Vulnerabilites related to suse - linux_enterprise_desktop
Vulnerability from fkie_nvd
Published
2010-12-30 19:00
Modified
2024-11-21 01:19
Severity ?
Summary
The econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2, when an econet address is configured, allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a sendmsg call that specifies a NULL value for the remote address field.
References
secalert@redhat.comhttp://archives.neohapsis.com/archives/fulldisclosure/2010-12/0086.htmlBroken Link
secalert@redhat.comhttp://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fa0e846494792e722d817b9d3d625a4ef4896c96
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2011-01/msg00007.htmlMailing List, Third Party Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.htmlMailing List, Third Party Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.htmlMailing List, Third Party Advisory
secalert@redhat.comhttp://openwall.com/lists/oss-security/2010/11/30/1Mailing List, Patch, Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/43056Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/43291Third Party Advisory
secalert@redhat.comhttp://www.debian.org/security/2010/dsa-2126Third Party Advisory
secalert@redhat.comhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2Broken Link
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2010:257Third Party Advisory
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-1023-1Third Party Advisory
secalert@redhat.comhttp://www.vupen.com/english/advisories/2011/0213Third Party Advisory
secalert@redhat.comhttp://www.vupen.com/english/advisories/2011/0298Third Party Advisory
secalert@redhat.comhttp://www.vupen.com/english/advisories/2011/0375Third Party Advisory
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=644156Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/fulldisclosure/2010-12/0086.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fa0e846494792e722d817b9d3d625a4ef4896c96
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00007.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://openwall.com/lists/oss-security/2010/11/30/1Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/43056Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/43291Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2010/dsa-2126Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2010:257Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1023-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2011/0213Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2011/0298Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2011/0375Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=644156Issue Tracking, Patch, Third Party Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "056295BE-D525-4749-887C-CDE2755A6FA6",
              "versionEndExcluding": "2.6.36.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "1E496249-23A8-42FC-A109-634A54B5600F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "640FB29C-1A84-41E1-86DE-B542EA0EF153",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CD2D897-E321-4CED-92E0-11A98B52053C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "25CBACD3-AFB7-410D-927F-0C1FF477D396",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "3DB8A616-865B-4E70-BA2E-BE5F0BA7A351",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*",
              "matchCriteriaId": "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*",
              "matchCriteriaId": "7EBFE35C-E243-43D1-883D-4398D71763CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2BCB73E-27BB-4878-AD9C-90C4F20C25A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*",
              "matchCriteriaId": "01EDA41C-6B2E-49AF-B503-EB3882265C11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "87614B58-24AB-49FB-9C84-E8DDBA16353B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2, when an econet address is configured, allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a sendmsg call that specifies a NULL value for the remote address field."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n econet_sendmsg en net/econet/af_econet.c en el kernel de Linux anteriores a v2.6.36.2, cuando se configura una direcci\u00f3n econet, permite a usuarios locales causar una denegaci\u00f3n de servicio (desreferencia a puntero NULL y OOPS) a trav\u00e9s de una llamada sendmsg que especifica un  valor NULL para el campo de direcci\u00f3n remota."
    }
  ],
  "id": "CVE-2010-3849",
  "lastModified": "2024-11-21T01:19:44.977",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 4.7,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-12-30T19:00:03.533",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-12/0086.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fa0e846494792e722d817b9d3d625a4ef4896c96"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00007.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://openwall.com/lists/oss-security/2010/11/30/1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/43056"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/43291"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2010/dsa-2126"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:257"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1023-1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0213"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0298"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0375"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=644156"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-12/0086.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fa0e846494792e722d817b9d3d625a4ef4896c96"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00007.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://openwall.com/lists/oss-security/2010/11/30/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/43056"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/43291"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2010/dsa-2126"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:257"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1023-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0213"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0298"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0375"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=644156"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-476"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-03-19 10:55
Modified
2024-11-21 02:04
Severity ?
Summary
The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not properly validate a certain key type, which allows remote attackers to cause a denial of service (application crash) via vectors that trigger generation of a key that supports the Elliptic Curve ec-dual-use algorithm.
References
security@mozilla.orghttp://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.htmlMailing List, Third Party Advisory
security@mozilla.orghttp://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.htmlMailing List, Third Party Advisory
security@mozilla.orghttp://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.htmlMailing List, Third Party Advisory
security@mozilla.orghttp://lists.opensuse.org/opensuse-security-announce/2014-04/msg00016.htmlMailing List, Third Party Advisory
security@mozilla.orghttp://www.mozilla.org/security/announce/2014/mfsa2014-18.htmlVendor Advisory
security@mozilla.orghttp://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlMailing List, Third Party Advisory
security@mozilla.orghttps://bugzilla.mozilla.org/show_bug.cgi?id=935618Issue Tracking, Vendor Advisory
security@mozilla.orghttps://security.gentoo.org/glsa/201504-01Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00016.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/security/announce/2014/mfsa2014-18.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=935618Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201504-01Third Party Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "3ED68ADD-BBDA-4485-BC76-58F011D72311",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "8B072472-B463-4647-885D-E40B0115C810",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*",
              "matchCriteriaId": "2470C6E8-2024-4CF5-9982-CFF50E88EAE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "2F7F8866-DEAD-44D1-AB10-21EE611AA026",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse_project:opensuse:11.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE8EFFB8-9411-4826-9BFC-A06BA042FC30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse_project:opensuse:12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B91DE6A-D759-4B2C-982B-AF036B43798D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "097F1C3A-4546-43F3-8CC2-50F8AF05B791",
              "versionEndExcluding": "2.25",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "422EC5FE-DA03-4C14-ADED-D6212BE074D5",
              "versionEndExcluding": "28.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not properly validate a certain key type, which allows remote attackers to cause a denial of service (application crash) via vectors that trigger generation of a key that supports the Elliptic Curve ec-dual-use algorithm."
    },
    {
      "lang": "es",
      "value": "El m\u00e9todo crypto.generateCRMFRequest en Mozilla Firefox anterior a 28.0 y SeaMonkey anterior a 2.25 no valida debidamente cierto tipo de clave, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de vectores que provocan la generaci\u00f3n de una clave que soporta el algoritmo Elliptic Curve ec-dual-use."
    }
  ],
  "id": "CVE-2014-1498",
  "lastModified": "2024-11-21T02:04:24.647",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-03-19T10:55:06.350",
  "references": [
    {
      "source": "security@mozilla.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00016.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-18.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=935618"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201504-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00016.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-18.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=935618"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201504-01"
    }
  ],
  "sourceIdentifier": "security@mozilla.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-347"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-06-16 14:59
Modified
2024-11-21 02:51
Summary
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
References
psirt@adobe.comhttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.htmlBroken Link, Third Party Advisory
psirt@adobe.comhttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.htmlBroken Link, Third Party Advisory
psirt@adobe.comhttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.htmlBroken Link, Third Party Advisory
psirt@adobe.comhttp://www.securitytracker.com/id/1036117Third Party Advisory, VDB Entry
psirt@adobe.comhttps://access.redhat.com/errata/RHSA-2016:1238Third Party Advisory
psirt@adobe.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083Patch, Third Party Advisory
psirt@adobe.comhttps://helpx.adobe.com/security/products/flash-player/apsb16-18.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.htmlBroken Link, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.htmlBroken Link, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.htmlBroken Link, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1036117Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2016:1238Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://helpx.adobe.com/security/products/flash-player/apsb16-18.htmlVendor Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*",
              "matchCriteriaId": "39AF0D5D-0C43-4290-B815-19DB07A2FC1A",
              "versionEndIncluding": "21.0.0.242",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player_desktop_runtime:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC2F8B78-73CC-44EC-BACF-A2878252992B",
              "versionEndIncluding": "21.0.0.242",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D32ACF6F-5FF7-4815-8EAD-4719F5FC9B79",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*",
              "matchCriteriaId": "E51D60E3-00C6-459E-B2B9-CA7E25D02FDA",
              "versionEndIncluding": "21.0.0.242",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer_11:*:*",
              "matchCriteriaId": "B1E62C9B-698D-4B21-B513-11F59AC95187",
              "versionEndIncluding": "21.0.0.242",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "363B5A6C-BEE3-4141-8CDD-C1EA06FAD441",
              "versionEndIncluding": "11.2.202.621",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:esr:*:*:*",
              "matchCriteriaId": "80E80DEC-4724-49F4-BD19-4687A83CA56E",
              "versionEndIncluding": "18.0.0.352",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*",
              "matchCriteriaId": "D2DF4815-B8CB-4AD3-B91D-2E09A8E318E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "3A0BA503-3F96-48DA-AF47-FBA37A9D0C48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:-:*:*:*:*:*:*",
              "matchCriteriaId": "028ABA8F-4E7B-4CD0-B6FC-3A0941E254BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "ED540469-C4DD-485D-9B89-6877B2A74217",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EC5FACD-13BC-44E3-8EE1-032CE02760DF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*",
              "matchCriteriaId": "232581CC-130A-4C62-A7E9-2EC9A9364D53",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6CE5198-C498-4672-AF4C-77AB4BE06C5C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:r2:*:*:*:*:*:*",
              "matchCriteriaId": "5F2558DF-2D1F-46BA-ABF1-08522D33268E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no especificada en Adobe Flash Player 21.0.0.242 y versiones anteriores, tal como se utiliza en las librer\u00edas Adobe Flash en Microsoft Internet Explorer 10 y 11 y Microsoft Edge, tiene vectores de ataque e impacto no conocidos, una vulnerabiliad diferente a otras CVEs listadas en MS16-083."
    }
  ],
  "id": "CVE-2016-4147",
  "lastModified": "2024-11-21T02:51:29.067",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-06-16T14:59:29.107",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1036117"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2016:1238"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1036117"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2016:1238"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-07-23 11:03
Modified
2024-11-21 01:54
Severity ?
Summary
XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Java SE Embedded 7u40 and earlier, and possibly other products allows remote attackers to cause a denial of service via vectors related to XML attribute names.
References
psirt@us.ibm.comhttp://lists.apple.com/archives/security-announce/2013/Oct/msg00001.htmlBroken Link, Mailing List
psirt@us.ibm.comhttp://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.htmlThird Party Advisory
psirt@us.ibm.comhttp://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.htmlThird Party Advisory
psirt@us.ibm.comhttp://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.htmlThird Party Advisory
psirt@us.ibm.comhttp://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.htmlThird Party Advisory
psirt@us.ibm.comhttp://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.htmlThird Party Advisory
psirt@us.ibm.comhttp://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.htmlThird Party Advisory
psirt@us.ibm.comhttp://lists.opensuse.org/opensuse-security-announce/2013-11/msg00010.htmlThird Party Advisory
psirt@us.ibm.comhttp://lists.opensuse.org/opensuse-updates/2013-11/msg00023.htmlThird Party Advisory
psirt@us.ibm.comhttp://marc.info/?l=bugtraq&m=138674031212883&w=2Issue Tracking, Mailing List, Third Party Advisory
psirt@us.ibm.comhttp://marc.info/?l=bugtraq&m=138674073720143&w=2Issue Tracking, Mailing List, Third Party Advisory
psirt@us.ibm.comhttp://rhn.redhat.com/errata/RHSA-2013-1059.htmlBroken Link
psirt@us.ibm.comhttp://rhn.redhat.com/errata/RHSA-2013-1060.htmlBroken Link
psirt@us.ibm.comhttp://rhn.redhat.com/errata/RHSA-2013-1081.htmlBroken Link
psirt@us.ibm.comhttp://rhn.redhat.com/errata/RHSA-2013-1440.htmlBroken Link
psirt@us.ibm.comhttp://rhn.redhat.com/errata/RHSA-2013-1447.htmlBroken Link
psirt@us.ibm.comhttp://rhn.redhat.com/errata/RHSA-2013-1451.htmlBroken Link
psirt@us.ibm.comhttp://rhn.redhat.com/errata/RHSA-2013-1505.htmlBroken Link
psirt@us.ibm.comhttp://rhn.redhat.com/errata/RHSA-2014-1818.htmlBroken Link
psirt@us.ibm.comhttp://rhn.redhat.com/errata/RHSA-2014-1821.htmlBroken Link
psirt@us.ibm.comhttp://rhn.redhat.com/errata/RHSA-2014-1822.htmlBroken Link
psirt@us.ibm.comhttp://rhn.redhat.com/errata/RHSA-2014-1823.htmlBroken Link
psirt@us.ibm.comhttp://rhn.redhat.com/errata/RHSA-2015-0675.htmlBroken Link
psirt@us.ibm.comhttp://rhn.redhat.com/errata/RHSA-2015-0720.htmlBroken Link
psirt@us.ibm.comhttp://rhn.redhat.com/errata/RHSA-2015-0765.htmlBroken Link
psirt@us.ibm.comhttp://rhn.redhat.com/errata/RHSA-2015-0773.htmlBroken Link
psirt@us.ibm.comhttp://secunia.com/advisories/56257Third Party Advisory
psirt@us.ibm.comhttp://security.gentoo.org/glsa/glsa-201406-32.xmlThird Party Advisory
psirt@us.ibm.comhttp://support.apple.com/kb/HT5982Third Party Advisory
psirt@us.ibm.comhttp://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=965250&r2=1499506&view=patchPatch, Vendor Advisory
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IC98015Vendor Advisory
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21644197Vendor Advisory
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21653371Vendor Advisory
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21657539Vendor Advisory
psirt@us.ibm.comhttp://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.htmlThird Party Advisory
psirt@us.ibm.comhttp://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_filenet_content_manager_and_ibm_content_foundation_xml_4j_denial_of_service_attack_cve_2013_4002Vendor Advisory
psirt@us.ibm.comhttp://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_July_2013Vendor Advisory
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg21648172Broken Link
psirt@us.ibm.comhttp://www.securityfocus.com/bid/61310Third Party Advisory, VDB Entry
psirt@us.ibm.comhttp://www.ubuntu.com/usn/USN-2033-1Third Party Advisory
psirt@us.ibm.comhttp://www.ubuntu.com/usn/USN-2089-1Third Party Advisory
psirt@us.ibm.comhttps://access.redhat.com/errata/RHSA-2014:0414Third Party Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/85260VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://issues.apache.org/jira/browse/XERCESJ-1679Issue Tracking, Vendor Advisory
psirt@us.ibm.comhttps://lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73%40%3Cj-users.xerces.apache.org%3E
psirt@us.ibm.comhttps://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E
psirt@us.ibm.comhttps://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E
psirt@us.ibm.comhttps://www.oracle.com/security-alerts/cpuapr2022.html
psirt@us.ibm.comhttps://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.htmlBroken Link, Mailing List
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00010.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2013-11/msg00023.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=138674031212883&w=2Issue Tracking, Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=138674073720143&w=2Issue Tracking, Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-1059.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-1060.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-1081.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-1440.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-1447.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-1451.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-1505.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2014-1818.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2014-1821.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2014-1822.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2014-1823.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2015-0675.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2015-0720.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2015-0765.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2015-0773.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/56257Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-201406-32.xmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://support.apple.com/kb/HT5982Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=965250&r2=1499506&view=patchPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IC98015Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21644197Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21653371Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21657539Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_filenet_content_manager_and_ibm_content_foundation_xml_4j_denial_of_service_attack_cve_2013_4002Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_July_2013Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg21648172Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/61310Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2033-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2089-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2014:0414Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/85260VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://issues.apache.org/jira/browse/XERCESJ-1679Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73%40%3Cj-users.xerces.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuapr2022.html
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.htmlThird Party Advisory
Impacted products
Vendor Product Version
ibm java 5.0.0.0
ibm java 5.0.11.0
ibm java 5.0.11.1
ibm java 5.0.11.2
ibm java 5.0.12.0
ibm java 5.0.12.1
ibm java 5.0.12.2
ibm java 5.0.12.3
ibm java 5.0.12.4
ibm java 5.0.12.5
ibm java 5.0.13.0
ibm java 5.0.14.0
ibm java 5.0.15.0
ibm java 5.0.16.0
ibm java 5.0.16.1
ibm java 5.0.16.2
ibm java 6.0.0.0
ibm java 6.0.1.0
ibm java 6.0.2.0
ibm java 6.0.3.0
ibm java 6.0.4.0
ibm java 6.0.5.0
ibm java 6.0.6.0
ibm java 6.0.7.0
ibm java 6.0.8.0
ibm java 6.0.8.1
ibm java 6.0.9.0
ibm java 6.0.9.1
ibm java 6.0.9.2
ibm java 6.0.10.0
ibm java 6.0.10.1
ibm java 6.0.11.0
ibm java 6.0.12.0
ibm java 6.0.13.0
ibm java 6.0.13.1
ibm java 6.0.13.2
ibm java 7.0.0.0
ibm java 7.0.1.0
ibm java 7.0.2.0
ibm java 7.0.3.0
ibm java 7.0.4.0
ibm java 7.0.4.1
ibm java 7.0.4.2
oracle jdk 1.5.0
oracle jdk 1.6.0
oracle jdk 1.7.0
oracle jre 1.5.0
oracle jre 1.6.0
oracle jre 1.7.0
oracle jrockit *
oracle jrockit *
ibm sterling_b2b_integrator 5.2.4
ibm host_on-demand 11.0
ibm host_on-demand 11.0.1
ibm host_on-demand 11.0.2
ibm host_on-demand 11.0.3
ibm host_on-demand 11.0.4
ibm host_on-demand 11.0.5
ibm host_on-demand 11.0.5.1
ibm host_on-demand 11.0.6
ibm host_on-demand 11.0.6.1
ibm host_on-demand 11.0.7
ibm host_on-demand 11.0.8
microsoft windows -
ibm tivoli_application_dependency_discovery_manager 7.2.2
ibm aix -
linux linux_kernel -
microsoft windows -
oracle solaris -
ibm sterling_b2b_integrator 5.1
ibm sterling_b2b_integrator 5.2
ibm sterling_file_gateway 2.1
ibm sterling_file_gateway 2.2
hp hp-ux -
ibm aix -
ibm i -
linux linux_kernel -
microsoft windows -
oracle solaris -
opensuse opensuse 12.2
opensuse opensuse 12.3
suse linux_enterprise_desktop 10
suse linux_enterprise_desktop 11
suse linux_enterprise_java 10
suse linux_enterprise_java 11
suse linux_enterprise_java 11
suse linux_enterprise_sdk 11
suse linux_enterprise_sdk 11
suse linux_enterprise_server 9
suse linux_enterprise_server 10
suse linux_enterprise_server 10
suse linux_enterprise_server 11
suse linux_enterprise_server 11
suse linux_enterprise_server 11
suse linux_enterprise_server 11
canonical ubuntu_linux 10.04
canonical ubuntu_linux 12.04
canonical ubuntu_linux 12.10
canonical ubuntu_linux 13.04
canonical ubuntu_linux 13.10
apache xerces2_java *



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:java:5.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "03D3F84F-3F6E-4DF1-B162-152293D951EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:5.0.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A18121C3-F3F1-4EC7-A64E-3F6A0C9788C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:5.0.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAD59912-7325-4AE1-ACCF-D4F804AF3947",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:5.0.11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "62783157-E3B6-4A23-8D2F-1FBD0762E9A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:5.0.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "14CC0D53-8AB8-4D44-82BB-0E6A974C36AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:5.0.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "91A3129F-17A6-4F32-BD5D-34E4A1D1A840",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:5.0.12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2845FF4-2620-4B8D-96CF-CC26B3DEA3C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:5.0.12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC7CD279-54B6-4F6B-AE14-299FB319C690",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:5.0.12.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EA269CA-4676-4008-89EF-20FAB89886A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:5.0.12.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D22105B6-1378-4E1C-B28A-FCAE00A2D5CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:5.0.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "601762D3-1188-4945-931D-EB8DAC2847A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:5.0.14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA4A30A6-498C-46B8-8EFC-45EB13354EAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:5.0.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "414CC00A-C797-4C34-8709-75DC061DCDE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:5.0.16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4401B967-0550-44F1-8753-9632120D2A44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:5.0.16.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4961693D-F56C-46CD-B721-6A15E2837C17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:5.0.16.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA4FBB66-CF6A-42D2-B122-1861F4139E75",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:java:6.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "14AD4A87-382A-41F0-96D8-0F0A9B738773",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:6.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33701DDF-6882-41D3-A11B-A1F4585A77A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:6.0.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "25C58BBA-06AC-40CD-A906-FD1B3B0AAB69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:6.0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "76C5B430-EE11-4674-B4B0-895D66E3B32F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:6.0.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1837D84-6B4F-40D8-9A3F-71C328F659BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:6.0.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D20A369B-2168-4883-A84C-BB48A71AFB33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:6.0.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3628AAB4-E524-46E5-AAF4-1980256F13CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:6.0.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "30DC9FE3-CDE9-4F83-989B-4E431BA18B56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:6.0.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C17B1C6B-04CE-49FB-B9BD-98ECD626B26F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:6.0.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "81F529EB-2BCA-4E3E-93E4-2A9880CDA367",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:6.0.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DEAC3D6-F9F8-4F82-9BF1-FF0EC07A3274",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:6.0.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7694638C-CDAC-44DF-B9F9-F7237CD98017",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:6.0.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "23903A3C-1760-4836-BAE6-BDD32CBB4CBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:6.0.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2477E033-D26B-4D71-839B-5FE4B0927559",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:6.0.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1CAB7BF-265E-411D-A584-E78DE171F065",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:6.0.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E45F670-232F-4CE5-8926-6463E5619506",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:6.0.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B70E6E3-15B3-4D48-AE49-B9184A58EECE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:6.0.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5BCE3FD-B89B-4141-8103-9DB941AD60D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:6.0.13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EADFB3B-738F-4919-B165-9ECEED46EA6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:6.0.13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B23A5431-E599-4848-AB83-B299898F5EF0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:java:7.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A8BF650-B8F5-467E-8DBF-81788B55F345",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:7.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1752A831-916F-4A7D-8AAE-1CEFACC51F91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:7.0.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C9744C4-76BE-428B-AFF2-5BCE00A58322",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:7.0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "48B1DE45-90F9-416B-9087-8AEF5B0A3C46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:7.0.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EF6A045-0DF6-463B-A0DB-6C31D8C2984C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:7.0.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A731493C-9B46-4105-9902-B15BA0E0FB11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:7.0.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "49454369-A494-4EAA-88D5-181570DEBB4A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.5.0:update51:*:*:*:*:*:*",
              "matchCriteriaId": "04C71221-E477-4DF8-B10A-3AC64511E4EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update60:*:*:*:*:*:*",
              "matchCriteriaId": "FF7DE0E6-F329-417B-8035-B4EBF9C97483",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update40:*:*:*:*:*:*",
              "matchCriteriaId": "220536FA-695D-4DE8-9813-494E3D061B78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.5.0:update51:*:*:*:*:*:*",
              "matchCriteriaId": "ACB55CC5-0EC7-44B2-B5A9-A5B1EE584791",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update60:*:*:*:*:*:*",
              "matchCriteriaId": "4F6B5E73-6751-475A-B9BF-3414D3476208",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update40:*:*:*:*:*:*",
              "matchCriteriaId": "7CB654DC-1D3D-4475-8815-335AC573F54C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jrockit:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF26274E-5364-4FC1-9603-A78C365596DB",
              "versionEndIncluding": "r27.7.6",
              "versionStartIncluding": "r27.7.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jrockit:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "583E7A18-48C5-4AEE-A9C1-239D678E275A",
              "versionEndIncluding": "r28.2.8",
              "versionStartIncluding": "r28.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:sterling_b2b_integrator:5.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF65201D-8980-450A-A542-3B5473A6F374",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:host_on-demand:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E51D5AEF-B3D4-4782-9988-BC1DB3F3F296",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:host_on-demand:11.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E179FC2F-C700-4998-9D7A-3B945874CAC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:host_on-demand:11.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2341D5E7-15CD-4C8F-ABE8-AA915BFA2804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:host_on-demand:11.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "474DC3BA-27F2-452A-85AD-BCC476EDD35B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:host_on-demand:11.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "997CA07C-EBB7-4D7F-AF23-A161817BF4A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:host_on-demand:11.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BFE87FC-7B77-4840-8185-1707CB37323B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:host_on-demand:11.0.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C77DD8B3-A227-4350-8699-FEC822119393",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:host_on-demand:11.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FA56704-18EB-4F3B-A36F-BCEF67B07C0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:host_on-demand:11.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "420CC5FF-0300-4FA7-AB53-78C1A0B83C11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:host_on-demand:11.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7132A0E-C2A1-403E-9516-A6911563D7B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:host_on-demand:11.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F32CA797-ED68-426E-9370-E16C90075E01",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB2F6EF3-721A-43AB-AAFD-BE3EEDB0AA61",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*",
              "matchCriteriaId": "F5027746-8216-452D-83C5-2F8E9546F2A5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:sterling_b2b_integrator:5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "40363692-5283-4D0C-BAE1-C049C02A0294",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:sterling_b2b_integrator:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F805BA3A-178D-416E-9DED-4258F71A17C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:sterling_file_gateway:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A40AC14-AC2B-4A0D-A9CC-3A00B48D8975",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:sterling_file_gateway:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1554D69E-D68E-46CA-B1F7-C24CAABF58E8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C684FC45-C9BA-4EF0-BD06-BB289450DD21",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*",
              "matchCriteriaId": "F5027746-8216-452D-83C5-2F8E9546F2A5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:-:*:*:*",
              "matchCriteriaId": "4339DE06-19FB-4B8E-B6AE-3495F605AD05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "3ED68ADD-BBDA-4485-BC76-58F011D72311",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_java:10:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "3CF5C5B9-2CB9-4CD8-B94F-A674ED909CC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_java:11:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "252CF7A7-3FEB-4503-AEE8-B67139C5B0D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_java:11:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "79D7DBBA-6849-45F7-AFEF-C765569C481A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_sdk:11:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "2C634990-2690-4E3B-B21F-6687A6A34644",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_sdk:11:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "73B7BC23-6CCA-41B2-8F61-EDB95F1AFB1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CD2D897-E321-4CED-92E0-11A98B52053C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:ltss:*:*:*",
              "matchCriteriaId": "CED02712-1031-4206-AC4D-E68710F46EC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:-:*:*:*",
              "matchCriteriaId": "D1D7B467-58DD-45F1-9F1F-632620DF072A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*",
              "matchCriteriaId": "88D6E858-FD8F-4C55-B7D5-CEEDA2BBA898",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*",
              "matchCriteriaId": "DB4D6749-81A1-41D7-BF4F-1C45A7F49A22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*",
              "matchCriteriaId": "E534C201-BCC5-473C-AAA7-AAB97CEB5437",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*",
              "matchCriteriaId": "2470C6E8-2024-4CF5-9982-CFF50E88EAE9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*",
              "matchCriteriaId": "01EDA41C-6B2E-49AF-B503-EB3882265C11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
              "matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFAA48D9-BEB4-4E49-AD50-325C262D46D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F61F047-129C-41A6-8A27-FFCBB8563E91",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:xerces2_java:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CFD62E4-794A-43C0-8C65-A44D970D1569",
              "versionEndExcluding": "2.12.0",
              "versionStartIncluding": "2.4.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Java SE Embedded 7u40 and earlier, and possibly other products allows remote attackers to cause a denial of service via vectors related to XML attribute names."
    },
    {
      "lang": "es",
      "value": "XMLscanner.java en Apache Xerces2 Java Parser, en versiones anteriores a la 2.12.0, tal y como se emple\u00f3 en Java Runtime Environment (JRE) en IBM Java, en versiones 5.0 anteriores a la 5.0 SR16-FP3, 6 anteriores a la 6 SR14, 6.0.1 anteriores a la 6.0.1 SR6 y 7 anteriores a la 7 SR5, as\u00ed como en Oracle Java SE 7u40 y anteriores, Java SE 6u60 y anteriores, Java SE 5.0u51 y anteriores, JRockit R28.2.8 y anteriores, JRockit R27.7.6 y anteriores, Java SE Embedded 7u40 y anteriores y, posiblemente, otros productos, permite que los atacantes remotos realicen una denegaci\u00f3n de servicio (DoS) mediante vectores relacionados con los nombres de atributo XML."
    }
  ],
  "id": "CVE-2013-4002",
  "lastModified": "2024-11-21T01:54:41.567",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-07-23T11:03:19.790",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Broken Link",
        "Mailing List"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00010.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00023.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Issue Tracking",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://marc.info/?l=bugtraq\u0026m=138674031212883\u0026w=2"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Issue Tracking",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://marc.info/?l=bugtraq\u0026m=138674073720143\u0026w=2"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1059.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1060.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1081.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1440.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1447.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1451.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1505.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1818.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1821.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1822.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1823.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0773.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/56257"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://support.apple.com/kb/HT5982"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=965250\u0026r2=1499506\u0026view=patch"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC98015"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644197"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21653371"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21657539"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_filenet_content_manager_and_ibm_content_foundation_xml_4j_denial_of_service_attack_cve_2013_4002"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_July_2013"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21648172"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/61310"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2033-1"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2089-1"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2014:0414"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85260"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://issues.apache.org/jira/browse/XERCESJ-1679"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73%40%3Cj-users.xerces.apache.org%3E"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Mailing List"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00010.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00023.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://marc.info/?l=bugtraq\u0026m=138674031212883\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://marc.info/?l=bugtraq\u0026m=138674073720143\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1059.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1060.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1081.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1440.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1447.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1451.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1505.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1818.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1821.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1822.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1823.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0773.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/56257"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://support.apple.com/kb/HT5982"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=965250\u0026r2=1499506\u0026view=patch"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC98015"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644197"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21653371"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21657539"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_filenet_content_manager_and_ibm_content_foundation_xml_4j_denial_of_service_attack_cve_2013_4002"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_July_2013"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21648172"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/61310"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2033-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2089-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2014:0414"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85260"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://issues.apache.org/jira/browse/XERCESJ-1679"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73%40%3Cj-users.xerces.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-05-16 11:45
Modified
2024-11-21 01:53
Severity ?
Summary
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335.
References
psirt@adobe.comhttp://lists.opensuse.org/opensuse-security-announce/2013-05/msg00003.htmlMailing List, Third Party Advisory
psirt@adobe.comhttp://lists.opensuse.org/opensuse-security-announce/2013-06/msg00003.htmlMailing List, Third Party Advisory
psirt@adobe.comhttp://lists.opensuse.org/opensuse-security-announce/2013-06/msg00010.htmlMailing List, Third Party Advisory
psirt@adobe.comhttp://rhn.redhat.com/errata/RHSA-2013-0825.htmlThird Party Advisory
psirt@adobe.comhttp://secunia.com/advisories/53442Broken Link
psirt@adobe.comhttp://www.adobe.com/support/security/bulletins/apsb13-14.htmlPatch, Vendor Advisory
psirt@adobe.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16897Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00003.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00003.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00010.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-0825.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/53442Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.adobe.com/support/security/bulletins/apsb13-14.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16897Third Party Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "323FE1A9-4C75-4C1A-9F56-F5B4495AEC0A",
              "versionEndExcluding": "10.3.183.86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "656D3B8A-252E-4688-B522-D83EEAB62C12",
              "versionEndExcluding": "11.7.700.202",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "323FE1A9-4C75-4C1A-9F56-F5B4495AEC0A",
              "versionEndExcluding": "10.3.183.86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1A023F2-EFCA-4C4E-82DB-0738C9A0E25D",
              "versionEndExcluding": "11.2.202.285",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "01E6E433-4508-4AE4-9E48-2226D2325EA8",
              "versionEndExcluding": "11.1.111.54",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F3C0381-865A-4176-A291-988E12612161",
              "versionEndIncluding": "2.3.7",
              "versionStartIncluding": "2.0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBEB1CC1-D410-4157-8BF3-8EB8BAC444DD",
              "versionEndIncluding": "3.2.6",
              "versionStartIncluding": "3.0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "21B67D38-F250-4D0C-8994-2C63C8461D88",
              "versionEndExcluding": "11.1.115.58",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "28F15E5A-D7B0-4473-8C4A-777881C4B3BE",
              "versionEndIncluding": "4.2",
              "versionStartIncluding": "4.0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "534967F9-2F81-458E-952E-A40F5B7465D2",
              "versionEndExcluding": "3.7.0.1860",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:adobe_air_sdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "77100403-7C1C-4B88-BBC7-494722F2637B",
              "versionEndExcluding": "3.7.0.1860",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:5.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "6252E88C-27FF-420D-A64A-C34124CF7E6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A8E07B7-3739-4BEB-88F8-C7F62431E889",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:5.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "237D0A52-5997-4557-9454-526BFDB64E12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EDC8561-5E0A-4692-BB71-C88ED7A1229F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:-:*:*:*",
              "matchCriteriaId": "4339DE06-19FB-4B8E-B6AE-3495F605AD05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "00720D8C-3FF3-4B1C-B74B-91F01A544399",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK \u0026 Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335."
    },
    {
      "lang": "es",
      "value": "Adobe Flash Player antes de v10.3.183.86 y v11.x antes de v11.7.700.202 para Windows y Mac OS X, antes de v10.3.183.86 y v11.x antes de v11.2.202.285 para Linux, antes de v11.1.111.54 para Android v2.x y v3.x, y antes de v11.1.115.58 para Android v4.x; Adobe AIR before v3.7.0.1860; y Adobe AIR SDK \u0026 Compiler antes de v3.7.0.1860 permite a atacantes ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicios (consumo de memoria) a trav\u00e9s de vectores sin especificar, una vulnerabilidad diferente a  CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, y CVE-2013-3335."
    }
  ],
  "id": "CVE-2013-3327",
  "lastModified": "2024-11-21T01:53:24.273",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-05-16T11:45:31.560",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00003.html"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00003.html"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00010.html"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0825.html"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/53442"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.adobe.com/support/security/bulletins/apsb13-14.html"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16897"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00010.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0825.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/53442"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.adobe.com/support/security/bulletins/apsb13-14.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16897"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-10-15 22:55
Modified
2024-11-21 02:14
Severity ?
Summary
Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB FULLTEXT SEARCH DML.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1A7C5B0-7426-48BB-B5BD-F423663A0786",
              "versionEndIncluding": "5.6.19",
              "versionStartIncluding": "5.6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*",
              "matchCriteriaId": "D2DF4815-B8CB-4AD3-B91D-2E09A8E318E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*",
              "matchCriteriaId": "15FC9014-BD85-4382-9D04-C0703E901D7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-:*:*:*:*:*:*",
              "matchCriteriaId": "1831D45A-EE6E-4220-8F8C-248B69520948",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:-:*:*:*:*:*:*",
              "matchCriteriaId": "028ABA8F-4E7B-4CD0-B6FC-3A0941E254BA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "504AA794-4421-422D-A1C7-BB5AE334FD55",
              "versionEndExcluding": "10.0.13",
              "versionStartIncluding": "10.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB FULLTEXT SEARCH DML."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad sin especificar en Oracle MySQL Server 5.6.19 y anteriores permite a usuarios remotos autenticados afectar a la disponibilidad a trav\u00e9s de vectores relacionados con SERVER:INNODB FULLTEXT SEARCH DML."
    }
  ],
  "id": "CVE-2014-6564",
  "lastModified": "2024-11-21T02:14:39.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-10-15T22:55:08.627",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/70511"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/70511"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-06-07 14:55
Modified
2025-02-07 14:57
Summary
The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.
References
chrome-cve-admin@google.comhttp://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e9c243a5a6de0be8e584c604d353412584b592f8Broken Link
chrome-cve-admin@google.comhttp://linux.oracle.com/errata/ELSA-2014-0771.htmlThird Party Advisory
chrome-cve-admin@google.comhttp://linux.oracle.com/errata/ELSA-2014-3037.htmlThird Party Advisory
chrome-cve-admin@google.comhttp://linux.oracle.com/errata/ELSA-2014-3038.htmlThird Party Advisory
chrome-cve-admin@google.comhttp://linux.oracle.com/errata/ELSA-2014-3039.htmlThird Party Advisory
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2014-06/msg00014.htmlMailing List, Third Party Advisory
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2014-06/msg00018.htmlMailing List, Third Party Advisory
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2014-06/msg00025.htmlMailing List, Third Party Advisory
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2014-07/msg00006.htmlMailing List, Third Party Advisory
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.htmlMailing List, Third Party Advisory
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.htmlMailing List, Third Party Advisory
chrome-cve-admin@google.comhttp://openwall.com/lists/oss-security/2014/06/05/24Mailing List
chrome-cve-admin@google.comhttp://openwall.com/lists/oss-security/2014/06/06/20Mailing List
chrome-cve-admin@google.comhttp://rhn.redhat.com/errata/RHSA-2014-0800.htmlThird Party Advisory
chrome-cve-admin@google.comhttp://secunia.com/advisories/58500Broken Link
chrome-cve-admin@google.comhttp://secunia.com/advisories/58990Broken Link
chrome-cve-admin@google.comhttp://secunia.com/advisories/59029Broken Link
chrome-cve-admin@google.comhttp://secunia.com/advisories/59092Broken Link
chrome-cve-admin@google.comhttp://secunia.com/advisories/59153Broken Link
chrome-cve-admin@google.comhttp://secunia.com/advisories/59262Broken Link
chrome-cve-admin@google.comhttp://secunia.com/advisories/59309Broken Link
chrome-cve-admin@google.comhttp://secunia.com/advisories/59386Broken Link
chrome-cve-admin@google.comhttp://secunia.com/advisories/59599Broken Link
chrome-cve-admin@google.comhttp://www.debian.org/security/2014/dsa-2949Exploit
chrome-cve-admin@google.comhttp://www.exploit-db.com/exploits/35370Third Party Advisory, VDB Entry
chrome-cve-admin@google.comhttp://www.openwall.com/lists/oss-security/2014/06/05/22Mailing List
chrome-cve-admin@google.comhttp://www.openwall.com/lists/oss-security/2021/02/01/4Mailing List
chrome-cve-admin@google.comhttp://www.securityfocus.com/bid/67906Broken Link, Third Party Advisory, VDB Entry
chrome-cve-admin@google.comhttp://www.securitytracker.com/id/1030451Broken Link, Third Party Advisory, VDB Entry
chrome-cve-admin@google.comhttp://www.ubuntu.com/usn/USN-2237-1Third Party Advisory
chrome-cve-admin@google.comhttp://www.ubuntu.com/usn/USN-2240-1Third Party Advisory
chrome-cve-admin@google.comhttps://bugzilla.redhat.com/show_bug.cgi?id=1103626Issue Tracking, Third Party Advisory
chrome-cve-admin@google.comhttps://elongl.github.io/exploitation/2021/01/08/cve-2014-3153.htmlExploit
chrome-cve-admin@google.comhttps://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=13fbca4c6ecd96ec1a1cfa2e4f2ce191fe928a5eMailing List, Patch
chrome-cve-admin@google.comhttps://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54a217887a7b658e2650c3feff22756ab80c7339Mailing List, Patch
chrome-cve-admin@google.comhttps://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b3eaa9fc5cd0a4d74b18f6b8dc617aeaf1873270Mailing List, Patch
chrome-cve-admin@google.comhttps://github.com/elongl/CVE-2014-3153Third Party Advisory
chrome-cve-admin@google.comhttps://github.com/torvalds/linux/commit/e9c243a5a6de0be8e584c604d353412584b592f8Patch
chrome-cve-admin@google.comhttps://www.openwall.com/lists/oss-security/2021/02/01/4Mailing List
af854a3a-2127-422b-91ae-364da2661108http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e9c243a5a6de0be8e584c604d353412584b592f8Broken Link
af854a3a-2127-422b-91ae-364da2661108http://linux.oracle.com/errata/ELSA-2014-0771.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://linux.oracle.com/errata/ELSA-2014-3037.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://linux.oracle.com/errata/ELSA-2014-3038.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://linux.oracle.com/errata/ELSA-2014-3039.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00014.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00018.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00025.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00006.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://openwall.com/lists/oss-security/2014/06/05/24Mailing List
af854a3a-2127-422b-91ae-364da2661108http://openwall.com/lists/oss-security/2014/06/06/20Mailing List
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2014-0800.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/58500Broken Link
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/58990Broken Link
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59029Broken Link
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59092Broken Link
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59153Broken Link
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59262Broken Link
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59309Broken Link
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59386Broken Link
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59599Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2014/dsa-2949Exploit
af854a3a-2127-422b-91ae-364da2661108http://www.exploit-db.com/exploits/35370Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2014/06/05/22Mailing List
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2021/02/01/4Mailing List
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/67906Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1030451Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2237-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2240-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=1103626Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://elongl.github.io/exploitation/2021/01/08/cve-2014-3153.htmlExploit
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=13fbca4c6ecd96ec1a1cfa2e4f2ce191fe928a5eMailing List, Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54a217887a7b658e2650c3feff22756ab80c7339Mailing List, Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b3eaa9fc5cd0a4d74b18f6b8dc617aeaf1873270Mailing List, Patch
af854a3a-2127-422b-91ae-364da2661108https://github.com/elongl/CVE-2014-3153Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/torvalds/linux/commit/e9c243a5a6de0be8e584c604d353412584b592f8Patch
af854a3a-2127-422b-91ae-364da2661108https://www.openwall.com/lists/oss-security/2021/02/01/4Mailing List



{
  "cisaActionDue": "2022-06-15",
  "cisaExploitAdd": "2022-05-25",
  "cisaRequiredAction": "Apply updates per vendor instructions.",
  "cisaVulnerabilityName": "Linux Kernel Privilege Escalation Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C788C70-FEF6-43C2-BF1B-9F6BAC084B49",
              "versionEndExcluding": "3.2.60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB7FAE85-A7F7-403F-B3F8-51D26A7AD5CF",
              "versionEndExcluding": "3.4.92",
              "versionStartIncluding": "3.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F7D3761-1031-4407-9D83-51387E0EFAE3",
              "versionEndExcluding": "3.10.42",
              "versionStartIncluding": "3.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "865055FF-2CF7-477F-A939-DE7EB4F0F88D",
              "versionEndExcluding": "3.12.22",
              "versionStartIncluding": "3.11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "281F5CC1-AF2E-4076-A09D-3E808A9F6896",
              "versionEndExcluding": "3.14.6",
              "versionStartIncluding": "3.13",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD6D0378-F0F4-4AAA-80AF-8287C790EC96",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "3ED68ADD-BBDA-4485-BC76-58F011D72311",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_high_availability_extension:11:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "A3A907A3-2A3A-46D4-8D75-914649877B65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "3DB41B45-D94D-4A58-88B0-B3EC3EC350E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*",
              "matchCriteriaId": "F13F07CC-739B-465C-9184-0E9D708BD4C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*",
              "matchCriteriaId": "CB6476C7-03F2-4939-AB85-69AA524516D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*",
              "matchCriteriaId": "E534C201-BCC5-473C-AAA7-AAB97CEB5437",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*",
              "matchCriteriaId": "2470C6E8-2024-4CF5-9982-CFF50E88EAE9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
              "matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:oracle:linux:5:-:*:*:*:*:*:*",
              "matchCriteriaId": "62A2AC02-A933-4E51-810E-5D040B476B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*",
              "matchCriteriaId": "D7B037A8-72A6-4DFF-94B2-D688A5F6F876",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n futex_requeue en kernel/futex.c en el kernel de Linux hasta 3.14.5 no asegura que las llamadas tengan dos direcciones futex diferentes, lo que permite a usuarios locales ganar privilegios a trav\u00e9s de un comando FUTEX_REQUEUE manipulado que facilita la modificaci\u00f3n insegura del objeto o funci\u00f3n a la espera."
    }
  ],
  "id": "CVE-2014-3153",
  "lastModified": "2025-02-07T14:57:04.983",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2014-06-07T14:55:27.240",
  "references": [
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e9c243a5a6de0be8e584c604d353412584b592f8"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://linux.oracle.com/errata/ELSA-2014-0771.html"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://linux.oracle.com/errata/ELSA-2014-3037.html"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://linux.oracle.com/errata/ELSA-2014-3038.html"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://linux.oracle.com/errata/ELSA-2014-3039.html"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00014.html"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00018.html"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00025.html"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00006.html"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Mailing List"
      ],
      "url": "http://openwall.com/lists/oss-security/2014/06/05/24"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Mailing List"
      ],
      "url": "http://openwall.com/lists/oss-security/2014/06/06/20"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0800.html"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/58500"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/58990"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/59029"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/59092"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/59153"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/59262"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/59309"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/59386"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/59599"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.debian.org/security/2014/dsa-2949"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.exploit-db.com/exploits/35370"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Mailing List"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2014/06/05/22"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Mailing List"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/02/01/4"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/67906"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1030451"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2237-1"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2240-1"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1103626"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Exploit"
      ],
      "url": "https://elongl.github.io/exploitation/2021/01/08/cve-2014-3153.html"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=13fbca4c6ecd96ec1a1cfa2e4f2ce191fe928a5e"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54a217887a7b658e2650c3feff22756ab80c7339"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b3eaa9fc5cd0a4d74b18f6b8dc617aeaf1873270"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/elongl/CVE-2014-3153"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/torvalds/linux/commit/e9c243a5a6de0be8e584c604d353412584b592f8"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Mailing List"
      ],
      "url": "https://www.openwall.com/lists/oss-security/2021/02/01/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e9c243a5a6de0be8e584c604d353412584b592f8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://linux.oracle.com/errata/ELSA-2014-0771.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://linux.oracle.com/errata/ELSA-2014-3037.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://linux.oracle.com/errata/ELSA-2014-3038.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://linux.oracle.com/errata/ELSA-2014-3039.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00014.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00018.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00025.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://openwall.com/lists/oss-security/2014/06/05/24"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://openwall.com/lists/oss-security/2014/06/06/20"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0800.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/58500"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/58990"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/59029"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/59092"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/59153"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/59262"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/59309"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/59386"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/59599"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.debian.org/security/2014/dsa-2949"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.exploit-db.com/exploits/35370"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2014/06/05/22"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/02/01/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/67906"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1030451"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2237-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2240-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1103626"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://elongl.github.io/exploitation/2021/01/08/cve-2014-3153.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=13fbca4c6ecd96ec1a1cfa2e4f2ce191fe928a5e"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54a217887a7b658e2650c3feff22756ab80c7339"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b3eaa9fc5cd0a4d74b18f6b8dc617aeaf1873270"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/elongl/CVE-2014-3153"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/torvalds/linux/commit/e9c243a5a6de0be8e584c604d353412584b592f8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "https://www.openwall.com/lists/oss-security/2021/02/01/4"
    }
  ],
  "sourceIdentifier": "chrome-cve-admin@google.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-01-13 20:55
Modified
2024-11-21 01:48
Severity ?
Summary
Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging improper interaction between plugin objects and SVG elements.
References
security@mozilla.orghttp://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.htmlMailing List, Third Party Advisory
security@mozilla.orghttp://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.htmlMailing List, Third Party Advisory
security@mozilla.orghttp://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.htmlMailing List, Third Party Advisory
security@mozilla.orghttp://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.htmlMailing List, Third Party Advisory
security@mozilla.orghttp://rhn.redhat.com/errata/RHSA-2013-0144.htmlThird Party Advisory
security@mozilla.orghttp://rhn.redhat.com/errata/RHSA-2013-0145.htmlThird Party Advisory
security@mozilla.orghttp://www.mozilla.org/security/announce/2013/mfsa2013-15.htmlVendor Advisory
security@mozilla.orghttp://www.ubuntu.com/usn/USN-1681-1Third Party Advisory
security@mozilla.orghttp://www.ubuntu.com/usn/USN-1681-2Third Party Advisory
security@mozilla.orghttp://www.ubuntu.com/usn/USN-1681-4Third Party Advisory
security@mozilla.orghttps://bugzilla.mozilla.org/show_bug.cgi?id=813906Issue Tracking, Vendor Advisory
security@mozilla.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17087Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-0144.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-0145.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/security/announce/2013/mfsa2013-15.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1681-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1681-2Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1681-4Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=813906Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17087Third Party Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B79F0682-C77C-4B65-B267-C370CFC70295",
              "versionEndExcluding": "18.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC13B81F-BA13-445C-9352-52C07DE5722C",
              "versionEndExcluding": "10.0.12",
              "versionStartIncluding": "10.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBE1BFA6-20EE-44C2-8D48-17CAF2EE2D30",
              "versionEndExcluding": "17.0.2",
              "versionStartIncluding": "17.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BA9E754-FE4D-4123-9FA8-E2AD38CC7320",
              "versionEndExcluding": "2.15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EAC3A76A-FEC9-461E-BA82-1D62DEB45B34",
              "versionEndExcluding": "17.0.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D45B1950-19B6-4C22-8828-6C203FA4804C",
              "versionEndExcluding": "10.0.12",
              "versionStartIncluding": "10.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCE07E1B-A9A5-44BC-98BB-A76B5F2EB133",
              "versionEndExcluding": "17.0.2",
              "versionStartIncluding": "17.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB2C482-D2A4-48B3-ACE7-E1DFDCC409B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "F0545634-EC4A-48E8-AB3D-49802FB11758",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "00720D8C-3FF3-4B1C-B74B-91F01A544399",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "A53FF936-C785-4CEF-BAD0-3C3EB90EE466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*",
              "matchCriteriaId": "88D6E858-FD8F-4C55-B7D5-CEEDA2BBA898",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*",
              "matchCriteriaId": "DB4D6749-81A1-41D7-BF4F-1C45A7F49A22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "436EF2ED-FDBB-4B64-8EC4-33C3E4253F06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "5AA37837-3083-4DC7-94F4-54FD5D7CB53C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:5.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "6252E88C-27FF-420D-A64A-C34124CF7E6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8382A145-CDD9-437E-9DE7-A349956778B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "92C9F1C4-55B0-426D-BB5E-01372C23AF97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*",
              "matchCriteriaId": "01EDA41C-6B2E-49AF-B503-EB3882265C11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging improper interaction between plugin objects and SVG elements."
    },
    {
      "lang": "es",
      "value": "Mozilla Firefox anterior a v18.0, Firefox ESR v10.x anterior a v10.0.12 y v17.x anterior a v17.0.2, Thunderbird anterior a v17.0.2, Thunderbird ESR v10.x anterior a v10.0.12 y 17.x anterior a v17.0.2, y SeaMonkey anterior a v2.15 permite a atacantes remotos ejecutar c\u00f3digo JavaScript de su elecci\u00f3n con privilegios chrome utilizando una interacci\u00f3n inapropiada entre los objetos de plugin y elementos SVG."
    }
  ],
  "id": "CVE-2013-0758",
  "lastModified": "2024-11-21T01:48:08.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-01-13T20:55:02.040",
  "references": [
    {
      "source": "security@mozilla.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0144.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0145.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-15.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1681-1"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1681-2"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1681-4"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=813906"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17087"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0144.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0145.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-15.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1681-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1681-2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1681-4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=813906"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17087"
    }
  ],
  "sourceIdentifier": "security@mozilla.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-12-11 15:55
Modified
2024-11-21 01:57
Severity ?
Summary
Multiple integer overflows in the binary-search implementation in SpiderMonkey in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 might allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JavaScript code.
References
security@mozilla.orghttp://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.htmlMailing List, Third Party Advisory
security@mozilla.orghttp://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.htmlMailing List, Third Party Advisory
security@mozilla.orghttp://lists.opensuse.org/opensuse-security-announce/2013-12/msg00010.htmlMailing List, Third Party Advisory
security@mozilla.orghttp://lists.opensuse.org/opensuse-updates/2013-12/msg00085.htmlMailing List, Third Party Advisory
security@mozilla.orghttp://lists.opensuse.org/opensuse-updates/2013-12/msg00086.htmlMailing List, Third Party Advisory
security@mozilla.orghttp://lists.opensuse.org/opensuse-updates/2013-12/msg00087.htmlMailing List, Third Party Advisory
security@mozilla.orghttp://lists.opensuse.org/opensuse-updates/2014-01/msg00002.htmlMailing List, Third Party Advisory
security@mozilla.orghttp://www.mozilla.org/security/announce/2013/mfsa2013-110.htmlVendor Advisory
security@mozilla.orghttp://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlThird Party Advisory
security@mozilla.orghttp://www.securitytracker.com/id/1029470Third Party Advisory, VDB Entry
security@mozilla.orghttp://www.securitytracker.com/id/1029476Third Party Advisory, VDB Entry
security@mozilla.orghttp://www.ubuntu.com/usn/USN-2052-1Third Party Advisory
security@mozilla.orghttps://bugzilla.mozilla.org/show_bug.cgi?id=917841Issue Tracking, Vendor Advisory
security@mozilla.orghttps://security.gentoo.org/glsa/201504-01Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00010.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2013-12/msg00086.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2013-12/msg00087.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2014-01/msg00002.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/security/announce/2013/mfsa2013-110.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1029470Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1029476Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2052-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=917841Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201504-01Third Party Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "3ED68ADD-BBDA-4485-BC76-58F011D72311",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*",
              "matchCriteriaId": "E534C201-BCC5-473C-AAA7-AAB97CEB5437",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*",
              "matchCriteriaId": "2470C6E8-2024-4CF5-9982-CFF50E88EAE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "2F7F8866-DEAD-44D1-AB10-21EE611AA026",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "50A3A702-C2B1-4311-9EBC-D62079E3DCD5",
              "versionEndExcluding": "26.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D337932C-EF9D-4511-87DB-54262C6635D9",
              "versionEndExcluding": "2.23",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFAA48D9-BEB4-4E49-AD50-325C262D46D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F61F047-129C-41A6-8A27-FFCBB8563E91",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*",
              "matchCriteriaId": "5991814D-CA77-4C25-90D2-DB542B17E0AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple integer overflows in the binary-search implementation in SpiderMonkey in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 might allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JavaScript code."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples desbordamientos de enteros en la implementaci\u00f3n binary-search de SpiderMonkey de Mozilla Firefox anterior a la versi\u00f3n 26.0 y SeaMonkey anterior a 2.23 podr\u00eda permite a atacantes remotos provocar una denegaci\u00f3n de servicio (acceso a array fuera de l\u00edmites) o posiblemente tener otro impacto no especificado a trav\u00e9s de c\u00f3digo JavaScript."
    }
  ],
  "id": "CVE-2013-5619",
  "lastModified": "2024-11-21T01:57:50.520",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-12-11T15:55:13.073",
  "references": [
    {
      "source": "security@mozilla.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00010.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00086.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00087.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00002.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-110.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1029470"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1029476"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2052-1"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=917841"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201504-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00010.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00086.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00087.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-110.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1029470"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1029476"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2052-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=917841"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201504-01"
    }
  ],
  "sourceIdentifier": "security@mozilla.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-190"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2012-11-21 12:55
Modified
2024-11-21 01:42
Severity ?
Summary
Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 do not prevent use of a "top" frame name-attribute value to access the location property, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a binary plugin.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-updates/2012-11/msg00090.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-updates/2012-11/msg00092.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-updates/2012-11/msg00093.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://rhn.redhat.com/errata/RHSA-2012-1482.htmlThird Party Advisory
cve@mitre.orghttp://rhn.redhat.com/errata/RHSA-2012-1483.htmlThird Party Advisory
cve@mitre.orghttp://secunia.com/advisories/51359Third Party Advisory
cve@mitre.orghttp://secunia.com/advisories/51360Third Party Advisory
cve@mitre.orghttp://secunia.com/advisories/51369Third Party Advisory
cve@mitre.orghttp://secunia.com/advisories/51370Third Party Advisory
cve@mitre.orghttp://secunia.com/advisories/51381Third Party Advisory
cve@mitre.orghttp://secunia.com/advisories/51434Third Party Advisory
cve@mitre.orghttp://secunia.com/advisories/51439Third Party Advisory
cve@mitre.orghttp://secunia.com/advisories/51440Third Party Advisory
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDVSA-2012:173Third Party Advisory
cve@mitre.orghttp://www.mozilla.org/security/announce/2012/mfsa2012-103.htmlVendor Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/56629Third Party Advisory, VDB Entry
cve@mitre.orghttp://www.ubuntu.com/usn/USN-1636-1Third Party Advisory
cve@mitre.orghttp://www.ubuntu.com/usn/USN-1638-1Third Party Advisory
cve@mitre.orghttp://www.ubuntu.com/usn/USN-1638-2Third Party Advisory
cve@mitre.orghttp://www.ubuntu.com/usn/USN-1638-3Third Party Advisory
cve@mitre.orghttps://bugzilla.mozilla.org/show_bug.cgi?id=792405Issue Tracking, Patch, Vendor Advisory
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/80181Third Party Advisory, VDB Entry
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16880Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2012-1482.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2012-1483.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/51359Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/51360Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/51369Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/51370Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/51381Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/51434Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/51439Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/51440Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2012:173Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/security/announce/2012/mfsa2012-103.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/56629Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1636-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1638-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1638-2Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1638-3Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=792405Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/80181Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16880Third Party Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "23C27B04-A1E0-4930-AF63-E2B1E57F75BE",
              "versionEndExcluding": "17.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "46BBBC83-F777-4899-9F6A-094CDD9CFF0F",
              "versionEndExcluding": "10.0.11",
              "versionStartIncluding": "10.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9DEF1D7-9412-4632-A689-AFD71FEFACC0",
              "versionEndExcluding": "2.14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "61E5E742-2A0F-4483-A784-EACBEE1DF267",
              "versionEndExcluding": "17.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "828E00D1-8F2A-43AF-93DB-B1985CE68A8A",
              "versionEndExcluding": "10.0.11",
              "versionStartIncluding": "10.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB2C482-D2A4-48B3-ACE7-E1DFDCC409B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "F0545634-EC4A-48E8-AB3D-49802FB11758",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "00720D8C-3FF3-4B1C-B74B-91F01A544399",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "A53FF936-C785-4CEF-BAD0-3C3EB90EE466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "F084E6C1-8DB0-4D1F-B8EB-5D2CD9AD6E87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*",
              "matchCriteriaId": "DB4D6749-81A1-41D7-BF4F-1C45A7F49A22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "436EF2ED-FDBB-4B64-8EC4-33C3E4253F06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "5AA37837-3083-4DC7-94F4-54FD5D7CB53C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8382A145-CDD9-437E-9DE7-A349956778B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*",
              "matchCriteriaId": "01EDA41C-6B2E-49AF-B503-EB3882265C11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 do not prevent use of a \"top\" frame name-attribute value to access the location property, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a binary plugin."
    },
    {
      "lang": "es",
      "value": "Mozilla Firefox anterior a v17.0, Firefox ESR v10.x anterior a v10.0.11, Thunderbird anterior a v17.0, Thunderbird ESR v10.x anterior a v10.0.11, y SeaMonkey anterior a v2.14 no previene el uso del valor del nombre de atributo de marco \"top\" para acceder a la localizaci\u00f3n correctamente, lo que hace mas f\u00e1cil para atacantes remotos llevar a cabo ataques XSS mediante vectores que comprenden un plugin binario."
    }
  ],
  "id": "CVE-2012-4209",
  "lastModified": "2024-11-21T01:42:25.567",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2012-11-21T12:55:02.180",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1482.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1483.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/51359"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/51360"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/51369"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/51370"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/51381"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/51434"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/51439"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/51440"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:173"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-103.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/56629"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1636-1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1638-1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1638-2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1638-3"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=792405"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80181"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16880"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1482.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1483.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/51359"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/51360"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/51369"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/51370"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/51381"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/51434"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/51439"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/51440"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:173"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-103.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/56629"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1636-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1638-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1638-2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1638-3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=792405"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80181"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16880"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2010-11-30 22:14
Modified
2024-11-21 01:20
Severity ?
Summary
The snd_hdspm_hwdep_ioctl function in sound/pci/rme9652/hdspm.c in the Linux kernel before 2.6.36-rc6 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via an SNDRV_HDSPM_IOCTL_GET_CONFIG_INFO ioctl call.
References
cve@mitre.orghttp://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e68d3b316ab7b02a074edc4f770e6a746390cb7d
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lkml.org/lkml/2010/9/25/41Mailing List, Patch, Third Party Advisory
cve@mitre.orghttp://secunia.com/advisories/42778Third Party Advisory
cve@mitre.orghttp://secunia.com/advisories/42801Third Party Advisory
cve@mitre.orghttp://secunia.com/advisories/42884Third Party Advisory
cve@mitre.orghttp://secunia.com/advisories/42890Third Party Advisory
cve@mitre.orghttp://secunia.com/advisories/43291Third Party Advisory
cve@mitre.orghttp://secunia.com/advisories/46397Third Party Advisory
cve@mitre.orghttp://www.debian.org/security/2010/dsa-2126Third Party Advisory
cve@mitre.orghttp://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.36/ChangeLog-2.6.36-rc6Broken Link
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2010/09/25/2Mailing List, Patch, Third Party Advisory
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2010/10/06/6Mailing List, Third Party Advisory
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2010/10/07/1Mailing List, Patch, Third Party Advisory
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2010/10/25/3Mailing List, Patch, Third Party Advisory
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2011-0007.htmlThird Party Advisory
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2011-0017.htmlThird Party Advisory
cve@mitre.orghttp://www.securityfocus.com/archive/1/520102/100/0/threadedThird Party Advisory, VDB Entry
cve@mitre.orghttp://www.securityfocus.com/bid/45063Third Party Advisory, VDB Entry
cve@mitre.orghttp://www.vmware.com/security/advisories/VMSA-2011-0012.htmlThird Party Advisory
cve@mitre.orghttp://www.vupen.com/english/advisories/2011/0012Third Party Advisory
cve@mitre.orghttp://www.vupen.com/english/advisories/2011/0298Third Party Advisory
cve@mitre.orghttp://www.vupen.com/english/advisories/2011/0375Third Party Advisory
cve@mitre.orghttps://bugzilla.redhat.com/show_bug.cgi?id=648670Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e68d3b316ab7b02a074edc4f770e6a746390cb7d
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lkml.org/lkml/2010/9/25/41Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/42778Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/42801Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/42884Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/42890Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/43291Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/46397Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2010/dsa-2126Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.36/ChangeLog-2.6.36-rc6Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2010/09/25/2Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2010/10/06/6Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2010/10/07/1Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2010/10/25/3Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2011-0007.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2011-0017.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/520102/100/0/threadedThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/45063Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.vmware.com/security/advisories/VMSA-2011-0012.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2011/0012Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2011/0298Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2011/0375Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=648670Issue Tracking, Patch, Third Party Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8DCE5E2-B055-4F05-8F0F-F19D1B7BA8D7",
              "versionEndExcluding": "2.6.36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.36:-:*:*:*:*:*:*",
              "matchCriteriaId": "D4407EF9-4ECF-408F-9ECB-0705E3FB65D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.36:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "DBE26099-6D2C-4FAF-B15C-CBF985D59171",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.36:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "F2C193FF-3723-4BE9-8787-DED7D455FA8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.36:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "F874FE6A-968D-47E1-900A-E154E41EDAF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.36:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "14B7B8AE-CE83-4F0E-9138-6F165D97C19F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.36:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "B434ACFB-2B01-491A-B2E5-40FA0E11B3B1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A01C8B7E-EB19-40EA-B1D2-9AE5EA536C95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5646FDE9-CF21-46A9-B89D-F5BBDB4249AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "1E496249-23A8-42FC-A109-634A54B5600F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "640FB29C-1A84-41E1-86DE-B542EA0EF153",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CD2D897-E321-4CED-92E0-11A98B52053C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "25CBACD3-AFB7-410D-927F-0C1FF477D396",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "3DB8A616-865B-4E70-BA2E-BE5F0BA7A351",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The snd_hdspm_hwdep_ioctl function in sound/pci/rme9652/hdspm.c in the Linux kernel before 2.6.36-rc6 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via an SNDRV_HDSPM_IOCTL_GET_CONFIG_INFO ioctl call."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n snd_hdspm_hwdep_ioctl en sound/pci/rme9652/hdspm.c en el kernel de Linux anterior a v2.6.36-rc6 no inicializa una determinada estructura, lo que permite a usuarios locales obtener informaci\u00f3n sensible de la pila de la memoria del kernel a trav\u00e9s de una llamada ioctl SNDRV_HDSPM_IOCTL_GET_CONFIG_INFO.\r\n"
    }
  ],
  "id": "CVE-2010-4081",
  "lastModified": "2024-11-21T01:20:12.093",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 1.9,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-11-30T22:14:00.630",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e68d3b316ab7b02a074edc4f770e6a746390cb7d"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://lkml.org/lkml/2010/9/25/41"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/42778"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/42801"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/42884"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/42890"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/43291"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/46397"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2010/dsa-2126"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.36/ChangeLog-2.6.36-rc6"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2010/09/25/2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2010/10/06/6"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2010/10/07/1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2010/10/25/3"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2011-0007.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2011-0017.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/45063"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0012"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0298"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0375"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=648670"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e68d3b316ab7b02a074edc4f770e6a746390cb7d"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://lkml.org/lkml/2010/9/25/41"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/42778"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/42801"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/42884"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/42890"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/43291"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/46397"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2010/dsa-2126"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.36/ChangeLog-2.6.36-rc6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2010/09/25/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2010/10/06/6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2010/10/07/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2010/10/25/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2011-0007.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2011-0017.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/45063"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0012"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0298"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0375"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=648670"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-909"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-06-16 14:59
Modified
2024-11-21 02:51
Summary
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
References
psirt@adobe.comhttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.htmlBroken Link, Third Party Advisory
psirt@adobe.comhttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.htmlBroken Link, Third Party Advisory
psirt@adobe.comhttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.htmlBroken Link, Third Party Advisory
psirt@adobe.comhttp://www.securitytracker.com/id/1036117Third Party Advisory, VDB Entry
psirt@adobe.comhttps://access.redhat.com/errata/RHSA-2016:1238Third Party Advisory
psirt@adobe.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083Patch, Third Party Advisory
psirt@adobe.comhttps://helpx.adobe.com/security/products/flash-player/apsb16-18.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.htmlBroken Link, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.htmlBroken Link, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.htmlBroken Link, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1036117Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2016:1238Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://helpx.adobe.com/security/products/flash-player/apsb16-18.htmlVendor Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*",
              "matchCriteriaId": "39AF0D5D-0C43-4290-B815-19DB07A2FC1A",
              "versionEndIncluding": "21.0.0.242",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player_desktop_runtime:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC2F8B78-73CC-44EC-BACF-A2878252992B",
              "versionEndIncluding": "21.0.0.242",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D32ACF6F-5FF7-4815-8EAD-4719F5FC9B79",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*",
              "matchCriteriaId": "E51D60E3-00C6-459E-B2B9-CA7E25D02FDA",
              "versionEndIncluding": "21.0.0.242",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer_11:*:*",
              "matchCriteriaId": "B1E62C9B-698D-4B21-B513-11F59AC95187",
              "versionEndIncluding": "21.0.0.242",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "363B5A6C-BEE3-4141-8CDD-C1EA06FAD441",
              "versionEndIncluding": "11.2.202.621",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:esr:*:*:*",
              "matchCriteriaId": "80E80DEC-4724-49F4-BD19-4687A83CA56E",
              "versionEndIncluding": "18.0.0.352",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*",
              "matchCriteriaId": "D2DF4815-B8CB-4AD3-B91D-2E09A8E318E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "3A0BA503-3F96-48DA-AF47-FBA37A9D0C48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:-:*:*:*:*:*:*",
              "matchCriteriaId": "028ABA8F-4E7B-4CD0-B6FC-3A0941E254BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "ED540469-C4DD-485D-9B89-6877B2A74217",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EC5FACD-13BC-44E3-8EE1-032CE02760DF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*",
              "matchCriteriaId": "232581CC-130A-4C62-A7E9-2EC9A9364D53",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6CE5198-C498-4672-AF4C-77AB4BE06C5C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:r2:*:*:*:*:*:*",
              "matchCriteriaId": "5F2558DF-2D1F-46BA-ABF1-08522D33268E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no especificada en Adobe Flash Player 21.0.0.242 y versiones anteriores, tal como se utiliza en las librer\u00edas Adobe Flash en Microsoft Internet Explorer 10 y 11 y Microsoft Edge, tiene vectores de ataque e impacto no conocidos, una vulnerabiliad diferente a otras CVEs listadas en MS16-083."
    }
  ],
  "id": "CVE-2016-4142",
  "lastModified": "2024-11-21T02:51:28.310",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-06-16T14:59:23.793",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1036117"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2016:1238"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1036117"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2016:1238"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-12-02 16:59
Modified
2024-11-21 02:20
Severity ?
Summary
The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service (crash) via a header with an empty body, which triggers a heap-based buffer overflow in the mutt_substrdup function.
References
cve@mitre.orghttp://advisories.mageia.org/MGASA-2014-0509.htmlThird Party Advisory
cve@mitre.orghttp://dev.mutt.org/trac/ticket/3716Issue Tracking, Vendor Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2015-01/msg00002.htmlThird Party Advisory
cve@mitre.orghttp://www.debian.org/security/2014/dsa-3083Third Party Advisory
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDVSA-2014:245Broken Link
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDVSA-2015:078Broken Link
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2014/11/27/5Exploit, Mailing List, Third Party Advisory
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2014/11/27/9Mailing List, Third Party Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/71334Third Party Advisory, VDB Entry
cve@mitre.orghttp://www.securitytracker.com/id/1031266Third Party Advisory, VDB Entry
cve@mitre.orghttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771125Exploit, Issue Tracking
cve@mitre.orghttps://bugzilla.redhat.com/show_bug.cgi?id=1168463Exploit, Issue Tracking
cve@mitre.orghttps://security.gentoo.org/glsa/201701-04
af854a3a-2127-422b-91ae-364da2661108http://advisories.mageia.org/MGASA-2014-0509.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://dev.mutt.org/trac/ticket/3716Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00002.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2014/dsa-3083Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2014:245Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2015:078Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2014/11/27/5Exploit, Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2014/11/27/9Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/71334Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1031266Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771125Exploit, Issue Tracking
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=1168463Exploit, Issue Tracking
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201701-04
Impacted products



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1EB0F28-F23A-4969-8A3E-66DA2EFA40C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C649194-B8C2-49F7-A819-C635EE584ABF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mutt:mutt:1.5.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "D87E6616-6B05-4F99-88CE-E33C7F7601F1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mageia:mageia:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F805A106-9A6F-48E7-8582-D3C5A26DFC11",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service (crash) via a header with an empty body, which triggers a heap-based buffer overflow in the mutt_substrdup function."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n write_one_header en mutt 1.5.23 no maneja correctamente los caracteres de l\u00ednea nueva al inicio de una cabecera, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de una cabecera con el cuerpo vac\u00edo, lo que provoca un desbordamiento de buffer basado en memoria din\u00e1mica en la funci\u00f3n mutt_substrdup."
    }
  ],
  "id": "CVE-2014-9116",
  "lastModified": "2024-11-21T02:20:14.610",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-12-02T16:59:08.150",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://advisories.mageia.org/MGASA-2014-0509.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "http://dev.mutt.org/trac/ticket/3716"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00002.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2014/dsa-3083"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:245"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:078"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2014/11/27/5"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2014/11/27/9"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/71334"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1031266"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking"
      ],
      "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771125"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1168463"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.gentoo.org/glsa/201701-04"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://advisories.mageia.org/MGASA-2014-0509.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "http://dev.mutt.org/trac/ticket/3716"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2014/dsa-3083"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:245"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:078"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2014/11/27/5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2014/11/27/9"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/71334"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1031266"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking"
      ],
      "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771125"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1168463"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/201701-04"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2011-11-04 21:55
Modified
2024-11-21 01:29
Severity ?
Summary
Directory traversal vulnerability in pure-FTPd 1.0.22 and possibly other versions, when running on SUSE Linux Enterprise Server and possibly other operating systems, when the Netware OES remote server feature is enabled, allows local users to overwrite arbitrary files via unknown vectors.
Impacted products
Vendor Product Version
pureftpd pure-ftpd *
pureftpd pure-ftpd 0.90
pureftpd pure-ftpd 0.91
pureftpd pure-ftpd 0.92
pureftpd pure-ftpd 0.93
pureftpd pure-ftpd 0.94
pureftpd pure-ftpd 0.95
pureftpd pure-ftpd 0.95
pureftpd pure-ftpd 0.95
pureftpd pure-ftpd 0.95
pureftpd pure-ftpd 0.95
pureftpd pure-ftpd 0.95.1
pureftpd pure-ftpd 0.95.2
pureftpd pure-ftpd 0.96
pureftpd pure-ftpd 0.96
pureftpd pure-ftpd 0.96.1
pureftpd pure-ftpd 0.97
pureftpd pure-ftpd 0.97
pureftpd pure-ftpd 0.97
pureftpd pure-ftpd 0.97
pureftpd pure-ftpd 0.97
pureftpd pure-ftpd 0.97-final
pureftpd pure-ftpd 0.97.1
pureftpd pure-ftpd 0.97.2
pureftpd pure-ftpd 0.97.3
pureftpd pure-ftpd 0.97.4
pureftpd pure-ftpd 0.97.5
pureftpd pure-ftpd 0.97.6
pureftpd pure-ftpd 0.97.7
pureftpd pure-ftpd 0.97.7
pureftpd pure-ftpd 0.97.7
pureftpd pure-ftpd 0.97.7
pureftpd pure-ftpd 0.98
pureftpd pure-ftpd 0.98
pureftpd pure-ftpd 0.98
pureftpd pure-ftpd 0.98.1
pureftpd pure-ftpd 0.98.2
pureftpd pure-ftpd 0.98.2
pureftpd pure-ftpd 0.98.3
pureftpd pure-ftpd 0.98.4
pureftpd pure-ftpd 0.98.5
pureftpd pure-ftpd 0.98.6
pureftpd pure-ftpd 0.98.7
pureftpd pure-ftpd 0.99
pureftpd pure-ftpd 0.99
pureftpd pure-ftpd 0.99
pureftpd pure-ftpd 0.99
pureftpd pure-ftpd 0.99
pureftpd pure-ftpd 0.99.1
pureftpd pure-ftpd 0.99.1
pureftpd pure-ftpd 0.99.1
pureftpd pure-ftpd 0.99.2
pureftpd pure-ftpd 0.99.2
pureftpd pure-ftpd 0.99.3
pureftpd pure-ftpd 0.99.4
pureftpd pure-ftpd 0.99.9
pureftpd pure-ftpd 1.0.0
pureftpd pure-ftpd 1.0.1
pureftpd pure-ftpd 1.0.2
pureftpd pure-ftpd 1.0.3
pureftpd pure-ftpd 1.0.4
pureftpd pure-ftpd 1.0.5
pureftpd pure-ftpd 1.0.6
pureftpd pure-ftpd 1.0.7
pureftpd pure-ftpd 1.0.8
pureftpd pure-ftpd 1.0.9
pureftpd pure-ftpd 1.0.10
pureftpd pure-ftpd 1.0.11
pureftpd pure-ftpd 1.0.12
pureftpd pure-ftpd 1.0.13
pureftpd pure-ftpd 1.0.14
pureftpd pure-ftpd 1.0.15
pureftpd pure-ftpd 1.0.16
pureftpd pure-ftpd 1.0.16
pureftpd pure-ftpd 1.0.16
pureftpd pure-ftpd 1.0.17
pureftpd pure-ftpd 1.0.17
pureftpd pure-ftpd 1.0.18
pureftpd pure-ftpd 1.0.19
pureftpd pure-ftpd 1.0.20
pureftpd pure-ftpd 1.0.21
suse linux_enterprise_desktop 10
suse linux_enterprise_desktop 11
suse linux_enterprise_server 10
suse linux_enterprise_server 10
suse linux_enterprise_server 11
suse linux_enterprise_server 11



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5EC9019-1B5F-433E-8BD4-E9AAAAB902A0",
              "versionEndIncluding": "1.0.22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BAA8918-A2CB-47A3-BEA5-012202416E2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.91:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7AC08B4-58AC-415A-9B66-40A1E3CCD0F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.92:*:*:*:*:*:*:*",
              "matchCriteriaId": "109D76F0-FB16-4DB5-8CD9-5FC4B7A888F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.93:*:*:*:*:*:*:*",
              "matchCriteriaId": "D21A2797-A1E1-41D1-A4F9-88A6BDB39386",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.94:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6F60D6F-5EED-4F98-B837-8DA704AE655E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.95:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6FB0AE1-D1C1-49BA-92EB-22610F805C24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.95:pre1:*:*:*:*:*:*",
              "matchCriteriaId": "BD46FE70-94F7-49A8-8C89-7D49D660A3B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.95:pre2:*:*:*:*:*:*",
              "matchCriteriaId": "63769E2B-D1EA-4A63-87C9-74791641C2A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.95:pre3:*:*:*:*:*:*",
              "matchCriteriaId": "C656D161-2438-4ACA-AB14-2A9D86509870",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.95:pre4:*:*:*:*:*:*",
              "matchCriteriaId": "05B9AB24-3961-4BEF-A60E-99FE716DF9A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.95.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "75803E7D-E4C4-429A-831D-E9BD35D3822F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.95.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AF6AB58-64E1-4B6E-BE3A-F1EF3A4D6D25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.96:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEE4E7D4-64C3-401D-88BD-25480BB0353E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.96:pre1:*:*:*:*:*:*",
              "matchCriteriaId": "68510DBF-72AE-468B-8105-69B6A57A04F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.96.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DE75C61-AEB4-49FF-92F0-59BE2DC235A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97:pre1:*:*:*:*:*:*",
              "matchCriteriaId": "55A5149F-EFD9-47A6-9E0A-5CC527F692C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97:pre2:*:*:*:*:*:*",
              "matchCriteriaId": "1457138A-4081-455B-B5BA-28D7CC14EC6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97:pre3:*:*:*:*:*:*",
              "matchCriteriaId": "840635FC-4FDB-4198-A79B-792B643A9388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97:pre4:*:*:*:*:*:*",
              "matchCriteriaId": "82E5881B-7BCE-47A9-883E-0F5B9D223F81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97:pre5:*:*:*:*:*:*",
              "matchCriteriaId": "ED101A1B-A785-4F81-9C94-DB4F12BAA088",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97-final:*:*:*:*:*:*:*",
              "matchCriteriaId": "1664490B-CA34-44A3-8EEC-71A07799E870",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C151E6E5-AC14-4C12-B1E4-4FDED6F5CF33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC7E10AE-9B98-4801-91CD-F6EEC75B9C0D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFF21C85-76FC-463C-8661-60BE2D3CAC10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "21110017-470F-4C38-B09F-8DF94E48EFE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BA24CD0-22DA-4689-981D-88FAA7FCC1C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1931478E-A672-4CF6-9BDC-B3C73B7DA5A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "71C4863E-76DA-4E38-B2C7-B30037633030",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.7:pre1:*:*:*:*:*:*",
              "matchCriteriaId": "1E60DE27-EE96-44D1-9469-ACB4EB03CCBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.7:pre2:*:*:*:*:*:*",
              "matchCriteriaId": "2059AE45-9F9C-4D26-B53A-E61576EBF163",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.7:pre3:*:*:*:*:*:*",
              "matchCriteriaId": "7BD78C76-3679-47DD-B9A9-CDA0B34EEDEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98:final:*:*:*:*:*:*",
              "matchCriteriaId": "6AC69E38-9872-460F-841B-BBE1110FC1B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98:pre1:*:*:*:*:*:*",
              "matchCriteriaId": "7F812030-6DC3-4A8C-824F-3185AC4F0619",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98:pre2:*:*:*:*:*:*",
              "matchCriteriaId": "1917ECFC-BCD2-464C-B4C7-6D87A3B50DC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "57A8D91C-EEEB-4F76-8010-2CB174A9B091",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1831F7D-7366-4775-9B70-832F3BAB23E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98.2:a:*:*:*:*:*:*",
              "matchCriteriaId": "FE763375-34A0-4D2D-BEC2-D9F9232A1D01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "962C592B-1B02-49EE-9C82-2EA1B0F0F4DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA327868-1A00-4BFE-AB29-3DBE57545EBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "09575AA6-7F8C-4A9C-B781-C892B00C3035",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3810E39-63C2-486A-9FFC-C7BBC6DCD455",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "07E6BD24-3843-479E-9DD0-56C69F8A0B71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99:*:*:*:*:*:*:*",
              "matchCriteriaId": "41E823CA-D59A-404F-A064-25F557BEBD5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99:a:*:*:*:*:*:*",
              "matchCriteriaId": "D4C84C4B-3133-4589-B17E-903F78086A3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99:b:*:*:*:*:*:*",
              "matchCriteriaId": "366DE55B-E2FC-4CA1-B35C-1F09942A31A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99:pre1:*:*:*:*:*:*",
              "matchCriteriaId": "A1B51DC2-7C58-4073-B352-02A0B56D447E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99:pre2:*:*:*:*:*:*",
              "matchCriteriaId": "209642A4-56B7-4345-B09D-57636A3D221F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD057E44-D7B8-414C-A21D-DEC8753F0C50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99.1:a:*:*:*:*:*:*",
              "matchCriteriaId": "79BC687A-A16D-4923-B592-549E12272045",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99.1:b:*:*:*:*:*:*",
              "matchCriteriaId": "2C400CA8-7CE1-4E6D-ABAD-102E4BD12C6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D968FE34-54C4-4C06-8EB7-0537EDAAD6FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99.2:a:*:*:*:*:*:*",
              "matchCriteriaId": "1C6966F1-F1F5-45F6-B446-8408EB1DE9FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CAD1DE8-7D55-4C0B-B691-E8D8AA6E2689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "70576B73-12AF-463B-96AB-18725ACDECFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "39F6EBD8-4BFD-49FC-A087-8698DB462880",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3737B53D-E0BC-430F-9B00-5F13C15E3EF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF48827A-8F95-4D07-BB35-AD43A048072B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "10DB2640-6C1B-4B95-998C-3737809C9E40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A4B5B69-85CF-40C8-BC79-C340A6445F8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8992045B-1EC7-4254-966E-AECDAEFD950E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "14C4E0E1-FC73-4641-A7AC-47E25EAE251B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF00DCF7-A5B8-4B62-9F4F-EB2273589215",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "947E46FD-1B9D-4F64-8C10-FF332796CFE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "B72E9F25-975E-4609-A741-F472CEB53265",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D76E5AE-B1D2-4362-915A-A6C15225F772",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD6BC5DF-3A1E-4B1F-87E9-857AE413841C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "3928B3DD-CA7E-4204-A49A-7B6E1F973B47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "091BB6EB-7263-4DD2-8B57-B1FF73D61B7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.13:a:*:*:*:*:*:*",
              "matchCriteriaId": "C462D2DB-B831-4395-A697-412AF5269E9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "C705AE7A-8F8B-49C1-BEA4-B1486AAE9E2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0AB8F16-5A30-4D85-A3E0-E8EECD5EEA69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.16:a:*:*:*:*:*:*",
              "matchCriteriaId": "893F2C07-21F3-4B1E-B295-6B4DD20B97B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.16:b:*:*:*:*:*:*",
              "matchCriteriaId": "A6F4CFB6-9BD7-467E-ACDD-879D782DD2A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.16:c:*:*:*:*:*:*",
              "matchCriteriaId": "E10A65F7-517F-4966-B83F-7323C8ADA70C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76D15CD-FECF-435F-A7E4-54FE53638C1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.17:a:*:*:*:*:*:*",
              "matchCriteriaId": "F621BF1C-B9F1-4055-B5D8-6FC70BB3A6D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "8669B8EC-482D-44CD-B30E-7D83423E1BC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "B67A0244-D65F-4CCE-A084-31AD9A3D9B8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFD2D751-2B85-428E-8766-36F92B338C5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "579ECF9F-EBED-49BC-A804-86C71554D06C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "F0545634-EC4A-48E8-AB3D-49802FB11758",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "60FBDD82-691C-4D9D-B71B-F9AFF6931B53",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "25CBACD3-AFB7-410D-927F-0C1FF477D396",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "A53FF936-C785-4CEF-BAD0-3C3EB90EE466",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "EE26596F-F10E-44EF-88CA-0080646E91B9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:vmware:*:*:*:*:*",
              "matchCriteriaId": "B654E601-9B41-416B-9619-A60E6151EC68",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Directory traversal vulnerability in pure-FTPd 1.0.22 and possibly other versions, when running on SUSE Linux Enterprise Server and possibly other operating systems, when the Netware OES remote server feature is enabled, allows local users to overwrite arbitrary files via unknown vectors."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de salto de directorio en Pure-ftpd v1.0.22 y posiblemente en otras versiones, cuando se ejecutan en SUSE Linux Enterprise Server y posiblemente otros sistemas operativos y cuando la funci\u00f3n de servidor remoto Netware OES est\u00e1 activada, permite a usuarios locales sobreescribir ficheros arbitrarios a trav\u00e9s de vectores desconocidos."
    }
  ],
  "id": "CVE-2011-3171",
  "lastModified": "2024-11-21T01:29:53.840",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 3.6,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-11-04T21:55:02.550",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00015.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00016.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/49541"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69686"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00015.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00016.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/49541"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69686"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-01-13 20:55
Modified
2024-11-21 01:48
Severity ?
Summary
Use-after-free vulnerability in the ~nsHTMLEditRules implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
References
security@mozilla.orghttp://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.htmlMailing List, Third Party Advisory
security@mozilla.orghttp://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.htmlMailing List, Third Party Advisory
security@mozilla.orghttp://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.htmlMailing List, Third Party Advisory
security@mozilla.orghttp://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.htmlMailing List, Third Party Advisory
security@mozilla.orghttp://rhn.redhat.com/errata/RHSA-2013-0144.htmlThird Party Advisory
security@mozilla.orghttp://rhn.redhat.com/errata/RHSA-2013-0145.htmlThird Party Advisory
security@mozilla.orghttp://www.mozilla.org/security/announce/2013/mfsa2013-02.htmlVendor Advisory
security@mozilla.orghttp://www.securityfocus.com/bid/57194Third Party Advisory, VDB Entry
security@mozilla.orghttp://www.ubuntu.com/usn/USN-1681-1Third Party Advisory
security@mozilla.orghttp://www.ubuntu.com/usn/USN-1681-2Third Party Advisory
security@mozilla.orghttp://www.ubuntu.com/usn/USN-1681-4Third Party Advisory
security@mozilla.orghttps://bugzilla.mozilla.org/show_bug.cgi?id=803853Issue Tracking, Patch, Vendor Advisory
security@mozilla.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16189Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-0144.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-0145.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/security/announce/2013/mfsa2013-02.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/57194Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1681-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1681-2Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1681-4Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=803853Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16189Third Party Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B79F0682-C77C-4B65-B267-C370CFC70295",
              "versionEndExcluding": "18.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC13B81F-BA13-445C-9352-52C07DE5722C",
              "versionEndExcluding": "10.0.12",
              "versionStartIncluding": "10.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBE1BFA6-20EE-44C2-8D48-17CAF2EE2D30",
              "versionEndExcluding": "17.0.2",
              "versionStartIncluding": "17.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BA9E754-FE4D-4123-9FA8-E2AD38CC7320",
              "versionEndExcluding": "2.15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EAC3A76A-FEC9-461E-BA82-1D62DEB45B34",
              "versionEndExcluding": "17.0.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D45B1950-19B6-4C22-8828-6C203FA4804C",
              "versionEndExcluding": "10.0.12",
              "versionStartIncluding": "10.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCE07E1B-A9A5-44BC-98BB-A76B5F2EB133",
              "versionEndExcluding": "17.0.2",
              "versionStartIncluding": "17.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB2C482-D2A4-48B3-ACE7-E1DFDCC409B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "F0545634-EC4A-48E8-AB3D-49802FB11758",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "00720D8C-3FF3-4B1C-B74B-91F01A544399",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "A53FF936-C785-4CEF-BAD0-3C3EB90EE466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*",
              "matchCriteriaId": "88D6E858-FD8F-4C55-B7D5-CEEDA2BBA898",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*",
              "matchCriteriaId": "DB4D6749-81A1-41D7-BF4F-1C45A7F49A22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "436EF2ED-FDBB-4B64-8EC4-33C3E4253F06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "5AA37837-3083-4DC7-94F4-54FD5D7CB53C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:5.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "6252E88C-27FF-420D-A64A-C34124CF7E6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8382A145-CDD9-437E-9DE7-A349956778B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "92C9F1C4-55B0-426D-BB5E-01372C23AF97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*",
              "matchCriteriaId": "01EDA41C-6B2E-49AF-B503-EB3882265C11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Use-after-free vulnerability in the ~nsHTMLEditRules implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de uso despu\u00e9s de liberaci\u00f3n de la implementaci\u00f3n ~nsHTMLEditRules en Mozilla Firefox anterior a v18.0, Firefox ESR v10.x anterior a v10.0.12 y v17.x anterior a v17.0.1, Thunderbird anterior a v17.0.12, Thunderbird ESR v10.x anterior a 10.0.12 y v17.x anterior a 17.0.1, y SeaMonkey anterior a v2.15 que permite a atacantes remotos permite a atacantes remotos ejecutar c\u00f3digo arbitrio o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria din\u00e1mica) a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2013-0766",
  "lastModified": "2024-11-21T01:48:10.023",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-01-13T20:55:02.337",
  "references": [
    {
      "source": "security@mozilla.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0144.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0145.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-02.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/57194"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1681-1"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1681-2"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1681-4"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=803853"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16189"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0144.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0145.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-02.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/57194"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1681-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1681-2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1681-4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=803853"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16189"
    }
  ],
  "sourceIdentifier": "security@mozilla.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-04-19 21:59
Modified
2024-11-21 02:21
Severity ?
Summary
Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function.
References
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html
secalert@redhat.comhttp://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html
secalert@redhat.comhttp://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2017-0680.html
secalert@redhat.comhttp://seclists.org/fulldisclosure/2019/Jun/18
secalert@redhat.comhttp://seclists.org/fulldisclosure/2019/Sep/7
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2016/01/19/11
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2016/01/20/1
secalert@redhat.comhttp://www.securityfocus.com/bid/83306
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-2985-1
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-2985-2
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2017:1916
secalert@redhat.comhttps://seclists.org/bugtraq/2019/Jun/14
secalert@redhat.comhttps://seclists.org/bugtraq/2019/Sep/7
secalert@redhat.comhttps://security.gentoo.org/glsa/201702-11
secalert@redhat.comhttps://sourceware.org/bugzilla/show_bug.cgi?id=16962
secalert@redhat.comhttps://www.sourceware.org/ml/libc-alpha/2016-02/msg00502.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2017-0680.html
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2019/Jun/18
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2019/Sep/7
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2016/01/19/11
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2016/01/20/1
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/83306
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2985-1
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2985-2
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1916
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/bugtraq/2019/Jun/14
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/bugtraq/2019/Sep/7
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201702-11
af854a3a-2127-422b-91ae-364da2661108https://sourceware.org/bugzilla/show_bug.cgi?id=16962
af854a3a-2127-422b-91ae-364da2661108https://www.sourceware.org/ml/libc-alpha/2016-02/msg00502.htmlVendor Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11.0:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "1FADFCB2-7D70-4778-9199-516E667177C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11.0:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "174A8501-CFE4-430E-BB1F-DDF89F94A117",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11.0:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "480C8C21-8DA3-4EF2-8BCF-7CED031A3B81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11.0:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "1F33821F-22ED-4B6A-B70B-D38EDA658EE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11.0:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "10F15C47-008C-4FFC-980B-A14E176C1F1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1EB0F28-F23A-4969-8A3E-66DA2EFA40C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "3A0BA503-3F96-48DA-AF47-FBA37A9D0C48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11.0:sp2:*:*:lts:*:*:*",
              "matchCriteriaId": "380DDE38-767C-455A-8474-29BF32D66D48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11.0:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "01E21741-9D7D-42DD-B70D-5FD3053DE780",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11.0:sp3:*:*:*:vmware:*:*",
              "matchCriteriaId": "FD3677E0-7423-452A-8C1E-A20C5CC34CA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11.0:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "D5BAC17C-EF31-4E94-9020-47B781AD94B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "2076747F-A98E-4DD9-9B52-BF1732BCAD3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11.0:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "ACC73EF8-7AD9-4113-9E3F-C93AF818CEB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11.0:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "51FA1B64-D002-41CC-908F-3798122ACD25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB2A1559-651C-46B0-B436-8E03DC8A60D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "5A633996-2FD7-467C-BAA6-529E16BD06D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C649194-B8C2-49F7-A819-C635EE584ABF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*",
              "matchCriteriaId": "E79AB8DD-C907-4038-A931-1A5A4CFB6A5B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1E32895-9C7B-4DE8-9BB5-0177406EB761",
              "versionEndIncluding": "2.22",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples desbordamientos de buffer basado en pila en la GNU C Library (tambi\u00e9n conocida como glibc o libc6) en versiones anteriores a 2.23 permiten a atacantes dependientes del contexto causar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) o posiblemente ejecutar c\u00f3digo arbirario a trav\u00e9s de un argumento largo en la funci\u00f3n (1) nan, (2) nanf o (3) nanl."
    }
  ],
  "id": "CVE-2014-9761",
  "lastModified": "2024-11-21T02:21:36.940",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-04-19T21:59:00.113",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2017-0680.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://seclists.org/fulldisclosure/2019/Jun/18"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://seclists.org/fulldisclosure/2019/Sep/7"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2016/01/19/11"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2016/01/20/1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/83306"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-2985-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-2985-2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2017:1916"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://seclists.org/bugtraq/2019/Jun/14"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://seclists.org/bugtraq/2019/Sep/7"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://security.gentoo.org/glsa/201702-11"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=16962"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.sourceware.org/ml/libc-alpha/2016-02/msg00502.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2017-0680.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/fulldisclosure/2019/Jun/18"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/fulldisclosure/2019/Sep/7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2016/01/19/11"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2016/01/20/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/83306"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2985-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2985-2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2017:1916"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://seclists.org/bugtraq/2019/Jun/14"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://seclists.org/bugtraq/2019/Sep/7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/201702-11"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=16962"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.sourceware.org/ml/libc-alpha/2016-02/msg00502.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2012-11-21 12:55
Modified
2024-11-21 01:45
Severity ?
Summary
Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 implement cross-origin wrappers with a filtering behavior that does not properly restrict write actions, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-updates/2012-11/msg00090.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-updates/2012-11/msg00092.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-updates/2012-11/msg00093.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://osvdb.org/87588Broken Link
cve@mitre.orghttp://rhn.redhat.com/errata/RHSA-2012-1482.htmlThird Party Advisory
cve@mitre.orghttp://rhn.redhat.com/errata/RHSA-2012-1483.htmlThird Party Advisory
cve@mitre.orghttp://secunia.com/advisories/51359Third Party Advisory
cve@mitre.orghttp://secunia.com/advisories/51360Third Party Advisory
cve@mitre.orghttp://secunia.com/advisories/51369Third Party Advisory
cve@mitre.orghttp://secunia.com/advisories/51370Third Party Advisory
cve@mitre.orghttp://secunia.com/advisories/51381Third Party Advisory
cve@mitre.orghttp://secunia.com/advisories/51434Third Party Advisory
cve@mitre.orghttp://secunia.com/advisories/51439Third Party Advisory
cve@mitre.orghttp://secunia.com/advisories/51440Third Party Advisory
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDVSA-2012:173Third Party Advisory
cve@mitre.orghttp://www.mozilla.org/security/announce/2012/mfsa2012-100.htmlVendor Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/56631Third Party Advisory, VDB Entry
cve@mitre.orghttp://www.ubuntu.com/usn/USN-1636-1Third Party Advisory
cve@mitre.orghttp://www.ubuntu.com/usn/USN-1638-1Third Party Advisory
cve@mitre.orghttp://www.ubuntu.com/usn/USN-1638-2Third Party Advisory
cve@mitre.orghttp://www.ubuntu.com/usn/USN-1638-3Third Party Advisory
cve@mitre.orghttps://bugzilla.mozilla.org/show_bug.cgi?id=805807Issue Tracking, Patch, Vendor Advisory
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/80178Third Party Advisory, VDB Entry
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16590Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/87588Broken Link
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2012-1482.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2012-1483.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/51359Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/51360Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/51369Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/51370Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/51381Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/51434Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/51439Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/51440Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2012:173Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/security/announce/2012/mfsa2012-100.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/56631Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1636-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1638-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1638-2Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1638-3Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=805807Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/80178Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16590Third Party Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D350E7E-4990-4C93-80AD-AC5C27040549",
              "versionEndExcluding": "10.0.11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "23C27B04-A1E0-4930-AF63-E2B1E57F75BE",
              "versionEndExcluding": "17.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9DEF1D7-9412-4632-A689-AFD71FEFACC0",
              "versionEndExcluding": "2.14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "61E5E742-2A0F-4483-A784-EACBEE1DF267",
              "versionEndExcluding": "17.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "261324A9-B458-48B0-B8EC-5412FB8728E9",
              "versionEndExcluding": "10.0.11",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB2C482-D2A4-48B3-ACE7-E1DFDCC409B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "F0545634-EC4A-48E8-AB3D-49802FB11758",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "00720D8C-3FF3-4B1C-B74B-91F01A544399",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "A53FF936-C785-4CEF-BAD0-3C3EB90EE466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*",
              "matchCriteriaId": "88D6E858-FD8F-4C55-B7D5-CEEDA2BBA898",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*",
              "matchCriteriaId": "DB4D6749-81A1-41D7-BF4F-1C45A7F49A22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "436EF2ED-FDBB-4B64-8EC4-33C3E4253F06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "5AA37837-3083-4DC7-94F4-54FD5D7CB53C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*",
              "matchCriteriaId": "01EDA41C-6B2E-49AF-B503-EB3882265C11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8382A145-CDD9-437E-9DE7-A349956778B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 implement cross-origin wrappers with a filtering behavior that does not properly restrict write actions, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site."
    },
    {
      "lang": "es",
      "value": "Mozilla Firefox antes de 17.0, Firefox ESR 10.x antes de 10.0.11, Thunderbird antes de 17,0, Thunderbird ESR 10.x antes de 10.0.11, y SeaMonkey antes de 2.14 implementan envoltorios origen cruzado con un comportamiento de filtrado que no restringe correctamente las acciones de escritura, lo que permite a atacantes remotos realizar ataques de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) a trav\u00e9s de un sitio web modificado."
    }
  ],
  "id": "CVE-2012-5841",
  "lastModified": "2024-11-21T01:45:21.170",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2012-11-21T12:55:03.697",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/87588"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1482.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1483.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/51359"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/51360"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/51369"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/51370"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/51381"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/51434"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/51439"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/51440"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:173"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-100.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/56631"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1636-1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1638-1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1638-2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1638-3"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=805807"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80178"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16590"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/87588"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1482.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1483.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/51359"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/51360"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/51369"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/51370"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/51381"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/51434"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/51439"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/51440"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:173"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-100.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/56631"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1636-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1638-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1638-2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1638-3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=805807"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80178"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16590"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-05-16 11:45
Modified
2024-11-21 01:53
Severity ?
Summary
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, and CVE-2013-3335.
References
psirt@adobe.comhttp://lists.opensuse.org/opensuse-security-announce/2013-05/msg00003.htmlMailing List, Third Party Advisory
psirt@adobe.comhttp://lists.opensuse.org/opensuse-security-announce/2013-06/msg00003.htmlMailing List, Third Party Advisory
psirt@adobe.comhttp://lists.opensuse.org/opensuse-security-announce/2013-06/msg00010.htmlMailing List, Third Party Advisory
psirt@adobe.comhttp://rhn.redhat.com/errata/RHSA-2013-0825.htmlThird Party Advisory
psirt@adobe.comhttp://secunia.com/advisories/53442Broken Link
psirt@adobe.comhttp://www.adobe.com/support/security/bulletins/apsb13-14.htmlPatch, Vendor Advisory
psirt@adobe.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16407Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00003.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00003.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00010.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-0825.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/53442Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.adobe.com/support/security/bulletins/apsb13-14.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16407Third Party Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "323FE1A9-4C75-4C1A-9F56-F5B4495AEC0A",
              "versionEndExcluding": "10.3.183.86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "656D3B8A-252E-4688-B522-D83EEAB62C12",
              "versionEndExcluding": "11.7.700.202",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "323FE1A9-4C75-4C1A-9F56-F5B4495AEC0A",
              "versionEndExcluding": "10.3.183.86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1A023F2-EFCA-4C4E-82DB-0738C9A0E25D",
              "versionEndExcluding": "11.2.202.285",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "01E6E433-4508-4AE4-9E48-2226D2325EA8",
              "versionEndExcluding": "11.1.111.54",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F3C0381-865A-4176-A291-988E12612161",
              "versionEndIncluding": "2.3.7",
              "versionStartIncluding": "2.0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBEB1CC1-D410-4157-8BF3-8EB8BAC444DD",
              "versionEndIncluding": "3.2.6",
              "versionStartIncluding": "3.0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "21B67D38-F250-4D0C-8994-2C63C8461D88",
              "versionEndExcluding": "11.1.115.58",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "28F15E5A-D7B0-4473-8C4A-777881C4B3BE",
              "versionEndIncluding": "4.2",
              "versionStartIncluding": "4.0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "534967F9-2F81-458E-952E-A40F5B7465D2",
              "versionEndExcluding": "3.7.0.1860",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:adobe_air_sdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "77100403-7C1C-4B88-BBC7-494722F2637B",
              "versionEndExcluding": "3.7.0.1860",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:5.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "6252E88C-27FF-420D-A64A-C34124CF7E6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A8E07B7-3739-4BEB-88F8-C7F62431E889",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:5.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "237D0A52-5997-4557-9454-526BFDB64E12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EDC8561-5E0A-4692-BB71-C88ED7A1229F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:-:*:*:*",
              "matchCriteriaId": "4339DE06-19FB-4B8E-B6AE-3495F605AD05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "00720D8C-3FF3-4B1C-B74B-91F01A544399",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK \u0026 Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, and CVE-2013-3335."
    },
    {
      "lang": "es",
      "value": "Adobe Flash Player antes de v10.3.183.86 y v11.x antes de v11.7.700.202 para Windows y Mac OS X, antes de v10.3.183.86 y v11.x antes de v11.2.202.285 para Linux, antes de v11.1.111.54 para Android v2.x y v3.x, y antes de v11.1.115.58 para Android v4.x; Adobe AIR before v3.7.0.1860; y Adobe AIR SDK \u0026 Compiler antes de v3.7.0.1860 permite a atacantes ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicios (consumo de memoria) a trav\u00e9s de vectores sin especificar, una vulnerabilidad diferente a CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, y CVE-2013-3335."
    }
  ],
  "id": "CVE-2013-3334",
  "lastModified": "2024-11-21T01:53:25.223",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-05-16T11:45:31.717",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00003.html"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00003.html"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00010.html"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0825.html"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/53442"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.adobe.com/support/security/bulletins/apsb13-14.html"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16407"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00010.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0825.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/53442"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.adobe.com/support/security/bulletins/apsb13-14.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16407"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2011-12-15 03:57
Modified
2024-11-21 01:32
Severity ?
Summary
The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code, or cause a denial of service (heap memory corruption), via a crafted component registration (CRG) marker segment in a JPEG2000 file.
References
cret@cert.orghttp://lists.fedoraproject.org/pipermail/package-announce/2011-December/071458.htmlMailing List, Third Party Advisory
cret@cert.orghttp://lists.fedoraproject.org/pipermail/package-announce/2012-January/071561.htmlMailing List, Third Party Advisory
cret@cert.orghttp://lists.opensuse.org/opensuse-security-announce/2011-12/msg00010.htmlMailing List, Third Party Advisory
cret@cert.orghttp://osvdb.org/77596Broken Link
cret@cert.orghttp://rhn.redhat.com/errata/RHSA-2015-0698.htmlThird Party Advisory
cret@cert.orghttp://secunia.com/advisories/47193Not Applicable
cret@cert.orghttp://secunia.com/advisories/47306Not Applicable
cret@cert.orghttp://secunia.com/advisories/47353Not Applicable
cret@cert.orghttp://www-01.ibm.com/support/docview.wss?uid=swg21660640Broken Link
cret@cert.orghttp://www.debian.org/security/2011/dsa-2371Third Party Advisory
cret@cert.orghttp://www.kb.cert.org/vuls/id/887409Third Party Advisory, US Government Resource
cret@cert.orghttp://www.oracle.com/technetwork/topics/security/cpujan2012-366304.htmlThird Party Advisory
cret@cert.orghttp://www.redhat.com/support/errata/RHSA-2011-1807.htmlThird Party Advisory
cret@cert.orghttp://www.redhat.com/support/errata/RHSA-2011-1811.htmlThird Party Advisory
cret@cert.orghttp://www.securityfocus.com/bid/50992Broken Link, VDB Entry
cret@cert.orghttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606Release Notes
cret@cert.orghttp://www.ubuntu.com/usn/USN-1315-1Third Party Advisory
cret@cert.orghttps://bugzilla.redhat.com/show_bug.cgi?id=747726Issue Tracking
cret@cert.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/71701Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071458.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071561.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00010.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/77596Broken Link
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2015-0698.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/47193Not Applicable
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/47306Not Applicable
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/47353Not Applicable
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21660640Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2011/dsa-2371Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/887409Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2011-1807.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2011-1811.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/50992Broken Link, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606Release Notes
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1315-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=747726Issue Tracking
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/71701Third Party Advisory, VDB Entry



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:jasper_project:jasper:1.900.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "79C699BE-8585-4A07-88AE-E17CF17D92CD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:outside_in_technology:8.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "64AA8532-9055-4A9B-BC52-B6D0EDAB8D10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:outside_in_technology:8.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "506DA542-BD41-4102-A15E-481C81A0AB04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*",
              "matchCriteriaId": "01EDA41C-6B2E-49AF-B503-EB3882265C11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "87614B58-24AB-49FB-9C84-E8DDBA16353B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF49D26F-142E-468B-87C1-BABEA445255C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:*",
              "matchCriteriaId": "9396E005-22D8-4342-9323-C7DEA379191D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*",
              "matchCriteriaId": "706C6399-CAD1-46E3-87A2-8DFE2CF497ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "60FBDD82-691C-4D9D-B71B-F9AFF6931B53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:-:*:*",
              "matchCriteriaId": "A44C3422-0D42-473E-ABB4-279D7494EE2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:vmware:*:*",
              "matchCriteriaId": "A6B7CDCA-6F39-4113-B5D3-3AA9D7F3D809",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "E8C91701-DF37-4F7B-AB9A-B1BFDB4991F8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D986CAD0-F4E0-4F97-B240-8967CD4466FB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code, or cause a denial of service (heap memory corruption), via a crafted component registration (CRG) marker segment in a JPEG2000 file."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n jpc_crg_getparms de libjasper/jpc/jpc_cs.c de JasPer 1.900.1 utiliza un tipo de datos incorrecto durante un c\u00e1lculo determinado de tama\u00f1o, lo que permite a atacantes remotos provocar un desbordamiento de buffer de memoria din\u00e1mica y ejecutar c\u00f3digo arbitrario, o provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria din\u00e1mica), a trav\u00e9s de un archivo JPEG2000 mal formado."
    }
  ],
  "id": "CVE-2011-4517",
  "lastModified": "2024-11-21T01:32:27.893",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2011-12-15T03:57:34.277",
  "references": [
    {
      "source": "cret@cert.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071458.html"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071561.html"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00010.html"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/77596"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0698.html"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://secunia.com/advisories/47193"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://secunia.com/advisories/47306"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://secunia.com/advisories/47353"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2011/dsa-2371"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/887409"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2011-1807.html"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2011-1811.html"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Broken Link",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/50992"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Release Notes"
      ],
      "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.538606"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1315-1"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=747726"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71701"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071458.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071561.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00010.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/77596"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0698.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://secunia.com/advisories/47193"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://secunia.com/advisories/47306"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://secunia.com/advisories/47353"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2011/dsa-2371"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/887409"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2011-1807.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2011-1811.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/50992"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes"
      ],
      "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.538606"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1315-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=747726"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71701"
    }
  ],
  "sourceIdentifier": "cret@cert.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-10-15 22:55
Modified
2024-11-21 02:14
Severity ?
Summary
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6494.
References
secalert_us@oracle.comhttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698Third Party Advisory
secalert_us@oracle.comhttp://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.htmlMailing List, Third Party Advisory
secalert_us@oracle.comhttp://secunia.com/advisories/61579Not Applicable
secalert_us@oracle.comhttp://secunia.com/advisories/62073Not Applicable
secalert_us@oracle.comhttp://security.gentoo.org/glsa/glsa-201411-02.xmlThird Party Advisory
secalert_us@oracle.comhttp://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.htmlVendor Advisory
secalert_us@oracle.comhttp://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.htmlPatch, Vendor Advisory
secalert_us@oracle.comhttp://www.securityfocus.com/bid/70469Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/61579Not Applicable
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/62073Not Applicable
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-201411-02.xmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/70469Third Party Advisory, VDB Entry



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:juniper:junos_space:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6133CA80-A291-487F-AE06-85D4AA154727",
              "versionEndIncluding": "15.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF35B328-2B85-4093-9288-2EF6043AA8DF",
              "versionEndExcluding": "5.5.40",
              "versionStartIncluding": "5.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C55CD8E-8ADC-470C-9042-5C63221A2F09",
              "versionEndExcluding": "10.0.15",
              "versionStartIncluding": "10.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAA995C3-9B96-4B6F-A3E9-587F8468F551",
              "versionEndIncluding": "5.5.39",
              "versionStartIncluding": "5.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3E71621-9463-4E83-A99C-1D51E6352770",
              "versionEndIncluding": "5.6.20",
              "versionStartIncluding": "5.6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*",
              "matchCriteriaId": "D2DF4815-B8CB-4AD3-B91D-2E09A8E318E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*",
              "matchCriteriaId": "15FC9014-BD85-4382-9D04-C0703E901D7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-:*:*:*:*:*:*",
              "matchCriteriaId": "1831D45A-EE6E-4220-8F8C-248B69520948",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:-:*:*:*:*:*:*",
              "matchCriteriaId": "028ABA8F-4E7B-4CD0-B6FC-3A0941E254BA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6494."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad sin especificar en Oracle MySQL Server 5.5.39 y anteriores y 5.6.20 y anteriores, permite a atacantes remotos afectar la disponibilidad a trav\u00e9s de vectores relacionados con CLIENT:SSL:yaSSL, una vulnerabilidad diferente a CVE-2014-6494."
    }
  ],
  "id": "CVE-2014-6496",
  "lastModified": "2024-11-21T02:14:30.450",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-10-15T22:55:06.077",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10698"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://secunia.com/advisories/61579"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://secunia.com/advisories/62073"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://security.gentoo.org/glsa/glsa-201411-02.xml"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/70469"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10698"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://secunia.com/advisories/61579"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://secunia.com/advisories/62073"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://security.gentoo.org/glsa/glsa-201411-02.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/70469"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2010-09-08 20:00
Modified
2024-11-21 01:17
Severity ?
Summary
Integer overflow in net/can/bcm.c in the Controller Area Network (CAN) implementation in the Linux kernel before 2.6.27.53, 2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2.6.35.x before 2.6.35.4 allows attackers to execute arbitrary code or cause a denial of service (system crash) via crafted CAN traffic.
References
security@ubuntu.comhttp://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5b75c4973ce779520b9d1e392483207d6f842cde
security@ubuntu.comhttp://jon.oberheide.org/files/i-can-haz-modharden.cExploit, Mailing List, Third Party Advisory
security@ubuntu.comhttp://lists.fedoraproject.org/pipermail/package-announce/2010-September/046947.htmlMailing List, Third Party Advisory
security@ubuntu.comhttp://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.htmlMailing List, Third Party Advisory
security@ubuntu.comhttp://lists.opensuse.org/opensuse-security-announce/2010-09/msg00005.htmlMailing List, Third Party Advisory
security@ubuntu.comhttp://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.htmlMailing List, Third Party Advisory
security@ubuntu.comhttp://secunia.com/advisories/41512Broken Link
security@ubuntu.comhttp://www.debian.org/security/2010/dsa-2094Third Party Advisory
security@ubuntu.comhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.53Broken Link
security@ubuntu.comhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.21Broken Link
security@ubuntu.comhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34.6Broken Link
security@ubuntu.comhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35.4Broken Link
security@ubuntu.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2010:198Broken Link
security@ubuntu.comhttp://www.openwall.com/lists/oss-security/2010/08/20/2Mailing List, Third Party Advisory
security@ubuntu.comhttp://www.securityfocus.com/bid/42585Exploit, Third Party Advisory, VDB Entry
security@ubuntu.comhttp://www.vupen.com/english/advisories/2010/2430Broken Link
security@ubuntu.comhttp://www.vupen.com/english/advisories/2011/0298Broken Link
security@ubuntu.comhttps://bugzilla.redhat.com/show_bug.cgi?id=625699Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5b75c4973ce779520b9d1e392483207d6f842cde
af854a3a-2127-422b-91ae-364da2661108http://jon.oberheide.org/files/i-can-haz-modharden.cExploit, Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2010-September/046947.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00005.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/41512Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2010/dsa-2094Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.53Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.21Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34.6Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35.4Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2010:198Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2010/08/20/2Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/42585Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/2430Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2011/0298Broken Link
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=625699Issue Tracking, Patch, Third Party Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FE382AE-9C6D-4BEB-8E3F-97B28833C183",
              "versionEndExcluding": "2.6.27.53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EE59977-7454-4176-A2D6-2302E120C851",
              "versionEndExcluding": "2.6.32.21",
              "versionStartIncluding": "2.6.32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "63D85B69-8DB7-4D3E-9354-CCBC549E7370",
              "versionEndExcluding": "2.6.34.6",
              "versionStartIncluding": "2.6.34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7A5EF87-D414-4E4D-A558-FDD6D1910A08",
              "versionEndExcluding": "2.6.35.4",
              "versionStartIncluding": "2.6.35",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*",
              "matchCriteriaId": "E44669D7-6C1E-4844-B78A-73E253A7CC17",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5646FDE9-CF21-46A9-B89D-F5BBDB4249AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "60FBDD82-691C-4D9D-B71B-F9AFF6931B53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_high_availability_extension:11:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "EB74DEB4-2BD1-4A65-AFDA-C331BC20C178",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_real_time:11:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "947E05EB-6995-47C1-BE9A-D22E3810533D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "EE26596F-F10E-44EF-88CA-0080646E91B9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Integer overflow in net/can/bcm.c in the Controller Area Network (CAN) implementation in the Linux kernel before 2.6.27.53, 2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2.6.35.x before 2.6.35.4 allows attackers to execute arbitrary code or cause a denial of service (system crash) via crafted CAN traffic."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de enterno en net/can/bcm en la implementaci\u00f3n Controller Area Network (CAN) del kernel de Linux anterior a v2.6.27.53, v2.6.32.x anterior a v2.6.32.21, v2.6.34.x anterior a v2.6.34.6, y v2.6.35.x anterior a v2.6.35.4, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n o provocar una denegaci\u00f3n de servicio (ca\u00edda de sistema) a trav\u00e9s de tr\u00e1fico CAN manipulado."
    }
  ],
  "id": "CVE-2010-2959",
  "lastModified": "2024-11-21T01:17:44.207",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-09-08T20:00:03.760",
  "references": [
    {
      "source": "security@ubuntu.com",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5b75c4973ce779520b9d1e392483207d6f842cde"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Exploit",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://jon.oberheide.org/files/i-can-haz-modharden.c"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/046947.html"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00005.html"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/41512"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2010/dsa-2094"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.53"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.21"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34.6"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35.4"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:198"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2010/08/20/2"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/42585"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/2430"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0298"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=625699"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5b75c4973ce779520b9d1e392483207d6f842cde"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://jon.oberheide.org/files/i-can-haz-modharden.c"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/046947.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00005.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/41512"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2010/dsa-2094"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.53"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.21"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34.6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35.4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:198"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2010/08/20/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/42585"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/2430"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0298"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=625699"
    }
  ],
  "sourceIdentifier": "security@ubuntu.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-190"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-05-16 11:45
Modified
2024-11-21 01:53
Severity ?
Summary
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335.
References
psirt@adobe.comhttp://lists.opensuse.org/opensuse-security-announce/2013-05/msg00003.htmlMailing List, Third Party Advisory
psirt@adobe.comhttp://lists.opensuse.org/opensuse-security-announce/2013-06/msg00003.htmlMailing List, Third Party Advisory
psirt@adobe.comhttp://lists.opensuse.org/opensuse-security-announce/2013-06/msg00010.htmlMailing List, Third Party Advisory
psirt@adobe.comhttp://rhn.redhat.com/errata/RHSA-2013-0825.htmlThird Party Advisory
psirt@adobe.comhttp://secunia.com/advisories/53442Broken Link
psirt@adobe.comhttp://www.adobe.com/support/security/bulletins/apsb13-14.htmlPatch, Vendor Advisory
psirt@adobe.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16846Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00003.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00003.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00010.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-0825.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/53442Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.adobe.com/support/security/bulletins/apsb13-14.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16846Third Party Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "323FE1A9-4C75-4C1A-9F56-F5B4495AEC0A",
              "versionEndExcluding": "10.3.183.86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "656D3B8A-252E-4688-B522-D83EEAB62C12",
              "versionEndExcluding": "11.7.700.202",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "323FE1A9-4C75-4C1A-9F56-F5B4495AEC0A",
              "versionEndExcluding": "10.3.183.86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1A023F2-EFCA-4C4E-82DB-0738C9A0E25D",
              "versionEndExcluding": "11.2.202.285",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "01E6E433-4508-4AE4-9E48-2226D2325EA8",
              "versionEndExcluding": "11.1.111.54",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F3C0381-865A-4176-A291-988E12612161",
              "versionEndIncluding": "2.3.7",
              "versionStartIncluding": "2.0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBEB1CC1-D410-4157-8BF3-8EB8BAC444DD",
              "versionEndIncluding": "3.2.6",
              "versionStartIncluding": "3.0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "21B67D38-F250-4D0C-8994-2C63C8461D88",
              "versionEndExcluding": "11.1.115.58",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "28F15E5A-D7B0-4473-8C4A-777881C4B3BE",
              "versionEndIncluding": "4.2",
              "versionStartIncluding": "4.0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "534967F9-2F81-458E-952E-A40F5B7465D2",
              "versionEndExcluding": "3.7.0.1860",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:adobe_air_sdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "77100403-7C1C-4B88-BBC7-494722F2637B",
              "versionEndExcluding": "3.7.0.1860",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:5.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "6252E88C-27FF-420D-A64A-C34124CF7E6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A8E07B7-3739-4BEB-88F8-C7F62431E889",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:5.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "237D0A52-5997-4557-9454-526BFDB64E12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EDC8561-5E0A-4692-BB71-C88ED7A1229F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:-:*:*:*",
              "matchCriteriaId": "4339DE06-19FB-4B8E-B6AE-3495F605AD05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "00720D8C-3FF3-4B1C-B74B-91F01A544399",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK \u0026 Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335."
    },
    {
      "lang": "es",
      "value": "Adobe Flash Player antes de v10.3.183.86 y v11.x antes de v11.7.700.202 para Windows y Mac OS X, antes de v10.3.183.86 y v11.x antes de v11.2.202.285 para Linux, antes de v11.1.111.54 para Android v2.x y v3.x, y antes de v11.1.115.58 para Android v4.x; Adobe AIR before v3.7.0.1860; y Adobe AIR SDK \u0026 Compiler antes de v3.7.0.1860 permite a atacantes ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicios (consumo de memoria) a trav\u00e9s de vectores sin especificar, una vulnerabilidad diferente a  CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, y CVE-2013-3335"
    }
  ],
  "id": "CVE-2013-3331",
  "lastModified": "2024-11-21T01:53:24.823",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-05-16T11:45:31.643",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00003.html"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00003.html"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00010.html"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0825.html"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/53442"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.adobe.com/support/security/bulletins/apsb13-14.html"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16846"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00010.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0825.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/53442"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.adobe.com/support/security/bulletins/apsb13-14.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16846"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-01-13 20:55
Modified
2024-11-21 01:48
Severity ?
Summary
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
References
security@mozilla.orghttp://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.htmlMailing List, Third Party Advisory
security@mozilla.orghttp://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.htmlMailing List, Third Party Advisory
security@mozilla.orghttp://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.htmlMailing List, Third Party Advisory
security@mozilla.orghttp://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.htmlMailing List, Third Party Advisory
security@mozilla.orghttp://www.mozilla.org/security/announce/2013/mfsa2013-01.htmlVendor Advisory
security@mozilla.orghttp://www.palemoon.org/releasenotes-ng.shtmlBroken Link
security@mozilla.orghttp://www.ubuntu.com/usn/USN-1681-1Third Party Advisory
security@mozilla.orghttp://www.ubuntu.com/usn/USN-1681-2Third Party Advisory
security@mozilla.orghttp://www.ubuntu.com/usn/USN-1681-4Third Party Advisory
security@mozilla.orghttps://bugzilla.mozilla.org/show_bug.cgi?id=785358Issue Tracking, Patch, Vendor Advisory
security@mozilla.orghttps://bugzilla.mozilla.org/show_bug.cgi?id=794426Issue Tracking, Patch, Vendor Advisory
security@mozilla.orghttps://bugzilla.mozilla.org/show_bug.cgi?id=805745Exploit, Issue Tracking, Vendor Advisory
security@mozilla.orghttps://bugzilla.mozilla.org/show_bug.cgi?id=805814Exploit, Issue Tracking, Vendor Advisory
security@mozilla.orghttps://bugzilla.mozilla.org/show_bug.cgi?id=808481Issue Tracking, Patch, Vendor Advisory
security@mozilla.orghttps://bugzilla.mozilla.org/show_bug.cgi?id=812847Issue Tracking, Vendor Advisory
security@mozilla.orghttps://bugzilla.mozilla.org/show_bug.cgi?id=814407Issue Tracking, Vendor Advisory
security@mozilla.orghttps://bugzilla.mozilla.org/show_bug.cgi?id=814839Issue Tracking, Vendor Advisory
security@mozilla.orghttps://bugzilla.mozilla.org/show_bug.cgi?id=816994Issue Tracking, Vendor Advisory
security@mozilla.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16953Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/security/announce/2013/mfsa2013-01.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.palemoon.org/releasenotes-ng.shtmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1681-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1681-2Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1681-4Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=785358Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=794426Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=805745Exploit, Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=805814Exploit, Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=808481Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=812847Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=814407Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=814839Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=816994Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16953Third Party Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B79F0682-C77C-4B65-B267-C370CFC70295",
              "versionEndExcluding": "18.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC13B81F-BA13-445C-9352-52C07DE5722C",
              "versionEndExcluding": "10.0.12",
              "versionStartIncluding": "10.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBE1BFA6-20EE-44C2-8D48-17CAF2EE2D30",
              "versionEndExcluding": "17.0.2",
              "versionStartIncluding": "17.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BA9E754-FE4D-4123-9FA8-E2AD38CC7320",
              "versionEndExcluding": "2.15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EAC3A76A-FEC9-461E-BA82-1D62DEB45B34",
              "versionEndExcluding": "17.0.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D45B1950-19B6-4C22-8828-6C203FA4804C",
              "versionEndExcluding": "10.0.12",
              "versionStartIncluding": "10.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCE07E1B-A9A5-44BC-98BB-A76B5F2EB133",
              "versionEndExcluding": "17.0.2",
              "versionStartIncluding": "17.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB2C482-D2A4-48B3-ACE7-E1DFDCC409B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "F0545634-EC4A-48E8-AB3D-49802FB11758",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "00720D8C-3FF3-4B1C-B74B-91F01A544399",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "A53FF936-C785-4CEF-BAD0-3C3EB90EE466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*",
              "matchCriteriaId": "88D6E858-FD8F-4C55-B7D5-CEEDA2BBA898",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*",
              "matchCriteriaId": "DB4D6749-81A1-41D7-BF4F-1C45A7F49A22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "436EF2ED-FDBB-4B64-8EC4-33C3E4253F06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "5AA37837-3083-4DC7-94F4-54FD5D7CB53C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*",
              "matchCriteriaId": "01EDA41C-6B2E-49AF-B503-EB3882265C11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades sin especificar en el motor de navegaci\u00f3n en Mozilla Firefox anterior a 18.0, Firefox ESR 10.x anterior a 10.0.12 y 17.x anterior a 17.0.2, Thunderbird anterior a 17.0.2, Thunderbird ESR 10.x anterior a 10.0.12 y 17.x anterior a 17.0.2, y SeaMonkey anterior a 2.15, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria y ca\u00edda de aplicaci\u00f3n) o posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores desconocidos."
    }
  ],
  "id": "CVE-2013-0749",
  "lastModified": "2024-11-21T01:48:07.540",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-01-13T20:55:01.667",
  "references": [
    {
      "source": "security@mozilla.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-01.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.palemoon.org/releasenotes-ng.shtml"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1681-1"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1681-2"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1681-4"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=785358"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=794426"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=805745"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=805814"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808481"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=812847"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=814407"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=814839"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=816994"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16953"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-01.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.palemoon.org/releasenotes-ng.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1681-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1681-2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1681-4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=785358"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=794426"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=805745"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=805814"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808481"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=812847"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=814407"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=814839"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=816994"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16953"
    }
  ],
  "sourceIdentifier": "security@mozilla.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2010-06-10 00:30
Modified
2024-11-21 01:12
Severity ?
Summary
OpenOffice.org 2.x and 3.0 before 3.2.1 allows user-assisted remote attackers to bypass Python macro security restrictions and execute arbitrary Python code via a crafted OpenDocument Text (ODT) file that triggers code execution when the macro directory structure is previewed.
References
cve@mitre.orghttp://lists.fedoraproject.org/pipermail/package-announce/2010-June/042468.htmlThird Party Advisory
cve@mitre.orghttp://lists.fedoraproject.org/pipermail/package-announce/2010-June/042529.htmlThird Party Advisory
cve@mitre.orghttp://lists.fedoraproject.org/pipermail/package-announce/2010-June/042534.htmlThird Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.htmlThird Party Advisory
cve@mitre.orghttp://secunia.com/advisories/40070Broken Link
cve@mitre.orghttp://secunia.com/advisories/40084Broken Link
cve@mitre.orghttp://secunia.com/advisories/40104Broken Link
cve@mitre.orghttp://secunia.com/advisories/40107Broken Link
cve@mitre.orghttp://secunia.com/advisories/41818Broken Link
cve@mitre.orghttp://secunia.com/advisories/60799Broken Link
cve@mitre.orghttp://ubuntu.com/usn/usn-949-1Third Party Advisory
cve@mitre.orghttp://www.debian.org/security/2010/dsa-2055Third Party Advisory
cve@mitre.orghttp://www.gentoo.org/security/en/glsa/glsa-201408-19.xmlThird Party Advisory
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDVSA-2010:221Broken Link
cve@mitre.orghttp://www.openoffice.org/security/cves/CVE-2010-0395.htmlVendor Advisory
cve@mitre.orghttp://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.htmlThird Party Advisory
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2010-0459.htmlBroken Link
cve@mitre.orghttp://www.us-cert.gov/cas/techalerts/TA10-287A.htmlThird Party Advisory, US Government Resource
cve@mitre.orghttp://www.vupen.com/english/advisories/2010/1350Broken Link, Patch
cve@mitre.orghttp://www.vupen.com/english/advisories/2010/1353Broken Link
cve@mitre.orghttp://www.vupen.com/english/advisories/2010/1366Broken Link
cve@mitre.orghttp://www.vupen.com/english/advisories/2010/1369Broken Link
cve@mitre.orghttp://www.vupen.com/english/advisories/2010/2905Broken Link
cve@mitre.orghttps://bugzilla.redhat.com/show_bug.cgi?id=574119Issue Tracking, Third Party Advisory
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11091Tool Signature
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042468.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042529.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042534.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/40070Broken Link
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/40084Broken Link
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/40104Broken Link
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/40107Broken Link
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/41818Broken Link
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/60799Broken Link
af854a3a-2127-422b-91ae-364da2661108http://ubuntu.com/usn/usn-949-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2010/dsa-2055Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-201408-19.xmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2010:221Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.openoffice.org/security/cves/CVE-2010-0395.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2010-0459.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA10-287A.htmlThird Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/1350Broken Link, Patch
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/1353Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/1366Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/1369Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/2905Broken Link
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=574119Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11091Tool Signature



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*",
              "matchCriteriaId": "7EBFE35C-E243-43D1-883D-4398D71763CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5D026D0-EF78-438D-BEDD-FC8571F3ACEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2BCB73E-27BB-4878-AD9C-90C4F20C25A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*",
              "matchCriteriaId": "01EDA41C-6B2E-49AF-B503-EB3882265C11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3BB5EDB-520B-4DEF-B06E-65CA13152824",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*",
              "matchCriteriaId": "E44669D7-6C1E-4844-B78A-73E253A7CC17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2D59BD0-43DE-4E58-A057-640AB98359A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B42AB65-443B-4655-BAEA-4EB4A43D9509",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBF7B6A8-3DF9-46EC-A90E-6EF68C39F883",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A01C8B7E-EB19-40EA-B1D2-9AE5EA536C95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "1E496249-23A8-42FC-A109-634A54B5600F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:-:*:*:*:*:*:*",
              "matchCriteriaId": "CC6C1408-671A-4436-A825-12170CFB5C9A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:openoffice:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C58D20E-D9F0-4E58-A3C3-2E34C5629324",
              "versionEndExcluding": "3.2.1",
              "versionStartIncluding": "2.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "OpenOffice.org 2.x and 3.0 before 3.2.1 allows user-assisted remote attackers to bypass Python macro security restrictions and execute arbitrary Python code via a crafted OpenDocument Text (ODT) file that triggers code execution when the macro directory structure is previewed."
    },
    {
      "lang": "es",
      "value": "OpenOffice.org v2.x y v3.0 anterior v3.2.1 permite a atacantes remotos asistidos por usuarios supera las restricciones macro de seguridad de Python y ejecutar c\u00f3digo Python de su elecci\u00f3n a trav\u00e9s de un fichero de texto OpenDocument manipulado lo cual ocasiona la ejecuci\u00f3n de c\u00f3digo cuando la estructura directorio macro es previsualizada."
    }
  ],
  "id": "CVE-2010-0395",
  "lastModified": "2024-11-21T01:12:07.833",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2010-06-10T00:30:07.317",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042468.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042529.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042534.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/40070"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/40084"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/40104"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/40107"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/41818"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/60799"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://ubuntu.com/usn/usn-949-1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2010/dsa-2055"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:221"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.openoffice.org/security/cves/CVE-2010-0395.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0459.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Patch"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/1350"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/1353"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/1366"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/1369"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/2905"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=574119"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Tool Signature"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11091"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042468.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042529.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042534.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/40070"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/40084"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/40104"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/40107"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/41818"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/60799"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://ubuntu.com/usn/usn-949-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2010/dsa-2055"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:221"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.openoffice.org/security/cves/CVE-2010-0395.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0459.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Patch"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/1350"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/1353"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/1366"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/1369"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/2905"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=574119"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Tool Signature"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11091"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}