Vulnerabilites related to suse - linux_enterprise_desktop
Vulnerability from fkie_nvd
Published
2010-12-30 19:00
Modified
2024-11-21 01:19
Severity ?
Summary
The econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2, when an econet address is configured, allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a sendmsg call that specifies a NULL value for the remote address field.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
linux | linux_kernel | * | |
suse | linux_enterprise_desktop | 10 | |
suse | linux_enterprise_real_time_extension | 11 | |
suse | linux_enterprise_server | 9 | |
suse | linux_enterprise_server | 10 | |
suse | linux_enterprise_software_development_kit | 10 | |
debian | debian_linux | 5.0 | |
canonical | ubuntu_linux | 6.06 | |
canonical | ubuntu_linux | 8.04 | |
canonical | ubuntu_linux | 9.10 | |
canonical | ubuntu_linux | 10.04 | |
canonical | ubuntu_linux | 10.10 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "056295BE-D525-4749-887C-CDE2755A6FA6", "versionEndExcluding": "2.6.36.2", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp3:*:*:*:*:*:*", "matchCriteriaId": "1E496249-23A8-42FC-A109-634A54B5600F", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp1:*:*:*:*:*:*", "matchCriteriaId": "640FB29C-1A84-41E1-86DE-B542EA0EF153", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*", "matchCriteriaId": "4CD2D897-E321-4CED-92E0-11A98B52053C", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:*:*:*:*", "matchCriteriaId": "25CBACD3-AFB7-410D-927F-0C1FF477D396", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp3:*:*:*:*:*:*", "matchCriteriaId": "3DB8A616-865B-4E70-BA2E-BE5F0BA7A351", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*", "matchCriteriaId": "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*", "matchCriteriaId": "7EBFE35C-E243-43D1-883D-4398D71763CC", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*", "matchCriteriaId": "A2BCB73E-27BB-4878-AD9C-90C4F20C25A0", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*", "matchCriteriaId": "01EDA41C-6B2E-49AF-B503-EB3882265C11", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*", "matchCriteriaId": "87614B58-24AB-49FB-9C84-E8DDBA16353B", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2, when an econet address is configured, allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a sendmsg call that specifies a NULL value for the remote address field." }, { "lang": "es", "value": "La funci\u00f3n econet_sendmsg en net/econet/af_econet.c en el kernel de Linux anteriores a v2.6.36.2, cuando se configura una direcci\u00f3n econet, permite a usuarios locales causar una denegaci\u00f3n de servicio (desreferencia a puntero NULL y OOPS) a trav\u00e9s de una llamada sendmsg que especifica un valor NULL para el campo de direcci\u00f3n remota." } ], "id": "CVE-2010-3849", "lastModified": "2024-11-21T01:19:44.977", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.7, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0" }, "exploitabilityScore": 3.4, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2010-12-30T19:00:03.533", "references": [ { "source": "secalert@redhat.com", "tags": [ "Broken Link" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-12/0086.html" }, { "source": "secalert@redhat.com", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fa0e846494792e722d817b9d3d625a4ef4896c96" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00007.html" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "http://openwall.com/lists/oss-security/2010/11/30/1" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/43056" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/43291" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2010/dsa-2126" }, { "source": "secalert@redhat.com", "tags": [ "Broken Link" ], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:257" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-1023-1" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://www.vupen.com/english/advisories/2011/0213" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://www.vupen.com/english/advisories/2011/0298" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://www.vupen.com/english/advisories/2011/0375" }, { "source": "secalert@redhat.com", "tags": [ "Issue Tracking", "Patch", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=644156" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-12/0086.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fa0e846494792e722d817b9d3d625a4ef4896c96" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00007.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "http://openwall.com/lists/oss-security/2010/11/30/1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/43056" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/43291" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2010/dsa-2126" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:257" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-1023-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.vupen.com/english/advisories/2011/0213" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.vupen.com/english/advisories/2011/0298" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.vupen.com/english/advisories/2011/0375" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Patch", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=644156" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-476" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2014-03-19 10:55
Modified
2024-11-21 02:04
Severity ?
Summary
The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not properly validate a certain key type, which allows remote attackers to cause a denial of service (application crash) via vectors that trigger generation of a key that supports the Elliptic Curve ec-dual-use algorithm.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
suse | linux_enterprise_desktop | 11 | |
suse | linux_enterprise_server | 11 | |
suse | linux_enterprise_server | 11 | |
suse | linux_enterprise_software_development_kit | 11 | |
oracle | solaris | 11.3 | |
opensuse | opensuse | 13.1 | |
opensuse_project | opensuse | 11.4 | |
opensuse_project | opensuse | 12.3 | |
mozilla | seamonkey | * | |
mozilla | firefox | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*", "matchCriteriaId": "3ED68ADD-BBDA-4485-BC76-58F011D72311", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:*:*:*", "matchCriteriaId": "8B072472-B463-4647-885D-E40B0115C810", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*", "matchCriteriaId": "2470C6E8-2024-4CF5-9982-CFF50E88EAE9", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*", "matchCriteriaId": "2F7F8866-DEAD-44D1-AB10-21EE611AA026", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse_project:opensuse:11.4:*:*:*:*:*:*:*", "matchCriteriaId": "EE8EFFB8-9411-4826-9BFC-A06BA042FC30", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse_project:opensuse:12.3:*:*:*:*:*:*:*", "matchCriteriaId": "1B91DE6A-D759-4B2C-982B-AF036B43798D", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*", "matchCriteriaId": "097F1C3A-4546-43F3-8CC2-50F8AF05B791", "versionEndExcluding": "2.25", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "422EC5FE-DA03-4C14-ADED-D6212BE074D5", "versionEndExcluding": "28.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not properly validate a certain key type, which allows remote attackers to cause a denial of service (application crash) via vectors that trigger generation of a key that supports the Elliptic Curve ec-dual-use algorithm." }, { "lang": "es", "value": "El m\u00e9todo crypto.generateCRMFRequest en Mozilla Firefox anterior a 28.0 y SeaMonkey anterior a 2.25 no valida debidamente cierto tipo de clave, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de vectores que provocan la generaci\u00f3n de una clave que soporta el algoritmo Elliptic Curve ec-dual-use." } ], "id": "CVE-2014-1498", "lastModified": "2024-11-21T02:04:24.647", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2014-03-19T10:55:06.350", "references": [ { "source": "security@mozilla.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html" }, { "source": "security@mozilla.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" }, { "source": "security@mozilla.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html" }, { "source": "security@mozilla.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00016.html" }, { "source": "security@mozilla.org", "tags": [ "Vendor Advisory" ], "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-18.html" }, { "source": "security@mozilla.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "source": "security@mozilla.org", "tags": [ "Issue Tracking", "Vendor Advisory" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=935618" }, { "source": "security@mozilla.org", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201504-01" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00016.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-18.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Vendor Advisory" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=935618" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201504-01" } ], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-347" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2016-06-16 14:59
Modified
2024-11-21 02:51
Severity ?
Summary
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*", "matchCriteriaId": "39AF0D5D-0C43-4290-B815-19DB07A2FC1A", "versionEndIncluding": "21.0.0.242", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player_desktop_runtime:*:*:*:*:*:*:*:*", "matchCriteriaId": "EC2F8B78-73CC-44EC-BACF-A2878252992B", "versionEndIncluding": "21.0.0.242", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E", "vulnerable": false }, { "criteria": "cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*", "matchCriteriaId": "D32ACF6F-5FF7-4815-8EAD-4719F5FC9B79", "vulnerable": false }, { "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "matchCriteriaId": "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*", "matchCriteriaId": "E51D60E3-00C6-459E-B2B9-CA7E25D02FDA", "versionEndIncluding": "21.0.0.242", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer_11:*:*", "matchCriteriaId": "B1E62C9B-698D-4B21-B513-11F59AC95187", "versionEndIncluding": "21.0.0.242", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "matchCriteriaId": "363B5A6C-BEE3-4141-8CDD-C1EA06FAD441", "versionEndIncluding": "11.2.202.621", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:esr:*:*:*", "matchCriteriaId": "80E80DEC-4724-49F4-BD19-4687A83CA56E", "versionEndIncluding": "18.0.0.352", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*", "matchCriteriaId": "D2DF4815-B8CB-4AD3-B91D-2E09A8E318E9", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*", "matchCriteriaId": "3A0BA503-3F96-48DA-AF47-FBA37A9D0C48", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:-:*:*:*:*:*:*", "matchCriteriaId": "028ABA8F-4E7B-4CD0-B6FC-3A0941E254BA", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:sp1:*:*:*:*:*:*", "matchCriteriaId": "ED540469-C4DD-485D-9B89-6877B2A74217", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:adobe:flash_player:-:*:*:*:*:*:*:*", "matchCriteriaId": "6EC5FACD-13BC-44E3-8EE1-032CE02760DF", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*", "matchCriteriaId": "232581CC-130A-4C62-A7E9-2EC9A9364D53", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "matchCriteriaId": "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "matchCriteriaId": "C6CE5198-C498-4672-AF4C-77AB4BE06C5C", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:r2:*:*:*:*:*:*", "matchCriteriaId": "5F2558DF-2D1F-46BA-ABF1-08522D33268E", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083." }, { "lang": "es", "value": "Vulnerabilidad no especificada en Adobe Flash Player 21.0.0.242 y versiones anteriores, tal como se utiliza en las librer\u00edas Adobe Flash en Microsoft Internet Explorer 10 y 11 y Microsoft Edge, tiene vectores de ataque e impacto no conocidos, una vulnerabiliad diferente a otras CVEs listadas en MS16-083." } ], "id": "CVE-2016-4147", "lastModified": "2024-11-21T02:51:29.067", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2016-06-16T14:59:29.107", "references": [ { "source": "psirt@adobe.com", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html" }, { "source": "psirt@adobe.com", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html" }, { "source": "psirt@adobe.com", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html" }, { "source": "psirt@adobe.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1036117" }, { "source": "psirt@adobe.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2016:1238" }, { "source": "psirt@adobe.com", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083" }, { "source": "psirt@adobe.com", "tags": [ "Vendor Advisory" ], "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1036117" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2016:1238" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html" } ], "sourceIdentifier": "psirt@adobe.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2013-07-23 11:03
Modified
2024-11-21 01:54
Severity ?
Summary
XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Java SE Embedded 7u40 and earlier, and possibly other products allows remote attackers to cause a denial of service via vectors related to XML attribute names.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:java:5.0.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "03D3F84F-3F6E-4DF1-B162-152293D951EA", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:java:5.0.11.0:*:*:*:*:*:*:*", "matchCriteriaId": "A18121C3-F3F1-4EC7-A64E-3F6A0C9788C8", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:java:5.0.11.1:*:*:*:*:*:*:*", "matchCriteriaId": "BAD59912-7325-4AE1-ACCF-D4F804AF3947", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:java:5.0.11.2:*:*:*:*:*:*:*", "matchCriteriaId": "62783157-E3B6-4A23-8D2F-1FBD0762E9A0", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:java:5.0.12.0:*:*:*:*:*:*:*", "matchCriteriaId": "14CC0D53-8AB8-4D44-82BB-0E6A974C36AB", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:java:5.0.12.1:*:*:*:*:*:*:*", "matchCriteriaId": "91A3129F-17A6-4F32-BD5D-34E4A1D1A840", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:java:5.0.12.2:*:*:*:*:*:*:*", "matchCriteriaId": "E2845FF4-2620-4B8D-96CF-CC26B3DEA3C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:java:5.0.12.3:*:*:*:*:*:*:*", "matchCriteriaId": "CC7CD279-54B6-4F6B-AE14-299FB319C690", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:java:5.0.12.4:*:*:*:*:*:*:*", "matchCriteriaId": "0EA269CA-4676-4008-89EF-20FAB89886A1", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:java:5.0.12.5:*:*:*:*:*:*:*", "matchCriteriaId": "D22105B6-1378-4E1C-B28A-FCAE00A2D5CF", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:java:5.0.13.0:*:*:*:*:*:*:*", "matchCriteriaId": "601762D3-1188-4945-931D-EB8DAC2847A1", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:java:5.0.14.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA4A30A6-498C-46B8-8EFC-45EB13354EAF", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:java:5.0.15.0:*:*:*:*:*:*:*", "matchCriteriaId": "414CC00A-C797-4C34-8709-75DC061DCDE1", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:java:5.0.16.0:*:*:*:*:*:*:*", "matchCriteriaId": "4401B967-0550-44F1-8753-9632120D2A44", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:java:5.0.16.1:*:*:*:*:*:*:*", "matchCriteriaId": "4961693D-F56C-46CD-B721-6A15E2837C17", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:java:5.0.16.2:*:*:*:*:*:*:*", "matchCriteriaId": "AA4FBB66-CF6A-42D2-B122-1861F4139E75", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:java:6.0.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "14AD4A87-382A-41F0-96D8-0F0A9B738773", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:java:6.0.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "33701DDF-6882-41D3-A11B-A1F4585A77A7", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:java:6.0.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "25C58BBA-06AC-40CD-A906-FD1B3B0AAB69", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:java:6.0.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "76C5B430-EE11-4674-B4B0-895D66E3B32F", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:java:6.0.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "B1837D84-6B4F-40D8-9A3F-71C328F659BA", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:java:6.0.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "D20A369B-2168-4883-A84C-BB48A71AFB33", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:java:6.0.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "3628AAB4-E524-46E5-AAF4-1980256F13CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:java:6.0.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "30DC9FE3-CDE9-4F83-989B-4E431BA18B56", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:java:6.0.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C17B1C6B-04CE-49FB-B9BD-98ECD626B26F", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:java:6.0.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "81F529EB-2BCA-4E3E-93E4-2A9880CDA367", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:java:6.0.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "8DEAC3D6-F9F8-4F82-9BF1-FF0EC07A3274", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:java:6.0.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "7694638C-CDAC-44DF-B9F9-F7237CD98017", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:java:6.0.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "23903A3C-1760-4836-BAE6-BDD32CBB4CBD", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:java:6.0.10.0:*:*:*:*:*:*:*", "matchCriteriaId": "2477E033-D26B-4D71-839B-5FE4B0927559", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:java:6.0.10.1:*:*:*:*:*:*:*", "matchCriteriaId": "B1CAB7BF-265E-411D-A584-E78DE171F065", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:java:6.0.11.0:*:*:*:*:*:*:*", "matchCriteriaId": "4E45F670-232F-4CE5-8926-6463E5619506", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:java:6.0.12.0:*:*:*:*:*:*:*", "matchCriteriaId": "5B70E6E3-15B3-4D48-AE49-B9184A58EECE", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:java:6.0.13.0:*:*:*:*:*:*:*", "matchCriteriaId": "D5BCE3FD-B89B-4141-8103-9DB941AD60D0", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:java:6.0.13.1:*:*:*:*:*:*:*", "matchCriteriaId": "8EADFB3B-738F-4919-B165-9ECEED46EA6C", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:java:6.0.13.2:*:*:*:*:*:*:*", "matchCriteriaId": "B23A5431-E599-4848-AB83-B299898F5EF0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:java:7.0.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "9A8BF650-B8F5-467E-8DBF-81788B55F345", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:java:7.0.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "1752A831-916F-4A7D-8AAE-1CEFACC51F91", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:java:7.0.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "0C9744C4-76BE-428B-AFF2-5BCE00A58322", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:java:7.0.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "48B1DE45-90F9-416B-9087-8AEF5B0A3C46", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:java:7.0.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "9EF6A045-0DF6-463B-A0DB-6C31D8C2984C", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:java:7.0.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "A731493C-9B46-4105-9902-B15BA0E0FB11", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:java:7.0.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "49454369-A494-4EAA-88D5-181570DEBB4A", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:jdk:1.5.0:update51:*:*:*:*:*:*", "matchCriteriaId": "04C71221-E477-4DF8-B10A-3AC64511E4EE", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update60:*:*:*:*:*:*", "matchCriteriaId": "FF7DE0E6-F329-417B-8035-B4EBF9C97483", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update40:*:*:*:*:*:*", "matchCriteriaId": "220536FA-695D-4DE8-9813-494E3D061B78", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.5.0:update51:*:*:*:*:*:*", "matchCriteriaId": "ACB55CC5-0EC7-44B2-B5A9-A5B1EE584791", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update60:*:*:*:*:*:*", "matchCriteriaId": "4F6B5E73-6751-475A-B9BF-3414D3476208", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update40:*:*:*:*:*:*", "matchCriteriaId": "7CB654DC-1D3D-4475-8815-335AC573F54C", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jrockit:*:*:*:*:*:*:*:*", "matchCriteriaId": "DF26274E-5364-4FC1-9603-A78C365596DB", "versionEndIncluding": "r27.7.6", "versionStartIncluding": "r27.7.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jrockit:*:*:*:*:*:*:*:*", "matchCriteriaId": "583E7A18-48C5-4AEE-A9C1-239D678E275A", "versionEndIncluding": "r28.2.8", "versionStartIncluding": "r28.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:sterling_b2b_integrator:5.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "CF65201D-8980-450A-A542-3B5473A6F374", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:host_on-demand:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "E51D5AEF-B3D4-4782-9988-BC1DB3F3F296", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:host_on-demand:11.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "E179FC2F-C700-4998-9D7A-3B945874CAC1", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:host_on-demand:11.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "2341D5E7-15CD-4C8F-ABE8-AA915BFA2804", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:host_on-demand:11.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "474DC3BA-27F2-452A-85AD-BCC476EDD35B", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:host_on-demand:11.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "997CA07C-EBB7-4D7F-AF23-A161817BF4A9", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:host_on-demand:11.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "5BFE87FC-7B77-4840-8185-1707CB37323B", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:host_on-demand:11.0.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "C77DD8B3-A227-4350-8699-FEC822119393", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:host_on-demand:11.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "1FA56704-18EB-4F3B-A36F-BCEF67B07C0F", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:host_on-demand:11.0.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "420CC5FF-0300-4FA7-AB53-78C1A0B83C11", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:host_on-demand:11.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "B7132A0E-C2A1-403E-9516-A6911563D7B9", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:host_on-demand:11.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "F32CA797-ED68-426E-9370-E16C90075E01", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "BB2F6EF3-721A-43AB-AAFD-BE3EEDB0AA61", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89", "vulnerable": false }, { "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false }, { "criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*", "matchCriteriaId": "F5027746-8216-452D-83C5-2F8E9546F2A5", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:sterling_b2b_integrator:5.1:*:*:*:*:*:*:*", "matchCriteriaId": "40363692-5283-4D0C-BAE1-C049C02A0294", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:sterling_b2b_integrator:5.2:*:*:*:*:*:*:*", "matchCriteriaId": "F805BA3A-178D-416E-9DED-4258F71A17C8", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:sterling_file_gateway:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "9A40AC14-AC2B-4A0D-A9CC-3A00B48D8975", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:sterling_file_gateway:2.2:*:*:*:*:*:*:*", "matchCriteriaId": "1554D69E-D68E-46CA-B1F7-C24CAABF58E8", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*", "matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C", "vulnerable": false }, { "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89", "vulnerable": false }, { "criteria": "cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:*", "matchCriteriaId": "C684FC45-C9BA-4EF0-BD06-BB289450DD21", "vulnerable": false }, { "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false }, { "criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*", "matchCriteriaId": "F5027746-8216-452D-83C5-2F8E9546F2A5", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*", "matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:-:*:*:*", "matchCriteriaId": "4339DE06-19FB-4B8E-B6AE-3495F605AD05", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*", "matchCriteriaId": "3ED68ADD-BBDA-4485-BC76-58F011D72311", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_java:10:sp4:*:*:*:*:*:*", "matchCriteriaId": "3CF5C5B9-2CB9-4CD8-B94F-A674ED909CC3", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_java:11:sp2:*:*:*:*:*:*", "matchCriteriaId": "252CF7A7-3FEB-4503-AEE8-B67139C5B0D5", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_java:11:sp3:*:*:*:*:*:*", "matchCriteriaId": "79D7DBBA-6849-45F7-AFEF-C765569C481A", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_sdk:11:sp2:*:*:*:*:*:*", "matchCriteriaId": "2C634990-2690-4E3B-B21F-6687A6A34644", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_sdk:11:sp3:*:*:*:*:*:*", "matchCriteriaId": "73B7BC23-6CCA-41B2-8F61-EDB95F1AFB1D", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*", "matchCriteriaId": "4CD2D897-E321-4CED-92E0-11A98B52053C", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:ltss:*:*:*", "matchCriteriaId": "CED02712-1031-4206-AC4D-E68710F46EC9", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:-:*:*:*", "matchCriteriaId": "D1D7B467-58DD-45F1-9F1F-632620DF072A", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*", "matchCriteriaId": "88D6E858-FD8F-4C55-B7D5-CEEDA2BBA898", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*", "matchCriteriaId": "DB4D6749-81A1-41D7-BF4F-1C45A7F49A22", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*", "matchCriteriaId": "E534C201-BCC5-473C-AAA7-AAB97CEB5437", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*", "matchCriteriaId": "2470C6E8-2024-4CF5-9982-CFF50E88EAE9", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*", "matchCriteriaId": "01EDA41C-6B2E-49AF-B503-EB3882265C11", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*", "matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*", "matchCriteriaId": "EFAA48D9-BEB4-4E49-AD50-325C262D46D9", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*", "matchCriteriaId": "7F61F047-129C-41A6-8A27-FFCBB8563E91", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:apache:xerces2_java:*:*:*:*:*:*:*:*", "matchCriteriaId": "8CFD62E4-794A-43C0-8C65-A44D970D1569", "versionEndExcluding": "2.12.0", "versionStartIncluding": "2.4.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Java SE Embedded 7u40 and earlier, and possibly other products allows remote attackers to cause a denial of service via vectors related to XML attribute names." }, { "lang": "es", "value": "XMLscanner.java en Apache Xerces2 Java Parser, en versiones anteriores a la 2.12.0, tal y como se emple\u00f3 en Java Runtime Environment (JRE) en IBM Java, en versiones 5.0 anteriores a la 5.0 SR16-FP3, 6 anteriores a la 6 SR14, 6.0.1 anteriores a la 6.0.1 SR6 y 7 anteriores a la 7 SR5, as\u00ed como en Oracle Java SE 7u40 y anteriores, Java SE 6u60 y anteriores, Java SE 5.0u51 y anteriores, JRockit R28.2.8 y anteriores, JRockit R27.7.6 y anteriores, Java SE Embedded 7u40 y anteriores y, posiblemente, otros productos, permite que los atacantes remotos realicen una denegaci\u00f3n de servicio (DoS) mediante vectores relacionados con los nombres de atributo XML." } ], "id": "CVE-2013-4002", "lastModified": "2024-11-21T01:54:41.567", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2013-07-23T11:03:19.790", "references": [ { "source": "psirt@us.ibm.com", "tags": [ "Broken Link", "Mailing List" ], "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.html" }, { "source": "psirt@us.ibm.com", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html" }, { "source": "psirt@us.ibm.com", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html" }, { "source": "psirt@us.ibm.com", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html" }, { "source": "psirt@us.ibm.com", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html" }, { "source": "psirt@us.ibm.com", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html" }, { "source": "psirt@us.ibm.com", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html" }, { "source": "psirt@us.ibm.com", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00010.html" }, { "source": "psirt@us.ibm.com", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00023.html" }, { "source": "psirt@us.ibm.com", "tags": [ "Issue Tracking", "Mailing List", "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=138674031212883\u0026w=2" }, { "source": "psirt@us.ibm.com", "tags": [ "Issue Tracking", "Mailing List", "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=138674073720143\u0026w=2" }, { "source": "psirt@us.ibm.com", "tags": [ "Broken Link" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1059.html" }, { "source": "psirt@us.ibm.com", "tags": [ "Broken Link" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1060.html" }, { "source": "psirt@us.ibm.com", "tags": [ "Broken Link" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1081.html" }, { "source": "psirt@us.ibm.com", "tags": [ "Broken Link" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1440.html" }, { "source": "psirt@us.ibm.com", "tags": [ "Broken Link" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1447.html" }, { "source": "psirt@us.ibm.com", "tags": [ "Broken Link" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1451.html" }, { "source": "psirt@us.ibm.com", "tags": [ "Broken Link" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1505.html" }, { "source": "psirt@us.ibm.com", "tags": [ "Broken Link" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1818.html" }, { "source": "psirt@us.ibm.com", "tags": [ "Broken Link" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1821.html" }, { "source": "psirt@us.ibm.com", "tags": [ "Broken Link" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1822.html" }, { "source": "psirt@us.ibm.com", "tags": [ "Broken Link" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1823.html" }, { "source": "psirt@us.ibm.com", "tags": [ "Broken Link" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html" }, { "source": "psirt@us.ibm.com", "tags": [ "Broken Link" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html" }, { "source": "psirt@us.ibm.com", "tags": [ "Broken Link" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html" }, { "source": "psirt@us.ibm.com", "tags": [ "Broken Link" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0773.html" }, { "source": "psirt@us.ibm.com", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/56257" }, { "source": "psirt@us.ibm.com", "tags": [ "Third Party Advisory" ], "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" }, { "source": "psirt@us.ibm.com", "tags": [ "Third Party Advisory" ], "url": "http://support.apple.com/kb/HT5982" }, { "source": "psirt@us.ibm.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=965250\u0026r2=1499506\u0026view=patch" }, { "source": "psirt@us.ibm.com", "tags": [ "Vendor Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC98015" }, { "source": "psirt@us.ibm.com", "tags": [ "Vendor Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644197" }, { "source": "psirt@us.ibm.com", "tags": [ "Vendor Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21653371" }, { "source": "psirt@us.ibm.com", "tags": [ "Vendor Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21657539" }, { "source": "psirt@us.ibm.com", "tags": [ "Third Party Advisory" ], "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html" }, { "source": "psirt@us.ibm.com", "tags": [ "Vendor Advisory" ], "url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_filenet_content_manager_and_ibm_content_foundation_xml_4j_denial_of_service_attack_cve_2013_4002" }, { "source": "psirt@us.ibm.com", "tags": [ "Vendor Advisory" ], "url": "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_July_2013" }, { "source": "psirt@us.ibm.com", "tags": [ "Broken Link" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg21648172" }, { "source": "psirt@us.ibm.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/61310" }, { "source": "psirt@us.ibm.com", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2033-1" }, { "source": "psirt@us.ibm.com", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2089-1" }, { "source": "psirt@us.ibm.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2014:0414" }, { "source": "psirt@us.ibm.com", "tags": [ "VDB Entry", "Vendor Advisory" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85260" }, { "source": "psirt@us.ibm.com", "tags": [ "Issue Tracking", "Vendor Advisory" ], "url": "https://issues.apache.org/jira/browse/XERCESJ-1679" }, { "source": "psirt@us.ibm.com", "url": "https://lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73%40%3Cj-users.xerces.apache.org%3E" }, { "source": "psirt@us.ibm.com", "url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E" }, { "source": "psirt@us.ibm.com", "url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E" }, { "source": "psirt@us.ibm.com", "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "source": "psirt@us.ibm.com", "tags": [ "Third Party Advisory" ], "url": "https://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Mailing List" ], "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00010.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00023.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Mailing List", "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=138674031212883\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Mailing List", "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=138674073720143\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1059.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1060.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1081.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1440.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1447.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1451.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1505.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1818.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1821.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1822.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1823.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0773.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/56257" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://support.apple.com/kb/HT5982" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=965250\u0026r2=1499506\u0026view=patch" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC98015" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644197" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21653371" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21657539" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_filenet_content_manager_and_ibm_content_foundation_xml_4j_denial_of_service_attack_cve_2013_4002" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_July_2013" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg21648172" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/61310" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2033-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2089-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2014:0414" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "VDB Entry", "Vendor Advisory" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85260" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Vendor Advisory" ], "url": "https://issues.apache.org/jira/browse/XERCESJ-1679" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73%40%3Cj-users.xerces.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html" } ], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2013-05-16 11:45
Modified
2024-11-21 01:53
Severity ?
Summary
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
adobe | flash_player | * | |
adobe | flash_player | * | |
apple | mac_os_x | * | |
microsoft | windows | * | |
adobe | flash_player | * | |
adobe | flash_player | * | |
linux | linux_kernel | * | |
adobe | flash_player | * | |
android | * | ||
android | * | ||
adobe | flash_player | * | |
android | * | ||
adobe | adobe_air | * | |
adobe | adobe_air_sdk | * | |
redhat | enterprise_linux_desktop | 6.0 | |
redhat | enterprise_linux_eus | 5.9 | |
redhat | enterprise_linux_eus | 6.4 | |
redhat | enterprise_linux_server | 6.0 | |
redhat | enterprise_linux_server_eus | 5.9 | |
redhat | enterprise_linux_server_eus | 6.4 | |
redhat | enterprise_linux_workstation | 6.0 | |
opensuse | opensuse | 11.4 | |
opensuse | opensuse | 12.2 | |
opensuse | opensuse | 12.3 | |
suse | linux_enterprise_desktop | 10 | |
suse | linux_enterprise_desktop | 11 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "matchCriteriaId": "323FE1A9-4C75-4C1A-9F56-F5B4495AEC0A", "versionEndExcluding": "10.3.183.86", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "matchCriteriaId": "656D3B8A-252E-4688-B522-D83EEAB62C12", "versionEndExcluding": "11.7.700.202", "versionStartIncluding": "11.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "matchCriteriaId": "323FE1A9-4C75-4C1A-9F56-F5B4495AEC0A", "versionEndExcluding": "10.3.183.86", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "matchCriteriaId": "D1A023F2-EFCA-4C4E-82DB-0738C9A0E25D", "versionEndExcluding": "11.2.202.285", "versionStartIncluding": "11.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "matchCriteriaId": "01E6E433-4508-4AE4-9E48-2226D2325EA8", "versionEndExcluding": "11.1.111.54", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", "matchCriteriaId": "1F3C0381-865A-4176-A291-988E12612161", "versionEndIncluding": "2.3.7", "versionStartIncluding": "2.0", "vulnerable": false }, { "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", "matchCriteriaId": "EBEB1CC1-D410-4157-8BF3-8EB8BAC444DD", "versionEndIncluding": "3.2.6", "versionStartIncluding": "3.0", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "matchCriteriaId": "21B67D38-F250-4D0C-8994-2C63C8461D88", "versionEndExcluding": "11.1.115.58", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", "matchCriteriaId": "28F15E5A-D7B0-4473-8C4A-777881C4B3BE", "versionEndIncluding": "4.2", "versionStartIncluding": "4.0", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*", "matchCriteriaId": "534967F9-2F81-458E-952E-A40F5B7465D2", "versionEndExcluding": "3.7.0.1860", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:adobe_air_sdk:*:*:*:*:*:*:*:*", "matchCriteriaId": "77100403-7C1C-4B88-BBC7-494722F2637B", "versionEndExcluding": "3.7.0.1860", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:5.9:*:*:*:*:*:*:*", "matchCriteriaId": "6252E88C-27FF-420D-A64A-C34124CF7E6A", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:6.4:*:*:*:*:*:*:*", "matchCriteriaId": "8A8E07B7-3739-4BEB-88F8-C7F62431E889", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:5.9:*:*:*:*:*:*:*", "matchCriteriaId": "237D0A52-5997-4557-9454-526BFDB64E12", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.4:*:*:*:*:*:*:*", "matchCriteriaId": "2EDC8561-5E0A-4692-BB71-C88ED7A1229F", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*", "matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*", "matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:-:*:*:*", "matchCriteriaId": "4339DE06-19FB-4B8E-B6AE-3495F605AD05", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*", "matchCriteriaId": "00720D8C-3FF3-4B1C-B74B-91F01A544399", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK \u0026 Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335." }, { "lang": "es", "value": "Adobe Flash Player antes de v10.3.183.86 y v11.x antes de v11.7.700.202 para Windows y Mac OS X, antes de v10.3.183.86 y v11.x antes de v11.2.202.285 para Linux, antes de v11.1.111.54 para Android v2.x y v3.x, y antes de v11.1.115.58 para Android v4.x; Adobe AIR before v3.7.0.1860; y Adobe AIR SDK \u0026 Compiler antes de v3.7.0.1860 permite a atacantes ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicios (consumo de memoria) a trav\u00e9s de vectores sin especificar, una vulnerabilidad diferente a CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, y CVE-2013-3335." } ], "id": "CVE-2013-3327", "lastModified": "2024-11-21T01:53:24.273", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2013-05-16T11:45:31.560", "references": [ { "source": "psirt@adobe.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00003.html" }, { "source": "psirt@adobe.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00003.html" }, { "source": "psirt@adobe.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00010.html" }, { "source": "psirt@adobe.com", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0825.html" }, { "source": "psirt@adobe.com", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/53442" }, { "source": "psirt@adobe.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.adobe.com/support/security/bulletins/apsb13-14.html" }, { "source": "psirt@adobe.com", "tags": [ "Third Party Advisory" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16897" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00003.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00003.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00010.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0825.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/53442" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.adobe.com/support/security/bulletins/apsb13-14.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16897" } ], "sourceIdentifier": "psirt@adobe.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-119" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2014-10-15 22:55
Modified
2024-11-21 02:14
Severity ?
Summary
Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB FULLTEXT SEARCH DML.
References
▼ | URL | Tags | |
---|---|---|---|
secalert_us@oracle.com | http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | Mailing List, Third Party Advisory | |
secalert_us@oracle.com | http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | Patch, Vendor Advisory | |
secalert_us@oracle.com | http://www.securityfocus.com/bid/70511 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/70511 | Third Party Advisory, VDB Entry |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
oracle | mysql | * | |
suse | linux_enterprise_desktop | 12 | |
suse | linux_enterprise_server | 12 | |
suse | linux_enterprise_software_development_kit | 12 | |
suse | linux_enterprise_workstation_extension | 12 | |
mariadb | mariadb | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*", "matchCriteriaId": "A1A7C5B0-7426-48BB-B5BD-F423663A0786", "versionEndIncluding": "5.6.19", "versionStartIncluding": "5.6.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*", "matchCriteriaId": "D2DF4815-B8CB-4AD3-B91D-2E09A8E318E9", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*", "matchCriteriaId": "15FC9014-BD85-4382-9D04-C0703E901D7A", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-:*:*:*:*:*:*", "matchCriteriaId": "1831D45A-EE6E-4220-8F8C-248B69520948", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:-:*:*:*:*:*:*", "matchCriteriaId": "028ABA8F-4E7B-4CD0-B6FC-3A0941E254BA", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", "matchCriteriaId": "504AA794-4421-422D-A1C7-BB5AE334FD55", "versionEndExcluding": "10.0.13", "versionStartIncluding": "10.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB FULLTEXT SEARCH DML." }, { "lang": "es", "value": "Vulnerabilidad sin especificar en Oracle MySQL Server 5.6.19 y anteriores permite a usuarios remotos autenticados afectar a la disponibilidad a trav\u00e9s de vectores relacionados con SERVER:INNODB FULLTEXT SEARCH DML." } ], "id": "CVE-2014-6564", "lastModified": "2024-11-21T02:14:39.837", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2014-10-15T22:55:08.627", "references": [ { "source": "secalert_us@oracle.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/70511" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/70511" } ], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2014-06-07 14:55
Modified
2025-02-07 14:57
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
linux | linux_kernel | * | |
linux | linux_kernel | * | |
linux | linux_kernel | * | |
linux | linux_kernel | * | |
linux | linux_kernel | * | |
redhat | enterprise_linux_server_aus | 6.2 | |
opensuse | opensuse | 11.4 | |
suse | linux_enterprise_desktop | 11 | |
suse | linux_enterprise_high_availability_extension | 11 | |
suse | linux_enterprise_real_time_extension | 11 | |
suse | linux_enterprise_server | 11 | |
suse | linux_enterprise_server | 11 | |
suse | linux_enterprise_server | 11 | |
suse | linux_enterprise_server | 11 | |
canonical | ubuntu_linux | 12.04 | |
canonical | ubuntu_linux | 14.04 | |
oracle | linux | 5 | |
oracle | linux | 6 |
{ "cisaActionDue": "2022-06-15", "cisaExploitAdd": "2022-05-25", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Linux Kernel Privilege Escalation Vulnerability", "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6C788C70-FEF6-43C2-BF1B-9F6BAC084B49", "versionEndExcluding": "3.2.60", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "AB7FAE85-A7F7-403F-B3F8-51D26A7AD5CF", "versionEndExcluding": "3.4.92", "versionStartIncluding": "3.3", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "2F7D3761-1031-4407-9D83-51387E0EFAE3", "versionEndExcluding": "3.10.42", "versionStartIncluding": "3.5", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "865055FF-2CF7-477F-A939-DE7EB4F0F88D", "versionEndExcluding": "3.12.22", "versionStartIncluding": "3.11", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "281F5CC1-AF2E-4076-A09D-3E808A9F6896", "versionEndExcluding": "3.14.6", "versionStartIncluding": "3.13", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "AD6D0378-F0F4-4AAA-80AF-8287C790EC96", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*", "matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*", "matchCriteriaId": "3ED68ADD-BBDA-4485-BC76-58F011D72311", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_high_availability_extension:11:sp3:*:*:*:*:*:*", "matchCriteriaId": "A3A907A3-2A3A-46D4-8D75-914649877B65", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp3:*:*:*:*:*:*", "matchCriteriaId": "3DB41B45-D94D-4A58-88B0-B3EC3EC350E2", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*", "matchCriteriaId": "F13F07CC-739B-465C-9184-0E9D708BD4C7", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*", "matchCriteriaId": "CB6476C7-03F2-4939-AB85-69AA524516D9", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*", "matchCriteriaId": "E534C201-BCC5-473C-AAA7-AAB97CEB5437", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*", "matchCriteriaId": "2470C6E8-2024-4CF5-9982-CFF50E88EAE9", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*", "matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:oracle:linux:5:-:*:*:*:*:*:*", "matchCriteriaId": "62A2AC02-A933-4E51-810E-5D040B476B7B", "vulnerable": true }, { "criteria": "cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*", "matchCriteriaId": "D7B037A8-72A6-4DFF-94B2-D688A5F6F876", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification." }, { "lang": "es", "value": "La funci\u00f3n futex_requeue en kernel/futex.c en el kernel de Linux hasta 3.14.5 no asegura que las llamadas tengan dos direcciones futex diferentes, lo que permite a usuarios locales ganar privilegios a trav\u00e9s de un comando FUTEX_REQUEUE manipulado que facilita la modificaci\u00f3n insegura del objeto o funci\u00f3n a la espera." } ], "id": "CVE-2014-3153", "lastModified": "2025-02-07T14:57:04.983", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] }, "published": "2014-06-07T14:55:27.240", "references": [ { "source": "chrome-cve-admin@google.com", "tags": [ "Broken Link" ], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e9c243a5a6de0be8e584c604d353412584b592f8" }, { "source": "chrome-cve-admin@google.com", "tags": [ "Third Party Advisory" ], "url": "http://linux.oracle.com/errata/ELSA-2014-0771.html" }, { "source": "chrome-cve-admin@google.com", "tags": [ "Third Party Advisory" ], "url": "http://linux.oracle.com/errata/ELSA-2014-3037.html" }, { "source": "chrome-cve-admin@google.com", "tags": [ "Third Party Advisory" ], "url": "http://linux.oracle.com/errata/ELSA-2014-3038.html" }, { "source": "chrome-cve-admin@google.com", "tags": [ "Third Party Advisory" ], "url": "http://linux.oracle.com/errata/ELSA-2014-3039.html" }, { "source": "chrome-cve-admin@google.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00014.html" }, { "source": "chrome-cve-admin@google.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00018.html" }, { "source": "chrome-cve-admin@google.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00025.html" }, { "source": "chrome-cve-admin@google.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00006.html" }, { "source": "chrome-cve-admin@google.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html" }, { "source": "chrome-cve-admin@google.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html" }, { "source": "chrome-cve-admin@google.com", "tags": [ "Mailing List" ], "url": "http://openwall.com/lists/oss-security/2014/06/05/24" }, { "source": "chrome-cve-admin@google.com", "tags": [ "Mailing List" ], "url": "http://openwall.com/lists/oss-security/2014/06/06/20" }, { "source": "chrome-cve-admin@google.com", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0800.html" }, { "source": "chrome-cve-admin@google.com", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/58500" }, { "source": "chrome-cve-admin@google.com", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/58990" }, { "source": "chrome-cve-admin@google.com", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/59029" }, { "source": "chrome-cve-admin@google.com", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/59092" }, { "source": "chrome-cve-admin@google.com", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/59153" }, { "source": "chrome-cve-admin@google.com", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/59262" }, { "source": "chrome-cve-admin@google.com", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/59309" }, { "source": "chrome-cve-admin@google.com", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/59386" }, { "source": "chrome-cve-admin@google.com", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/59599" }, { "source": "chrome-cve-admin@google.com", "tags": [ "Exploit" ], "url": "http://www.debian.org/security/2014/dsa-2949" }, { "source": "chrome-cve-admin@google.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.exploit-db.com/exploits/35370" }, { "source": "chrome-cve-admin@google.com", "tags": [ "Mailing List" ], "url": "http://www.openwall.com/lists/oss-security/2014/06/05/22" }, { "source": "chrome-cve-admin@google.com", "tags": [ "Mailing List" ], "url": "http://www.openwall.com/lists/oss-security/2021/02/01/4" }, { "source": "chrome-cve-admin@google.com", "tags": [ "Broken Link", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/67906" }, { "source": "chrome-cve-admin@google.com", "tags": [ "Broken Link", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1030451" }, { "source": "chrome-cve-admin@google.com", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2237-1" }, { "source": "chrome-cve-admin@google.com", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2240-1" }, { "source": "chrome-cve-admin@google.com", "tags": [ "Issue Tracking", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1103626" }, { "source": "chrome-cve-admin@google.com", "tags": [ "Exploit" ], "url": "https://elongl.github.io/exploitation/2021/01/08/cve-2014-3153.html" }, { "source": "chrome-cve-admin@google.com", "tags": [ "Mailing List", "Patch" ], "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=13fbca4c6ecd96ec1a1cfa2e4f2ce191fe928a5e" }, { "source": "chrome-cve-admin@google.com", "tags": [ "Mailing List", "Patch" ], "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54a217887a7b658e2650c3feff22756ab80c7339" }, { "source": "chrome-cve-admin@google.com", "tags": [ "Mailing List", "Patch" ], "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b3eaa9fc5cd0a4d74b18f6b8dc617aeaf1873270" }, { "source": "chrome-cve-admin@google.com", "tags": [ "Third Party Advisory" ], "url": "https://github.com/elongl/CVE-2014-3153" }, { "source": "chrome-cve-admin@google.com", "tags": [ "Patch" ], "url": "https://github.com/torvalds/linux/commit/e9c243a5a6de0be8e584c604d353412584b592f8" }, { "source": "chrome-cve-admin@google.com", "tags": [ "Mailing List" ], "url": "https://www.openwall.com/lists/oss-security/2021/02/01/4" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e9c243a5a6de0be8e584c604d353412584b592f8" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://linux.oracle.com/errata/ELSA-2014-0771.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://linux.oracle.com/errata/ELSA-2014-3037.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://linux.oracle.com/errata/ELSA-2014-3038.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://linux.oracle.com/errata/ELSA-2014-3039.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00014.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00018.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00025.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00006.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List" ], "url": "http://openwall.com/lists/oss-security/2014/06/05/24" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List" ], "url": "http://openwall.com/lists/oss-security/2014/06/06/20" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0800.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/58500" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/58990" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/59029" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/59092" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/59153" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/59262" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/59309" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/59386" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/59599" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.debian.org/security/2014/dsa-2949" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.exploit-db.com/exploits/35370" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List" ], "url": "http://www.openwall.com/lists/oss-security/2014/06/05/22" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List" ], "url": "http://www.openwall.com/lists/oss-security/2021/02/01/4" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/67906" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1030451" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2237-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2240-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1103626" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "https://elongl.github.io/exploitation/2021/01/08/cve-2014-3153.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch" ], "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=13fbca4c6ecd96ec1a1cfa2e4f2ce191fe928a5e" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch" ], "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54a217887a7b658e2650c3feff22756ab80c7339" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch" ], "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b3eaa9fc5cd0a4d74b18f6b8dc617aeaf1873270" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://github.com/elongl/CVE-2014-3153" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "https://github.com/torvalds/linux/commit/e9c243a5a6de0be8e584c604d353412584b592f8" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List" ], "url": "https://www.openwall.com/lists/oss-security/2021/02/01/4" } ], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Analyzed", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2013-01-13 20:55
Modified
2024-11-21 01:48
Severity ?
Summary
Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging improper interaction between plugin objects and SVG elements.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
mozilla | firefox | * | |
mozilla | firefox | * | |
mozilla | firefox | * | |
mozilla | seamonkey | * | |
mozilla | thunderbird | * | |
mozilla | thunderbird_esr | * | |
mozilla | thunderbird_esr | * | |
opensuse | opensuse | 11.4 | |
opensuse | opensuse | 12.1 | |
opensuse | opensuse | 12.2 | |
suse | linux_enterprise_desktop | 10 | |
suse | linux_enterprise_desktop | 11 | |
suse | linux_enterprise_server | 10 | |
suse | linux_enterprise_server | 11 | |
suse | linux_enterprise_server | 11 | |
suse | linux_enterprise_software_development_kit | 10 | |
suse | linux_enterprise_software_development_kit | 11 | |
redhat | enterprise_linux_desktop | 5.0 | |
redhat | enterprise_linux_desktop | 6.0 | |
redhat | enterprise_linux_eus | 5.9 | |
redhat | enterprise_linux_eus | 6.3 | |
redhat | enterprise_linux_server | 5.0 | |
redhat | enterprise_linux_server | 6.0 | |
redhat | enterprise_linux_server_aus | 5.9 | |
redhat | enterprise_linux_workstation | 5.0 | |
redhat | enterprise_linux_workstation | 6.0 | |
canonical | ubuntu_linux | 10.04 | |
canonical | ubuntu_linux | 11.10 | |
canonical | ubuntu_linux | 12.04 | |
canonical | ubuntu_linux | 12.10 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "B79F0682-C77C-4B65-B267-C370CFC70295", "versionEndExcluding": "18.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "BC13B81F-BA13-445C-9352-52C07DE5722C", "versionEndExcluding": "10.0.12", "versionStartIncluding": "10.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "DBE1BFA6-20EE-44C2-8D48-17CAF2EE2D30", "versionEndExcluding": "17.0.2", "versionStartIncluding": "17.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*", "matchCriteriaId": "1BA9E754-FE4D-4123-9FA8-E2AD38CC7320", "versionEndExcluding": "2.15", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "EAC3A76A-FEC9-461E-BA82-1D62DEB45B34", "versionEndExcluding": "17.0.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*", "matchCriteriaId": "D45B1950-19B6-4C22-8828-6C203FA4804C", "versionEndExcluding": "10.0.12", "versionStartIncluding": "10.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*", "matchCriteriaId": "DCE07E1B-A9A5-44BC-98BB-A76B5F2EB133", "versionEndExcluding": "17.0.2", "versionStartIncluding": "17.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*", "matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*", "matchCriteriaId": "EBB2C482-D2A4-48B3-ACE7-E1DFDCC409B5", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*", "matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:*:*:*:*", "matchCriteriaId": "F0545634-EC4A-48E8-AB3D-49802FB11758", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*", "matchCriteriaId": "00720D8C-3FF3-4B1C-B74B-91F01A544399", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:*:*:*:*", "matchCriteriaId": "A53FF936-C785-4CEF-BAD0-3C3EB90EE466", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*", "matchCriteriaId": "88D6E858-FD8F-4C55-B7D5-CEEDA2BBA898", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*", "matchCriteriaId": "DB4D6749-81A1-41D7-BF4F-1C45A7F49A22", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4:*:*:*:*:*:*", "matchCriteriaId": "436EF2ED-FDBB-4B64-8EC4-33C3E4253F06", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2:*:*:*:*:*:*", "matchCriteriaId": "5AA37837-3083-4DC7-94F4-54FD5D7CB53C", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:5.9:*:*:*:*:*:*:*", "matchCriteriaId": "6252E88C-27FF-420D-A64A-C34124CF7E6A", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:6.3:*:*:*:*:*:*:*", "matchCriteriaId": "8382A145-CDD9-437E-9DE7-A349956778B3", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9:*:*:*:*:*:*:*", "matchCriteriaId": "92C9F1C4-55B0-426D-BB5E-01372C23AF97", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*", "matchCriteriaId": "01EDA41C-6B2E-49AF-B503-EB3882265C11", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*", "matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging improper interaction between plugin objects and SVG elements." }, { "lang": "es", "value": "Mozilla Firefox anterior a v18.0, Firefox ESR v10.x anterior a v10.0.12 y v17.x anterior a v17.0.2, Thunderbird anterior a v17.0.2, Thunderbird ESR v10.x anterior a v10.0.12 y 17.x anterior a v17.0.2, y SeaMonkey anterior a v2.15 permite a atacantes remotos ejecutar c\u00f3digo JavaScript de su elecci\u00f3n con privilegios chrome utilizando una interacci\u00f3n inapropiada entre los objetos de plugin y elementos SVG." } ], "id": "CVE-2013-0758", "lastModified": "2024-11-21T01:48:08.860", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2013-01-13T20:55:02.040", "references": [ { "source": "security@mozilla.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html" }, { "source": "security@mozilla.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html" }, { "source": "security@mozilla.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html" }, { "source": "security@mozilla.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html" }, { "source": "security@mozilla.org", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0144.html" }, { "source": "security@mozilla.org", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0145.html" }, { "source": "security@mozilla.org", "tags": [ "Vendor Advisory" ], "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-15.html" }, { "source": "security@mozilla.org", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-1681-1" }, { "source": "security@mozilla.org", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-1681-2" }, { "source": "security@mozilla.org", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-1681-4" }, { "source": "security@mozilla.org", "tags": [ "Issue Tracking", "Vendor Advisory" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=813906" }, { "source": "security@mozilla.org", "tags": [ "Third Party Advisory" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17087" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0144.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0145.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-15.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-1681-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-1681-2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-1681-4" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Vendor Advisory" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=813906" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17087" } ], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-94" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2013-12-11 15:55
Modified
2024-11-21 01:57
Severity ?
Summary
Multiple integer overflows in the binary-search implementation in SpiderMonkey in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 might allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JavaScript code.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
opensuse | opensuse | 12.2 | |
opensuse | opensuse | 13.1 | |
suse | linux_enterprise_desktop | 11 | |
suse | linux_enterprise_server | 11 | |
suse | linux_enterprise_server | 11 | |
suse | linux_enterprise_software_development_kit | 11 | |
mozilla | firefox | * | |
mozilla | seamonkey | * | |
canonical | ubuntu_linux | 12.04 | |
canonical | ubuntu_linux | 12.10 | |
canonical | ubuntu_linux | 13.04 | |
canonical | ubuntu_linux | 13.10 | |
fedoraproject | fedora | 19 | |
fedoraproject | fedora | 20 | |
oracle | solaris | 11.3 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*", "matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*", "matchCriteriaId": "3ED68ADD-BBDA-4485-BC76-58F011D72311", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*", "matchCriteriaId": "E534C201-BCC5-473C-AAA7-AAB97CEB5437", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*", "matchCriteriaId": "2470C6E8-2024-4CF5-9982-CFF50E88EAE9", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*", "matchCriteriaId": "2F7F8866-DEAD-44D1-AB10-21EE611AA026", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "50A3A702-C2B1-4311-9EBC-D62079E3DCD5", "versionEndExcluding": "26.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*", "matchCriteriaId": "D337932C-EF9D-4511-87DB-54262C6635D9", "versionEndExcluding": "2.23", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*", "matchCriteriaId": "EFAA48D9-BEB4-4E49-AD50-325C262D46D9", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*", "matchCriteriaId": "7F61F047-129C-41A6-8A27-FFCBB8563E91", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*", "matchCriteriaId": "5991814D-CA77-4C25-90D2-DB542B17E0AD", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", "matchCriteriaId": "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Multiple integer overflows in the binary-search implementation in SpiderMonkey in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 might allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JavaScript code." }, { "lang": "es", "value": "M\u00faltiples desbordamientos de enteros en la implementaci\u00f3n binary-search de SpiderMonkey de Mozilla Firefox anterior a la versi\u00f3n 26.0 y SeaMonkey anterior a 2.23 podr\u00eda permite a atacantes remotos provocar una denegaci\u00f3n de servicio (acceso a array fuera de l\u00edmites) o posiblemente tener otro impacto no especificado a trav\u00e9s de c\u00f3digo JavaScript." } ], "id": "CVE-2013-5619", "lastModified": "2024-11-21T01:57:50.520", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2013-12-11T15:55:13.073", "references": [ { "source": "security@mozilla.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html" }, { "source": "security@mozilla.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html" }, { "source": "security@mozilla.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00010.html" }, { "source": "security@mozilla.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.html" }, { "source": "security@mozilla.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00086.html" }, { "source": "security@mozilla.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00087.html" }, { "source": "security@mozilla.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00002.html" }, { "source": "security@mozilla.org", "tags": [ "Vendor Advisory" ], "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-110.html" }, { "source": "security@mozilla.org", "tags": [ "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "source": "security@mozilla.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1029470" }, { "source": "security@mozilla.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1029476" }, { "source": "security@mozilla.org", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2052-1" }, { "source": "security@mozilla.org", "tags": [ "Issue Tracking", "Vendor Advisory" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=917841" }, { "source": "security@mozilla.org", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201504-01" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00010.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00086.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00087.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00002.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-110.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1029470" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1029476" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2052-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Vendor Advisory" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=917841" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201504-01" } ], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-190" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2012-11-21 12:55
Modified
2024-11-21 01:42
Severity ?
Summary
Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 do not prevent use of a "top" frame name-attribute value to access the location property, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a binary plugin.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
mozilla | firefox | * | |
mozilla | firefox | * | |
mozilla | seamonkey | * | |
mozilla | thunderbird | * | |
mozilla | thunderbird_esr | * | |
opensuse | opensuse | 11.4 | |
opensuse | opensuse | 12.1 | |
opensuse | opensuse | 12.2 | |
suse | linux_enterprise_desktop | 10 | |
suse | linux_enterprise_desktop | 11 | |
suse | linux_enterprise_server | 10 | |
suse | linux_enterprise_server | 11 | |
suse | linux_enterprise_server | 11 | |
suse | linux_enterprise_software_development_kit | 10 | |
suse | linux_enterprise_software_development_kit | 11 | |
redhat | enterprise_linux_desktop | 5.0 | |
redhat | enterprise_linux_desktop | 6.0 | |
redhat | enterprise_linux_eus | 6.3 | |
redhat | enterprise_linux_server | 5.0 | |
redhat | enterprise_linux_server | 6.0 | |
redhat | enterprise_linux_workstation | 5.0 | |
redhat | enterprise_linux_workstation | 6.0 | |
canonical | ubuntu_linux | 10.04 | |
canonical | ubuntu_linux | 11.10 | |
canonical | ubuntu_linux | 12.04 | |
canonical | ubuntu_linux | 12.10 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "23C27B04-A1E0-4930-AF63-E2B1E57F75BE", "versionEndExcluding": "17.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "46BBBC83-F777-4899-9F6A-094CDD9CFF0F", "versionEndExcluding": "10.0.11", "versionStartIncluding": "10.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*", "matchCriteriaId": "D9DEF1D7-9412-4632-A689-AFD71FEFACC0", "versionEndExcluding": "2.14", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "61E5E742-2A0F-4483-A784-EACBEE1DF267", "versionEndExcluding": "17.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*", "matchCriteriaId": "828E00D1-8F2A-43AF-93DB-B1985CE68A8A", "versionEndExcluding": "10.0.11", "versionStartIncluding": "10.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*", "matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*", "matchCriteriaId": "EBB2C482-D2A4-48B3-ACE7-E1DFDCC409B5", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*", "matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:*:*:*:*", "matchCriteriaId": "F0545634-EC4A-48E8-AB3D-49802FB11758", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*", "matchCriteriaId": "00720D8C-3FF3-4B1C-B74B-91F01A544399", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:*:*:*:*", "matchCriteriaId": "A53FF936-C785-4CEF-BAD0-3C3EB90EE466", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:*:*:*", "matchCriteriaId": "F084E6C1-8DB0-4D1F-B8EB-5D2CD9AD6E87", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*", "matchCriteriaId": "DB4D6749-81A1-41D7-BF4F-1C45A7F49A22", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4:*:*:*:*:*:*", "matchCriteriaId": "436EF2ED-FDBB-4B64-8EC4-33C3E4253F06", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2:*:*:*:*:*:*", "matchCriteriaId": "5AA37837-3083-4DC7-94F4-54FD5D7CB53C", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:6.3:*:*:*:*:*:*:*", "matchCriteriaId": "8382A145-CDD9-437E-9DE7-A349956778B3", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*", "matchCriteriaId": "01EDA41C-6B2E-49AF-B503-EB3882265C11", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*", "matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 do not prevent use of a \"top\" frame name-attribute value to access the location property, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a binary plugin." }, { "lang": "es", "value": "Mozilla Firefox anterior a v17.0, Firefox ESR v10.x anterior a v10.0.11, Thunderbird anterior a v17.0, Thunderbird ESR v10.x anterior a v10.0.11, y SeaMonkey anterior a v2.14 no previene el uso del valor del nombre de atributo de marco \"top\" para acceder a la localizaci\u00f3n correctamente, lo que hace mas f\u00e1cil para atacantes remotos llevar a cabo ataques XSS mediante vectores que comprenden un plugin binario." } ], "id": "CVE-2012-4209", "lastModified": "2024-11-21T01:42:25.567", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2012-11-21T12:55:02.180", "references": [ { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1482.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1483.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/51359" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/51360" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/51369" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/51370" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/51381" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/51434" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/51439" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/51440" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:173" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-103.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/56629" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-1636-1" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-1638-1" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-1638-2" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-1638-3" }, { "source": "cve@mitre.org", "tags": [ "Issue Tracking", "Patch", "Vendor Advisory" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=792405" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80181" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16880" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1482.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1483.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/51359" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/51360" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/51369" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/51370" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/51381" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/51434" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/51439" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/51440" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:173" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-103.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/56629" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-1636-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-1638-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-1638-2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-1638-3" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Patch", "Vendor Advisory" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=792405" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80181" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16880" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-79" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2010-11-30 22:14
Modified
2024-11-21 01:20
Severity ?
Summary
The snd_hdspm_hwdep_ioctl function in sound/pci/rme9652/hdspm.c in the Linux kernel before 2.6.36-rc6 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via an SNDRV_HDSPM_IOCTL_GET_CONFIG_INFO ioctl call.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
linux | linux_kernel | * | |
linux | linux_kernel | 2.6.36 | |
linux | linux_kernel | 2.6.36 | |
linux | linux_kernel | 2.6.36 | |
linux | linux_kernel | 2.6.36 | |
linux | linux_kernel | 2.6.36 | |
linux | linux_kernel | 2.6.36 | |
opensuse | opensuse | 11.2 | |
opensuse | opensuse | 11.3 | |
suse | linux_enterprise_desktop | 10 | |
suse | linux_enterprise_real_time_extension | 11 | |
suse | linux_enterprise_server | 9 | |
suse | linux_enterprise_server | 10 | |
suse | linux_enterprise_software_development_kit | 10 | |
debian | debian_linux | 5.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C8DCE5E2-B055-4F05-8F0F-F19D1B7BA8D7", "versionEndExcluding": "2.6.36", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.36:-:*:*:*:*:*:*", "matchCriteriaId": "D4407EF9-4ECF-408F-9ECB-0705E3FB65D5", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.36:rc1:*:*:*:*:*:*", "matchCriteriaId": "DBE26099-6D2C-4FAF-B15C-CBF985D59171", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.36:rc2:*:*:*:*:*:*", "matchCriteriaId": "F2C193FF-3723-4BE9-8787-DED7D455FA8F", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.36:rc3:*:*:*:*:*:*", "matchCriteriaId": "F874FE6A-968D-47E1-900A-E154E41EDAF8", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.36:rc4:*:*:*:*:*:*", "matchCriteriaId": "14B7B8AE-CE83-4F0E-9138-6F165D97C19F", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.36:rc5:*:*:*:*:*:*", "matchCriteriaId": "B434ACFB-2B01-491A-B2E5-40FA0E11B3B1", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*", "matchCriteriaId": "A01C8B7E-EB19-40EA-B1D2-9AE5EA536C95", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*", "matchCriteriaId": "5646FDE9-CF21-46A9-B89D-F5BBDB4249AF", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp3:*:*:*:*:*:*", "matchCriteriaId": "1E496249-23A8-42FC-A109-634A54B5600F", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp1:*:*:*:*:*:*", "matchCriteriaId": "640FB29C-1A84-41E1-86DE-B542EA0EF153", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*", "matchCriteriaId": "4CD2D897-E321-4CED-92E0-11A98B52053C", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:*:*:*:*", "matchCriteriaId": "25CBACD3-AFB7-410D-927F-0C1FF477D396", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp3:*:*:*:*:*:*", "matchCriteriaId": "3DB8A616-865B-4E70-BA2E-BE5F0BA7A351", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The snd_hdspm_hwdep_ioctl function in sound/pci/rme9652/hdspm.c in the Linux kernel before 2.6.36-rc6 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via an SNDRV_HDSPM_IOCTL_GET_CONFIG_INFO ioctl call." }, { "lang": "es", "value": "La funci\u00f3n snd_hdspm_hwdep_ioctl en sound/pci/rme9652/hdspm.c en el kernel de Linux anterior a v2.6.36-rc6 no inicializa una determinada estructura, lo que permite a usuarios locales obtener informaci\u00f3n sensible de la pila de la memoria del kernel a trav\u00e9s de una llamada ioctl SNDRV_HDSPM_IOCTL_GET_CONFIG_INFO.\r\n" } ], "id": "CVE-2010-4081", "lastModified": "2024-11-21T01:20:12.093", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 1.9, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 3.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2010-11-30T22:14:00.630", "references": [ { "source": "cve@mitre.org", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e68d3b316ab7b02a074edc4f770e6a746390cb7d" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "http://lkml.org/lkml/2010/9/25/41" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/42778" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/42801" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/42884" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/42890" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/43291" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/46397" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2010/dsa-2126" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.36/ChangeLog-2.6.36-rc6" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2010/09/25/2" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2010/10/06/6" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2010/10/07/1" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2010/10/25/3" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2011-0007.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2011-0017.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/45063" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.vupen.com/english/advisories/2011/0012" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.vupen.com/english/advisories/2011/0298" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.vupen.com/english/advisories/2011/0375" }, { "source": "cve@mitre.org", "tags": [ "Issue Tracking", "Patch", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=648670" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e68d3b316ab7b02a074edc4f770e6a746390cb7d" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "http://lkml.org/lkml/2010/9/25/41" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/42778" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/42801" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/42884" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/42890" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/43291" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/46397" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2010/dsa-2126" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.36/ChangeLog-2.6.36-rc6" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2010/09/25/2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2010/10/06/6" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2010/10/07/1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2010/10/25/3" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2011-0007.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2011-0017.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/45063" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.vupen.com/english/advisories/2011/0012" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.vupen.com/english/advisories/2011/0298" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.vupen.com/english/advisories/2011/0375" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Patch", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=648670" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-909" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2016-06-16 14:59
Modified
2024-11-21 02:51
Severity ?
Summary
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*", "matchCriteriaId": "39AF0D5D-0C43-4290-B815-19DB07A2FC1A", "versionEndIncluding": "21.0.0.242", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player_desktop_runtime:*:*:*:*:*:*:*:*", "matchCriteriaId": "EC2F8B78-73CC-44EC-BACF-A2878252992B", "versionEndIncluding": "21.0.0.242", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E", "vulnerable": false }, { "criteria": "cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*", "matchCriteriaId": "D32ACF6F-5FF7-4815-8EAD-4719F5FC9B79", "vulnerable": false }, { "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "matchCriteriaId": "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*", "matchCriteriaId": "E51D60E3-00C6-459E-B2B9-CA7E25D02FDA", "versionEndIncluding": "21.0.0.242", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer_11:*:*", "matchCriteriaId": "B1E62C9B-698D-4B21-B513-11F59AC95187", "versionEndIncluding": "21.0.0.242", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "matchCriteriaId": "363B5A6C-BEE3-4141-8CDD-C1EA06FAD441", "versionEndIncluding": "11.2.202.621", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:esr:*:*:*", "matchCriteriaId": "80E80DEC-4724-49F4-BD19-4687A83CA56E", "versionEndIncluding": "18.0.0.352", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*", "matchCriteriaId": "D2DF4815-B8CB-4AD3-B91D-2E09A8E318E9", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*", "matchCriteriaId": "3A0BA503-3F96-48DA-AF47-FBA37A9D0C48", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:-:*:*:*:*:*:*", "matchCriteriaId": "028ABA8F-4E7B-4CD0-B6FC-3A0941E254BA", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:sp1:*:*:*:*:*:*", "matchCriteriaId": "ED540469-C4DD-485D-9B89-6877B2A74217", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:adobe:flash_player:-:*:*:*:*:*:*:*", "matchCriteriaId": "6EC5FACD-13BC-44E3-8EE1-032CE02760DF", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*", "matchCriteriaId": "232581CC-130A-4C62-A7E9-2EC9A9364D53", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "matchCriteriaId": "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "matchCriteriaId": "C6CE5198-C498-4672-AF4C-77AB4BE06C5C", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:r2:*:*:*:*:*:*", "matchCriteriaId": "5F2558DF-2D1F-46BA-ABF1-08522D33268E", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083." }, { "lang": "es", "value": "Vulnerabilidad no especificada en Adobe Flash Player 21.0.0.242 y versiones anteriores, tal como se utiliza en las librer\u00edas Adobe Flash en Microsoft Internet Explorer 10 y 11 y Microsoft Edge, tiene vectores de ataque e impacto no conocidos, una vulnerabiliad diferente a otras CVEs listadas en MS16-083." } ], "id": "CVE-2016-4142", "lastModified": "2024-11-21T02:51:28.310", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2016-06-16T14:59:23.793", "references": [ { "source": "psirt@adobe.com", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html" }, { "source": "psirt@adobe.com", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html" }, { "source": "psirt@adobe.com", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html" }, { "source": "psirt@adobe.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1036117" }, { "source": "psirt@adobe.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2016:1238" }, { "source": "psirt@adobe.com", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083" }, { "source": "psirt@adobe.com", "tags": [ "Vendor Advisory" ], "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1036117" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2016:1238" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html" } ], "sourceIdentifier": "psirt@adobe.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2014-12-02 16:59
Modified
2024-11-21 02:20
Severity ?
Summary
The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service (crash) via a header with an empty body, which triggers a heap-based buffer overflow in the mutt_substrdup function.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
suse | linux_enterprise_desktop | 12 | |
suse | suse_linux_enterprise_server | 12 | |
mutt | mutt | 1.5.23 | |
debian | debian_linux | 7.0 | |
mageia | mageia | 4.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:*:*:*:*:*:*:*", "matchCriteriaId": "F1EB0F28-F23A-4969-8A3E-66DA2EFA40C3", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*", "matchCriteriaId": "9C649194-B8C2-49F7-A819-C635EE584ABF", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:mutt:mutt:1.5.23:*:*:*:*:*:*:*", "matchCriteriaId": "D87E6616-6B05-4F99-88CE-E33C7F7601F1", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:mageia:mageia:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "F805A106-9A6F-48E7-8582-D3C5A26DFC11", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service (crash) via a header with an empty body, which triggers a heap-based buffer overflow in the mutt_substrdup function." }, { "lang": "es", "value": "La funci\u00f3n write_one_header en mutt 1.5.23 no maneja correctamente los caracteres de l\u00ednea nueva al inicio de una cabecera, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de una cabecera con el cuerpo vac\u00edo, lo que provoca un desbordamiento de buffer basado en memoria din\u00e1mica en la funci\u00f3n mutt_substrdup." } ], "id": "CVE-2014-9116", "lastModified": "2024-11-21T02:20:14.610", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2014-12-02T16:59:08.150", "references": [ { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://advisories.mageia.org/MGASA-2014-0509.html" }, { "source": "cve@mitre.org", "tags": [ "Issue Tracking", "Vendor Advisory" ], "url": "http://dev.mutt.org/trac/ticket/3716" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00002.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2014/dsa-3083" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:245" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:078" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2014/11/27/5" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2014/11/27/9" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/71334" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1031266" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Issue Tracking" ], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771125" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Issue Tracking" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1168463" }, { "source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201701-04" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://advisories.mageia.org/MGASA-2014-0509.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Vendor Advisory" ], "url": "http://dev.mutt.org/trac/ticket/3716" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00002.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2014/dsa-3083" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:245" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:078" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2014/11/27/5" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2014/11/27/9" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/71334" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1031266" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Issue Tracking" ], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771125" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Issue Tracking" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1168463" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201701-04" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-119" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2011-11-04 21:55
Modified
2024-11-21 01:29
Severity ?
Summary
Directory traversal vulnerability in pure-FTPd 1.0.22 and possibly other versions, when running on SUSE Linux Enterprise Server and possibly other operating systems, when the Netware OES remote server feature is enabled, allows local users to overwrite arbitrary files via unknown vectors.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:*:*:*:*:*:*:*:*", "matchCriteriaId": "D5EC9019-1B5F-433E-8BD4-E9AAAAB902A0", "versionEndIncluding": "1.0.22", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.90:*:*:*:*:*:*:*", "matchCriteriaId": "1BAA8918-A2CB-47A3-BEA5-012202416E2D", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.91:*:*:*:*:*:*:*", "matchCriteriaId": "E7AC08B4-58AC-415A-9B66-40A1E3CCD0F8", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.92:*:*:*:*:*:*:*", "matchCriteriaId": "109D76F0-FB16-4DB5-8CD9-5FC4B7A888F8", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.93:*:*:*:*:*:*:*", "matchCriteriaId": "D21A2797-A1E1-41D1-A4F9-88A6BDB39386", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.94:*:*:*:*:*:*:*", "matchCriteriaId": "A6F60D6F-5EED-4F98-B837-8DA704AE655E", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.95:*:*:*:*:*:*:*", "matchCriteriaId": "B6FB0AE1-D1C1-49BA-92EB-22610F805C24", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.95:pre1:*:*:*:*:*:*", "matchCriteriaId": "BD46FE70-94F7-49A8-8C89-7D49D660A3B0", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.95:pre2:*:*:*:*:*:*", "matchCriteriaId": "63769E2B-D1EA-4A63-87C9-74791641C2A8", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.95:pre3:*:*:*:*:*:*", "matchCriteriaId": "C656D161-2438-4ACA-AB14-2A9D86509870", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.95:pre4:*:*:*:*:*:*", "matchCriteriaId": "05B9AB24-3961-4BEF-A60E-99FE716DF9A2", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.95.1:*:*:*:*:*:*:*", "matchCriteriaId": "75803E7D-E4C4-429A-831D-E9BD35D3822F", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.95.2:*:*:*:*:*:*:*", "matchCriteriaId": "0AF6AB58-64E1-4B6E-BE3A-F1EF3A4D6D25", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.96:*:*:*:*:*:*:*", "matchCriteriaId": "AEE4E7D4-64C3-401D-88BD-25480BB0353E", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.96:pre1:*:*:*:*:*:*", "matchCriteriaId": "68510DBF-72AE-468B-8105-69B6A57A04F7", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.96.1:*:*:*:*:*:*:*", "matchCriteriaId": "0DE75C61-AEB4-49FF-92F0-59BE2DC235A3", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97:pre1:*:*:*:*:*:*", "matchCriteriaId": "55A5149F-EFD9-47A6-9E0A-5CC527F692C8", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97:pre2:*:*:*:*:*:*", "matchCriteriaId": "1457138A-4081-455B-B5BA-28D7CC14EC6F", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97:pre3:*:*:*:*:*:*", "matchCriteriaId": "840635FC-4FDB-4198-A79B-792B643A9388", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97:pre4:*:*:*:*:*:*", "matchCriteriaId": "82E5881B-7BCE-47A9-883E-0F5B9D223F81", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97:pre5:*:*:*:*:*:*", "matchCriteriaId": "ED101A1B-A785-4F81-9C94-DB4F12BAA088", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97-final:*:*:*:*:*:*:*", "matchCriteriaId": "1664490B-CA34-44A3-8EEC-71A07799E870", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.1:*:*:*:*:*:*:*", "matchCriteriaId": "C151E6E5-AC14-4C12-B1E4-4FDED6F5CF33", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.2:*:*:*:*:*:*:*", "matchCriteriaId": "FC7E10AE-9B98-4801-91CD-F6EEC75B9C0D", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.3:*:*:*:*:*:*:*", "matchCriteriaId": "BFF21C85-76FC-463C-8661-60BE2D3CAC10", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.4:*:*:*:*:*:*:*", "matchCriteriaId": "21110017-470F-4C38-B09F-8DF94E48EFE3", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.5:*:*:*:*:*:*:*", "matchCriteriaId": "2BA24CD0-22DA-4689-981D-88FAA7FCC1C8", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.6:*:*:*:*:*:*:*", "matchCriteriaId": "1931478E-A672-4CF6-9BDC-B3C73B7DA5A4", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.7:*:*:*:*:*:*:*", "matchCriteriaId": "71C4863E-76DA-4E38-B2C7-B30037633030", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.7:pre1:*:*:*:*:*:*", "matchCriteriaId": "1E60DE27-EE96-44D1-9469-ACB4EB03CCBA", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.7:pre2:*:*:*:*:*:*", "matchCriteriaId": "2059AE45-9F9C-4D26-B53A-E61576EBF163", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.7:pre3:*:*:*:*:*:*", "matchCriteriaId": "7BD78C76-3679-47DD-B9A9-CDA0B34EEDEC", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98:final:*:*:*:*:*:*", "matchCriteriaId": "6AC69E38-9872-460F-841B-BBE1110FC1B9", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98:pre1:*:*:*:*:*:*", "matchCriteriaId": "7F812030-6DC3-4A8C-824F-3185AC4F0619", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98:pre2:*:*:*:*:*:*", "matchCriteriaId": "1917ECFC-BCD2-464C-B4C7-6D87A3B50DC5", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98.1:*:*:*:*:*:*:*", "matchCriteriaId": "57A8D91C-EEEB-4F76-8010-2CB174A9B091", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98.2:*:*:*:*:*:*:*", "matchCriteriaId": "B1831F7D-7366-4775-9B70-832F3BAB23E1", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98.2:a:*:*:*:*:*:*", "matchCriteriaId": "FE763375-34A0-4D2D-BEC2-D9F9232A1D01", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98.3:*:*:*:*:*:*:*", "matchCriteriaId": "962C592B-1B02-49EE-9C82-2EA1B0F0F4DB", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98.4:*:*:*:*:*:*:*", "matchCriteriaId": "DA327868-1A00-4BFE-AB29-3DBE57545EBA", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98.5:*:*:*:*:*:*:*", "matchCriteriaId": "09575AA6-7F8C-4A9C-B781-C892B00C3035", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98.6:*:*:*:*:*:*:*", "matchCriteriaId": "E3810E39-63C2-486A-9FFC-C7BBC6DCD455", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98.7:*:*:*:*:*:*:*", "matchCriteriaId": "07E6BD24-3843-479E-9DD0-56C69F8A0B71", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99:*:*:*:*:*:*:*", "matchCriteriaId": "41E823CA-D59A-404F-A064-25F557BEBD5A", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99:a:*:*:*:*:*:*", "matchCriteriaId": "D4C84C4B-3133-4589-B17E-903F78086A3E", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99:b:*:*:*:*:*:*", "matchCriteriaId": "366DE55B-E2FC-4CA1-B35C-1F09942A31A8", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99:pre1:*:*:*:*:*:*", "matchCriteriaId": "A1B51DC2-7C58-4073-B352-02A0B56D447E", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99:pre2:*:*:*:*:*:*", "matchCriteriaId": "209642A4-56B7-4345-B09D-57636A3D221F", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99.1:*:*:*:*:*:*:*", "matchCriteriaId": "AD057E44-D7B8-414C-A21D-DEC8753F0C50", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99.1:a:*:*:*:*:*:*", "matchCriteriaId": "79BC687A-A16D-4923-B592-549E12272045", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99.1:b:*:*:*:*:*:*", "matchCriteriaId": "2C400CA8-7CE1-4E6D-ABAD-102E4BD12C6D", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99.2:*:*:*:*:*:*:*", "matchCriteriaId": "D968FE34-54C4-4C06-8EB7-0537EDAAD6FC", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99.2:a:*:*:*:*:*:*", "matchCriteriaId": "1C6966F1-F1F5-45F6-B446-8408EB1DE9FD", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99.3:*:*:*:*:*:*:*", "matchCriteriaId": "4CAD1DE8-7D55-4C0B-B691-E8D8AA6E2689", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99.4:*:*:*:*:*:*:*", "matchCriteriaId": "70576B73-12AF-463B-96AB-18725ACDECFE", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99.9:*:*:*:*:*:*:*", "matchCriteriaId": "39F6EBD8-4BFD-49FC-A087-8698DB462880", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "3737B53D-E0BC-430F-9B00-5F13C15E3EF5", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "DF48827A-8F95-4D07-BB35-AD43A048072B", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "10DB2640-6C1B-4B95-998C-3737809C9E40", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "3A4B5B69-85CF-40C8-BC79-C340A6445F8C", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "8992045B-1EC7-4254-966E-AECDAEFD950E", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "14C4E0E1-FC73-4641-A7AC-47E25EAE251B", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "AF00DCF7-A5B8-4B62-9F4F-EB2273589215", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "947E46FD-1B9D-4F64-8C10-FF332796CFE5", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "B72E9F25-975E-4609-A741-F472CEB53265", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "2D76E5AE-B1D2-4362-915A-A6C15225F772", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "AD6BC5DF-3A1E-4B1F-87E9-857AE413841C", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.11:*:*:*:*:*:*:*", "matchCriteriaId": "3928B3DD-CA7E-4204-A49A-7B6E1F973B47", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.12:*:*:*:*:*:*:*", "matchCriteriaId": "091BB6EB-7263-4DD2-8B57-B1FF73D61B7A", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.13:a:*:*:*:*:*:*", "matchCriteriaId": "C462D2DB-B831-4395-A697-412AF5269E9A", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.14:*:*:*:*:*:*:*", "matchCriteriaId": "C705AE7A-8F8B-49C1-BEA4-B1486AAE9E2C", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.15:*:*:*:*:*:*:*", "matchCriteriaId": "E0AB8F16-5A30-4D85-A3E0-E8EECD5EEA69", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.16:a:*:*:*:*:*:*", "matchCriteriaId": "893F2C07-21F3-4B1E-B295-6B4DD20B97B1", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.16:b:*:*:*:*:*:*", "matchCriteriaId": "A6F4CFB6-9BD7-467E-ACDD-879D782DD2A3", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.16:c:*:*:*:*:*:*", "matchCriteriaId": "E10A65F7-517F-4966-B83F-7323C8ADA70C", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.17:*:*:*:*:*:*:*", "matchCriteriaId": "B76D15CD-FECF-435F-A7E4-54FE53638C1E", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.17:a:*:*:*:*:*:*", "matchCriteriaId": "F621BF1C-B9F1-4055-B5D8-6FC70BB3A6D8", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.18:*:*:*:*:*:*:*", "matchCriteriaId": "8669B8EC-482D-44CD-B30E-7D83423E1BC9", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.19:*:*:*:*:*:*:*", "matchCriteriaId": "B67A0244-D65F-4CCE-A084-31AD9A3D9B8E", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.20:*:*:*:*:*:*:*", "matchCriteriaId": "DFD2D751-2B85-428E-8766-36F92B338C5C", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.21:*:*:*:*:*:*:*", "matchCriteriaId": "579ECF9F-EBED-49BC-A804-86C71554D06C", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:*:*:*:*", "matchCriteriaId": "F0545634-EC4A-48E8-AB3D-49802FB11758", "vulnerable": false }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:*", "matchCriteriaId": "60FBDD82-691C-4D9D-B71B-F9AFF6931B53", "vulnerable": false }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:*:*:*:*", "matchCriteriaId": "25CBACD3-AFB7-410D-927F-0C1FF477D396", "vulnerable": false }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:*:*:*:*", "matchCriteriaId": "A53FF936-C785-4CEF-BAD0-3C3EB90EE466", "vulnerable": false }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:*:*:*", "matchCriteriaId": "EE26596F-F10E-44EF-88CA-0080646E91B9", "vulnerable": false }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:vmware:*:*:*:*:*", "matchCriteriaId": "B654E601-9B41-416B-9619-A60E6151EC68", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Directory traversal vulnerability in pure-FTPd 1.0.22 and possibly other versions, when running on SUSE Linux Enterprise Server and possibly other operating systems, when the Netware OES remote server feature is enabled, allows local users to overwrite arbitrary files via unknown vectors." }, { "lang": "es", "value": "Una vulnerabilidad de salto de directorio en Pure-ftpd v1.0.22 y posiblemente en otras versiones, cuando se ejecutan en SUSE Linux Enterprise Server y posiblemente otros sistemas operativos y cuando la funci\u00f3n de servidor remoto Netware OES est\u00e1 activada, permite a usuarios locales sobreescribir ficheros arbitrarios a trav\u00e9s de vectores desconocidos." } ], "id": "CVE-2011-3171", "lastModified": "2024-11-21T01:29:53.840", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2011-11-04T21:55:02.550", "references": [ { "source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00015.html" }, { "source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00016.html" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/49541" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69686" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00015.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00016.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/49541" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69686" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-22" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2013-01-13 20:55
Modified
2024-11-21 01:48
Severity ?
Summary
Use-after-free vulnerability in the ~nsHTMLEditRules implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
mozilla | firefox | * | |
mozilla | firefox | * | |
mozilla | firefox | * | |
mozilla | seamonkey | * | |
mozilla | thunderbird | * | |
mozilla | thunderbird_esr | * | |
mozilla | thunderbird_esr | * | |
opensuse | opensuse | 11.4 | |
opensuse | opensuse | 12.1 | |
opensuse | opensuse | 12.2 | |
suse | linux_enterprise_desktop | 10 | |
suse | linux_enterprise_desktop | 11 | |
suse | linux_enterprise_server | 10 | |
suse | linux_enterprise_server | 11 | |
suse | linux_enterprise_server | 11 | |
suse | linux_enterprise_software_development_kit | 10 | |
suse | linux_enterprise_software_development_kit | 11 | |
redhat | enterprise_linux_desktop | 5.0 | |
redhat | enterprise_linux_desktop | 6.0 | |
redhat | enterprise_linux_eus | 5.9 | |
redhat | enterprise_linux_eus | 6.3 | |
redhat | enterprise_linux_server | 5.0 | |
redhat | enterprise_linux_server | 6.0 | |
redhat | enterprise_linux_server_aus | 5.9 | |
redhat | enterprise_linux_workstation | 5.0 | |
redhat | enterprise_linux_workstation | 6.0 | |
canonical | ubuntu_linux | 10.04 | |
canonical | ubuntu_linux | 11.10 | |
canonical | ubuntu_linux | 12.04 | |
canonical | ubuntu_linux | 12.10 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "B79F0682-C77C-4B65-B267-C370CFC70295", "versionEndExcluding": "18.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "BC13B81F-BA13-445C-9352-52C07DE5722C", "versionEndExcluding": "10.0.12", "versionStartIncluding": "10.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "DBE1BFA6-20EE-44C2-8D48-17CAF2EE2D30", "versionEndExcluding": "17.0.2", "versionStartIncluding": "17.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*", "matchCriteriaId": "1BA9E754-FE4D-4123-9FA8-E2AD38CC7320", "versionEndExcluding": "2.15", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "EAC3A76A-FEC9-461E-BA82-1D62DEB45B34", "versionEndExcluding": "17.0.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*", "matchCriteriaId": "D45B1950-19B6-4C22-8828-6C203FA4804C", "versionEndExcluding": "10.0.12", "versionStartIncluding": "10.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*", "matchCriteriaId": "DCE07E1B-A9A5-44BC-98BB-A76B5F2EB133", "versionEndExcluding": "17.0.2", "versionStartIncluding": "17.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*", "matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*", "matchCriteriaId": "EBB2C482-D2A4-48B3-ACE7-E1DFDCC409B5", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*", "matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:*:*:*:*", "matchCriteriaId": "F0545634-EC4A-48E8-AB3D-49802FB11758", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*", "matchCriteriaId": "00720D8C-3FF3-4B1C-B74B-91F01A544399", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:*:*:*:*", "matchCriteriaId": "A53FF936-C785-4CEF-BAD0-3C3EB90EE466", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*", "matchCriteriaId": "88D6E858-FD8F-4C55-B7D5-CEEDA2BBA898", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*", "matchCriteriaId": "DB4D6749-81A1-41D7-BF4F-1C45A7F49A22", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4:*:*:*:*:*:*", "matchCriteriaId": "436EF2ED-FDBB-4B64-8EC4-33C3E4253F06", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2:*:*:*:*:*:*", "matchCriteriaId": "5AA37837-3083-4DC7-94F4-54FD5D7CB53C", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:5.9:*:*:*:*:*:*:*", "matchCriteriaId": "6252E88C-27FF-420D-A64A-C34124CF7E6A", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:6.3:*:*:*:*:*:*:*", "matchCriteriaId": "8382A145-CDD9-437E-9DE7-A349956778B3", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9:*:*:*:*:*:*:*", "matchCriteriaId": "92C9F1C4-55B0-426D-BB5E-01372C23AF97", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*", "matchCriteriaId": "01EDA41C-6B2E-49AF-B503-EB3882265C11", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*", "matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Use-after-free vulnerability in the ~nsHTMLEditRules implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors." }, { "lang": "es", "value": "Vulnerabilidad de uso despu\u00e9s de liberaci\u00f3n de la implementaci\u00f3n ~nsHTMLEditRules en Mozilla Firefox anterior a v18.0, Firefox ESR v10.x anterior a v10.0.12 y v17.x anterior a v17.0.1, Thunderbird anterior a v17.0.12, Thunderbird ESR v10.x anterior a 10.0.12 y v17.x anterior a 17.0.1, y SeaMonkey anterior a v2.15 que permite a atacantes remotos permite a atacantes remotos ejecutar c\u00f3digo arbitrio o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria din\u00e1mica) a trav\u00e9s de vectores no especificados." } ], "id": "CVE-2013-0766", "lastModified": "2024-11-21T01:48:10.023", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2013-01-13T20:55:02.337", "references": [ { "source": "security@mozilla.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html" }, { "source": "security@mozilla.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html" }, { "source": "security@mozilla.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html" }, { "source": "security@mozilla.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html" }, { "source": "security@mozilla.org", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0144.html" }, { "source": "security@mozilla.org", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0145.html" }, { "source": "security@mozilla.org", "tags": [ "Vendor Advisory" ], "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-02.html" }, { "source": "security@mozilla.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/57194" }, { "source": "security@mozilla.org", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-1681-1" }, { "source": "security@mozilla.org", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-1681-2" }, { "source": "security@mozilla.org", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-1681-4" }, { "source": "security@mozilla.org", "tags": [ "Issue Tracking", "Patch", "Vendor Advisory" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=803853" }, { "source": "security@mozilla.org", "tags": [ "Third Party Advisory" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16189" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0144.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0145.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-02.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/57194" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-1681-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-1681-2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-1681-4" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Patch", "Vendor Advisory" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=803853" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16189" } ], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-416" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2016-04-19 21:59
Modified
2024-11-21 02:21
Severity ?
Summary
Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
suse | linux_enterprise_debuginfo | 11.0 | |
suse | linux_enterprise_debuginfo | 11.0 | |
suse | linux_enterprise_debuginfo | 11.0 | |
opensuse | opensuse | 13.2 | |
suse | linux_enterprise_desktop | 11.0 | |
suse | linux_enterprise_desktop | 11.0 | |
suse | linux_enterprise_desktop | 12 | |
suse | linux_enterprise_desktop | 12 | |
suse | linux_enterprise_server | 11.0 | |
suse | linux_enterprise_server | 11.0 | |
suse | linux_enterprise_server | 11.0 | |
suse | linux_enterprise_server | 11.0 | |
suse | linux_enterprise_server | 12 | |
suse | linux_enterprise_software_development_kit | 11.0 | |
suse | linux_enterprise_software_development_kit | 11.0 | |
suse | linux_enterprise_software_development_kit | 12 | |
suse | linux_enterprise_software_development_kit | 12 | |
suse | suse_linux_enterprise_server | 12 | |
fedoraproject | fedora | 23 | |
gnu | glibc | * | |
canonical | ubuntu_linux | 12.04 | |
canonical | ubuntu_linux | 14.04 | |
canonical | ubuntu_linux | 15.10 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "1FADFCB2-7D70-4778-9199-516E667177C8", "vulnerable": true }, { "criteria": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11.0:sp3:*:*:*:*:*:*", "matchCriteriaId": "174A8501-CFE4-430E-BB1F-DDF89F94A117", "vulnerable": true }, { "criteria": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11.0:sp4:*:*:*:*:*:*", "matchCriteriaId": "480C8C21-8DA3-4EF2-8BCF-7CED031A3B81", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11.0:sp3:*:*:*:*:*:*", "matchCriteriaId": "1F33821F-22ED-4B6A-B70B-D38EDA658EE7", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11.0:sp4:*:*:*:*:*:*", "matchCriteriaId": "10F15C47-008C-4FFC-980B-A14E176C1F1E", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:*:*:*:*:*:*:*", "matchCriteriaId": "F1EB0F28-F23A-4969-8A3E-66DA2EFA40C3", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*", "matchCriteriaId": "3A0BA503-3F96-48DA-AF47-FBA37A9D0C48", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11.0:sp2:*:*:lts:*:*:*", "matchCriteriaId": "380DDE38-767C-455A-8474-29BF32D66D48", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11.0:sp3:*:*:*:*:*:*", "matchCriteriaId": "01E21741-9D7D-42DD-B70D-5FD3053DE780", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11.0:sp3:*:*:*:vmware:*:*", "matchCriteriaId": "FD3677E0-7423-452A-8C1E-A20C5CC34CA8", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11.0:sp4:*:*:*:*:*:*", "matchCriteriaId": "D5BAC17C-EF31-4E94-9020-47B781AD94B3", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*", "matchCriteriaId": "2076747F-A98E-4DD9-9B52-BF1732BCAD3D", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11.0:sp3:*:*:*:*:*:*", "matchCriteriaId": "ACC73EF8-7AD9-4113-9E3F-C93AF818CEB8", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11.0:sp4:*:*:*:*:*:*", "matchCriteriaId": "51FA1B64-D002-41CC-908F-3798122ACD25", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:*:*:*:*:*:*:*", "matchCriteriaId": "DB2A1559-651C-46B0-B436-8E03DC8A60D2", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1:*:*:*:*:*:*", "matchCriteriaId": "5A633996-2FD7-467C-BAA6-529E16BD06D1", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*", "matchCriteriaId": "9C649194-B8C2-49F7-A819-C635EE584ABF", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*", "matchCriteriaId": "E79AB8DD-C907-4038-A931-1A5A4CFB6A5B", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*", "matchCriteriaId": "E1E32895-9C7B-4DE8-9BB5-0177406EB761", "versionEndIncluding": "2.22", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function." }, { "lang": "es", "value": "M\u00faltiples desbordamientos de buffer basado en pila en la GNU C Library (tambi\u00e9n conocida como glibc o libc6) en versiones anteriores a 2.23 permiten a atacantes dependientes del contexto causar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) o posiblemente ejecutar c\u00f3digo arbirario a trav\u00e9s de un argumento largo en la funci\u00f3n (1) nan, (2) nanf o (3) nanl." } ], "id": "CVE-2014-9761", "lastModified": "2024-11-21T02:21:36.940", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2016-04-19T21:59:00.113", "references": [ { "source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html" }, { "source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html" }, { "source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html" }, { "source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html" }, { "source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html" }, { "source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html" }, { "source": "secalert@redhat.com", "url": "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html" }, { "source": "secalert@redhat.com", "url": "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html" }, { "source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2017-0680.html" }, { "source": "secalert@redhat.com", "url": "http://seclists.org/fulldisclosure/2019/Jun/18" }, { "source": "secalert@redhat.com", "url": "http://seclists.org/fulldisclosure/2019/Sep/7" }, { "source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2016/01/19/11" }, { "source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2016/01/20/1" }, { "source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/83306" }, { "source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-2985-1" }, { "source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-2985-2" }, { "source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2017:1916" }, { "source": "secalert@redhat.com", "url": "https://seclists.org/bugtraq/2019/Jun/14" }, { "source": "secalert@redhat.com", "url": "https://seclists.org/bugtraq/2019/Sep/7" }, { "source": "secalert@redhat.com", "url": "https://security.gentoo.org/glsa/201702-11" }, { "source": "secalert@redhat.com", "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=16962" }, { "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ], "url": "https://www.sourceware.org/ml/libc-alpha/2016-02/msg00502.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2017-0680.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2019/Jun/18" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2019/Sep/7" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2016/01/19/11" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2016/01/20/1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/83306" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-2985-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-2985-2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2017:1916" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://seclists.org/bugtraq/2019/Jun/14" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://seclists.org/bugtraq/2019/Sep/7" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201702-11" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=16962" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.sourceware.org/ml/libc-alpha/2016-02/msg00502.html" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-119" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2012-11-21 12:55
Modified
2024-11-21 01:45
Severity ?
Summary
Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 implement cross-origin wrappers with a filtering behavior that does not properly restrict write actions, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
mozilla | firefox | * | |
mozilla | firefox | * | |
mozilla | seamonkey | * | |
mozilla | thunderbird | * | |
mozilla | thunderbird_esr | * | |
opensuse | opensuse | 11.4 | |
opensuse | opensuse | 12.1 | |
opensuse | opensuse | 12.2 | |
suse | linux_enterprise_desktop | 10 | |
suse | linux_enterprise_desktop | 11 | |
suse | linux_enterprise_server | 10 | |
suse | linux_enterprise_server | 11 | |
suse | linux_enterprise_server | 11 | |
suse | linux_enterprise_software_development_kit | 10 | |
suse | linux_enterprise_software_development_kit | 11 | |
canonical | ubuntu_linux | 10.04 | |
canonical | ubuntu_linux | 11.10 | |
canonical | ubuntu_linux | 12.04 | |
canonical | ubuntu_linux | 12.10 | |
redhat | enterprise_linux_desktop | 5.0 | |
redhat | enterprise_linux_desktop | 6.0 | |
redhat | enterprise_linux_eus | 6.3 | |
redhat | enterprise_linux_server | 5.0 | |
redhat | enterprise_linux_server | 6.0 | |
redhat | enterprise_linux_workstation | 5.0 | |
redhat | enterprise_linux_workstation | 6.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "9D350E7E-4990-4C93-80AD-AC5C27040549", "versionEndExcluding": "10.0.11", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "23C27B04-A1E0-4930-AF63-E2B1E57F75BE", "versionEndExcluding": "17.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*", "matchCriteriaId": "D9DEF1D7-9412-4632-A689-AFD71FEFACC0", "versionEndExcluding": "2.14", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "61E5E742-2A0F-4483-A784-EACBEE1DF267", "versionEndExcluding": "17.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*", "matchCriteriaId": "261324A9-B458-48B0-B8EC-5412FB8728E9", "versionEndExcluding": "10.0.11", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*", "matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*", "matchCriteriaId": "EBB2C482-D2A4-48B3-ACE7-E1DFDCC409B5", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*", "matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:*:*:*:*", "matchCriteriaId": "F0545634-EC4A-48E8-AB3D-49802FB11758", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*", "matchCriteriaId": "00720D8C-3FF3-4B1C-B74B-91F01A544399", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:*:*:*:*", "matchCriteriaId": "A53FF936-C785-4CEF-BAD0-3C3EB90EE466", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*", "matchCriteriaId": "88D6E858-FD8F-4C55-B7D5-CEEDA2BBA898", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*", "matchCriteriaId": "DB4D6749-81A1-41D7-BF4F-1C45A7F49A22", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4:*:*:*:*:*:*", "matchCriteriaId": "436EF2ED-FDBB-4B64-8EC4-33C3E4253F06", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2:*:*:*:*:*:*", "matchCriteriaId": "5AA37837-3083-4DC7-94F4-54FD5D7CB53C", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*", "matchCriteriaId": "01EDA41C-6B2E-49AF-B503-EB3882265C11", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*", "matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:6.3:*:*:*:*:*:*:*", "matchCriteriaId": "8382A145-CDD9-437E-9DE7-A349956778B3", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 implement cross-origin wrappers with a filtering behavior that does not properly restrict write actions, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site." }, { "lang": "es", "value": "Mozilla Firefox antes de 17.0, Firefox ESR 10.x antes de 10.0.11, Thunderbird antes de 17,0, Thunderbird ESR 10.x antes de 10.0.11, y SeaMonkey antes de 2.14 implementan envoltorios origen cruzado con un comportamiento de filtrado que no restringe correctamente las acciones de escritura, lo que permite a atacantes remotos realizar ataques de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) a trav\u00e9s de un sitio web modificado." } ], "id": "CVE-2012-5841", "lastModified": "2024-11-21T01:45:21.170", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2012-11-21T12:55:03.697", "references": [ { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://osvdb.org/87588" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1482.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1483.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/51359" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/51360" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/51369" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/51370" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/51381" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/51434" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/51439" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/51440" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:173" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-100.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/56631" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-1636-1" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-1638-1" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-1638-2" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-1638-3" }, { "source": "cve@mitre.org", "tags": [ "Issue Tracking", "Patch", "Vendor Advisory" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=805807" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80178" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16590" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://osvdb.org/87588" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1482.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1483.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/51359" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/51360" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/51369" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/51370" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/51381" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/51434" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/51439" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/51440" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:173" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-100.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/56631" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-1636-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-1638-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-1638-2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-1638-3" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Patch", "Vendor Advisory" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=805807" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80178" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16590" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-79" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2013-05-16 11:45
Modified
2024-11-21 01:53
Severity ?
Summary
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, and CVE-2013-3335.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
adobe | flash_player | * | |
adobe | flash_player | * | |
apple | mac_os_x | * | |
microsoft | windows | * | |
adobe | flash_player | * | |
adobe | flash_player | * | |
linux | linux_kernel | * | |
adobe | flash_player | * | |
android | * | ||
android | * | ||
adobe | flash_player | * | |
android | * | ||
adobe | adobe_air | * | |
adobe | adobe_air_sdk | * | |
redhat | enterprise_linux_desktop | 6.0 | |
redhat | enterprise_linux_eus | 5.9 | |
redhat | enterprise_linux_eus | 6.4 | |
redhat | enterprise_linux_server | 6.0 | |
redhat | enterprise_linux_server_eus | 5.9 | |
redhat | enterprise_linux_server_eus | 6.4 | |
redhat | enterprise_linux_workstation | 6.0 | |
opensuse | opensuse | 11.4 | |
opensuse | opensuse | 12.2 | |
opensuse | opensuse | 12.3 | |
suse | linux_enterprise_desktop | 10 | |
suse | linux_enterprise_desktop | 11 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "matchCriteriaId": "323FE1A9-4C75-4C1A-9F56-F5B4495AEC0A", "versionEndExcluding": "10.3.183.86", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "matchCriteriaId": "656D3B8A-252E-4688-B522-D83EEAB62C12", "versionEndExcluding": "11.7.700.202", "versionStartIncluding": "11.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "matchCriteriaId": "323FE1A9-4C75-4C1A-9F56-F5B4495AEC0A", "versionEndExcluding": "10.3.183.86", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "matchCriteriaId": "D1A023F2-EFCA-4C4E-82DB-0738C9A0E25D", "versionEndExcluding": "11.2.202.285", "versionStartIncluding": "11.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "matchCriteriaId": "01E6E433-4508-4AE4-9E48-2226D2325EA8", "versionEndExcluding": "11.1.111.54", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", "matchCriteriaId": "1F3C0381-865A-4176-A291-988E12612161", "versionEndIncluding": "2.3.7", "versionStartIncluding": "2.0", "vulnerable": false }, { "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", "matchCriteriaId": "EBEB1CC1-D410-4157-8BF3-8EB8BAC444DD", "versionEndIncluding": "3.2.6", "versionStartIncluding": "3.0", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "matchCriteriaId": "21B67D38-F250-4D0C-8994-2C63C8461D88", "versionEndExcluding": "11.1.115.58", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", "matchCriteriaId": "28F15E5A-D7B0-4473-8C4A-777881C4B3BE", "versionEndIncluding": "4.2", "versionStartIncluding": "4.0", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*", "matchCriteriaId": "534967F9-2F81-458E-952E-A40F5B7465D2", "versionEndExcluding": "3.7.0.1860", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:adobe_air_sdk:*:*:*:*:*:*:*:*", "matchCriteriaId": "77100403-7C1C-4B88-BBC7-494722F2637B", "versionEndExcluding": "3.7.0.1860", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:5.9:*:*:*:*:*:*:*", "matchCriteriaId": "6252E88C-27FF-420D-A64A-C34124CF7E6A", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:6.4:*:*:*:*:*:*:*", "matchCriteriaId": "8A8E07B7-3739-4BEB-88F8-C7F62431E889", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:5.9:*:*:*:*:*:*:*", "matchCriteriaId": "237D0A52-5997-4557-9454-526BFDB64E12", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.4:*:*:*:*:*:*:*", "matchCriteriaId": "2EDC8561-5E0A-4692-BB71-C88ED7A1229F", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*", "matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*", "matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:-:*:*:*", "matchCriteriaId": "4339DE06-19FB-4B8E-B6AE-3495F605AD05", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*", "matchCriteriaId": "00720D8C-3FF3-4B1C-B74B-91F01A544399", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK \u0026 Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, and CVE-2013-3335." }, { "lang": "es", "value": "Adobe Flash Player antes de v10.3.183.86 y v11.x antes de v11.7.700.202 para Windows y Mac OS X, antes de v10.3.183.86 y v11.x antes de v11.2.202.285 para Linux, antes de v11.1.111.54 para Android v2.x y v3.x, y antes de v11.1.115.58 para Android v4.x; Adobe AIR before v3.7.0.1860; y Adobe AIR SDK \u0026 Compiler antes de v3.7.0.1860 permite a atacantes ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicios (consumo de memoria) a trav\u00e9s de vectores sin especificar, una vulnerabilidad diferente a CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, y CVE-2013-3335." } ], "id": "CVE-2013-3334", "lastModified": "2024-11-21T01:53:25.223", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2013-05-16T11:45:31.717", "references": [ { "source": "psirt@adobe.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00003.html" }, { "source": "psirt@adobe.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00003.html" }, { "source": "psirt@adobe.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00010.html" }, { "source": "psirt@adobe.com", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0825.html" }, { "source": "psirt@adobe.com", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/53442" }, { "source": "psirt@adobe.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.adobe.com/support/security/bulletins/apsb13-14.html" }, { "source": "psirt@adobe.com", "tags": [ "Third Party Advisory" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16407" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00003.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00003.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00010.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0825.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/53442" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.adobe.com/support/security/bulletins/apsb13-14.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16407" } ], "sourceIdentifier": "psirt@adobe.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-119" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2011-12-15 03:57
Modified
2024-11-21 01:32
Severity ?
Summary
The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code, or cause a denial of service (heap memory corruption), via a crafted component registration (CRG) marker segment in a JPEG2000 file.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
jasper_project | jasper | 1.900.1 | |
oracle | outside_in_technology | 8.3.5 | |
oracle | outside_in_technology | 8.3.7 | |
canonical | ubuntu_linux | 10.04 | |
canonical | ubuntu_linux | 10.10 | |
canonical | ubuntu_linux | 11.04 | |
canonical | ubuntu_linux | 11.10 | |
debian | debian_linux | 6.0 | |
fedoraproject | fedora | 15 | |
fedoraproject | fedora | 16 | |
suse | linux_enterprise_desktop | 11 | |
suse | linux_enterprise_server | 11 | |
suse | linux_enterprise_server | 11 | |
suse | linux_enterprise_software_development_kit | 11 | |
redhat | enterprise_linux_desktop | 4 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:jasper_project:jasper:1.900.1:*:*:*:*:*:*:*", "matchCriteriaId": "79C699BE-8585-4A07-88AE-E17CF17D92CD", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:outside_in_technology:8.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "64AA8532-9055-4A9B-BC52-B6D0EDAB8D10", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:outside_in_technology:8.3.7:*:*:*:*:*:*:*", "matchCriteriaId": "506DA542-BD41-4102-A15E-481C81A0AB04", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*", "matchCriteriaId": "01EDA41C-6B2E-49AF-B503-EB3882265C11", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*", "matchCriteriaId": "87614B58-24AB-49FB-9C84-E8DDBA16353B", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*", "matchCriteriaId": "EF49D26F-142E-468B-87C1-BABEA445255C", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*", "matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:*", "matchCriteriaId": "9396E005-22D8-4342-9323-C7DEA379191D", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*", "matchCriteriaId": "706C6399-CAD1-46E3-87A2-8DFE2CF497ED", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:*", "matchCriteriaId": "60FBDD82-691C-4D9D-B71B-F9AFF6931B53", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:-:*:*", "matchCriteriaId": "A44C3422-0D42-473E-ABB4-279D7494EE2F", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:vmware:*:*", "matchCriteriaId": "A6B7CDCA-6F39-4113-B5D3-3AA9D7F3D809", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp1:*:*:*:*:*:*", "matchCriteriaId": "E8C91701-DF37-4F7B-AB9A-B1BFDB4991F8", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:4:*:*:*:*:*:*:*", "matchCriteriaId": "D986CAD0-F4E0-4F97-B240-8967CD4466FB", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code, or cause a denial of service (heap memory corruption), via a crafted component registration (CRG) marker segment in a JPEG2000 file." }, { "lang": "es", "value": "La funci\u00f3n jpc_crg_getparms de libjasper/jpc/jpc_cs.c de JasPer 1.900.1 utiliza un tipo de datos incorrecto durante un c\u00e1lculo determinado de tama\u00f1o, lo que permite a atacantes remotos provocar un desbordamiento de buffer de memoria din\u00e1mica y ejecutar c\u00f3digo arbitrario, o provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria din\u00e1mica), a trav\u00e9s de un archivo JPEG2000 mal formado." } ], "id": "CVE-2011-4517", "lastModified": "2024-11-21T01:32:27.893", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2011-12-15T03:57:34.277", "references": [ { "source": "cret@cert.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071458.html" }, { "source": "cret@cert.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071561.html" }, { "source": "cret@cert.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00010.html" }, { "source": "cret@cert.org", "tags": [ "Broken Link" ], "url": "http://osvdb.org/77596" }, { "source": "cret@cert.org", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0698.html" }, { "source": "cret@cert.org", "tags": [ "Not Applicable" ], "url": "http://secunia.com/advisories/47193" }, { "source": "cret@cert.org", "tags": [ "Not Applicable" ], "url": "http://secunia.com/advisories/47306" }, { "source": "cret@cert.org", "tags": [ "Not Applicable" ], "url": "http://secunia.com/advisories/47353" }, { "source": "cret@cert.org", "tags": [ "Broken Link" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640" }, { "source": "cret@cert.org", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2011/dsa-2371" }, { "source": "cret@cert.org", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/887409" }, { "source": "cret@cert.org", "tags": [ "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html" }, { "source": "cret@cert.org", "tags": [ "Third Party Advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2011-1807.html" }, { "source": "cret@cert.org", "tags": [ "Third Party Advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2011-1811.html" }, { "source": "cret@cert.org", "tags": [ "Broken Link", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/50992" }, { "source": "cret@cert.org", "tags": [ "Release Notes" ], "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.538606" }, { "source": "cret@cert.org", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-1315-1" }, { "source": "cret@cert.org", "tags": [ "Issue Tracking" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=747726" }, { "source": "cret@cert.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71701" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071458.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071561.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00010.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://osvdb.org/77596" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0698.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Not Applicable" ], "url": "http://secunia.com/advisories/47193" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Not Applicable" ], "url": "http://secunia.com/advisories/47306" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Not Applicable" ], "url": "http://secunia.com/advisories/47353" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2011/dsa-2371" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/887409" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2011-1807.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2011-1811.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/50992" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Release Notes" ], "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.538606" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-1315-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=747726" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71701" } ], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-787" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2014-10-15 22:55
Modified
2024-11-21 02:14
Severity ?
Summary
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6494.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
juniper | junos_space | * | |
oracle | solaris | 11.3 | |
mariadb | mariadb | * | |
mariadb | mariadb | * | |
oracle | mysql | * | |
oracle | mysql | * | |
suse | linux_enterprise_desktop | 12 | |
suse | linux_enterprise_server | 12 | |
suse | linux_enterprise_software_development_kit | 12 | |
suse | linux_enterprise_workstation_extension | 12 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:juniper:junos_space:*:*:*:*:*:*:*:*", "matchCriteriaId": "6133CA80-A291-487F-AE06-85D4AA154727", "versionEndIncluding": "15.1", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", "matchCriteriaId": "AF35B328-2B85-4093-9288-2EF6043AA8DF", "versionEndExcluding": "5.5.40", "versionStartIncluding": "5.5.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", "matchCriteriaId": "2C55CD8E-8ADC-470C-9042-5C63221A2F09", "versionEndExcluding": "10.0.15", "versionStartIncluding": "10.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*", "matchCriteriaId": "CAA995C3-9B96-4B6F-A3E9-587F8468F551", "versionEndIncluding": "5.5.39", "versionStartIncluding": "5.5.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*", "matchCriteriaId": "D3E71621-9463-4E83-A99C-1D51E6352770", "versionEndIncluding": "5.6.20", "versionStartIncluding": "5.6.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*", "matchCriteriaId": "D2DF4815-B8CB-4AD3-B91D-2E09A8E318E9", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*", "matchCriteriaId": "15FC9014-BD85-4382-9D04-C0703E901D7A", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-:*:*:*:*:*:*", "matchCriteriaId": "1831D45A-EE6E-4220-8F8C-248B69520948", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:-:*:*:*:*:*:*", "matchCriteriaId": "028ABA8F-4E7B-4CD0-B6FC-3A0941E254BA", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6494." }, { "lang": "es", "value": "Vulnerabilidad sin especificar en Oracle MySQL Server 5.5.39 y anteriores y 5.6.20 y anteriores, permite a atacantes remotos afectar la disponibilidad a trav\u00e9s de vectores relacionados con CLIENT:SSL:yaSSL, una vulnerabilidad diferente a CVE-2014-6494." } ], "id": "CVE-2014-6496", "lastModified": "2024-11-21T02:14:30.450", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2014-10-15T22:55:06.077", "references": [ { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10698" }, { "source": "secalert_us@oracle.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Not Applicable" ], "url": "http://secunia.com/advisories/61579" }, { "source": "secalert_us@oracle.com", "tags": [ "Not Applicable" ], "url": "http://secunia.com/advisories/62073" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "http://security.gentoo.org/glsa/glsa-201411-02.xml" }, { "source": "secalert_us@oracle.com", "tags": [ "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/70469" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10698" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Not Applicable" ], "url": "http://secunia.com/advisories/61579" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Not Applicable" ], "url": "http://secunia.com/advisories/62073" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://security.gentoo.org/glsa/glsa-201411-02.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/70469" } ], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2010-09-08 20:00
Modified
2024-11-21 01:17
Severity ?
Summary
Integer overflow in net/can/bcm.c in the Controller Area Network (CAN) implementation in the Linux kernel before 2.6.27.53, 2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2.6.35.x before 2.6.35.4 allows attackers to execute arbitrary code or cause a denial of service (system crash) via crafted CAN traffic.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
linux | linux_kernel | * | |
linux | linux_kernel | * | |
linux | linux_kernel | * | |
linux | linux_kernel | * | |
fedoraproject | fedora | 12 | |
debian | debian_linux | 5.0 | |
opensuse | opensuse | 11.3 | |
suse | linux_enterprise_desktop | 11 | |
suse | linux_enterprise_high_availability_extension | 11 | |
suse | linux_enterprise_real_time | 11 | |
suse | linux_enterprise_server | 11 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "8FE382AE-9C6D-4BEB-8E3F-97B28833C183", "versionEndExcluding": "2.6.27.53", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "1EE59977-7454-4176-A2D6-2302E120C851", "versionEndExcluding": "2.6.32.21", "versionStartIncluding": "2.6.32", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "63D85B69-8DB7-4D3E-9354-CCBC549E7370", "versionEndExcluding": "2.6.34.6", "versionStartIncluding": "2.6.34", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C7A5EF87-D414-4E4D-A558-FDD6D1910A08", "versionEndExcluding": "2.6.35.4", "versionStartIncluding": "2.6.35", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*", "matchCriteriaId": "E44669D7-6C1E-4844-B78A-73E253A7CC17", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*", "matchCriteriaId": "5646FDE9-CF21-46A9-B89D-F5BBDB4249AF", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:*", "matchCriteriaId": "60FBDD82-691C-4D9D-B71B-F9AFF6931B53", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_high_availability_extension:11:sp1:*:*:*:*:*:*", "matchCriteriaId": "EB74DEB4-2BD1-4A65-AFDA-C331BC20C178", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_real_time:11:sp1:*:*:*:*:*:*", "matchCriteriaId": "947E05EB-6995-47C1-BE9A-D22E3810533D", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:*:*:*", "matchCriteriaId": "EE26596F-F10E-44EF-88CA-0080646E91B9", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Integer overflow in net/can/bcm.c in the Controller Area Network (CAN) implementation in the Linux kernel before 2.6.27.53, 2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2.6.35.x before 2.6.35.4 allows attackers to execute arbitrary code or cause a denial of service (system crash) via crafted CAN traffic." }, { "lang": "es", "value": "Desbordamiento de enterno en net/can/bcm en la implementaci\u00f3n Controller Area Network (CAN) del kernel de Linux anterior a v2.6.27.53, v2.6.32.x anterior a v2.6.32.21, v2.6.34.x anterior a v2.6.34.6, y v2.6.35.x anterior a v2.6.35.4, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n o provocar una denegaci\u00f3n de servicio (ca\u00edda de sistema) a trav\u00e9s de tr\u00e1fico CAN manipulado." } ], "id": "CVE-2010-2959", "lastModified": "2024-11-21T01:17:44.207", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2010-09-08T20:00:03.760", "references": [ { "source": "security@ubuntu.com", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5b75c4973ce779520b9d1e392483207d6f842cde" }, { "source": "security@ubuntu.com", "tags": [ "Exploit", "Mailing List", "Third Party Advisory" ], "url": "http://jon.oberheide.org/files/i-can-haz-modharden.c" }, { "source": "security@ubuntu.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/046947.html" }, { "source": "security@ubuntu.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html" }, { "source": "security@ubuntu.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00005.html" }, { "source": "security@ubuntu.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html" }, { "source": "security@ubuntu.com", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/41512" }, { "source": "security@ubuntu.com", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2010/dsa-2094" }, { "source": "security@ubuntu.com", "tags": [ "Broken Link" ], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.53" }, { "source": "security@ubuntu.com", "tags": [ "Broken Link" ], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.21" }, { "source": "security@ubuntu.com", "tags": [ "Broken Link" ], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34.6" }, { "source": "security@ubuntu.com", "tags": [ "Broken Link" ], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35.4" }, { "source": "security@ubuntu.com", "tags": [ "Broken Link" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:198" }, { "source": "security@ubuntu.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2010/08/20/2" }, { "source": "security@ubuntu.com", "tags": [ "Exploit", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/42585" }, { "source": "security@ubuntu.com", "tags": [ "Broken Link" ], "url": "http://www.vupen.com/english/advisories/2010/2430" }, { "source": "security@ubuntu.com", "tags": [ "Broken Link" ], "url": "http://www.vupen.com/english/advisories/2011/0298" }, { "source": "security@ubuntu.com", "tags": [ "Issue Tracking", "Patch", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=625699" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5b75c4973ce779520b9d1e392483207d6f842cde" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Mailing List", "Third Party Advisory" ], "url": "http://jon.oberheide.org/files/i-can-haz-modharden.c" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/046947.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00005.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/41512" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2010/dsa-2094" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.53" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.21" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34.6" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35.4" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:198" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2010/08/20/2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/42585" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.vupen.com/english/advisories/2010/2430" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.vupen.com/english/advisories/2011/0298" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Patch", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=625699" } ], "sourceIdentifier": "security@ubuntu.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-190" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2013-05-16 11:45
Modified
2024-11-21 01:53
Severity ?
Summary
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
adobe | flash_player | * | |
adobe | flash_player | * | |
apple | mac_os_x | * | |
microsoft | windows | * | |
adobe | flash_player | * | |
adobe | flash_player | * | |
linux | linux_kernel | * | |
adobe | flash_player | * | |
android | * | ||
android | * | ||
adobe | flash_player | * | |
android | * | ||
adobe | adobe_air | * | |
adobe | adobe_air_sdk | * | |
redhat | enterprise_linux_desktop | 6.0 | |
redhat | enterprise_linux_eus | 5.9 | |
redhat | enterprise_linux_eus | 6.4 | |
redhat | enterprise_linux_server | 6.0 | |
redhat | enterprise_linux_server_eus | 5.9 | |
redhat | enterprise_linux_server_eus | 6.4 | |
redhat | enterprise_linux_workstation | 6.0 | |
opensuse | opensuse | 11.4 | |
opensuse | opensuse | 12.2 | |
opensuse | opensuse | 12.3 | |
suse | linux_enterprise_desktop | 10 | |
suse | linux_enterprise_desktop | 11 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "matchCriteriaId": "323FE1A9-4C75-4C1A-9F56-F5B4495AEC0A", "versionEndExcluding": "10.3.183.86", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "matchCriteriaId": "656D3B8A-252E-4688-B522-D83EEAB62C12", "versionEndExcluding": "11.7.700.202", "versionStartIncluding": "11.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "matchCriteriaId": "323FE1A9-4C75-4C1A-9F56-F5B4495AEC0A", "versionEndExcluding": "10.3.183.86", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "matchCriteriaId": "D1A023F2-EFCA-4C4E-82DB-0738C9A0E25D", "versionEndExcluding": "11.2.202.285", "versionStartIncluding": "11.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "matchCriteriaId": "01E6E433-4508-4AE4-9E48-2226D2325EA8", "versionEndExcluding": "11.1.111.54", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", "matchCriteriaId": "1F3C0381-865A-4176-A291-988E12612161", "versionEndIncluding": "2.3.7", "versionStartIncluding": "2.0", "vulnerable": false }, { "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", "matchCriteriaId": "EBEB1CC1-D410-4157-8BF3-8EB8BAC444DD", "versionEndIncluding": "3.2.6", "versionStartIncluding": "3.0", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "matchCriteriaId": "21B67D38-F250-4D0C-8994-2C63C8461D88", "versionEndExcluding": "11.1.115.58", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", "matchCriteriaId": "28F15E5A-D7B0-4473-8C4A-777881C4B3BE", "versionEndIncluding": "4.2", "versionStartIncluding": "4.0", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*", "matchCriteriaId": "534967F9-2F81-458E-952E-A40F5B7465D2", "versionEndExcluding": "3.7.0.1860", "vulnerable": true }, { "criteria": "cpe:2.3:a:adobe:adobe_air_sdk:*:*:*:*:*:*:*:*", "matchCriteriaId": "77100403-7C1C-4B88-BBC7-494722F2637B", "versionEndExcluding": "3.7.0.1860", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:5.9:*:*:*:*:*:*:*", "matchCriteriaId": "6252E88C-27FF-420D-A64A-C34124CF7E6A", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:6.4:*:*:*:*:*:*:*", "matchCriteriaId": "8A8E07B7-3739-4BEB-88F8-C7F62431E889", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:5.9:*:*:*:*:*:*:*", "matchCriteriaId": "237D0A52-5997-4557-9454-526BFDB64E12", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.4:*:*:*:*:*:*:*", "matchCriteriaId": "2EDC8561-5E0A-4692-BB71-C88ED7A1229F", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*", "matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*", "matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:-:*:*:*", "matchCriteriaId": "4339DE06-19FB-4B8E-B6AE-3495F605AD05", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*", "matchCriteriaId": "00720D8C-3FF3-4B1C-B74B-91F01A544399", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK \u0026 Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335." }, { "lang": "es", "value": "Adobe Flash Player antes de v10.3.183.86 y v11.x antes de v11.7.700.202 para Windows y Mac OS X, antes de v10.3.183.86 y v11.x antes de v11.2.202.285 para Linux, antes de v11.1.111.54 para Android v2.x y v3.x, y antes de v11.1.115.58 para Android v4.x; Adobe AIR before v3.7.0.1860; y Adobe AIR SDK \u0026 Compiler antes de v3.7.0.1860 permite a atacantes ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicios (consumo de memoria) a trav\u00e9s de vectores sin especificar, una vulnerabilidad diferente a CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, y CVE-2013-3335" } ], "id": "CVE-2013-3331", "lastModified": "2024-11-21T01:53:24.823", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2013-05-16T11:45:31.643", "references": [ { "source": "psirt@adobe.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00003.html" }, { "source": "psirt@adobe.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00003.html" }, { "source": "psirt@adobe.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00010.html" }, { "source": "psirt@adobe.com", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0825.html" }, { "source": "psirt@adobe.com", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/53442" }, { "source": "psirt@adobe.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.adobe.com/support/security/bulletins/apsb13-14.html" }, { "source": "psirt@adobe.com", "tags": [ "Third Party Advisory" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16846" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00003.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00003.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00010.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0825.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/53442" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.adobe.com/support/security/bulletins/apsb13-14.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16846" } ], "sourceIdentifier": "psirt@adobe.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-119" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2013-01-13 20:55
Modified
2024-11-21 01:48
Severity ?
Summary
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
mozilla | firefox | * | |
mozilla | firefox | * | |
mozilla | firefox | * | |
mozilla | seamonkey | * | |
mozilla | thunderbird | * | |
mozilla | thunderbird_esr | * | |
mozilla | thunderbird_esr | * | |
opensuse | opensuse | 11.4 | |
opensuse | opensuse | 12.1 | |
opensuse | opensuse | 12.2 | |
suse | linux_enterprise_desktop | 10 | |
suse | linux_enterprise_desktop | 11 | |
suse | linux_enterprise_server | 10 | |
suse | linux_enterprise_server | 11 | |
suse | linux_enterprise_server | 11 | |
suse | linux_enterprise_software_development_kit | 10 | |
suse | linux_enterprise_software_development_kit | 11 | |
canonical | ubuntu_linux | 10.04 | |
canonical | ubuntu_linux | 11.10 | |
canonical | ubuntu_linux | 12.04 | |
canonical | ubuntu_linux | 12.10 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "B79F0682-C77C-4B65-B267-C370CFC70295", "versionEndExcluding": "18.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "BC13B81F-BA13-445C-9352-52C07DE5722C", "versionEndExcluding": "10.0.12", "versionStartIncluding": "10.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "DBE1BFA6-20EE-44C2-8D48-17CAF2EE2D30", "versionEndExcluding": "17.0.2", "versionStartIncluding": "17.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*", "matchCriteriaId": "1BA9E754-FE4D-4123-9FA8-E2AD38CC7320", "versionEndExcluding": "2.15", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "EAC3A76A-FEC9-461E-BA82-1D62DEB45B34", "versionEndExcluding": "17.0.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*", "matchCriteriaId": "D45B1950-19B6-4C22-8828-6C203FA4804C", "versionEndExcluding": "10.0.12", "versionStartIncluding": "10.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*", "matchCriteriaId": "DCE07E1B-A9A5-44BC-98BB-A76B5F2EB133", "versionEndExcluding": "17.0.2", "versionStartIncluding": "17.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*", "matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*", "matchCriteriaId": "EBB2C482-D2A4-48B3-ACE7-E1DFDCC409B5", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*", "matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:*:*:*:*", "matchCriteriaId": "F0545634-EC4A-48E8-AB3D-49802FB11758", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*", "matchCriteriaId": "00720D8C-3FF3-4B1C-B74B-91F01A544399", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:*:*:*:*", "matchCriteriaId": "A53FF936-C785-4CEF-BAD0-3C3EB90EE466", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*", "matchCriteriaId": "88D6E858-FD8F-4C55-B7D5-CEEDA2BBA898", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*", "matchCriteriaId": "DB4D6749-81A1-41D7-BF4F-1C45A7F49A22", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4:*:*:*:*:*:*", "matchCriteriaId": "436EF2ED-FDBB-4B64-8EC4-33C3E4253F06", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2:*:*:*:*:*:*", "matchCriteriaId": "5AA37837-3083-4DC7-94F4-54FD5D7CB53C", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*", "matchCriteriaId": "01EDA41C-6B2E-49AF-B503-EB3882265C11", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*", "matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." }, { "lang": "es", "value": "M\u00faltiples vulnerabilidades sin especificar en el motor de navegaci\u00f3n en Mozilla Firefox anterior a 18.0, Firefox ESR 10.x anterior a 10.0.12 y 17.x anterior a 17.0.2, Thunderbird anterior a 17.0.2, Thunderbird ESR 10.x anterior a 10.0.12 y 17.x anterior a 17.0.2, y SeaMonkey anterior a 2.15, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria y ca\u00edda de aplicaci\u00f3n) o posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores desconocidos." } ], "id": "CVE-2013-0749", "lastModified": "2024-11-21T01:48:07.540", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2013-01-13T20:55:01.667", "references": [ { "source": "security@mozilla.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html" }, { "source": "security@mozilla.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html" }, { "source": "security@mozilla.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html" }, { "source": "security@mozilla.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html" }, { "source": "security@mozilla.org", "tags": [ "Vendor Advisory" ], "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-01.html" }, { "source": "security@mozilla.org", "tags": [ "Broken Link" ], "url": "http://www.palemoon.org/releasenotes-ng.shtml" }, { "source": "security@mozilla.org", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-1681-1" }, { "source": "security@mozilla.org", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-1681-2" }, { "source": "security@mozilla.org", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-1681-4" }, { "source": "security@mozilla.org", "tags": [ "Issue Tracking", "Patch", "Vendor Advisory" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=785358" }, { "source": "security@mozilla.org", "tags": [ "Issue Tracking", "Patch", "Vendor Advisory" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=794426" }, { "source": "security@mozilla.org", "tags": [ "Exploit", "Issue Tracking", "Vendor Advisory" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=805745" }, { "source": "security@mozilla.org", "tags": [ "Exploit", "Issue Tracking", "Vendor Advisory" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=805814" }, { "source": "security@mozilla.org", "tags": [ "Issue Tracking", "Patch", "Vendor Advisory" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808481" }, { "source": "security@mozilla.org", "tags": [ "Issue Tracking", "Vendor Advisory" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=812847" }, { "source": "security@mozilla.org", "tags": [ "Issue Tracking", "Vendor Advisory" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=814407" }, { "source": "security@mozilla.org", "tags": [ "Issue Tracking", "Vendor Advisory" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=814839" }, { "source": "security@mozilla.org", "tags": [ "Issue Tracking", "Vendor Advisory" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=816994" }, { "source": "security@mozilla.org", "tags": [ "Third Party Advisory" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16953" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-01.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.palemoon.org/releasenotes-ng.shtml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-1681-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-1681-2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-1681-4" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Patch", "Vendor Advisory" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=785358" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Patch", "Vendor Advisory" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=794426" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Issue Tracking", "Vendor Advisory" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=805745" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Issue Tracking", "Vendor Advisory" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=805814" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Patch", "Vendor Advisory" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808481" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Vendor Advisory" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=812847" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Vendor Advisory" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=814407" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Vendor Advisory" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=814839" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Vendor Advisory" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=816994" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16953" } ], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2010-06-10 00:30
Modified
2024-11-21 01:12
Severity ?
Summary
OpenOffice.org 2.x and 3.0 before 3.2.1 allows user-assisted remote attackers to bypass Python macro security restrictions and execute arbitrary Python code via a crafted OpenDocument Text (ODT) file that triggers code execution when the macro directory structure is previewed.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
canonical | ubuntu_linux | 8.04 | |
canonical | ubuntu_linux | 9.04 | |
canonical | ubuntu_linux | 9.10 | |
canonical | ubuntu_linux | 10.04 | |
debian | debian_linux | 5.0 | |
debian | debian_linux | 6.0 | |
fedoraproject | fedora | 11 | |
fedoraproject | fedora | 12 | |
fedoraproject | fedora | 13 | |
opensuse | opensuse | 11.0 | |
opensuse | opensuse | 11.1 | |
opensuse | opensuse | 11.2 | |
suse | linux_enterprise_desktop | 10 | |
suse | linux_enterprise_desktop | 11 | |
apache | openoffice | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*", "matchCriteriaId": "7EBFE35C-E243-43D1-883D-4398D71763CC", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*", "matchCriteriaId": "A5D026D0-EF78-438D-BEDD-FC8571F3ACEB", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*", "matchCriteriaId": "A2BCB73E-27BB-4878-AD9C-90C4F20C25A0", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*", "matchCriteriaId": "01EDA41C-6B2E-49AF-B503-EB3882265C11", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*", "matchCriteriaId": "B3BB5EDB-520B-4DEF-B06E-65CA13152824", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*", "matchCriteriaId": "E44669D7-6C1E-4844-B78A-73E253A7CC17", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*", "matchCriteriaId": "A2D59BD0-43DE-4E58-A057-640AB98359A6", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "1B42AB65-443B-4655-BAEA-4EB4A43D9509", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*", "matchCriteriaId": "FBF7B6A8-3DF9-46EC-A90E-6EF68C39F883", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*", "matchCriteriaId": "A01C8B7E-EB19-40EA-B1D2-9AE5EA536C95", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp3:*:*:*:*:*:*", "matchCriteriaId": "1E496249-23A8-42FC-A109-634A54B5600F", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:-:*:*:*:*:*:*", "matchCriteriaId": "CC6C1408-671A-4436-A825-12170CFB5C9A", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:apache:openoffice:*:*:*:*:*:*:*:*", "matchCriteriaId": "7C58D20E-D9F0-4E58-A3C3-2E34C5629324", "versionEndExcluding": "3.2.1", "versionStartIncluding": "2.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "OpenOffice.org 2.x and 3.0 before 3.2.1 allows user-assisted remote attackers to bypass Python macro security restrictions and execute arbitrary Python code via a crafted OpenDocument Text (ODT) file that triggers code execution when the macro directory structure is previewed." }, { "lang": "es", "value": "OpenOffice.org v2.x y v3.0 anterior v3.2.1 permite a atacantes remotos asistidos por usuarios supera las restricciones macro de seguridad de Python y ejecutar c\u00f3digo Python de su elecci\u00f3n a trav\u00e9s de un fichero de texto OpenDocument manipulado lo cual ocasiona la ejecuci\u00f3n de c\u00f3digo cuando la estructura directorio macro es previsualizada." } ], "id": "CVE-2010-0395", "lastModified": "2024-11-21T01:12:07.833", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2010-06-10T00:30:07.317", "references": [ { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042468.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042529.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042534.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/40070" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/40084" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/40104" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/40107" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/41818" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/60799" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://ubuntu.com/usn/usn-949-1" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2010/dsa-2055" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:221" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.openoffice.org/security/cves/CVE-2010-0395.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0459.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html" }, { "source": "cve@mitre.org", "tags": [ "Broken Link", "Patch" ], "url": "http://www.vupen.com/english/advisories/2010/1350" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://www.vupen.com/english/advisories/2010/1353" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://www.vupen.com/english/advisories/2010/1366" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://www.vupen.com/english/advisories/2010/1369" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://www.vupen.com/english/advisories/2010/2905" }, { "source": "cve@mitre.org", "tags": [ "Issue Tracking", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=574119" }, { "source": "cve@mitre.org", "tags": [ "Tool Signature" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11091" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042468.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042529.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042534.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/40070" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/40084" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/40104" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/40107" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/41818" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/60799" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://ubuntu.com/usn/usn-949-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2010/dsa-2055" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:221" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.openoffice.org/security/cves/CVE-2010-0395.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0459.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Patch" ], "url": "http://www.vupen.com/english/advisories/2010/1350" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.vupen.com/english/advisories/2010/1353" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.vupen.com/english/advisories/2010/1366" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.vupen.com/english/advisories/2010/1369" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.vupen.com/english/advisories/2010/2905" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=574119" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Tool Signature" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11091" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2014-05-11 21:55
Modified
2024-11-21 02:04
Severity ?
Summary
The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device.
References