",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html"
            },
            {
              "name": "RHSA-2014:0353",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0353.html"
            },
            {
              "name": "57968",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/57968"
            },
            {
              "name": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/",
              "refsource": "CONFIRM",
              "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/"
            },
            {
              "name": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/",
              "refsource": "CONFIRM",
              "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/"
            },
            {
              "name": "57966",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/57966"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-2525",
    "datePublished": "2014-03-28T15:00:00",
    "dateReserved": "2014-03-17T00:00:00",
    "dateUpdated": "2024-08-06T10:14:26.613Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-9130
Vulnerability from cvelistv5
Published
2014-12-08 16:00
Modified
2024-08-06 13:33
Severity ?
Summary
scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent attackers to cause a denial of service (assertion failure and crash) via vectors involving line-wrapping.
References
http://secunia.com/advisories/62705third-party-advisory, x_refsource_SECUNIA
https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2x_refsource_CONFIRM
http://www.securityfocus.com/bid/71349vdb-entry, x_refsource_BID
http://www.debian.org/security/2014/dsa-3102vendor-advisory, x_refsource_DEBIAN
http://secunia.com/advisories/62174third-party-advisory, x_refsource_SECUNIA
http://rhn.redhat.com/errata/RHSA-2015-0112.htmlvendor-advisory, x_refsource_REDHAT
http://www.openwall.com/lists/oss-security/2014/11/28/1mailing-list, x_refsource_MLIST
http://www.mandriva.com/security/advisories?name=MDVSA-2015:060vendor-advisory, x_refsource_MANDRIVA
http://www.ubuntu.com/usn/USN-2461-3vendor-advisory, x_refsource_UBUNTU
http://www.debian.org/security/2014/dsa-3115vendor-advisory, x_refsource_DEBIAN
http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.htmlvendor-advisory, x_refsource_SUSE
http://www.openwall.com/lists/oss-security/2014/11/29/3mailing-list, x_refsource_MLIST
http://secunia.com/advisories/62774third-party-advisory, x_refsource_SECUNIA
http://www.openwall.com/lists/oss-security/2014/11/28/8mailing-list, x_refsource_MLIST
http://rhn.redhat.com/errata/RHSA-2015-0260.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/62723third-party-advisory, x_refsource_SECUNIA
http://www.ubuntu.com/usn/USN-2461-1vendor-advisory, x_refsource_UBUNTU
https://puppet.com/security/cve/cve-2014-9130x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-2461-2vendor-advisory, x_refsource_UBUNTU
http://secunia.com/advisories/62176third-party-advisory, x_refsource_SECUNIA
https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failurex_refsource_MISC
http://www.mandriva.com/security/advisories?name=MDVSA-2014:242vendor-advisory, x_refsource_MANDRIVA
http://www.debian.org/security/2014/dsa-3103vendor-advisory, x_refsource_DEBIAN
http://secunia.com/advisories/60944third-party-advisory, x_refsource_SECUNIA
http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.htmlvendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/62164third-party-advisory, x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/99047vdb-entry, x_refsource_XF
http://rhn.redhat.com/errata/RHSA-2015-0100.htmlvendor-advisory, x_refsource_REDHAT
http://linux.oracle.com/errata/ELSA-2015-0100.htmlx_refsource_CONFIRM
http://secunia.com/advisories/59947third-party-advisory, x_refsource_SECUNIA
http://advisories.mageia.org/MGASA-2014-0508.htmlx_refsource_CONFIRM
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:33:13.456Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "62705",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/62705"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2"
          },
          {
            "name": "71349",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/71349"
          },
          {
            "name": "DSA-3102",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-3102"
          },
          {
            "name": "62174",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/62174"
          },
          {
            "name": "RHSA-2015:0112",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0112.html"
          },
          {
            "name": "[oss-security] 20141128 libyaml / YAML-LibYAML DoS",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2014/11/28/1"
          },
          {
            "name": "MDVSA-2015:060",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:060"
          },
          {
            "name": "USN-2461-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2461-3"
          },
          {
            "name": "DSA-3115",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-3115"
          },
          {
            "name": "openSUSE-SU-2015:0319",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html"
          },
          {
            "name": "[oss-security] 20141129 Re: Re: libyaml / YAML-LibYAML DoS",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2014/11/29/3"
          },
          {
            "name": "62774",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/62774"
          },
          {
            "name": "[oss-security] 20141128 Re: libyaml / YAML-LibYAML DoS",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2014/11/28/8"
          },
          {
            "name": "RHSA-2015:0260",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0260.html"
          },
          {
            "name": "62723",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/62723"
          },
          {
            "name": "USN-2461-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2461-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://puppet.com/security/cve/cve-2014-9130"
          },
          {
            "name": "USN-2461-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2461-2"
          },
          {
            "name": "62176",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/62176"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure"
          },
          {
            "name": "MDVSA-2014:242",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:242"
          },
          {
            "name": "DSA-3103",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-3103"
          },
          {
            "name": "60944",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60944"
          },
          {
            "name": "openSUSE-SU-2016:1067",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html"
          },
          {
            "name": "62164",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/62164"
          },
          {
            "name": "libyaml-cve20149130-dos(99047)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99047"
          },
          {
            "name": "RHSA-2015:0100",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0100.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://linux.oracle.com/errata/ELSA-2015-0100.html"
          },
          {
            "name": "59947",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59947"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://advisories.mageia.org/MGASA-2014-0508.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-11-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent attackers to cause a denial of service (assertion failure and crash) via vectors involving line-wrapping."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-08T10:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "62705",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/62705"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2"
        },
        {
          "name": "71349",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/71349"
        },
        {
          "name": "DSA-3102",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-3102"
        },
        {
          "name": "62174",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/62174"
        },
        {
          "name": "RHSA-2015:0112",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0112.html"
        },
        {
          "name": "[oss-security] 20141128 libyaml / YAML-LibYAML DoS",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2014/11/28/1"
        },
        {
          "name": "MDVSA-2015:060",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:060"
        },
        {
          "name": "USN-2461-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2461-3"
        },
        {
          "name": "DSA-3115",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-3115"
        },
        {
          "name": "openSUSE-SU-2015:0319",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html"
        },
        {
          "name": "[oss-security] 20141129 Re: Re: libyaml / YAML-LibYAML DoS",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2014/11/29/3"
        },
        {
          "name": "62774",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/62774"
        },
        {
          "name": "[oss-security] 20141128 Re: libyaml / YAML-LibYAML DoS",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2014/11/28/8"
        },
        {
          "name": "RHSA-2015:0260",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0260.html"
        },
        {
          "name": "62723",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/62723"
        },
        {
          "name": "USN-2461-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2461-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://puppet.com/security/cve/cve-2014-9130"
        },
        {
          "name": "USN-2461-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2461-2"
        },
        {
          "name": "62176",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/62176"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure"
        },
        {
          "name": "MDVSA-2014:242",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:242"
        },
        {
          "name": "DSA-3103",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-3103"
        },
        {
          "name": "60944",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60944"
        },
        {
          "name": "openSUSE-SU-2016:1067",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html"
        },
        {
          "name": "62164",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/62164"
        },
        {
          "name": "libyaml-cve20149130-dos(99047)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99047"
        },
        {
          "name": "RHSA-2015:0100",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0100.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://linux.oracle.com/errata/ELSA-2015-0100.html"
        },
        {
          "name": "59947",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59947"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://advisories.mageia.org/MGASA-2014-0508.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-9130",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent attackers to cause a denial of service (assertion failure and crash) via vectors involving line-wrapping."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "62705",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/62705"
            },
            {
              "name": "https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2",
              "refsource": "CONFIRM",
              "url": "https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2"
            },
            {
              "name": "71349",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/71349"
            },
            {
              "name": "DSA-3102",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2014/dsa-3102"
            },
            {
              "name": "62174",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/62174"
            },
            {
              "name": "RHSA-2015:0112",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-0112.html"
            },
            {
              "name": "[oss-security] 20141128 libyaml / YAML-LibYAML DoS",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2014/11/28/1"
            },
            {
              "name": "MDVSA-2015:060",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:060"
            },
            {
              "name": "USN-2461-3",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2461-3"
            },
            {
              "name": "DSA-3115",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2014/dsa-3115"
            },
            {
              "name": "openSUSE-SU-2015:0319",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html"
            },
            {
              "name": "[oss-security] 20141129 Re: Re: libyaml / YAML-LibYAML DoS",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2014/11/29/3"
            },
            {
              "name": "62774",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/62774"
            },
            {
              "name": "[oss-security] 20141128 Re: libyaml / YAML-LibYAML DoS",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2014/11/28/8"
            },
            {
              "name": "RHSA-2015:0260",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-0260.html"
            },
            {
              "name": "62723",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/62723"
            },
            {
              "name": "USN-2461-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2461-1"
            },
            {
              "name": "https://puppet.com/security/cve/cve-2014-9130",
              "refsource": "CONFIRM",
              "url": "https://puppet.com/security/cve/cve-2014-9130"
            },
            {
              "name": "USN-2461-2",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2461-2"
            },
            {
              "name": "62176",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/62176"
            },
            {
              "name": "https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure",
              "refsource": "MISC",
              "url": "https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure"
            },
            {
              "name": "MDVSA-2014:242",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:242"
            },
            {
              "name": "DSA-3103",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2014/dsa-3103"
            },
            {
              "name": "60944",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60944"
            },
            {
              "name": "openSUSE-SU-2016:1067",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html"
            },
            {
              "name": "62164",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/62164"
            },
            {
              "name": "libyaml-cve20149130-dos(99047)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99047"
            },
            {
              "name": "RHSA-2015:0100",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-0100.html"
            },
            {
              "name": "http://linux.oracle.com/errata/ELSA-2015-0100.html",
              "refsource": "CONFIRM",
              "url": "http://linux.oracle.com/errata/ELSA-2015-0100.html"
            },
            {
              "name": "59947",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59947"
            },
            {
              "name": "http://advisories.mageia.org/MGASA-2014-0508.html",
              "refsource": "CONFIRM",
              "url": "http://advisories.mageia.org/MGASA-2014-0508.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-9130",
    "datePublished": "2014-12-08T16:00:00",
    "dateReserved": "2014-11-28T00:00:00",
    "dateUpdated": "2024-08-06T13:33:13.456Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}