Vulnerabilites related to suse - linux_enterprise_server
Vulnerability from fkie_nvd
Published
2010-12-30 19:00
Modified
2024-11-21 01:19
Severity ?
Summary
The econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2, when an econet address is configured, allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a sendmsg call that specifies a NULL value for the remote address field.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
linux | linux_kernel | * | |
suse | linux_enterprise_desktop | 10 | |
suse | linux_enterprise_real_time_extension | 11 | |
suse | linux_enterprise_server | 9 | |
suse | linux_enterprise_server | 10 | |
suse | linux_enterprise_software_development_kit | 10 | |
debian | debian_linux | 5.0 | |
canonical | ubuntu_linux | 6.06 | |
canonical | ubuntu_linux | 8.04 | |
canonical | ubuntu_linux | 9.10 | |
canonical | ubuntu_linux | 10.04 | |
canonical | ubuntu_linux | 10.10 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "056295BE-D525-4749-887C-CDE2755A6FA6", "versionEndExcluding": "2.6.36.2", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp3:*:*:*:*:*:*", "matchCriteriaId": "1E496249-23A8-42FC-A109-634A54B5600F", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp1:*:*:*:*:*:*", "matchCriteriaId": "640FB29C-1A84-41E1-86DE-B542EA0EF153", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*", "matchCriteriaId": "4CD2D897-E321-4CED-92E0-11A98B52053C", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:*:*:*:*", "matchCriteriaId": "25CBACD3-AFB7-410D-927F-0C1FF477D396", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp3:*:*:*:*:*:*", "matchCriteriaId": "3DB8A616-865B-4E70-BA2E-BE5F0BA7A351", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*", "matchCriteriaId": "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*", "matchCriteriaId": "7EBFE35C-E243-43D1-883D-4398D71763CC", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*", "matchCriteriaId": "A2BCB73E-27BB-4878-AD9C-90C4F20C25A0", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*", "matchCriteriaId": "01EDA41C-6B2E-49AF-B503-EB3882265C11", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*", "matchCriteriaId": "87614B58-24AB-49FB-9C84-E8DDBA16353B", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2, when an econet address is configured, allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a sendmsg call that specifies a NULL value for the remote address field." }, { "lang": "es", "value": "La funci\u00f3n econet_sendmsg en net/econet/af_econet.c en el kernel de Linux anteriores a v2.6.36.2, cuando se configura una direcci\u00f3n econet, permite a usuarios locales causar una denegaci\u00f3n de servicio (desreferencia a puntero NULL y OOPS) a trav\u00e9s de una llamada sendmsg que especifica un valor NULL para el campo de direcci\u00f3n remota." } ], "id": "CVE-2010-3849", "lastModified": "2024-11-21T01:19:44.977", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.7, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0" }, "exploitabilityScore": 3.4, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2010-12-30T19:00:03.533", "references": [ { "source": "secalert@redhat.com", "tags": [ "Broken Link" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-12/0086.html" }, { "source": "secalert@redhat.com", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fa0e846494792e722d817b9d3d625a4ef4896c96" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00007.html" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "http://openwall.com/lists/oss-security/2010/11/30/1" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/43056" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/43291" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2010/dsa-2126" }, { "source": "secalert@redhat.com", "tags": [ "Broken Link" ], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:257" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-1023-1" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://www.vupen.com/english/advisories/2011/0213" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://www.vupen.com/english/advisories/2011/0298" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://www.vupen.com/english/advisories/2011/0375" }, { "source": "secalert@redhat.com", "tags": [ "Issue Tracking", "Patch", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=644156" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-12/0086.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fa0e846494792e722d817b9d3d625a4ef4896c96" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00007.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "http://openwall.com/lists/oss-security/2010/11/30/1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/43056" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/43291" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2010/dsa-2126" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:257" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-1023-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.vupen.com/english/advisories/2011/0213" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.vupen.com/english/advisories/2011/0298" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.vupen.com/english/advisories/2011/0375" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Patch", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=644156" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-476" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2021-05-05 10:15
Modified
2024-11-21 05:54
Severity ?
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Summary
A Incorrect Default Permissions vulnerability in the packaging of cups of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Leap 15.2, Factory allows local attackers with control of the lp users to create files as root with 0644 permissions without the ability to set the content. This issue affects: SUSE Linux Enterprise Server 11-SP4-LTSS cups versions prior to 1.3.9. SUSE Manager Server 4.0 cups versions prior to 2.2.7. SUSE OpenStack Cloud Crowbar 9 cups versions prior to 1.7.5. openSUSE Leap 15.2 cups versions prior to 2.2.7. openSUSE Factory cups version 2.3.3op2-2.1 and prior versions.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
suse | cups | * | |
suse | linux_enterprise_server | 11 | |
fedoraproject | fedora | 32 | |
fedoraproject | fedora | 33 | |
fedoraproject | fedora | 34 | |
suse | cups | * | |
suse | manager_server | 4.0 | |
suse | cups | * | |
suse | openstack_cloud_crowbar | 9.0 | |
suse | cups | * | |
opensuse | leap | 15.2 | |
suse | cups | * | |
opensuse | factory | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:suse:cups:*:*:*:*:*:*:*:*", "matchCriteriaId": "BBA9434A-422D-4A29-BEEE-F22A4F0A009D", "versionEndExcluding": "1.3.9", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:ltss:*:*:*", "matchCriteriaId": "7B84C8D3-0B59-40DC-881D-D016A422E8CC", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:suse:cups:*:*:*:*:*:*:*:*", "matchCriteriaId": "90FDBEA0-97A9-49D1-B8EB-30E71C762103", "versionEndExcluding": "2.2.7", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:suse:manager_server:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "51136B38-5715-49B3-BD8D-91F90632247D", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:suse:cups:*:*:*:*:*:*:*:*", "matchCriteriaId": "CE74AE32-F7BA-41B3-92FD-B2F5C24C1089", "versionEndExcluding": "1.7.5", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:suse:openstack_cloud_crowbar:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "B631400C-0A5A-45A3-9DFA-B419E83D324E", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:suse:cups:*:*:*:*:*:*:*:*", "matchCriteriaId": "90FDBEA0-97A9-49D1-B8EB-30E71C762103", "versionEndExcluding": "2.2.7", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", "matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:suse:cups:*:*:*:*:*:*:*:*", "matchCriteriaId": "87BA20B7-2A6B-48A5-80D0-FC5CA3E9A54B", "versionEndIncluding": "2.3.3op2-2.1", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:opensuse:factory:-:*:*:*:*:*:*:*", "matchCriteriaId": "E29492E1-43D8-43BF-94E3-26A762A66FAA", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A Incorrect Default Permissions vulnerability in the packaging of cups of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Leap 15.2, Factory allows local attackers with control of the lp users to create files as root with 0644 permissions without the ability to set the content. This issue affects: SUSE Linux Enterprise Server 11-SP4-LTSS cups versions prior to 1.3.9. SUSE Manager Server 4.0 cups versions prior to 2.2.7. SUSE OpenStack Cloud Crowbar 9 cups versions prior to 1.7.5. openSUSE Leap 15.2 cups versions prior to 2.2.7. openSUSE Factory cups version 2.3.3op2-2.1 and prior versions." }, { "lang": "es", "value": "Una vulnerabilidad de Permisos Predeterminados Incorrectos en el paquete de cups de SUSE Linux Enterprise Server versi\u00f3n 11-SP4-LTSS, SUSE Manager Server versi\u00f3n 4.0, SUSE OpenStack Cloud Crowbar versi\u00f3n 9;\u0026#xa0;openSUSE Leap versi\u00f3n 15.2, Factory permite a atacantes locales con control de los usuarios lp crear archivos como root con permisos 0644 sin la capacidad de configurar el contenido.\u0026#xa0;Este problema afecta a: cups de SUSE Linux Enterprise Server 11-SP4-LTSS versiones anteriores a 1.3.9.\u0026#xa0;cups de Versiones de SUSE Manager Server 4.0 versiones anteriores a 2.2.7.\u0026#xa0;cups de SUSE OpenStack Cloud Crowbar 9 versiones anteriores a 1.7.5.\u0026#xa0;cups de openSUSE Leap 15.2 versiones anteriores a 2.2.7.\u0026#xa0;cups de openSUSE Factory versi\u00f3n 2.3.3op2-2.1 y versiones anteriores" } ], "id": "CVE-2021-25317", "lastModified": "2024-11-21T05:54:44.187", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "meissner@suse.de", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2021-05-05T10:15:08.133", "references": [ { "source": "meissner@suse.de", "tags": [ "Issue Tracking", "Vendor Advisory" ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1184161" }, { "source": "meissner@suse.de", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GWPGZLT3U776Q5YPPSA6LGFWWBDWBVH3/" }, { "source": "meissner@suse.de", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H74BP746O5NNVCBUTLLZYAFBPESFVECV/" }, { "source": "meissner@suse.de", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S37IDQGHTORQ3Z6VRDQIGBYVOI27YG47/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Vendor Advisory" ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1184161" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GWPGZLT3U776Q5YPPSA6LGFWWBDWBVH3/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H74BP746O5NNVCBUTLLZYAFBPESFVECV/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S37IDQGHTORQ3Z6VRDQIGBYVOI27YG47/" } ], "sourceIdentifier": "meissner@suse.de", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-276" } ], "source": "meissner@suse.de", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2014-03-19 10:55
Modified
2024-11-21 02:04
Severity ?
Summary
The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not properly validate a certain key type, which allows remote attackers to cause a denial of service (application crash) via vectors that trigger generation of a key that supports the Elliptic Curve ec-dual-use algorithm.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
suse | linux_enterprise_desktop | 11 | |
suse | linux_enterprise_server | 11 | |
suse | linux_enterprise_server | 11 | |
suse | linux_enterprise_software_development_kit | 11 | |
oracle | solaris | 11.3 | |
opensuse | opensuse | 13.1 | |
opensuse_project | opensuse | 11.4 | |
opensuse_project | opensuse | 12.3 | |
mozilla | seamonkey | * | |
mozilla | firefox | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*", "matchCriteriaId": "3ED68ADD-BBDA-4485-BC76-58F011D72311", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:*:*:*", "matchCriteriaId": "8B072472-B463-4647-885D-E40B0115C810", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*", "matchCriteriaId": "2470C6E8-2024-4CF5-9982-CFF50E88EAE9", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*", "matchCriteriaId": "2F7F8866-DEAD-44D1-AB10-21EE611AA026", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse_project:opensuse:11.4:*:*:*:*:*:*:*", "matchCriteriaId": "EE8EFFB8-9411-4826-9BFC-A06BA042FC30", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse_project:opensuse:12.3:*:*:*:*:*:*:*", "matchCriteriaId": "1B91DE6A-D759-4B2C-982B-AF036B43798D", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*", "matchCriteriaId": "097F1C3A-4546-43F3-8CC2-50F8AF05B791", "versionEndExcluding": "2.25", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "422EC5FE-DA03-4C14-ADED-D6212BE074D5", "versionEndExcluding": "28.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not properly validate a certain key type, which allows remote attackers to cause a denial of service (application crash) via vectors that trigger generation of a key that supports the Elliptic Curve ec-dual-use algorithm." }, { "lang": "es", "value": "El m\u00e9todo crypto.generateCRMFRequest en Mozilla Firefox anterior a 28.0 y SeaMonkey anterior a 2.25 no valida debidamente cierto tipo de clave, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de vectores que provocan la generaci\u00f3n de una clave que soporta el algoritmo Elliptic Curve ec-dual-use." } ], "id": "CVE-2014-1498", "lastModified": "2024-11-21T02:04:24.647", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2014-03-19T10:55:06.350", "references": [ { "source": "security@mozilla.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html" }, { "source": "security@mozilla.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" }, { "source": "security@mozilla.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html" }, { "source": "security@mozilla.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00016.html" }, { "source": "security@mozilla.org", "tags": [ "Vendor Advisory" ], "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-18.html" }, { "source": "security@mozilla.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "source": "security@mozilla.org", "tags": [ "Issue Tracking", "Vendor Advisory" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=935618" }, { "source": "security@mozilla.org", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201504-01" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00016.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-18.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Vendor Advisory" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=935618" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201504-01" } ], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-347" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2023-02-15 10:15
Modified
2024-11-21 07:28
Severity ?
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An Incorrect Default Permissions vulnerability in saphanabootstrap-formula of SUSE Linux Enterprise Module for SAP Applications 15-SP1, SUSE Linux Enterprise Server for SAP 12-SP5; openSUSE Leap 15.4 allows local attackers to escalate to root by manipulating the sudo configuration that is created. This issue affects: SUSE Linux Enterprise Module for SAP Applications 15-SP1 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. SUSE Linux Enterprise Server for SAP 12-SP5 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. openSUSE Leap 15.4 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e.
References
▼ | URL | Tags | |
---|---|---|---|
meissner@suse.de | https://bugzilla.suse.com/show_bug.cgi?id=1205990 | Exploit, Issue Tracking | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.suse.com/show_bug.cgi?id=1205990 | Exploit, Issue Tracking |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
suse | linux_enterprise_module_for_sap_applications | 15 | |
opensuse | leap | 15.4 | |
suse | linux_enterprise_server | 12 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:suse:linux_enterprise_module_for_sap_applications:15:sp1:*:*:*:*:*:*", "matchCriteriaId": "B1D4273D-67F7-4E62-8EF6-6C7F832269D9", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse:leap:15.4:*:*:*:*:*:*:*", "matchCriteriaId": "BE80EB04-7F9D-4C0B-85DB-4A13DEACB5E4", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp5:*:*:*:sap:*:*", "matchCriteriaId": "471E110C-10CC-4C36-BDE1-BBB27EF5C6EA", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "An Incorrect Default Permissions vulnerability in saphanabootstrap-formula of SUSE Linux Enterprise Module for SAP Applications 15-SP1, SUSE Linux Enterprise Server for SAP 12-SP5; openSUSE Leap 15.4 allows local attackers to escalate to root by manipulating the sudo configuration that is created. This issue affects: SUSE Linux Enterprise Module for SAP Applications 15-SP1 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. SUSE Linux Enterprise Server for SAP 12-SP5 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. openSUSE Leap 15.4 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e." }, { "lang": "es", "value": "Una vulnerabilidad de permisos predeterminados incorrectos en la f\u00f3rmula saphanabootstrap del m\u00f3dulo SUSE Linux Enterprise para aplicaciones SAP 15-SP1, SUSE Linux Enterprise Server para SAP 12-SP5; openSUSE Leap 15.4 permite a atacantes locales escalar a root manipulando la configuraci\u00f3n sudo que se crea. Este problema afecta: SUSE Linux Enterprise Module para aplicaciones SAP 15-SP1 versiones de f\u00f3rmula saphanabootstrap anteriores a 0.13.1+git.1667812208.4db963e. SUSE Linux Enterprise Server para versiones de f\u00f3rmula saphanabootstrap de SAP 12-SP5 anteriores a 0.13.1+git.1667812208.4db963e. openSUSE Leap 15.4 versiones de f\u00f3rmula saphanabootstrap anteriores a 0.13.1+git.1667812208.4db963e." } ], "id": "CVE-2022-45153", "lastModified": "2024-11-21T07:28:51.710", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "meissner@suse.de", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-02-15T10:15:16.970", "references": [ { "source": "meissner@suse.de", "tags": [ "Exploit", "Issue Tracking" ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1205990" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Issue Tracking" ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1205990" } ], "sourceIdentifier": "meissner@suse.de", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-276" } ], "source": "meissner@suse.de", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2013-07-23 11:03
Modified
2024-11-21 01:54
Severity ?
Summary
XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Java SE Embedded 7u40 and earlier, and possibly other products allows remote attackers to cause a denial of service via vectors related to XML attribute names.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:java:5.0.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "03D3F84F-3F6E-4DF1-B162-152293D951EA", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:java:5.0.11.0:*:*:*:*:*:*:*", "matchCriteriaId": "A18121C3-F3F1-4EC7-A64E-3F6A0C9788C8", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:java:5.0.11.1:*:*:*:*:*:*:*", "matchCriteriaId": "BAD59912-7325-4AE1-ACCF-D4F804AF3947", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:java:5.0.11.2:*:*:*:*:*:*:*", "matchCriteriaId": "62783157-E3B6-4A23-8D2F-1FBD0762E9A0", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:java:5.0.12.0:*:*:*:*:*:*:*", "matchCriteriaId": "14CC0D53-8AB8-4D44-82BB-0E6A974C36AB", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:java:5.0.12.1:*:*:*:*:*:*:*", "matchCriteriaId": "91A3129F-17A6-4F32-BD5D-34E4A1D1A840", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:java:5.0.12.2:*:*:*:*:*:*:*", "matchCriteriaId": "E2845FF4-2620-4B8D-96CF-CC26B3DEA3C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:java:5.0.12.3:*:*:*:*:*:*:*", "matchCriteriaId": "CC7CD279-54B6-4F6B-AE14-299FB319C690", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:java:5.0.12.4:*:*:*:*:*:*:*", "matchCriteriaId": "0EA269CA-4676-4008-89EF-20FAB89886A1", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:java:5.0.12.5:*:*:*:*:*:*:*", "matchCriteriaId": "D22105B6-1378-4E1C-B28A-FCAE00A2D5CF", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:java:5.0.13.0:*:*:*:*:*:*:*", "matchCriteriaId": "601762D3-1188-4945-931D-EB8DAC2847A1", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:java:5.0.14.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA4A30A6-498C-46B8-8EFC-45EB13354EAF", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:java:5.0.15.0:*:*:*:*:*:*:*", "matchCriteriaId": "414CC00A-C797-4C34-8709-75DC061DCDE1", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:java:5.0.16.0:*:*:*:*:*:*:*", "matchCriteriaId": "4401B967-0550-44F1-8753-9632120D2A44", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:java:5.0.16.1:*:*:*:*:*:*:*", "matchCriteriaId": "4961693D-F56C-46CD-B721-6A15E2837C17", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:java:5.0.16.2:*:*:*:*:*:*:*", "matchCriteriaId": "AA4FBB66-CF6A-42D2-B122-1861F4139E75", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:java:6.0.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "14AD4A87-382A-41F0-96D8-0F0A9B738773", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:java:6.0.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "33701DDF-6882-41D3-A11B-A1F4585A77A7", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:java:6.0.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "25C58BBA-06AC-40CD-A906-FD1B3B0AAB69", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:java:6.0.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "76C5B430-EE11-4674-B4B0-895D66E3B32F", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:java:6.0.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "B1837D84-6B4F-40D8-9A3F-71C328F659BA", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:java:6.0.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "D20A369B-2168-4883-A84C-BB48A71AFB33", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:java:6.0.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "3628AAB4-E524-46E5-AAF4-1980256F13CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:java:6.0.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "30DC9FE3-CDE9-4F83-989B-4E431BA18B56", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:java:6.0.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C17B1C6B-04CE-49FB-B9BD-98ECD626B26F", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:java:6.0.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "81F529EB-2BCA-4E3E-93E4-2A9880CDA367", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:java:6.0.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "8DEAC3D6-F9F8-4F82-9BF1-FF0EC07A3274", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:java:6.0.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "7694638C-CDAC-44DF-B9F9-F7237CD98017", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:java:6.0.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "23903A3C-1760-4836-BAE6-BDD32CBB4CBD", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:java:6.0.10.0:*:*:*:*:*:*:*", "matchCriteriaId": "2477E033-D26B-4D71-839B-5FE4B0927559", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:java:6.0.10.1:*:*:*:*:*:*:*", "matchCriteriaId": "B1CAB7BF-265E-411D-A584-E78DE171F065", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:java:6.0.11.0:*:*:*:*:*:*:*", "matchCriteriaId": "4E45F670-232F-4CE5-8926-6463E5619506", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:java:6.0.12.0:*:*:*:*:*:*:*", "matchCriteriaId": "5B70E6E3-15B3-4D48-AE49-B9184A58EECE", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:java:6.0.13.0:*:*:*:*:*:*:*", "matchCriteriaId": "D5BCE3FD-B89B-4141-8103-9DB941AD60D0", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:java:6.0.13.1:*:*:*:*:*:*:*", "matchCriteriaId": "8EADFB3B-738F-4919-B165-9ECEED46EA6C", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:java:6.0.13.2:*:*:*:*:*:*:*", "matchCriteriaId": "B23A5431-E599-4848-AB83-B299898F5EF0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:java:7.0.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "9A8BF650-B8F5-467E-8DBF-81788B55F345", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:java:7.0.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "1752A831-916F-4A7D-8AAE-1CEFACC51F91", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:java:7.0.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "0C9744C4-76BE-428B-AFF2-5BCE00A58322", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:java:7.0.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "48B1DE45-90F9-416B-9087-8AEF5B0A3C46", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:java:7.0.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "9EF6A045-0DF6-463B-A0DB-6C31D8C2984C", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:java:7.0.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "A731493C-9B46-4105-9902-B15BA0E0FB11", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:java:7.0.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "49454369-A494-4EAA-88D5-181570DEBB4A", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:jdk:1.5.0:update51:*:*:*:*:*:*", "matchCriteriaId": "04C71221-E477-4DF8-B10A-3AC64511E4EE", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update60:*:*:*:*:*:*", "matchCriteriaId": "FF7DE0E6-F329-417B-8035-B4EBF9C97483", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update40:*:*:*:*:*:*", "matchCriteriaId": "220536FA-695D-4DE8-9813-494E3D061B78", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.5.0:update51:*:*:*:*:*:*", "matchCriteriaId": "ACB55CC5-0EC7-44B2-B5A9-A5B1EE584791", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update60:*:*:*:*:*:*", "matchCriteriaId": "4F6B5E73-6751-475A-B9BF-3414D3476208", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update40:*:*:*:*:*:*", "matchCriteriaId": "7CB654DC-1D3D-4475-8815-335AC573F54C", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jrockit:*:*:*:*:*:*:*:*", "matchCriteriaId": "DF26274E-5364-4FC1-9603-A78C365596DB", "versionEndIncluding": "r27.7.6", "versionStartIncluding": "r27.7.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jrockit:*:*:*:*:*:*:*:*", "matchCriteriaId": "583E7A18-48C5-4AEE-A9C1-239D678E275A", "versionEndIncluding": "r28.2.8", "versionStartIncluding": "r28.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:sterling_b2b_integrator:5.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "CF65201D-8980-450A-A542-3B5473A6F374", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:host_on-demand:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "E51D5AEF-B3D4-4782-9988-BC1DB3F3F296", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:host_on-demand:11.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "E179FC2F-C700-4998-9D7A-3B945874CAC1", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:host_on-demand:11.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "2341D5E7-15CD-4C8F-ABE8-AA915BFA2804", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:host_on-demand:11.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "474DC3BA-27F2-452A-85AD-BCC476EDD35B", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:host_on-demand:11.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "997CA07C-EBB7-4D7F-AF23-A161817BF4A9", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:host_on-demand:11.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "5BFE87FC-7B77-4840-8185-1707CB37323B", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:host_on-demand:11.0.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "C77DD8B3-A227-4350-8699-FEC822119393", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:host_on-demand:11.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "1FA56704-18EB-4F3B-A36F-BCEF67B07C0F", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:host_on-demand:11.0.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "420CC5FF-0300-4FA7-AB53-78C1A0B83C11", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:host_on-demand:11.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "B7132A0E-C2A1-403E-9516-A6911563D7B9", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:host_on-demand:11.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "F32CA797-ED68-426E-9370-E16C90075E01", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "BB2F6EF3-721A-43AB-AAFD-BE3EEDB0AA61", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89", "vulnerable": false }, { "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false }, { "criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*", "matchCriteriaId": "F5027746-8216-452D-83C5-2F8E9546F2A5", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:sterling_b2b_integrator:5.1:*:*:*:*:*:*:*", "matchCriteriaId": "40363692-5283-4D0C-BAE1-C049C02A0294", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:sterling_b2b_integrator:5.2:*:*:*:*:*:*:*", "matchCriteriaId": "F805BA3A-178D-416E-9DED-4258F71A17C8", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:sterling_file_gateway:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "9A40AC14-AC2B-4A0D-A9CC-3A00B48D8975", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:sterling_file_gateway:2.2:*:*:*:*:*:*:*", "matchCriteriaId": "1554D69E-D68E-46CA-B1F7-C24CAABF58E8", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*", "matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C", "vulnerable": false }, { "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89", "vulnerable": false }, { "criteria": "cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:*", "matchCriteriaId": "C684FC45-C9BA-4EF0-BD06-BB289450DD21", "vulnerable": false }, { "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false }, { "criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*", "matchCriteriaId": "F5027746-8216-452D-83C5-2F8E9546F2A5", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*", "matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:-:*:*:*", "matchCriteriaId": "4339DE06-19FB-4B8E-B6AE-3495F605AD05", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*", "matchCriteriaId": "3ED68ADD-BBDA-4485-BC76-58F011D72311", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_java:10:sp4:*:*:*:*:*:*", "matchCriteriaId": "3CF5C5B9-2CB9-4CD8-B94F-A674ED909CC3", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_java:11:sp2:*:*:*:*:*:*", "matchCriteriaId": "252CF7A7-3FEB-4503-AEE8-B67139C5B0D5", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_java:11:sp3:*:*:*:*:*:*", "matchCriteriaId": "79D7DBBA-6849-45F7-AFEF-C765569C481A", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_sdk:11:sp2:*:*:*:*:*:*", "matchCriteriaId": "2C634990-2690-4E3B-B21F-6687A6A34644", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_sdk:11:sp3:*:*:*:*:*:*", "matchCriteriaId": "73B7BC23-6CCA-41B2-8F61-EDB95F1AFB1D", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*", "matchCriteriaId": "4CD2D897-E321-4CED-92E0-11A98B52053C", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:ltss:*:*:*", "matchCriteriaId": "CED02712-1031-4206-AC4D-E68710F46EC9", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:-:*:*:*", "matchCriteriaId": "D1D7B467-58DD-45F1-9F1F-632620DF072A", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*", "matchCriteriaId": "88D6E858-FD8F-4C55-B7D5-CEEDA2BBA898", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*", "matchCriteriaId": "DB4D6749-81A1-41D7-BF4F-1C45A7F49A22", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*", "matchCriteriaId": "E534C201-BCC5-473C-AAA7-AAB97CEB5437", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*", "matchCriteriaId": "2470C6E8-2024-4CF5-9982-CFF50E88EAE9", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*", "matchCriteriaId": "01EDA41C-6B2E-49AF-B503-EB3882265C11", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*", "matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*", "matchCriteriaId": "EFAA48D9-BEB4-4E49-AD50-325C262D46D9", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*", "matchCriteriaId": "7F61F047-129C-41A6-8A27-FFCBB8563E91", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:apache:xerces2_java:*:*:*:*:*:*:*:*", "matchCriteriaId": "8CFD62E4-794A-43C0-8C65-A44D970D1569", "versionEndExcluding": "2.12.0", "versionStartIncluding": "2.4.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Java SE Embedded 7u40 and earlier, and possibly other products allows remote attackers to cause a denial of service via vectors related to XML attribute names." }, { "lang": "es", "value": "XMLscanner.java en Apache Xerces2 Java Parser, en versiones anteriores a la 2.12.0, tal y como se emple\u00f3 en Java Runtime Environment (JRE) en IBM Java, en versiones 5.0 anteriores a la 5.0 SR16-FP3, 6 anteriores a la 6 SR14, 6.0.1 anteriores a la 6.0.1 SR6 y 7 anteriores a la 7 SR5, as\u00ed como en Oracle Java SE 7u40 y anteriores, Java SE 6u60 y anteriores, Java SE 5.0u51 y anteriores, JRockit R28.2.8 y anteriores, JRockit R27.7.6 y anteriores, Java SE Embedded 7u40 y anteriores y, posiblemente, otros productos, permite que los atacantes remotos realicen una denegaci\u00f3n de servicio (DoS) mediante vectores relacionados con los nombres de atributo XML." } ], "id": "CVE-2013-4002", "lastModified": "2024-11-21T01:54:41.567", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2013-07-23T11:03:19.790", "references": [ { "source": "psirt@us.ibm.com", "tags": [ "Broken Link", "Mailing List" ], "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.html" }, { "source": "psirt@us.ibm.com", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html" }, { "source": "psirt@us.ibm.com", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html" }, { "source": "psirt@us.ibm.com", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html" }, { "source": "psirt@us.ibm.com", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html" }, { "source": "psirt@us.ibm.com", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html" }, { "source": "psirt@us.ibm.com", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html" }, { "source": "psirt@us.ibm.com", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00010.html" }, { "source": "psirt@us.ibm.com", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00023.html" }, { "source": "psirt@us.ibm.com", "tags": [ "Issue Tracking", "Mailing List", "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=138674031212883\u0026w=2" }, { "source": "psirt@us.ibm.com", "tags": [ "Issue Tracking", "Mailing List", "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=138674073720143\u0026w=2" }, { "source": "psirt@us.ibm.com", "tags": [ "Broken Link" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1059.html" }, { "source": "psirt@us.ibm.com", "tags": [ "Broken Link" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1060.html" }, { "source": "psirt@us.ibm.com", "tags": [ "Broken Link" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1081.html" }, { "source": "psirt@us.ibm.com", "tags": [ "Broken Link" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1440.html" }, { "source": "psirt@us.ibm.com", "tags": [ "Broken Link" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1447.html" }, { "source": "psirt@us.ibm.com", "tags": [ "Broken Link" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1451.html" }, { "source": "psirt@us.ibm.com", "tags": [ "Broken Link" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1505.html" }, { "source": "psirt@us.ibm.com", "tags": [ "Broken Link" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1818.html" }, { "source": "psirt@us.ibm.com", "tags": [ "Broken Link" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1821.html" }, { "source": "psirt@us.ibm.com", "tags": [ "Broken Link" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1822.html" }, { "source": "psirt@us.ibm.com", "tags": [ "Broken Link" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1823.html" }, { "source": "psirt@us.ibm.com", "tags": [ "Broken Link" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html" }, { "source": "psirt@us.ibm.com", "tags": [ "Broken Link" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html" }, { "source": "psirt@us.ibm.com", "tags": [ "Broken Link" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html" }, { "source": "psirt@us.ibm.com", "tags": [ "Broken Link" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0773.html" }, { "source": "psirt@us.ibm.com", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/56257" }, { "source": "psirt@us.ibm.com", "tags": [ "Third Party Advisory" ], "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" }, { "source": "psirt@us.ibm.com", "tags": [ "Third Party Advisory" ], "url": "http://support.apple.com/kb/HT5982" }, { "source": "psirt@us.ibm.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=965250\u0026r2=1499506\u0026view=patch" }, { "source": "psirt@us.ibm.com", "tags": [ "Vendor Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC98015" }, { "source": "psirt@us.ibm.com", "tags": [ "Vendor Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644197" }, { "source": "psirt@us.ibm.com", "tags": [ "Vendor Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21653371" }, { "source": "psirt@us.ibm.com", "tags": [ "Vendor Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21657539" }, { "source": "psirt@us.ibm.com", "tags": [ "Third Party Advisory" ], "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html" }, { "source": "psirt@us.ibm.com", "tags": [ "Vendor Advisory" ], "url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_filenet_content_manager_and_ibm_content_foundation_xml_4j_denial_of_service_attack_cve_2013_4002" }, { "source": "psirt@us.ibm.com", "tags": [ "Vendor Advisory" ], "url": "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_July_2013" }, { "source": "psirt@us.ibm.com", "tags": [ "Broken Link" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg21648172" }, { "source": "psirt@us.ibm.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/61310" }, { "source": "psirt@us.ibm.com", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2033-1" }, { "source": "psirt@us.ibm.com", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2089-1" }, { "source": "psirt@us.ibm.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2014:0414" }, { "source": "psirt@us.ibm.com", "tags": [ "VDB Entry", "Vendor Advisory" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85260" }, { "source": "psirt@us.ibm.com", "tags": [ "Issue Tracking", "Vendor Advisory" ], "url": "https://issues.apache.org/jira/browse/XERCESJ-1679" }, { "source": "psirt@us.ibm.com", "url": "https://lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73%40%3Cj-users.xerces.apache.org%3E" }, { "source": "psirt@us.ibm.com", "url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E" }, { "source": "psirt@us.ibm.com", "url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E" }, { "source": "psirt@us.ibm.com", "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "source": "psirt@us.ibm.com", "tags": [ "Third Party Advisory" ], "url": "https://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Mailing List" ], "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00010.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00023.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Mailing List", "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=138674031212883\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Mailing List", "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=138674073720143\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1059.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1060.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1081.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1440.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1447.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1451.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1505.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1818.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1821.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1822.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1823.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0773.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/56257" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://support.apple.com/kb/HT5982" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=965250\u0026r2=1499506\u0026view=patch" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC98015" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644197" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21653371" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21657539" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_filenet_content_manager_and_ibm_content_foundation_xml_4j_denial_of_service_attack_cve_2013_4002" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_July_2013" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg21648172" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/61310" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2033-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2089-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2014:0414" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "VDB Entry", "Vendor Advisory" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85260" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Vendor Advisory" ], "url": "https://issues.apache.org/jira/browse/XERCESJ-1679" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73%40%3Cj-users.xerces.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html" } ], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2014-02-28 06:18
Modified
2024-11-21 02:05
Severity ?
Summary
The security_context_to_sid_core function in security/selinux/ss/services.c in the Linux kernel before 3.13.4 allows local users to cause a denial of service (system crash) by leveraging the CAP_MAC_ADMIN capability to set a zero-length security context.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
linux | linux_kernel | * | |
suse | linux_enterprise_server | 10 | |
canonical | ubuntu_linux | 10.04 | |
canonical | ubuntu_linux | 12.04 | |
canonical | ubuntu_linux | 12.10 | |
canonical | ubuntu_linux | 13.10 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C5D0B9E7-C5EF-4C15-BD87-FA13FD781E06", "versionEndExcluding": "3.13.4", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:ltss:*:*:*", "matchCriteriaId": "35BBD83D-BDC7-4678-BE94-639F59281139", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*", "matchCriteriaId": "01EDA41C-6B2E-49AF-B503-EB3882265C11", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*", "matchCriteriaId": "7F61F047-129C-41A6-8A27-FFCBB8563E91", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The security_context_to_sid_core function in security/selinux/ss/services.c in the Linux kernel before 3.13.4 allows local users to cause a denial of service (system crash) by leveraging the CAP_MAC_ADMIN capability to set a zero-length security context." }, { "lang": "es", "value": "La funci\u00f3n security_context_to_sid_core en security/selinux/ss/services.c en el kernel de Linux anterior a 3.13.4 permite a usuarios locales causar una denegaci\u00f3n de servicio (ca\u00edda del sistema) mediante el aprovechamiento de la funcionalidad CAP_MAC_ADMIN para configurar un contexto de seguridad de longitud cero." } ], "id": "CVE-2014-1874", "lastModified": "2024-11-21T02:05:11.030", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2014-02-28T06:18:54.587", "references": [ { "source": "secalert@redhat.com", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2172fa709ab32ca60e86179dc67d0857be8e2c98" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://linux.oracle.com/errata/ELSA-2014-0771.html" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://linux.oracle.com/errata/ELSA-2014-3043.html" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/59262" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/59309" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/59406" }, { "source": "secalert@redhat.com", "tags": [ "Release Notes", "Vendor Advisory" ], "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.4" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2014/02/07/2" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/65459" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2128-1" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2129-1" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2133-1" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2134-1" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2135-1" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2136-1" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2137-1" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2138-1" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2139-1" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2140-1" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2141-1" }, { "source": "secalert@redhat.com", "tags": [ "Issue Tracking", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1062356" }, { "source": "secalert@redhat.com", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/torvalds/linux/commit/2172fa709ab32ca60e86179dc67d0857be8e2c98" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2172fa709ab32ca60e86179dc67d0857be8e2c98" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://linux.oracle.com/errata/ELSA-2014-0771.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://linux.oracle.com/errata/ELSA-2014-3043.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/59262" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/59309" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/59406" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Release Notes", "Vendor Advisory" ], "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.4" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2014/02/07/2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/65459" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2128-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2129-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2133-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2134-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2135-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2136-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2137-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2138-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2139-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2140-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2141-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1062356" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/torvalds/linux/commit/2172fa709ab32ca60e86179dc67d0857be8e2c98" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-20" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2014-10-15 22:55
Modified
2024-11-21 02:14
Severity ?
Summary
Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB FULLTEXT SEARCH DML.
References
▼ | URL | Tags | |
---|---|---|---|
secalert_us@oracle.com | http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | Mailing List, Third Party Advisory | |
secalert_us@oracle.com | http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | Patch, Vendor Advisory | |
secalert_us@oracle.com | http://www.securityfocus.com/bid/70511 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/70511 | Third Party Advisory, VDB Entry |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
oracle | mysql | * | |
suse | linux_enterprise_desktop | 12 | |
suse | linux_enterprise_server | 12 | |
suse | linux_enterprise_software_development_kit | 12 | |
suse | linux_enterprise_workstation_extension | 12 | |
mariadb | mariadb | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*", "matchCriteriaId": "A1A7C5B0-7426-48BB-B5BD-F423663A0786", "versionEndIncluding": "5.6.19", "versionStartIncluding": "5.6.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*", "matchCriteriaId": "D2DF4815-B8CB-4AD3-B91D-2E09A8E318E9", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*", "matchCriteriaId": "15FC9014-BD85-4382-9D04-C0703E901D7A", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-:*:*:*:*:*:*", "matchCriteriaId": "1831D45A-EE6E-4220-8F8C-248B69520948", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:-:*:*:*:*:*:*", "matchCriteriaId": "028ABA8F-4E7B-4CD0-B6FC-3A0941E254BA", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", "matchCriteriaId": "504AA794-4421-422D-A1C7-BB5AE334FD55", "versionEndExcluding": "10.0.13", "versionStartIncluding": "10.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB FULLTEXT SEARCH DML." }, { "lang": "es", "value": "Vulnerabilidad sin especificar en Oracle MySQL Server 5.6.19 y anteriores permite a usuarios remotos autenticados afectar a la disponibilidad a trav\u00e9s de vectores relacionados con SERVER:INNODB FULLTEXT SEARCH DML." } ], "id": "CVE-2014-6564", "lastModified": "2024-11-21T02:14:39.837", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2014-10-15T22:55:08.627", "references": [ { "source": "secalert_us@oracle.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/70511" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/70511" } ], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2014-06-07 14:55
Modified
2025-02-07 14:57
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
linux | linux_kernel | * | |
linux | linux_kernel | * | |
linux | linux_kernel | * | |
linux | linux_kernel | * | |
linux | linux_kernel | * | |
redhat | enterprise_linux_server_aus | 6.2 | |
opensuse | opensuse | 11.4 | |
suse | linux_enterprise_desktop | 11 | |
suse | linux_enterprise_high_availability_extension | 11 | |
suse | linux_enterprise_real_time_extension | 11 | |
suse | linux_enterprise_server | 11 | |
suse | linux_enterprise_server | 11 | |
suse | linux_enterprise_server | 11 | |
suse | linux_enterprise_server | 11 | |
canonical | ubuntu_linux | 12.04 | |
canonical | ubuntu_linux | 14.04 | |
oracle | linux | 5 | |
oracle | linux | 6 |
{ "cisaActionDue": "2022-06-15", "cisaExploitAdd": "2022-05-25", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Linux Kernel Privilege Escalation Vulnerability", "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6C788C70-FEF6-43C2-BF1B-9F6BAC084B49", "versionEndExcluding": "3.2.60", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "AB7FAE85-A7F7-403F-B3F8-51D26A7AD5CF", "versionEndExcluding": "3.4.92", "versionStartIncluding": "3.3", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "2F7D3761-1031-4407-9D83-51387E0EFAE3", "versionEndExcluding": "3.10.42", "versionStartIncluding": "3.5", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "865055FF-2CF7-477F-A939-DE7EB4F0F88D", "versionEndExcluding": "3.12.22", "versionStartIncluding": "3.11", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "281F5CC1-AF2E-4076-A09D-3E808A9F6896", "versionEndExcluding": "3.14.6", "versionStartIncluding": "3.13", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "AD6D0378-F0F4-4AAA-80AF-8287C790EC96", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*", "matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*", "matchCriteriaId": "3ED68ADD-BBDA-4485-BC76-58F011D72311", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_high_availability_extension:11:sp3:*:*:*:*:*:*", "matchCriteriaId": "A3A907A3-2A3A-46D4-8D75-914649877B65", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp3:*:*:*:*:*:*", "matchCriteriaId": "3DB41B45-D94D-4A58-88B0-B3EC3EC350E2", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*", "matchCriteriaId": "F13F07CC-739B-465C-9184-0E9D708BD4C7", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*", "matchCriteriaId": "CB6476C7-03F2-4939-AB85-69AA524516D9", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*", "matchCriteriaId": "E534C201-BCC5-473C-AAA7-AAB97CEB5437", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*", "matchCriteriaId": "2470C6E8-2024-4CF5-9982-CFF50E88EAE9", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*", "matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:oracle:linux:5:-:*:*:*:*:*:*", "matchCriteriaId": "62A2AC02-A933-4E51-810E-5D040B476B7B", "vulnerable": true }, { "criteria": "cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*", "matchCriteriaId": "D7B037A8-72A6-4DFF-94B2-D688A5F6F876", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification." }, { "lang": "es", "value": "La funci\u00f3n futex_requeue en kernel/futex.c en el kernel de Linux hasta 3.14.5 no asegura que las llamadas tengan dos direcciones futex diferentes, lo que permite a usuarios locales ganar privilegios a trav\u00e9s de un comando FUTEX_REQUEUE manipulado que facilita la modificaci\u00f3n insegura del objeto o funci\u00f3n a la espera." } ], "id": "CVE-2014-3153", "lastModified": "2025-02-07T14:57:04.983", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] }, "published": "2014-06-07T14:55:27.240", "references": [ { "source": "chrome-cve-admin@google.com", "tags": [ "Broken Link" ], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e9c243a5a6de0be8e584c604d353412584b592f8" }, { "source": "chrome-cve-admin@google.com", "tags": [ "Third Party Advisory" ], "url": "http://linux.oracle.com/errata/ELSA-2014-0771.html" }, { "source": "chrome-cve-admin@google.com", "tags": [ "Third Party Advisory" ], "url": "http://linux.oracle.com/errata/ELSA-2014-3037.html" }, { "source": "chrome-cve-admin@google.com", "tags": [ "Third Party Advisory" ], "url": "http://linux.oracle.com/errata/ELSA-2014-3038.html" }, { "source": "chrome-cve-admin@google.com", "tags": [ "Third Party Advisory" ], "url": "http://linux.oracle.com/errata/ELSA-2014-3039.html" }, { "source": "chrome-cve-admin@google.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00014.html" }, { "source": "chrome-cve-admin@google.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00018.html" }, { "source": "chrome-cve-admin@google.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00025.html" }, { "source": "chrome-cve-admin@google.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00006.html" }, { "source": "chrome-cve-admin@google.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html" }, { "source": "chrome-cve-admin@google.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html" }, { "source": "chrome-cve-admin@google.com", "tags": [ "Mailing List" ], "url": "http://openwall.com/lists/oss-security/2014/06/05/24" }, { "source": "chrome-cve-admin@google.com", "tags": [ "Mailing List" ], "url": "http://openwall.com/lists/oss-security/2014/06/06/20" }, { "source": "chrome-cve-admin@google.com", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0800.html" }, { "source": "chrome-cve-admin@google.com", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/58500" }, { "source": "chrome-cve-admin@google.com", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/58990" }, { "source": "chrome-cve-admin@google.com", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/59029" }, { "source": "chrome-cve-admin@google.com", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/59092" }, { "source": "chrome-cve-admin@google.com", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/59153" }, { "source": "chrome-cve-admin@google.com", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/59262" }, { "source": "chrome-cve-admin@google.com", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/59309" }, { "source": "chrome-cve-admin@google.com", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/59386" }, { "source": "chrome-cve-admin@google.com", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/59599" }, { "source": "chrome-cve-admin@google.com", "tags": [ "Exploit" ], "url": "http://www.debian.org/security/2014/dsa-2949" }, { "source": "chrome-cve-admin@google.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.exploit-db.com/exploits/35370" }, { "source": "chrome-cve-admin@google.com", "tags": [ "Mailing List" ], "url": "http://www.openwall.com/lists/oss-security/2014/06/05/22" }, { "source": "chrome-cve-admin@google.com", "tags": [ "Mailing List" ], "url": "http://www.openwall.com/lists/oss-security/2021/02/01/4" }, { "source": "chrome-cve-admin@google.com", "tags": [ "Broken Link", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/67906" }, { "source": "chrome-cve-admin@google.com", "tags": [ "Broken Link", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1030451" }, { "source": "chrome-cve-admin@google.com", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2237-1" }, { "source": "chrome-cve-admin@google.com", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2240-1" }, { "source": "chrome-cve-admin@google.com", "tags": [ "Issue Tracking", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1103626" }, { "source": "chrome-cve-admin@google.com", "tags": [ "Exploit" ], "url": "https://elongl.github.io/exploitation/2021/01/08/cve-2014-3153.html" }, { "source": "chrome-cve-admin@google.com", "tags": [ "Mailing List", "Patch" ], "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=13fbca4c6ecd96ec1a1cfa2e4f2ce191fe928a5e" }, { "source": "chrome-cve-admin@google.com", "tags": [ "Mailing List", "Patch" ], "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54a217887a7b658e2650c3feff22756ab80c7339" }, { "source": "chrome-cve-admin@google.com", "tags": [ "Mailing List", "Patch" ], "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b3eaa9fc5cd0a4d74b18f6b8dc617aeaf1873270" }, { "source": "chrome-cve-admin@google.com", "tags": [ "Third Party Advisory" ], "url": "https://github.com/elongl/CVE-2014-3153" }, { "source": "chrome-cve-admin@google.com", "tags": [ "Patch" ], "url": "https://github.com/torvalds/linux/commit/e9c243a5a6de0be8e584c604d353412584b592f8" }, { "source": "chrome-cve-admin@google.com", "tags": [ "Mailing List" ], "url": "https://www.openwall.com/lists/oss-security/2021/02/01/4" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e9c243a5a6de0be8e584c604d353412584b592f8" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://linux.oracle.com/errata/ELSA-2014-0771.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://linux.oracle.com/errata/ELSA-2014-3037.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://linux.oracle.com/errata/ELSA-2014-3038.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://linux.oracle.com/errata/ELSA-2014-3039.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00014.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00018.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00025.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00006.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List" ], "url": "http://openwall.com/lists/oss-security/2014/06/05/24" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List" ], "url": "http://openwall.com/lists/oss-security/2014/06/06/20" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0800.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/58500" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/58990" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/59029" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/59092" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/59153" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/59262" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/59309" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/59386" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/59599" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.debian.org/security/2014/dsa-2949" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.exploit-db.com/exploits/35370" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List" ], "url": "http://www.openwall.com/lists/oss-security/2014/06/05/22" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List" ], "url": "http://www.openwall.com/lists/oss-security/2021/02/01/4" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/67906" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1030451" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2237-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2240-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1103626" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "https://elongl.github.io/exploitation/2021/01/08/cve-2014-3153.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch" ], "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=13fbca4c6ecd96ec1a1cfa2e4f2ce191fe928a5e" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch" ], "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54a217887a7b658e2650c3feff22756ab80c7339" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch" ], "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b3eaa9fc5cd0a4d74b18f6b8dc617aeaf1873270" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://github.com/elongl/CVE-2014-3153" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "https://github.com/torvalds/linux/commit/e9c243a5a6de0be8e584c604d353412584b592f8" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List" ], "url": "https://www.openwall.com/lists/oss-security/2021/02/01/4" } ], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Analyzed", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2012-07-03 16:40
Modified
2024-11-21 01:31
Severity ?
Summary
The Linux kernel before 3.2.2 does not properly restrict SG_IO ioctl calls, which allows local users to bypass intended restrictions on disk read and write operations by sending a SCSI command to (1) a partition block device or (2) an LVM volume.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:*:*:*:*", "matchCriteriaId": "A53FF936-C785-4CEF-BAD0-3C3EB90EE466", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E239663C-BBE3-4762-9FEB-9034F1666235", "versionEndIncluding": "3.2.1", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "D30AEC07-3CBD-4F4F-9646-BEAA1D98750B", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "C2AA8E68-691B-499C-AEDD-3C0BFFE70044", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "9440475B-5960-4066-A204-F30AAFC87846", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "53BCFBFB-6AF0-4525-8623-7633CC5E17DB", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc5:*:*:*:*:*:*", "matchCriteriaId": "6ED4E86A-74F0-436A-BEB4-3F4EE93A5421", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc6:*:*:*:*:*:*", "matchCriteriaId": "BF0365B0-8E16-4F30-BD92-5DD538CC8135", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc7:*:*:*:*:*:*", "matchCriteriaId": "079505E8-2942-4C33-93D1-35ADA4C39E72", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "38989541-2360-4E0A-AE5A-3D6144AA6114", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "4E51646B-7A0E-40F3-B8C9-239C1DA81DD1", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "42A8A507-F8E2-491C-A144-B2448A1DB26E", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "901FC6F3-2C2A-4112-AE27-AB102BBE8DEE", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "203AD334-DB9F-41B0-A4D1-A6C158EF8C40", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "B3611753-E440-410F-8250-600C996A4B8E", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "9739BB47-EEAF-42F1-A557-2AE2EA9526A3", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "5A95E3BB-0AFC-4C2E-B9BE-C975E902A266", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "482A6C9A-9B8E-4D1C-917A-F16370745E7C", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "C6D87357-63E0-41D0-9F02-1BCBF9A77E63", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.11:*:*:*:*:*:*:*", "matchCriteriaId": "3765A2D6-2D78-4FB1-989E-D5106BFA3F5E", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.12:*:*:*:*:*:*:*", "matchCriteriaId": "F54257DB-7023-43C4-AC4D-9590B815CD92", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.13:*:*:*:*:*:*:*", "matchCriteriaId": "61FF5FCD-A4A1-4803-AC53-320A4C838AF6", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.14:*:*:*:*:*:*:*", "matchCriteriaId": "9F096553-064F-46A2-877B-F32F163A0F49", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.15:*:*:*:*:*:*:*", "matchCriteriaId": "C0D762D1-E3AD-40EA-8D39-83EEB51B5E85", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.16:*:*:*:*:*:*:*", "matchCriteriaId": "A6187D19-7148-4B87-AD7E-244FF9EE0FA6", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.17:*:*:*:*:*:*:*", "matchCriteriaId": "99AC64C2-E391-485C-9CD7-BA09C8FA5E63", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.18:*:*:*:*:*:*:*", "matchCriteriaId": "8CDA5E95-7805-441B-BEF7-4448EA45E964", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.19:*:*:*:*:*:*:*", "matchCriteriaId": "51561053-6C28-4F38-BC9B-3F7A7508EB72", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.20:*:*:*:*:*:*:*", "matchCriteriaId": "118F4A5B-C498-4FC3-BE28-50D18EBE4F22", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.21:*:*:*:*:*:*:*", "matchCriteriaId": "BD38EBE6-FE1A-4B55-9FB5-07952253B7A5", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.22:*:*:*:*:*:*:*", "matchCriteriaId": "3A491E47-82AD-4055-9444-2EC0D6715326", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.23:*:*:*:*:*:*:*", "matchCriteriaId": "13C5FD16-23B6-467F-9438-5B554922F974", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.24:*:*:*:*:*:*:*", "matchCriteriaId": "9C67235F-5B51-4BF7-89EC-4810F720246F", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.25:*:*:*:*:*:*:*", "matchCriteriaId": "08405DEF-05F4-45F0-AC95-DBF914A36D93", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.26:*:*:*:*:*:*:*", "matchCriteriaId": "1A7B9C4B-4A41-4175-9F07-191C1EE98C1F", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.27:*:*:*:*:*:*:*", "matchCriteriaId": "B306E0A8-4D4A-4895-8128-A500D30A7E0C", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.28:*:*:*:*:*:*:*", "matchCriteriaId": "295C839A-F34E-4853-A926-55EABC639412", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.29:*:*:*:*:*:*:*", "matchCriteriaId": "2AFD5F49-7EF9-4CFE-95BD-8FD19B500B0A", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.30:*:*:*:*:*:*:*", "matchCriteriaId": "00B3DDDD-B2F6-4753-BA38-65A24017857D", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.31:*:*:*:*:*:*:*", "matchCriteriaId": "33FCD39E-F4BF-432D-9CF9-F195CF5844F3", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.32:*:*:*:*:*:*:*", "matchCriteriaId": "C7308690-CB0D-4758-B80F-D2ADCD2A9D66", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.33:*:*:*:*:*:*:*", "matchCriteriaId": "313A470B-8A2B-478A-82B5-B27D2718331C", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.34:*:*:*:*:*:*:*", "matchCriteriaId": "83FF021E-07E3-41CC-AAE8-D99D7FF24B9D", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "3DFFE5A6-6A67-4992-84A3-C0F05FACDEAD", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:3.1:rc1:*:*:*:*:*:*", "matchCriteriaId": "13BBD2A3-AE10-48B9-8776-4FB1CAC37D44", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:3.1:rc2:*:*:*:*:*:*", "matchCriteriaId": "B25680CC-8918-4F27-8D7E-A6579215450B", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:3.1:rc3:*:*:*:*:*:*", "matchCriteriaId": "92C48B4C-410C-4BA8-A28A-B2E928320FCC", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:3.1:rc4:*:*:*:*:*:*", "matchCriteriaId": "CB447523-855B-461E-8197-95169BE86EB0", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:3.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "B155BBDF-6DF6-4FF5-9C41-D8A5266DCC67", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:3.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "28476DEC-9630-4B40-9D4D-9BC151DC4CA4", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:3.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "5646880A-2355-4BDD-89E7-825863A0311F", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:3.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "7FF99148-267A-46F8-9927-A9082269BAF6", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:3.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "A783C083-5D9C-48F9-B5A6-A97A9604FB19", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:3.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "2B817A24-03AC-46CD-BEFA-505457FD2A5D", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:3.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "51CF1BCE-090E-4B70-BA16-ACB74411293B", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:3.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "187AAD67-10D7-4B57-B4C6-00443E246AF3", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:3.1.9:*:*:*:*:*:*:*", "matchCriteriaId": "F341CE88-C5BC-4CDD-9CB5-B6BAD7152E63", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:3.1.10:*:*:*:*:*:*:*", "matchCriteriaId": "37ACE2A6-C229-4236-8E9F-235F008F3AA0", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:3.2:*:*:*:*:*:*:*", "matchCriteriaId": "D3220B70-917F-4F9F-8A3B-2BF581281E8D", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Linux kernel before 3.2.2 does not properly restrict SG_IO ioctl calls, which allows local users to bypass intended restrictions on disk read and write operations by sending a SCSI command to (1) a partition block device or (2) an LVM volume." }, { "lang": "es", "value": "El kernel de Linux anterior a v3.2.2 no restringe adecuadamente llamadas SG_IO ioctl, permitiendo a usuarios locales eludir restricciones de lectura y escritura en disco mediante el env\u00edo de un comando SCSI a (1) un dispositivo de bloques de particiones o (2) un volumen LVM." } ], "id": "CVE-2011-4127", "lastModified": "2024-11-21T01:31:53.993", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2012-07-03T16:40:31.350", "references": [ { "source": "secalert@redhat.com", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=0bfc96cb77224736dfa35c3c555d37b3646ef35e" }, { "source": "secalert@redhat.com", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ec8013beddd717d1740cfefb1a9b900deef85462" }, { "source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00021.html" }, { "source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/48898" }, { "source": "secalert@redhat.com", "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.2" }, { "source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2011/12/22/5" }, { "source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=752375" }, { "source": "secalert@redhat.com", "tags": [ "Exploit", "Patch" ], "url": "https://github.com/torvalds/linux/commit/0bfc96cb77224736dfa35c3c555d37b3646ef35e" }, { "source": "secalert@redhat.com", "tags": [ "Exploit", "Patch" ], "url": "https://github.com/torvalds/linux/commit/ec8013beddd717d1740cfefb1a9b900deef85462" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=0bfc96cb77224736dfa35c3c555d37b3646ef35e" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ec8013beddd717d1740cfefb1a9b900deef85462" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00021.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/48898" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2011/12/22/5" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=752375" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Patch" ], "url": "https://github.com/torvalds/linux/commit/0bfc96cb77224736dfa35c3c555d37b3646ef35e" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Patch" ], "url": "https://github.com/torvalds/linux/commit/ec8013beddd717d1740cfefb1a9b900deef85462" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-264" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2023-02-15 10:15
Modified
2024-11-21 07:28
Severity ?
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
A Cleartext Storage of Sensitive Information vulnerability in suppportutils of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 15 SP3 allows attackers that get access to the support logs to gain knowledge of the stored credentials This issue affects: SUSE Linux Enterprise Server 12 supportutils version 3.0.10-95.51.1CWE-312: Cleartext Storage of Sensitive Information and prior versions. SUSE Linux Enterprise Server 15 supportutils version 3.1.21-150000.5.44.1 and prior versions. SUSE Linux Enterprise Server 15 SP3 supportutils version 3.1.21-150300.7.35.15.1 and prior versions.
References
▼ | URL | Tags | |
---|---|---|---|
meissner@suse.de | https://bugzilla.suse.com/show_bug.cgi?id=1207598 | Exploit, Issue Tracking | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.suse.com/show_bug.cgi?id=1207598 | Exploit, Issue Tracking |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
opensuse | supportutils | * | |
suse | linux_enterprise_server | 12 | |
opensuse | supportutils | * | |
suse | linux_enterprise_server | 15 | |
opensuse | supportutils | * | |
suse | linux_enterprise_server | 15 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:opensuse:supportutils:*:*:*:*:*:*:*:*", "matchCriteriaId": "8CA61E84-D366-4E82-A0F2-B26445610EB6", "versionEndIncluding": "3.0.10-95.51.1", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*", "matchCriteriaId": "15FC9014-BD85-4382-9D04-C0703E901D7A", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:opensuse:supportutils:*:*:*:*:*:*:*:*", "matchCriteriaId": "3CA4BD70-03B8-4CBD-8532-C75BC77F3722", "versionEndIncluding": "3.1.21-150000.5.44.1", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:15:-:*:*:*:*:*:*", "matchCriteriaId": "0BB4DDAB-D900-4EC0-99E8-1D6AB48F6D20", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:opensuse:supportutils:*:*:*:*:*:*:*:*", "matchCriteriaId": "02F152EA-2162-4750-9A40-01BAD9FAF936", "versionEndIncluding": "3.1.21-150300.7.35.15.1", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:15:sp3:*:*:*:*:*:*", "matchCriteriaId": "6C2EACE6-C127-4B13-8002-8EEBEE8D549B", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A Cleartext Storage of Sensitive Information vulnerability in suppportutils of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 15 SP3 allows attackers that get access to the support logs to gain knowledge of the stored credentials This issue affects: SUSE Linux Enterprise Server 12 supportutils version 3.0.10-95.51.1CWE-312: Cleartext Storage of Sensitive Information and prior versions. SUSE Linux Enterprise Server 15 supportutils version 3.1.21-150000.5.44.1 and prior versions. SUSE Linux Enterprise Server 15 SP3 supportutils version 3.1.21-150300.7.35.15.1 and prior versions." }, { "lang": "es", "value": "Una vulnerabilidad de almacenamiento de texto plano de informaci\u00f3n confidencial en las utilidades de soporte de SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 15 SP3 permite a los atacantes que obtienen acceso a los registros de soporte obtener conocimiento de las credenciales almacenadas. Este problema afecta a: SUSE Linux Enterprise Server 12 supportutils versi\u00f3n 3.0.10-95.51.1CWE-312: almacenamiento de texto plano de informaci\u00f3n confidencial y versiones anteriores. SUSE Linux Enterprise Server 15 supportutils versi\u00f3n 3.1.21-150000.5.44.1 y versiones anteriores. SUSE Linux Enterprise Server 15 SP3 supportutils versi\u00f3n 3.1.21-150300.7.35.15.1 y versiones anteriores." } ], "id": "CVE-2022-45154", "lastModified": "2024-11-21T07:28:51.833", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 2.5, "source": "meissner@suse.de", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-02-15T10:15:17.377", "references": [ { "source": "meissner@suse.de", "tags": [ "Exploit", "Issue Tracking" ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1207598" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Issue Tracking" ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1207598" } ], "sourceIdentifier": "meissner@suse.de", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-312" } ], "source": "meissner@suse.de", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2013-01-13 20:55
Modified
2024-11-21 01:48
Severity ?
Summary
Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging improper interaction between plugin objects and SVG elements.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
mozilla | firefox | * | |
mozilla | firefox | * | |
mozilla | firefox | * | |
mozilla | seamonkey | * | |
mozilla | thunderbird | * | |
mozilla | thunderbird_esr | * | |
mozilla | thunderbird_esr | * | |
opensuse | opensuse | 11.4 | |
opensuse | opensuse | 12.1 | |
opensuse | opensuse | 12.2 | |
suse | linux_enterprise_desktop | 10 | |
suse | linux_enterprise_desktop | 11 | |
suse | linux_enterprise_server | 10 | |
suse | linux_enterprise_server | 11 | |
suse | linux_enterprise_server | 11 | |
suse | linux_enterprise_software_development_kit | 10 | |
suse | linux_enterprise_software_development_kit | 11 | |
redhat | enterprise_linux_desktop | 5.0 | |
redhat | enterprise_linux_desktop | 6.0 | |
redhat | enterprise_linux_eus | 5.9 | |
redhat | enterprise_linux_eus | 6.3 | |
redhat | enterprise_linux_server | 5.0 | |
redhat | enterprise_linux_server | 6.0 | |
redhat | enterprise_linux_server_aus | 5.9 | |
redhat | enterprise_linux_workstation | 5.0 | |
redhat | enterprise_linux_workstation | 6.0 | |
canonical | ubuntu_linux | 10.04 | |
canonical | ubuntu_linux | 11.10 | |
canonical | ubuntu_linux | 12.04 | |
canonical | ubuntu_linux | 12.10 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "B79F0682-C77C-4B65-B267-C370CFC70295", "versionEndExcluding": "18.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "BC13B81F-BA13-445C-9352-52C07DE5722C", "versionEndExcluding": "10.0.12", "versionStartIncluding": "10.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "DBE1BFA6-20EE-44C2-8D48-17CAF2EE2D30", "versionEndExcluding": "17.0.2", "versionStartIncluding": "17.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*", "matchCriteriaId": "1BA9E754-FE4D-4123-9FA8-E2AD38CC7320", "versionEndExcluding": "2.15", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "EAC3A76A-FEC9-461E-BA82-1D62DEB45B34", "versionEndExcluding": "17.0.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*", "matchCriteriaId": "D45B1950-19B6-4C22-8828-6C203FA4804C", "versionEndExcluding": "10.0.12", "versionStartIncluding": "10.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*", "matchCriteriaId": "DCE07E1B-A9A5-44BC-98BB-A76B5F2EB133", "versionEndExcluding": "17.0.2", "versionStartIncluding": "17.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*", "matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*", "matchCriteriaId": "EBB2C482-D2A4-48B3-ACE7-E1DFDCC409B5", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*", "matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:*:*:*:*", "matchCriteriaId": "F0545634-EC4A-48E8-AB3D-49802FB11758", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*", "matchCriteriaId": "00720D8C-3FF3-4B1C-B74B-91F01A544399", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:*:*:*:*", "matchCriteriaId": "A53FF936-C785-4CEF-BAD0-3C3EB90EE466", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*", "matchCriteriaId": "88D6E858-FD8F-4C55-B7D5-CEEDA2BBA898", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*", "matchCriteriaId": "DB4D6749-81A1-41D7-BF4F-1C45A7F49A22", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4:*:*:*:*:*:*", "matchCriteriaId": "436EF2ED-FDBB-4B64-8EC4-33C3E4253F06", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2:*:*:*:*:*:*", "matchCriteriaId": "5AA37837-3083-4DC7-94F4-54FD5D7CB53C", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:5.9:*:*:*:*:*:*:*", "matchCriteriaId": "6252E88C-27FF-420D-A64A-C34124CF7E6A", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:6.3:*:*:*:*:*:*:*", "matchCriteriaId": "8382A145-CDD9-437E-9DE7-A349956778B3", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9:*:*:*:*:*:*:*", "matchCriteriaId": "92C9F1C4-55B0-426D-BB5E-01372C23AF97", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*", "matchCriteriaId": "01EDA41C-6B2E-49AF-B503-EB3882265C11", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*", "matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging improper interaction between plugin objects and SVG elements." }, { "lang": "es", "value": "Mozilla Firefox anterior a v18.0, Firefox ESR v10.x anterior a v10.0.12 y v17.x anterior a v17.0.2, Thunderbird anterior a v17.0.2, Thunderbird ESR v10.x anterior a v10.0.12 y 17.x anterior a v17.0.2, y SeaMonkey anterior a v2.15 permite a atacantes remotos ejecutar c\u00f3digo JavaScript de su elecci\u00f3n con privilegios chrome utilizando una interacci\u00f3n inapropiada entre los objetos de plugin y elementos SVG." } ], "id": "CVE-2013-0758", "lastModified": "2024-11-21T01:48:08.860", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2013-01-13T20:55:02.040", "references": [ { "source": "security@mozilla.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html" }, { "source": "security@mozilla.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html" }, { "source": "security@mozilla.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html" }, { "source": "security@mozilla.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html" }, { "source": "security@mozilla.org", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0144.html" }, { "source": "security@mozilla.org", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0145.html" }, { "source": "security@mozilla.org", "tags": [ "Vendor Advisory" ], "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-15.html" }, { "source": "security@mozilla.org", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-1681-1" }, { "source": "security@mozilla.org", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-1681-2" }, { "source": "security@mozilla.org", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-1681-4" }, { "source": "security@mozilla.org", "tags": [ "Issue Tracking", "Vendor Advisory" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=813906" }, { "source": "security@mozilla.org", "tags": [ "Third Party Advisory" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17087" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0144.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0145.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-15.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-1681-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-1681-2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-1681-4" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Vendor Advisory" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=813906" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17087" } ], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-94" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2013-12-11 15:55
Modified
2024-11-21 01:57
Severity ?
Summary
Multiple integer overflows in the binary-search implementation in SpiderMonkey in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 might allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JavaScript code.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
opensuse | opensuse | 12.2 | |
opensuse | opensuse | 13.1 | |
suse | linux_enterprise_desktop | 11 | |
suse | linux_enterprise_server | 11 | |
suse | linux_enterprise_server | 11 | |
suse | linux_enterprise_software_development_kit | 11 | |
mozilla | firefox | * | |
mozilla | seamonkey | * | |
canonical | ubuntu_linux | 12.04 | |
canonical | ubuntu_linux | 12.10 | |
canonical | ubuntu_linux | 13.04 | |
canonical | ubuntu_linux | 13.10 | |
fedoraproject | fedora | 19 | |
fedoraproject | fedora | 20 | |
oracle | solaris | 11.3 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*", "matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*", "matchCriteriaId": "3ED68ADD-BBDA-4485-BC76-58F011D72311", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*", "matchCriteriaId": "E534C201-BCC5-473C-AAA7-AAB97CEB5437", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*", "matchCriteriaId": "2470C6E8-2024-4CF5-9982-CFF50E88EAE9", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*", "matchCriteriaId": "2F7F8866-DEAD-44D1-AB10-21EE611AA026", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "50A3A702-C2B1-4311-9EBC-D62079E3DCD5", "versionEndExcluding": "26.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*", "matchCriteriaId": "D337932C-EF9D-4511-87DB-54262C6635D9", "versionEndExcluding": "2.23", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*", "matchCriteriaId": "EFAA48D9-BEB4-4E49-AD50-325C262D46D9", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*", "matchCriteriaId": "7F61F047-129C-41A6-8A27-FFCBB8563E91", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*", "matchCriteriaId": "5991814D-CA77-4C25-90D2-DB542B17E0AD", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", "matchCriteriaId": "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Multiple integer overflows in the binary-search implementation in SpiderMonkey in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 might allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JavaScript code." }, { "lang": "es", "value": "M\u00faltiples desbordamientos de enteros en la implementaci\u00f3n binary-search de SpiderMonkey de Mozilla Firefox anterior a la versi\u00f3n 26.0 y SeaMonkey anterior a 2.23 podr\u00eda permite a atacantes remotos provocar una denegaci\u00f3n de servicio (acceso a array fuera de l\u00edmites) o posiblemente tener otro impacto no especificado a trav\u00e9s de c\u00f3digo JavaScript." } ], "id": "CVE-2013-5619", "lastModified": "2024-11-21T01:57:50.520", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2013-12-11T15:55:13.073", "references": [ { "source": "security@mozilla.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html" }, { "source": "security@mozilla.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html" }, { "source": "security@mozilla.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00010.html" }, { "source": "security@mozilla.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.html" }, { "source": "security@mozilla.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00086.html" }, { "source": "security@mozilla.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00087.html" }, { "source": "security@mozilla.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00002.html" }, { "source": "security@mozilla.org", "tags": [ "Vendor Advisory" ], "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-110.html" }, { "source": "security@mozilla.org", "tags": [ "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "source": "security@mozilla.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1029470" }, { "source": "security@mozilla.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1029476" }, { "source": "security@mozilla.org", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2052-1" }, { "source": "security@mozilla.org", "tags": [ "Issue Tracking", "Vendor Advisory" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=917841" }, { "source": "security@mozilla.org", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201504-01" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00010.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00086.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00087.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00002.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-110.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1029470" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1029476" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2052-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Vendor Advisory" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=917841" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201504-01" } ], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-190" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2012-11-21 12:55
Modified
2024-11-21 01:42
Severity ?
Summary
Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 do not prevent use of a "top" frame name-attribute value to access the location property, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a binary plugin.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
mozilla | firefox | * | |
mozilla | firefox | * | |
mozilla | seamonkey | * | |
mozilla | thunderbird | * | |
mozilla | thunderbird_esr | * | |
opensuse | opensuse | 11.4 | |
opensuse | opensuse | 12.1 | |
opensuse | opensuse | 12.2 | |
suse | linux_enterprise_desktop | 10 | |
suse | linux_enterprise_desktop | 11 | |
suse | linux_enterprise_server | 10 | |
suse | linux_enterprise_server | 11 | |
suse | linux_enterprise_server | 11 | |
suse | linux_enterprise_software_development_kit | 10 | |
suse | linux_enterprise_software_development_kit | 11 | |
redhat | enterprise_linux_desktop | 5.0 | |
redhat | enterprise_linux_desktop | 6.0 | |
redhat | enterprise_linux_eus | 6.3 | |
redhat | enterprise_linux_server | 5.0 | |
redhat | enterprise_linux_server | 6.0 | |
redhat | enterprise_linux_workstation | 5.0 | |
redhat | enterprise_linux_workstation | 6.0 | |
canonical | ubuntu_linux | 10.04 | |
canonical | ubuntu_linux | 11.10 | |
canonical | ubuntu_linux | 12.04 | |
canonical | ubuntu_linux | 12.10 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "23C27B04-A1E0-4930-AF63-E2B1E57F75BE", "versionEndExcluding": "17.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "46BBBC83-F777-4899-9F6A-094CDD9CFF0F", "versionEndExcluding": "10.0.11", "versionStartIncluding": "10.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*", "matchCriteriaId": "D9DEF1D7-9412-4632-A689-AFD71FEFACC0", "versionEndExcluding": "2.14", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "61E5E742-2A0F-4483-A784-EACBEE1DF267", "versionEndExcluding": "17.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*", "matchCriteriaId": "828E00D1-8F2A-43AF-93DB-B1985CE68A8A", "versionEndExcluding": "10.0.11", "versionStartIncluding": "10.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*", "matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*", "matchCriteriaId": "EBB2C482-D2A4-48B3-ACE7-E1DFDCC409B5", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*", "matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:*:*:*:*", "matchCriteriaId": "F0545634-EC4A-48E8-AB3D-49802FB11758", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*", "matchCriteriaId": "00720D8C-3FF3-4B1C-B74B-91F01A544399", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:*:*:*:*", "matchCriteriaId": "A53FF936-C785-4CEF-BAD0-3C3EB90EE466", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:*:*:*", "matchCriteriaId": "F084E6C1-8DB0-4D1F-B8EB-5D2CD9AD6E87", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*", "matchCriteriaId": "DB4D6749-81A1-41D7-BF4F-1C45A7F49A22", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4:*:*:*:*:*:*", "matchCriteriaId": "436EF2ED-FDBB-4B64-8EC4-33C3E4253F06", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2:*:*:*:*:*:*", "matchCriteriaId": "5AA37837-3083-4DC7-94F4-54FD5D7CB53C", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:6.3:*:*:*:*:*:*:*", "matchCriteriaId": "8382A145-CDD9-437E-9DE7-A349956778B3", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*", "matchCriteriaId": "01EDA41C-6B2E-49AF-B503-EB3882265C11", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*", "matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 do not prevent use of a \"top\" frame name-attribute value to access the location property, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a binary plugin." }, { "lang": "es", "value": "Mozilla Firefox anterior a v17.0, Firefox ESR v10.x anterior a v10.0.11, Thunderbird anterior a v17.0, Thunderbird ESR v10.x anterior a v10.0.11, y SeaMonkey anterior a v2.14 no previene el uso del valor del nombre de atributo de marco \"top\" para acceder a la localizaci\u00f3n correctamente, lo que hace mas f\u00e1cil para atacantes remotos llevar a cabo ataques XSS mediante vectores que comprenden un plugin binario." } ], "id": "CVE-2012-4209", "lastModified": "2024-11-21T01:42:25.567", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2012-11-21T12:55:02.180", "references": [ { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1482.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1483.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/51359" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/51360" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/51369" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/51370" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/51381" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/51434" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/51439" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/51440" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:173" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-103.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/56629" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-1636-1" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-1638-1" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-1638-2" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-1638-3" }, { "source": "cve@mitre.org", "tags": [ "Issue Tracking", "Patch", "Vendor Advisory" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=792405" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80181" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16880" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1482.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1483.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/51359" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/51360" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/51369" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/51370" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/51381" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/51434" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/51439" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/51440" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:173" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-103.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/56629" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-1636-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-1638-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-1638-2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-1638-3" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Patch", "Vendor Advisory" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=792405" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80181" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16880" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-79" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2010-11-30 22:14
Modified
2024-11-21 01:20
Severity ?
Summary
The snd_hdspm_hwdep_ioctl function in sound/pci/rme9652/hdspm.c in the Linux kernel before 2.6.36-rc6 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via an SNDRV_HDSPM_IOCTL_GET_CONFIG_INFO ioctl call.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
linux | linux_kernel | * | |
linux | linux_kernel | 2.6.36 | |
linux | linux_kernel | 2.6.36 | |
linux | linux_kernel | 2.6.36 | |
linux | linux_kernel | 2.6.36 | |
linux | linux_kernel | 2.6.36 | |
linux | linux_kernel | 2.6.36 | |
opensuse | opensuse | 11.2 | |
opensuse | opensuse | 11.3 | |
suse | linux_enterprise_desktop | 10 | |
suse | linux_enterprise_real_time_extension | 11 | |
suse | linux_enterprise_server | 9 | |
suse | linux_enterprise_server | 10 | |
suse | linux_enterprise_software_development_kit | 10 | |
debian | debian_linux | 5.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C8DCE5E2-B055-4F05-8F0F-F19D1B7BA8D7", "versionEndExcluding": "2.6.36", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.36:-:*:*:*:*:*:*", "matchCriteriaId": "D4407EF9-4ECF-408F-9ECB-0705E3FB65D5", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.36:rc1:*:*:*:*:*:*", "matchCriteriaId": "DBE26099-6D2C-4FAF-B15C-CBF985D59171", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.36:rc2:*:*:*:*:*:*", "matchCriteriaId": "F2C193FF-3723-4BE9-8787-DED7D455FA8F", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.36:rc3:*:*:*:*:*:*", "matchCriteriaId": "F874FE6A-968D-47E1-900A-E154E41EDAF8", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.36:rc4:*:*:*:*:*:*", "matchCriteriaId": "14B7B8AE-CE83-4F0E-9138-6F165D97C19F", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.36:rc5:*:*:*:*:*:*", "matchCriteriaId": "B434ACFB-2B01-491A-B2E5-40FA0E11B3B1", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*", "matchCriteriaId": "A01C8B7E-EB19-40EA-B1D2-9AE5EA536C95", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*", "matchCriteriaId": "5646FDE9-CF21-46A9-B89D-F5BBDB4249AF", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp3:*:*:*:*:*:*", "matchCriteriaId": "1E496249-23A8-42FC-A109-634A54B5600F", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp1:*:*:*:*:*:*", "matchCriteriaId": "640FB29C-1A84-41E1-86DE-B542EA0EF153", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*", "matchCriteriaId": "4CD2D897-E321-4CED-92E0-11A98B52053C", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:*:*:*:*", "matchCriteriaId": "25CBACD3-AFB7-410D-927F-0C1FF477D396", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp3:*:*:*:*:*:*", "matchCriteriaId": "3DB8A616-865B-4E70-BA2E-BE5F0BA7A351", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The snd_hdspm_hwdep_ioctl function in sound/pci/rme9652/hdspm.c in the Linux kernel before 2.6.36-rc6 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via an SNDRV_HDSPM_IOCTL_GET_CONFIG_INFO ioctl call." }, { "lang": "es", "value": "La funci\u00f3n snd_hdspm_hwdep_ioctl en sound/pci/rme9652/hdspm.c en el kernel de Linux anterior a v2.6.36-rc6 no inicializa una determinada estructura, lo que permite a usuarios locales obtener informaci\u00f3n sensible de la pila de la memoria del kernel a trav\u00e9s de una llamada ioctl SNDRV_HDSPM_IOCTL_GET_CONFIG_INFO.\r\n" } ], "id": "CVE-2010-4081", "lastModified": "2024-11-21T01:20:12.093", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 1.9, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 3.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2010-11-30T22:14:00.630", "references": [ { "source": "cve@mitre.org", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e68d3b316ab7b02a074edc4f770e6a746390cb7d" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "http://lkml.org/lkml/2010/9/25/41" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/42778" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/42801" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/42884" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/42890" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/43291" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/46397" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2010/dsa-2126" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.36/ChangeLog-2.6.36-rc6" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2010/09/25/2" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2010/10/06/6" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2010/10/07/1" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2010/10/25/3" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2011-0007.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2011-0017.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/45063" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.vupen.com/english/advisories/2011/0012" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.vupen.com/english/advisories/2011/0298" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.vupen.com/english/advisories/2011/0375" }, { "source": "cve@mitre.org", "tags": [ "Issue Tracking", "Patch", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=648670" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e68d3b316ab7b02a074edc4f770e6a746390cb7d" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "http://lkml.org/lkml/2010/9/25/41" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/42778" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/42801" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/42884" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/42890" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/43291" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/46397" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2010/dsa-2126" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.36/ChangeLog-2.6.36-rc6" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2010/09/25/2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2010/10/06/6" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2010/10/07/1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2010/10/25/3" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2011-0007.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2011-0017.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/45063" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.vupen.com/english/advisories/2011/0012" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.vupen.com/english/advisories/2011/0298" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.vupen.com/english/advisories/2011/0375" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Patch", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=648670" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-909" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2011-11-04 21:55
Modified
2024-11-21 01:29
Severity ?
Summary
Directory traversal vulnerability in pure-FTPd 1.0.22 and possibly other versions, when running on SUSE Linux Enterprise Server and possibly other operating systems, when the Netware OES remote server feature is enabled, allows local users to overwrite arbitrary files via unknown vectors.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:*:*:*:*:*:*:*:*", "matchCriteriaId": "D5EC9019-1B5F-433E-8BD4-E9AAAAB902A0", "versionEndIncluding": "1.0.22", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.90:*:*:*:*:*:*:*", "matchCriteriaId": "1BAA8918-A2CB-47A3-BEA5-012202416E2D", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.91:*:*:*:*:*:*:*", "matchCriteriaId": "E7AC08B4-58AC-415A-9B66-40A1E3CCD0F8", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.92:*:*:*:*:*:*:*", "matchCriteriaId": "109D76F0-FB16-4DB5-8CD9-5FC4B7A888F8", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.93:*:*:*:*:*:*:*", "matchCriteriaId": "D21A2797-A1E1-41D1-A4F9-88A6BDB39386", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.94:*:*:*:*:*:*:*", "matchCriteriaId": "A6F60D6F-5EED-4F98-B837-8DA704AE655E", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.95:*:*:*:*:*:*:*", "matchCriteriaId": "B6FB0AE1-D1C1-49BA-92EB-22610F805C24", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.95:pre1:*:*:*:*:*:*", "matchCriteriaId": "BD46FE70-94F7-49A8-8C89-7D49D660A3B0", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.95:pre2:*:*:*:*:*:*", "matchCriteriaId": "63769E2B-D1EA-4A63-87C9-74791641C2A8", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.95:pre3:*:*:*:*:*:*", "matchCriteriaId": "C656D161-2438-4ACA-AB14-2A9D86509870", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.95:pre4:*:*:*:*:*:*", "matchCriteriaId": "05B9AB24-3961-4BEF-A60E-99FE716DF9A2", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.95.1:*:*:*:*:*:*:*", "matchCriteriaId": "75803E7D-E4C4-429A-831D-E9BD35D3822F", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.95.2:*:*:*:*:*:*:*", "matchCriteriaId": "0AF6AB58-64E1-4B6E-BE3A-F1EF3A4D6D25", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.96:*:*:*:*:*:*:*", "matchCriteriaId": "AEE4E7D4-64C3-401D-88BD-25480BB0353E", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.96:pre1:*:*:*:*:*:*", "matchCriteriaId": "68510DBF-72AE-468B-8105-69B6A57A04F7", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.96.1:*:*:*:*:*:*:*", "matchCriteriaId": "0DE75C61-AEB4-49FF-92F0-59BE2DC235A3", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97:pre1:*:*:*:*:*:*", "matchCriteriaId": "55A5149F-EFD9-47A6-9E0A-5CC527F692C8", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97:pre2:*:*:*:*:*:*", "matchCriteriaId": "1457138A-4081-455B-B5BA-28D7CC14EC6F", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97:pre3:*:*:*:*:*:*", "matchCriteriaId": "840635FC-4FDB-4198-A79B-792B643A9388", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97:pre4:*:*:*:*:*:*", "matchCriteriaId": "82E5881B-7BCE-47A9-883E-0F5B9D223F81", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97:pre5:*:*:*:*:*:*", "matchCriteriaId": "ED101A1B-A785-4F81-9C94-DB4F12BAA088", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97-final:*:*:*:*:*:*:*", "matchCriteriaId": "1664490B-CA34-44A3-8EEC-71A07799E870", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.1:*:*:*:*:*:*:*", "matchCriteriaId": "C151E6E5-AC14-4C12-B1E4-4FDED6F5CF33", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.2:*:*:*:*:*:*:*", "matchCriteriaId": "FC7E10AE-9B98-4801-91CD-F6EEC75B9C0D", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.3:*:*:*:*:*:*:*", "matchCriteriaId": "BFF21C85-76FC-463C-8661-60BE2D3CAC10", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.4:*:*:*:*:*:*:*", "matchCriteriaId": "21110017-470F-4C38-B09F-8DF94E48EFE3", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.5:*:*:*:*:*:*:*", "matchCriteriaId": "2BA24CD0-22DA-4689-981D-88FAA7FCC1C8", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.6:*:*:*:*:*:*:*", "matchCriteriaId": "1931478E-A672-4CF6-9BDC-B3C73B7DA5A4", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.7:*:*:*:*:*:*:*", "matchCriteriaId": "71C4863E-76DA-4E38-B2C7-B30037633030", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.7:pre1:*:*:*:*:*:*", "matchCriteriaId": "1E60DE27-EE96-44D1-9469-ACB4EB03CCBA", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.7:pre2:*:*:*:*:*:*", "matchCriteriaId": "2059AE45-9F9C-4D26-B53A-E61576EBF163", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.7:pre3:*:*:*:*:*:*", "matchCriteriaId": "7BD78C76-3679-47DD-B9A9-CDA0B34EEDEC", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98:final:*:*:*:*:*:*", "matchCriteriaId": "6AC69E38-9872-460F-841B-BBE1110FC1B9", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98:pre1:*:*:*:*:*:*", "matchCriteriaId": "7F812030-6DC3-4A8C-824F-3185AC4F0619", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98:pre2:*:*:*:*:*:*", "matchCriteriaId": "1917ECFC-BCD2-464C-B4C7-6D87A3B50DC5", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98.1:*:*:*:*:*:*:*", "matchCriteriaId": "57A8D91C-EEEB-4F76-8010-2CB174A9B091", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98.2:*:*:*:*:*:*:*", "matchCriteriaId": "B1831F7D-7366-4775-9B70-832F3BAB23E1", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98.2:a:*:*:*:*:*:*", "matchCriteriaId": "FE763375-34A0-4D2D-BEC2-D9F9232A1D01", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98.3:*:*:*:*:*:*:*", "matchCriteriaId": "962C592B-1B02-49EE-9C82-2EA1B0F0F4DB", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98.4:*:*:*:*:*:*:*", "matchCriteriaId": "DA327868-1A00-4BFE-AB29-3DBE57545EBA", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98.5:*:*:*:*:*:*:*", "matchCriteriaId": "09575AA6-7F8C-4A9C-B781-C892B00C3035", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98.6:*:*:*:*:*:*:*", "matchCriteriaId": "E3810E39-63C2-486A-9FFC-C7BBC6DCD455", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98.7:*:*:*:*:*:*:*", "matchCriteriaId": "07E6BD24-3843-479E-9DD0-56C69F8A0B71", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99:*:*:*:*:*:*:*", "matchCriteriaId": "41E823CA-D59A-404F-A064-25F557BEBD5A", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99:a:*:*:*:*:*:*", "matchCriteriaId": "D4C84C4B-3133-4589-B17E-903F78086A3E", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99:b:*:*:*:*:*:*", "matchCriteriaId": "366DE55B-E2FC-4CA1-B35C-1F09942A31A8", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99:pre1:*:*:*:*:*:*", "matchCriteriaId": "A1B51DC2-7C58-4073-B352-02A0B56D447E", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99:pre2:*:*:*:*:*:*", "matchCriteriaId": "209642A4-56B7-4345-B09D-57636A3D221F", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99.1:*:*:*:*:*:*:*", "matchCriteriaId": "AD057E44-D7B8-414C-A21D-DEC8753F0C50", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99.1:a:*:*:*:*:*:*", "matchCriteriaId": "79BC687A-A16D-4923-B592-549E12272045", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99.1:b:*:*:*:*:*:*", "matchCriteriaId": "2C400CA8-7CE1-4E6D-ABAD-102E4BD12C6D", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99.2:*:*:*:*:*:*:*", "matchCriteriaId": "D968FE34-54C4-4C06-8EB7-0537EDAAD6FC", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99.2:a:*:*:*:*:*:*", "matchCriteriaId": "1C6966F1-F1F5-45F6-B446-8408EB1DE9FD", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99.3:*:*:*:*:*:*:*", "matchCriteriaId": "4CAD1DE8-7D55-4C0B-B691-E8D8AA6E2689", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99.4:*:*:*:*:*:*:*", "matchCriteriaId": "70576B73-12AF-463B-96AB-18725ACDECFE", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99.9:*:*:*:*:*:*:*", "matchCriteriaId": "39F6EBD8-4BFD-49FC-A087-8698DB462880", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "3737B53D-E0BC-430F-9B00-5F13C15E3EF5", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "DF48827A-8F95-4D07-BB35-AD43A048072B", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "10DB2640-6C1B-4B95-998C-3737809C9E40", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "3A4B5B69-85CF-40C8-BC79-C340A6445F8C", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "8992045B-1EC7-4254-966E-AECDAEFD950E", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "14C4E0E1-FC73-4641-A7AC-47E25EAE251B", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "AF00DCF7-A5B8-4B62-9F4F-EB2273589215", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "947E46FD-1B9D-4F64-8C10-FF332796CFE5", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "B72E9F25-975E-4609-A741-F472CEB53265", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "2D76E5AE-B1D2-4362-915A-A6C15225F772", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "AD6BC5DF-3A1E-4B1F-87E9-857AE413841C", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.11:*:*:*:*:*:*:*", "matchCriteriaId": "3928B3DD-CA7E-4204-A49A-7B6E1F973B47", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.12:*:*:*:*:*:*:*", "matchCriteriaId": "091BB6EB-7263-4DD2-8B57-B1FF73D61B7A", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.13:a:*:*:*:*:*:*", "matchCriteriaId": "C462D2DB-B831-4395-A697-412AF5269E9A", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.14:*:*:*:*:*:*:*", "matchCriteriaId": "C705AE7A-8F8B-49C1-BEA4-B1486AAE9E2C", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.15:*:*:*:*:*:*:*", "matchCriteriaId": "E0AB8F16-5A30-4D85-A3E0-E8EECD5EEA69", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.16:a:*:*:*:*:*:*", "matchCriteriaId": "893F2C07-21F3-4B1E-B295-6B4DD20B97B1", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.16:b:*:*:*:*:*:*", "matchCriteriaId": "A6F4CFB6-9BD7-467E-ACDD-879D782DD2A3", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.16:c:*:*:*:*:*:*", "matchCriteriaId": "E10A65F7-517F-4966-B83F-7323C8ADA70C", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.17:*:*:*:*:*:*:*", "matchCriteriaId": "B76D15CD-FECF-435F-A7E4-54FE53638C1E", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.17:a:*:*:*:*:*:*", "matchCriteriaId": "F621BF1C-B9F1-4055-B5D8-6FC70BB3A6D8", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.18:*:*:*:*:*:*:*", "matchCriteriaId": "8669B8EC-482D-44CD-B30E-7D83423E1BC9", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.19:*:*:*:*:*:*:*", "matchCriteriaId": "B67A0244-D65F-4CCE-A084-31AD9A3D9B8E", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.20:*:*:*:*:*:*:*", "matchCriteriaId": "DFD2D751-2B85-428E-8766-36F92B338C5C", "vulnerable": true }, { "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.21:*:*:*:*:*:*:*", "matchCriteriaId": "579ECF9F-EBED-49BC-A804-86C71554D06C", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:*:*:*:*", "matchCriteriaId": "F0545634-EC4A-48E8-AB3D-49802FB11758", "vulnerable": false }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:*", "matchCriteriaId": "60FBDD82-691C-4D9D-B71B-F9AFF6931B53", "vulnerable": false }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:*:*:*:*", "matchCriteriaId": "25CBACD3-AFB7-410D-927F-0C1FF477D396", "vulnerable": false }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:*:*:*:*", "matchCriteriaId": "A53FF936-C785-4CEF-BAD0-3C3EB90EE466", "vulnerable": false }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:*:*:*", "matchCriteriaId": "EE26596F-F10E-44EF-88CA-0080646E91B9", "vulnerable": false }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:vmware:*:*:*:*:*", "matchCriteriaId": "B654E601-9B41-416B-9619-A60E6151EC68", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Directory traversal vulnerability in pure-FTPd 1.0.22 and possibly other versions, when running on SUSE Linux Enterprise Server and possibly other operating systems, when the Netware OES remote server feature is enabled, allows local users to overwrite arbitrary files via unknown vectors." }, { "lang": "es", "value": "Una vulnerabilidad de salto de directorio en Pure-ftpd v1.0.22 y posiblemente en otras versiones, cuando se ejecutan en SUSE Linux Enterprise Server y posiblemente otros sistemas operativos y cuando la funci\u00f3n de servidor remoto Netware OES est\u00e1 activada, permite a usuarios locales sobreescribir ficheros arbitrarios a trav\u00e9s de vectores desconocidos." } ], "id": "CVE-2011-3171", "lastModified": "2024-11-21T01:29:53.840", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2011-11-04T21:55:02.550", "references": [ { "source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00015.html" }, { "source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00016.html" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/49541" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69686" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00015.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00016.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/49541" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69686" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-22" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2013-01-13 20:55
Modified
2024-11-21 01:48
Severity ?
Summary
Use-after-free vulnerability in the ~nsHTMLEditRules implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
mozilla | firefox | * | |
mozilla | firefox | * | |
mozilla | firefox | * | |
mozilla | seamonkey | * | |
mozilla | thunderbird | * | |
mozilla | thunderbird_esr | * | |
mozilla | thunderbird_esr | * | |
opensuse | opensuse | 11.4 | |
opensuse | opensuse | 12.1 | |
opensuse | opensuse | 12.2 | |
suse | linux_enterprise_desktop | 10 | |
suse | linux_enterprise_desktop | 11 | |
suse | linux_enterprise_server | 10 | |
suse | linux_enterprise_server | 11 | |
suse | linux_enterprise_server | 11 | |
suse | linux_enterprise_software_development_kit | 10 | |
suse | linux_enterprise_software_development_kit | 11 | |
redhat | enterprise_linux_desktop | 5.0 | |
redhat | enterprise_linux_desktop | 6.0 | |
redhat | enterprise_linux_eus | 5.9 | |
redhat | enterprise_linux_eus | 6.3 | |
redhat | enterprise_linux_server | 5.0 | |
redhat | enterprise_linux_server | 6.0 | |
redhat | enterprise_linux_server_aus | 5.9 | |
redhat | enterprise_linux_workstation | 5.0 | |
redhat | enterprise_linux_workstation | 6.0 | |
canonical | ubuntu_linux | 10.04 | |
canonical | ubuntu_linux | 11.10 | |
canonical | ubuntu_linux | 12.04 | |
canonical | ubuntu_linux | 12.10 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "B79F0682-C77C-4B65-B267-C370CFC70295", "versionEndExcluding": "18.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "BC13B81F-BA13-445C-9352-52C07DE5722C", "versionEndExcluding": "10.0.12", "versionStartIncluding": "10.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "DBE1BFA6-20EE-44C2-8D48-17CAF2EE2D30", "versionEndExcluding": "17.0.2", "versionStartIncluding": "17.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*", "matchCriteriaId": "1BA9E754-FE4D-4123-9FA8-E2AD38CC7320", "versionEndExcluding": "2.15", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "EAC3A76A-FEC9-461E-BA82-1D62DEB45B34", "versionEndExcluding": "17.0.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*", "matchCriteriaId": "D45B1950-19B6-4C22-8828-6C203FA4804C", "versionEndExcluding": "10.0.12", "versionStartIncluding": "10.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*", "matchCriteriaId": "DCE07E1B-A9A5-44BC-98BB-A76B5F2EB133", "versionEndExcluding": "17.0.2", "versionStartIncluding": "17.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*", "matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*", "matchCriteriaId": "EBB2C482-D2A4-48B3-ACE7-E1DFDCC409B5", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*", "matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:*:*:*:*", "matchCriteriaId": "F0545634-EC4A-48E8-AB3D-49802FB11758", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*", "matchCriteriaId": "00720D8C-3FF3-4B1C-B74B-91F01A544399", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:*:*:*:*", "matchCriteriaId": "A53FF936-C785-4CEF-BAD0-3C3EB90EE466", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*", "matchCriteriaId": "88D6E858-FD8F-4C55-B7D5-CEEDA2BBA898", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*", "matchCriteriaId": "DB4D6749-81A1-41D7-BF4F-1C45A7F49A22", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4:*:*:*:*:*:*", "matchCriteriaId": "436EF2ED-FDBB-4B64-8EC4-33C3E4253F06", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2:*:*:*:*:*:*", "matchCriteriaId": "5AA37837-3083-4DC7-94F4-54FD5D7CB53C", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:5.9:*:*:*:*:*:*:*", "matchCriteriaId": "6252E88C-27FF-420D-A64A-C34124CF7E6A", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:6.3:*:*:*:*:*:*:*", "matchCriteriaId": "8382A145-CDD9-437E-9DE7-A349956778B3", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9:*:*:*:*:*:*:*", "matchCriteriaId": "92C9F1C4-55B0-426D-BB5E-01372C23AF97", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*", "matchCriteriaId": "01EDA41C-6B2E-49AF-B503-EB3882265C11", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*", "matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Use-after-free vulnerability in the ~nsHTMLEditRules implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors." }, { "lang": "es", "value": "Vulnerabilidad de uso despu\u00e9s de liberaci\u00f3n de la implementaci\u00f3n ~nsHTMLEditRules en Mozilla Firefox anterior a v18.0, Firefox ESR v10.x anterior a v10.0.12 y v17.x anterior a v17.0.1, Thunderbird anterior a v17.0.12, Thunderbird ESR v10.x anterior a 10.0.12 y v17.x anterior a 17.0.1, y SeaMonkey anterior a v2.15 que permite a atacantes remotos permite a atacantes remotos ejecutar c\u00f3digo arbitrio o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria din\u00e1mica) a trav\u00e9s de vectores no especificados." } ], "id": "CVE-2013-0766", "lastModified": "2024-11-21T01:48:10.023", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2013-01-13T20:55:02.337", "references": [ { "source": "security@mozilla.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html" }, { "source": "security@mozilla.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html" }, { "source": "security@mozilla.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html" }, { "source": "security@mozilla.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html" }, { "source": "security@mozilla.org", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0144.html" }, { "source": "security@mozilla.org", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0145.html" }, { "source": "security@mozilla.org", "tags": [ "Vendor Advisory" ], "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-02.html" }, { "source": "security@mozilla.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/57194" }, { "source": "security@mozilla.org", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-1681-1" }, { "source": "security@mozilla.org", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-1681-2" }, { "source": "security@mozilla.org", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-1681-4" }, { "source": "security@mozilla.org", "tags": [ "Issue Tracking", "Patch", "Vendor Advisory" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=803853" }, { "source": "security@mozilla.org", "tags": [ "Third Party Advisory" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16189" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0144.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0145.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-02.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/57194" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-1681-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-1681-2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-1681-4" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Patch", "Vendor Advisory" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=803853" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16189" } ], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-416" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2018-10-23 02:29
Modified
2024-11-21 03:56
Severity ?
Summary
chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0" name).
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
kyzer | libmspack | 0.3 | |
kyzer | libmspack | 0.4 | |
kyzer | libmspack | 0.5 | |
kyzer | libmspack | 0.6 | |
kyzer | libmspack | 0.7 | |
debian | debian_linux | 8.0 | |
redhat | enterprise_linux_desktop | 7.0 | |
redhat | enterprise_linux_server | 7.0 | |
redhat | enterprise_linux_workstation | 7.0 | |
canonical | ubuntu_linux | 12.04 | |
canonical | ubuntu_linux | 14.04 | |
canonical | ubuntu_linux | 16.04 | |
canonical | ubuntu_linux | 18.04 | |
canonical | ubuntu_linux | 18.10 | |
suse | linux_enterprise_server | 11 | |
suse | linux_enterprise_server | 12 | |
suse | linux_enterprise_server | 12 | |
suse | linux_enterprise_server | 12 | |
starwindsoftware | starwind_virtual_san | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:kyzer:libmspack:0.3:alpha:*:*:*:*:*:*", "matchCriteriaId": "A8922C30-64ED-4C15-999E-58AB0812814C", "vulnerable": true }, { "criteria": "cpe:2.3:a:kyzer:libmspack:0.4:alpha:*:*:*:*:*:*", "matchCriteriaId": "979ED5F0-4DE8-4091-BFD5-CD98AFF2BB43", "vulnerable": true }, { "criteria": "cpe:2.3:a:kyzer:libmspack:0.5:alpha:*:*:*:*:*:*", "matchCriteriaId": "F9DBC30C-9FC0-4471-B63B-0E948E2569C6", "vulnerable": true }, { "criteria": "cpe:2.3:a:kyzer:libmspack:0.6:alpha:*:*:*:*:*:*", "matchCriteriaId": "880442E9-7E36-4A6E-AA77-2310750AE21E", "vulnerable": true }, { "criteria": "cpe:2.3:a:kyzer:libmspack:0.7:alpha:*:*:*:*:*:*", "matchCriteriaId": "BE5A7D47-85EC-4045-9FB4-369CCD4044B2", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:ltss:*:*:*", "matchCriteriaId": "B12243B2-D726-404C-ABFF-F1AB51BA1783", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:ga:*:*:ltss:*:*:*", "matchCriteriaId": "3DC6D86E-8C71-4836-9F7C-7416E9250C42", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:ltss:*:*:*", "matchCriteriaId": "0651347C-AE16-4155-98EF-A0A2C63A37A8", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp2:*:*:ltss:*:*:*", "matchCriteriaId": "32C12523-2500-44D0-97EE-E740BD3E61B3", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:starwindsoftware:starwind_virtual_san:-:*:*:*:*:vsphere:*:*", "matchCriteriaId": "B649CB6C-394E-4F87-BB60-CB2C7825AA6D", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has \u0027\\0\u0027 as its first or second character (such as the \"/\\0\" name)." }, { "lang": "es", "value": "chmd_read_headers en mspack/chmd.c en libmspack en versiones anteriores a la 0.8alpha acepta un nombre de archivo que tiene \"\\0\" como su primer o segundo car\u00e1cter (como el nombre \"/\\0\")." } ], "id": "CVE-2018-18585", "lastModified": "2024-11-21T03:56:12.477", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2018-10-23T02:29:00.513", "references": [ { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2019:2049" }, { "source": "cve@mitre.org", "tags": [ "Issue Tracking", "Mailing List", "Third Party Advisory" ], "url": "https://bugs.debian.org/911637" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://github.com/kyz/libmspack/commit/8759da8db6ec9e866cb8eb143313f397f925bb4f" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00017.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201903-20" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/3814-1/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/3814-2/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/3814-3/" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "https://www.openwall.com/lists/oss-security/2018/10/22/1" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://www.starwindsoftware.com/security/sw-20181213-0002/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2019:2049" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Mailing List", "Third Party Advisory" ], "url": "https://bugs.debian.org/911637" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://github.com/kyz/libmspack/commit/8759da8db6ec9e866cb8eb143313f397f925bb4f" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00017.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201903-20" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/3814-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/3814-2/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/3814-3/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "https://www.openwall.com/lists/oss-security/2018/10/22/1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.starwindsoftware.com/security/sw-20181213-0002/" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-476" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2020-03-02 16:15
Modified
2024-11-21 04:33
Severity ?
5.1 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
A UNIX Symbolic Link (Symlink) Following vulnerability in the mysql-systemd-helper of the mariadb packaging of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allows local attackers to change the permissions of arbitrary files to 0640. This issue affects: SUSE Linux Enterprise Server 12 mariadb versions prior to 10.2.31-3.25.1. SUSE Linux Enterprise Server 15 mariadb versions prior to 10.2.31-3.26.1.
References
▼ | URL | Tags | |
---|---|---|---|
meissner@suse.de | http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00007.html | Broken Link, Mailing List, Vendor Advisory | |
meissner@suse.de | https://bugzilla.suse.com/show_bug.cgi?id=1160895 | Issue Tracking, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00007.html | Broken Link, Mailing List, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.suse.com/show_bug.cgi?id=1160895 | Issue Tracking, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
opensuse | leap | 15.1 | |
suse | linux_enterprise_server | 12 | |
suse | linux_enterprise_server | 15 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:*:*:*:*:*:*:*", "matchCriteriaId": "F922115C-1907-4F65-9F23-3E63A8BCD4A7", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:15:*:*:*:*:*:*:*", "matchCriteriaId": "70A029CD-2AC4-4877-B1A4-5C72B351BA27", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A UNIX Symbolic Link (Symlink) Following vulnerability in the mysql-systemd-helper of the mariadb packaging of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allows local attackers to change the permissions of arbitrary files to 0640. This issue affects: SUSE Linux Enterprise Server 12 mariadb versions prior to 10.2.31-3.25.1. SUSE Linux Enterprise Server 15 mariadb versions prior to 10.2.31-3.26.1." }, { "lang": "es", "value": "Una vulnerabilidad de tipo Symbolic Link (Symlink) Following en mysql-systemd-helper del paquete mariadb de SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, permite a atacantes locales cambiar los permisos de archivos arbitrarios a 0640. Este problema afecta a: mariadb de SUSE Linux Enterprise Server 12 versiones anteriores a 10.2.31-3.25.1. mariadb de SUSE Linux Enterprise Server 15 versiones anteriores a 10.2.31-3.26.1." } ], "id": "CVE-2019-18901", "lastModified": "2024-11-21T04:33:48.580", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "version": "3.1" }, "exploitabilityScore": 2.5, "impactScore": 2.5, "source": "meissner@suse.de", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2020-03-02T16:15:11.940", "references": [ { "source": "meissner@suse.de", "tags": [ "Broken Link", "Mailing List", "Vendor Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00007.html" }, { "source": "meissner@suse.de", "tags": [ "Issue Tracking", "Vendor Advisory" ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1160895" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Mailing List", "Vendor Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00007.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Vendor Advisory" ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1160895" } ], "sourceIdentifier": "meissner@suse.de", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-59" } ], "source": "meissner@suse.de", "type": "Primary" }, { "description": [ { "lang": "en", "value": "CWE-59" } ], "source": "nvd@nist.gov", "type": "Secondary" } ] }
Vulnerability from fkie_nvd
Published
2016-04-19 21:59
Modified
2024-11-21 02:21
Severity ?
Summary
Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
suse | linux_enterprise_debuginfo | 11.0 | |
suse | linux_enterprise_debuginfo | 11.0 | |
suse | linux_enterprise_debuginfo | 11.0 | |
opensuse | opensuse | 13.2 | |
suse | linux_enterprise_desktop | 11.0 | |
suse | linux_enterprise_desktop | 11.0 | |
suse | linux_enterprise_desktop | 12 | |
suse | linux_enterprise_desktop | 12 | |
suse | linux_enterprise_server | 11.0 | |
suse | linux_enterprise_server | 11.0 | |
suse | linux_enterprise_server | 11.0 | |
suse | linux_enterprise_server | 11.0 | |
suse | linux_enterprise_server | 12 | |
suse | linux_enterprise_software_development_kit | 11.0 | |
suse | linux_enterprise_software_development_kit | 11.0 | |
suse | linux_enterprise_software_development_kit | 12 | |
suse | linux_enterprise_software_development_kit | 12 | |
suse | suse_linux_enterprise_server | 12 | |
fedoraproject | fedora | 23 | |
gnu | glibc | * | |
canonical | ubuntu_linux | 12.04 | |
canonical | ubuntu_linux | 14.04 | |
canonical | ubuntu_linux | 15.10 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "1FADFCB2-7D70-4778-9199-516E667177C8", "vulnerable": true }, { "criteria": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11.0:sp3:*:*:*:*:*:*", "matchCriteriaId": "174A8501-CFE4-430E-BB1F-DDF89F94A117", "vulnerable": true }, { "criteria": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11.0:sp4:*:*:*:*:*:*", "matchCriteriaId": "480C8C21-8DA3-4EF2-8BCF-7CED031A3B81", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11.0:sp3:*:*:*:*:*:*", "matchCriteriaId": "1F33821F-22ED-4B6A-B70B-D38EDA658EE7", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11.0:sp4:*:*:*:*:*:*", "matchCriteriaId": "10F15C47-008C-4FFC-980B-A14E176C1F1E", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:*:*:*:*:*:*:*", "matchCriteriaId": "F1EB0F28-F23A-4969-8A3E-66DA2EFA40C3", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*", "matchCriteriaId": "3A0BA503-3F96-48DA-AF47-FBA37A9D0C48", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11.0:sp2:*:*:lts:*:*:*", "matchCriteriaId": "380DDE38-767C-455A-8474-29BF32D66D48", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11.0:sp3:*:*:*:*:*:*", "matchCriteriaId": "01E21741-9D7D-42DD-B70D-5FD3053DE780", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11.0:sp3:*:*:*:vmware:*:*", "matchCriteriaId": "FD3677E0-7423-452A-8C1E-A20C5CC34CA8", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11.0:sp4:*:*:*:*:*:*", "matchCriteriaId": "D5BAC17C-EF31-4E94-9020-47B781AD94B3", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*", "matchCriteriaId": "2076747F-A98E-4DD9-9B52-BF1732BCAD3D", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11.0:sp3:*:*:*:*:*:*", "matchCriteriaId": "ACC73EF8-7AD9-4113-9E3F-C93AF818CEB8", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11.0:sp4:*:*:*:*:*:*", "matchCriteriaId": "51FA1B64-D002-41CC-908F-3798122ACD25", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:*:*:*:*:*:*:*", "matchCriteriaId": "DB2A1559-651C-46B0-B436-8E03DC8A60D2", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1:*:*:*:*:*:*", "matchCriteriaId": "5A633996-2FD7-467C-BAA6-529E16BD06D1", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*", "matchCriteriaId": "9C649194-B8C2-49F7-A819-C635EE584ABF", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*", "matchCriteriaId": "E79AB8DD-C907-4038-A931-1A5A4CFB6A5B", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*", "matchCriteriaId": "E1E32895-9C7B-4DE8-9BB5-0177406EB761", "versionEndIncluding": "2.22", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function." }, { "lang": "es", "value": "M\u00faltiples desbordamientos de buffer basado en pila en la GNU C Library (tambi\u00e9n conocida como glibc o libc6) en versiones anteriores a 2.23 permiten a atacantes dependientes del contexto causar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) o posiblemente ejecutar c\u00f3digo arbirario a trav\u00e9s de un argumento largo en la funci\u00f3n (1) nan, (2) nanf o (3) nanl." } ], "id": "CVE-2014-9761", "lastModified": "2024-11-21T02:21:36.940", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2016-04-19T21:59:00.113", "references": [ { "source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html" }, { "source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html" }, { "source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html" }, { "source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html" }, { "source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html" }, { "source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html" }, { "source": "secalert@redhat.com", "url": "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html" }, { "source": "secalert@redhat.com", "url": "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html" }, { "source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2017-0680.html" }, { "source": "secalert@redhat.com", "url": "http://seclists.org/fulldisclosure/2019/Jun/18" }, { "source": "secalert@redhat.com", "url": "http://seclists.org/fulldisclosure/2019/Sep/7" }, { "source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2016/01/19/11" }, { "source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2016/01/20/1" }, { "source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/83306" }, { "source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-2985-1" }, { "source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-2985-2" }, { "source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2017:1916" }, { "source": "secalert@redhat.com", "url": "https://seclists.org/bugtraq/2019/Jun/14" }, { "source": "secalert@redhat.com", "url": "https://seclists.org/bugtraq/2019/Sep/7" }, { "source": "secalert@redhat.com", "url": "https://security.gentoo.org/glsa/201702-11" }, { "source": "secalert@redhat.com", "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=16962" }, { "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ], "url": "https://www.sourceware.org/ml/libc-alpha/2016-02/msg00502.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2017-0680.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2019/Jun/18" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2019/Sep/7" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2016/01/19/11" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2016/01/20/1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/83306" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-2985-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-2985-2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2017:1916" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://seclists.org/bugtraq/2019/Jun/14" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://seclists.org/bugtraq/2019/Sep/7" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201702-11" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=16962" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.sourceware.org/ml/libc-alpha/2016-02/msg00502.html" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-119" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2012-11-21 12:55
Modified
2024-11-21 01:45
Severity ?
Summary
Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 implement cross-origin wrappers with a filtering behavior that does not properly restrict write actions, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
mozilla | firefox | * | |
mozilla | firefox | * | |
mozilla | seamonkey | * | |
mozilla | thunderbird | * | |
mozilla | thunderbird_esr | * | |
opensuse | opensuse | 11.4 | |
opensuse | opensuse | 12.1 | |
opensuse | opensuse | 12.2 | |
suse | linux_enterprise_desktop | 10 | |
suse | linux_enterprise_desktop | 11 | |
suse | linux_enterprise_server | 10 | |
suse | linux_enterprise_server | 11 | |
suse | linux_enterprise_server | 11 | |
suse | linux_enterprise_software_development_kit | 10 | |
suse | linux_enterprise_software_development_kit | 11 | |
canonical | ubuntu_linux | 10.04 | |
canonical | ubuntu_linux | 11.10 | |
canonical | ubuntu_linux | 12.04 | |
canonical | ubuntu_linux | 12.10 | |
redhat | enterprise_linux_desktop | 5.0 | |
redhat | enterprise_linux_desktop | 6.0 | |
redhat | enterprise_linux_eus | 6.3 | |
redhat | enterprise_linux_server | 5.0 | |
redhat | enterprise_linux_server | 6.0 | |
redhat | enterprise_linux_workstation | 5.0 | |
redhat | enterprise_linux_workstation | 6.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "9D350E7E-4990-4C93-80AD-AC5C27040549", "versionEndExcluding": "10.0.11", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "23C27B04-A1E0-4930-AF63-E2B1E57F75BE", "versionEndExcluding": "17.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*", "matchCriteriaId": "D9DEF1D7-9412-4632-A689-AFD71FEFACC0", "versionEndExcluding": "2.14", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "61E5E742-2A0F-4483-A784-EACBEE1DF267", "versionEndExcluding": "17.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*", "matchCriteriaId": "261324A9-B458-48B0-B8EC-5412FB8728E9", "versionEndExcluding": "10.0.11", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*", "matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*", "matchCriteriaId": "EBB2C482-D2A4-48B3-ACE7-E1DFDCC409B5", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*", "matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:*:*:*:*", "matchCriteriaId": "F0545634-EC4A-48E8-AB3D-49802FB11758", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*", "matchCriteriaId": "00720D8C-3FF3-4B1C-B74B-91F01A544399", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:*:*:*:*", "matchCriteriaId": "A53FF936-C785-4CEF-BAD0-3C3EB90EE466", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*", "matchCriteriaId": "88D6E858-FD8F-4C55-B7D5-CEEDA2BBA898", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*", "matchCriteriaId": "DB4D6749-81A1-41D7-BF4F-1C45A7F49A22", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4:*:*:*:*:*:*", "matchCriteriaId": "436EF2ED-FDBB-4B64-8EC4-33C3E4253F06", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2:*:*:*:*:*:*", "matchCriteriaId": "5AA37837-3083-4DC7-94F4-54FD5D7CB53C", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*", "matchCriteriaId": "01EDA41C-6B2E-49AF-B503-EB3882265C11", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*", "matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:6.3:*:*:*:*:*:*:*", "matchCriteriaId": "8382A145-CDD9-437E-9DE7-A349956778B3", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 implement cross-origin wrappers with a filtering behavior that does not properly restrict write actions, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site." }, { "lang": "es", "value": "Mozilla Firefox antes de 17.0, Firefox ESR 10.x antes de 10.0.11, Thunderbird antes de 17,0, Thunderbird ESR 10.x antes de 10.0.11, y SeaMonkey antes de 2.14 implementan envoltorios origen cruzado con un comportamiento de filtrado que no restringe correctamente las acciones de escritura, lo que permite a atacantes remotos realizar ataques de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) a trav\u00e9s de un sitio web modificado." } ], "id": "CVE-2012-5841", "lastModified": "2024-11-21T01:45:21.170", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2012-11-21T12:55:03.697", "references": [ { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://osvdb.org/87588" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1482.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1483.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/51359" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/51360" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/51369" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/51370" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/51381" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/51434" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/51439" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/51440" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:173" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-100.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/56631" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-1636-1" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-1638-1" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-1638-2" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-1638-3" }, { "source": "cve@mitre.org", "tags": [ "Issue Tracking", "Patch", "Vendor Advisory" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=805807" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80178" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16590" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://osvdb.org/87588" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1482.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1483.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/51359" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/51360" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/51369" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/51370" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/51381" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/51434" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/51439" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/51440" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:173" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-100.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/56631" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-1636-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-1638-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-1638-2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-1638-3" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Patch", "Vendor Advisory" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=805807" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80178" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16590" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-79" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2011-12-15 03:57
Modified
2024-11-21 01:32
Severity ?
Summary
The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code, or cause a denial of service (heap memory corruption), via a crafted component registration (CRG) marker segment in a JPEG2000 file.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
jasper_project | jasper | 1.900.1 | |
oracle | outside_in_technology | 8.3.5 | |
oracle | outside_in_technology | 8.3.7 | |
canonical | ubuntu_linux | 10.04 | |
canonical | ubuntu_linux | 10.10 | |
canonical | ubuntu_linux | 11.04 | |
canonical | ubuntu_linux | 11.10 | |
debian | debian_linux | 6.0 | |
fedoraproject | fedora | 15 | |
fedoraproject | fedora | 16 | |
suse | linux_enterprise_desktop | 11 | |
suse | linux_enterprise_server | 11 | |
suse | linux_enterprise_server | 11 | |
suse | linux_enterprise_software_development_kit | 11 | |
redhat | enterprise_linux_desktop | 4 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:jasper_project:jasper:1.900.1:*:*:*:*:*:*:*", "matchCriteriaId": "79C699BE-8585-4A07-88AE-E17CF17D92CD", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:outside_in_technology:8.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "64AA8532-9055-4A9B-BC52-B6D0EDAB8D10", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:outside_in_technology:8.3.7:*:*:*:*:*:*:*", "matchCriteriaId": "506DA542-BD41-4102-A15E-481C81A0AB04", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*", "matchCriteriaId": "01EDA41C-6B2E-49AF-B503-EB3882265C11", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*", "matchCriteriaId": "87614B58-24AB-49FB-9C84-E8DDBA16353B", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*", "matchCriteriaId": "EF49D26F-142E-468B-87C1-BABEA445255C", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*", "matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:*", "matchCriteriaId": "9396E005-22D8-4342-9323-C7DEA379191D", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*", "matchCriteriaId": "706C6399-CAD1-46E3-87A2-8DFE2CF497ED", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:*", "matchCriteriaId": "60FBDD82-691C-4D9D-B71B-F9AFF6931B53", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:-:*:*", "matchCriteriaId": "A44C3422-0D42-473E-ABB4-279D7494EE2F", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:vmware:*:*", "matchCriteriaId": "A6B7CDCA-6F39-4113-B5D3-3AA9D7F3D809", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp1:*:*:*:*:*:*", "matchCriteriaId": "E8C91701-DF37-4F7B-AB9A-B1BFDB4991F8", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:4:*:*:*:*:*:*:*", "matchCriteriaId": "D986CAD0-F4E0-4F97-B240-8967CD4466FB", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code, or cause a denial of service (heap memory corruption), via a crafted component registration (CRG) marker segment in a JPEG2000 file." }, { "lang": "es", "value": "La funci\u00f3n jpc_crg_getparms de libjasper/jpc/jpc_cs.c de JasPer 1.900.1 utiliza un tipo de datos incorrecto durante un c\u00e1lculo determinado de tama\u00f1o, lo que permite a atacantes remotos provocar un desbordamiento de buffer de memoria din\u00e1mica y ejecutar c\u00f3digo arbitrario, o provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria din\u00e1mica), a trav\u00e9s de un archivo JPEG2000 mal formado." } ], "id": "CVE-2011-4517", "lastModified": "2024-11-21T01:32:27.893", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2011-12-15T03:57:34.277", "references": [ { "source": "cret@cert.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071458.html" }, { "source": "cret@cert.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071561.html" }, { "source": "cret@cert.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00010.html" }, { "source": "cret@cert.org", "tags": [ "Broken Link" ], "url": "http://osvdb.org/77596" }, { "source": "cret@cert.org", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0698.html" }, { "source": "cret@cert.org", "tags": [ "Not Applicable" ], "url": "http://secunia.com/advisories/47193" }, { "source": "cret@cert.org", "tags": [ "Not Applicable" ], "url": "http://secunia.com/advisories/47306" }, { "source": "cret@cert.org", "tags": [ "Not Applicable" ], "url": "http://secunia.com/advisories/47353" }, { "source": "cret@cert.org", "tags": [ "Broken Link" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640" }, { "source": "cret@cert.org", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2011/dsa-2371" }, { "source": "cret@cert.org", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/887409" }, { "source": "cret@cert.org", "tags": [ "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html" }, { "source": "cret@cert.org", "tags": [ "Third Party Advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2011-1807.html" }, { "source": "cret@cert.org", "tags": [ "Third Party Advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2011-1811.html" }, { "source": "cret@cert.org", "tags": [ "Broken Link", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/50992" }, { "source": "cret@cert.org", "tags": [ "Release Notes" ], "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.538606" }, { "source": "cret@cert.org", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-1315-1" }, { "source": "cret@cert.org", "tags": [ "Issue Tracking" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=747726" }, { "source": "cret@cert.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71701" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071458.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071561.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00010.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://osvdb.org/77596" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0698.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Not Applicable" ], "url": "http://secunia.com/advisories/47193" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Not Applicable" ], "url": "http://secunia.com/advisories/47306" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Not Applicable" ], "url": "http://secunia.com/advisories/47353" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2011/dsa-2371" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/887409" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2011-1807.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2011-1811.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/50992" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Release Notes" ], "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.538606" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-1315-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=747726" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71701" } ], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-787" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2014-10-15 22:55
Modified
2024-11-21 02:14
Severity ?
Summary
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6494.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
juniper | junos_space | * | |
oracle | solaris | 11.3 | |
mariadb | mariadb | * | |
mariadb | mariadb | * | |
oracle | mysql | * | |
oracle | mysql | * | |
suse | linux_enterprise_desktop | 12 | |
suse | linux_enterprise_server | 12 | |
suse | linux_enterprise_software_development_kit | 12 | |
suse | linux_enterprise_workstation_extension | 12 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:juniper:junos_space:*:*:*:*:*:*:*:*", "matchCriteriaId": "6133CA80-A291-487F-AE06-85D4AA154727", "versionEndIncluding": "15.1", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", "matchCriteriaId": "AF35B328-2B85-4093-9288-2EF6043AA8DF", "versionEndExcluding": "5.5.40", "versionStartIncluding": "5.5.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", "matchCriteriaId": "2C55CD8E-8ADC-470C-9042-5C63221A2F09", "versionEndExcluding": "10.0.15", "versionStartIncluding": "10.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*", "matchCriteriaId": "CAA995C3-9B96-4B6F-A3E9-587F8468F551", "versionEndIncluding": "5.5.39", "versionStartIncluding": "5.5.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*", "matchCriteriaId": "D3E71621-9463-4E83-A99C-1D51E6352770", "versionEndIncluding": "5.6.20", "versionStartIncluding": "5.6.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*", "matchCriteriaId": "D2DF4815-B8CB-4AD3-B91D-2E09A8E318E9", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*", "matchCriteriaId": "15FC9014-BD85-4382-9D04-C0703E901D7A", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-:*:*:*:*:*:*", "matchCriteriaId": "1831D45A-EE6E-4220-8F8C-248B69520948", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:-:*:*:*:*:*:*", "matchCriteriaId": "028ABA8F-4E7B-4CD0-B6FC-3A0941E254BA", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6494." }, { "lang": "es", "value": "Vulnerabilidad sin especificar en Oracle MySQL Server 5.5.39 y anteriores y 5.6.20 y anteriores, permite a atacantes remotos afectar la disponibilidad a trav\u00e9s de vectores relacionados con CLIENT:SSL:yaSSL, una vulnerabilidad diferente a CVE-2014-6494." } ], "id": "CVE-2014-6496", "lastModified": "2024-11-21T02:14:30.450", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2014-10-15T22:55:06.077", "references": [ { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10698" }, { "source": "secalert_us@oracle.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Not Applicable" ], "url": "http://secunia.com/advisories/61579" }, { "source": "secalert_us@oracle.com", "tags": [ "Not Applicable" ], "url": "http://secunia.com/advisories/62073" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "http://security.gentoo.org/glsa/glsa-201411-02.xml" }, { "source": "secalert_us@oracle.com", "tags": [ "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/70469" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10698" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Not Applicable" ], "url": "http://secunia.com/advisories/61579" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Not Applicable" ], "url": "http://secunia.com/advisories/62073" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://security.gentoo.org/glsa/glsa-201411-02.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/70469" } ], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2015-04-16 16:59
Modified
2024-11-21 02:23
Severity ?
Summary
Unspecified vulnerability in Oracle Java SE 7u76 and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-0492.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update76:*:*:*:*:*:*", "matchCriteriaId": "A2C5FA21-4D3B-4739-92A1-B87A1A63F29B", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update40:*:*:*:*:*:*", "matchCriteriaId": "8348D050-22EF-49AC-960A-ADBA1441FFC0", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update76:*:*:*:*:*:*", "matchCriteriaId": "50E5F104-C20F-4E6B-AD70-8FEC1B9A9B46", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update40:*:*:*:*:*:*", "matchCriteriaId": "BB2AF8BC-7643-4CBF-83C0-CA4656AC4FB4", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:javafx:2.2.76:*:*:*:*:*:*:*", "matchCriteriaId": "40229F01-B2C6-44EA-8DF8-C316B52F5848", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:*:*:*", "matchCriteriaId": "8B072472-B463-4647-885D-E40B0115C810", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in Oracle Java SE 7u76 and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-0492." }, { "lang": "es", "value": "Vulnerabilidad no especificada en Oracle Java SE 7u76 y 8u40, y Java FX 2.2.76, permite a atacantes remotos afectar la confidencialidad, la integridad y la disponibilidad a trav\u00e9s de vectores desconocidos, una vulnerabilidad diferente a CVE-2015-0492." } ], "evaluatorComment": "Per Oracle: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. (http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html)", "id": "CVE-2015-0484", "lastModified": "2024-11-21T02:23:10.183", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2015-04-16T16:59:36.260", "references": [ { "source": "secalert_us@oracle.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00017.html" }, { "source": "secalert_us@oracle.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00018.html" }, { "source": "secalert_us@oracle.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00002.html" }, { "source": "secalert_us@oracle.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-0854.html" }, { "source": "secalert_us@oracle.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-0857.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" }, { "source": "secalert_us@oracle.com", "url": "http://www.securityfocus.com/bid/74135" }, { "source": "secalert_us@oracle.com", "url": "http://www.securitytracker.com/id/1032120" }, { "source": "secalert_us@oracle.com", "url": "https://security.gentoo.org/glsa/201603-11" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00017.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00018.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00002.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2015-0854.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2015-0857.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/74135" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1032120" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201603-11" } ], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2010-09-08 20:00
Modified
2024-11-21 01:17
Severity ?
Summary
Integer overflow in net/can/bcm.c in the Controller Area Network (CAN) implementation in the Linux kernel before 2.6.27.53, 2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2.6.35.x before 2.6.35.4 allows attackers to execute arbitrary code or cause a denial of service (system crash) via crafted CAN traffic.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
linux | linux_kernel | * | |
linux | linux_kernel | * | |
linux | linux_kernel | * | |
linux | linux_kernel | * | |
fedoraproject | fedora | 12 | |
debian | debian_linux | 5.0 | |
opensuse | opensuse | 11.3 | |
suse | linux_enterprise_desktop | 11 | |
suse | linux_enterprise_high_availability_extension | 11 | |
suse | linux_enterprise_real_time | 11 | |
suse | linux_enterprise_server | 11 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "8FE382AE-9C6D-4BEB-8E3F-97B28833C183", "versionEndExcluding": "2.6.27.53", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "1EE59977-7454-4176-A2D6-2302E120C851", "versionEndExcluding": "2.6.32.21", "versionStartIncluding": "2.6.32", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "63D85B69-8DB7-4D3E-9354-CCBC549E7370", "versionEndExcluding": "2.6.34.6", "versionStartIncluding": "2.6.34", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C7A5EF87-D414-4E4D-A558-FDD6D1910A08", "versionEndExcluding": "2.6.35.4", "versionStartIncluding": "2.6.35", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*", "matchCriteriaId": "E44669D7-6C1E-4844-B78A-73E253A7CC17", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*", "matchCriteriaId": "5646FDE9-CF21-46A9-B89D-F5BBDB4249AF", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:*", "matchCriteriaId": "60FBDD82-691C-4D9D-B71B-F9AFF6931B53", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_high_availability_extension:11:sp1:*:*:*:*:*:*", "matchCriteriaId": "EB74DEB4-2BD1-4A65-AFDA-C331BC20C178", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_real_time:11:sp1:*:*:*:*:*:*", "matchCriteriaId": "947E05EB-6995-47C1-BE9A-D22E3810533D", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:*:*:*", "matchCriteriaId": "EE26596F-F10E-44EF-88CA-0080646E91B9", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Integer overflow in net/can/bcm.c in the Controller Area Network (CAN) implementation in the Linux kernel before 2.6.27.53, 2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2.6.35.x before 2.6.35.4 allows attackers to execute arbitrary code or cause a denial of service (system crash) via crafted CAN traffic." }, { "lang": "es", "value": "Desbordamiento de enterno en net/can/bcm en la implementaci\u00f3n Controller Area Network (CAN) del kernel de Linux anterior a v2.6.27.53, v2.6.32.x anterior a v2.6.32.21, v2.6.34.x anterior a v2.6.34.6, y v2.6.35.x anterior a v2.6.35.4, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n o provocar una denegaci\u00f3n de servicio (ca\u00edda de sistema) a trav\u00e9s de tr\u00e1fico CAN manipulado." } ], "id": "CVE-2010-2959", "lastModified": "2024-11-21T01:17:44.207", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2010-09-08T20:00:03.760", "references": [ { "source": "security@ubuntu.com", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5b75c4973ce779520b9d1e392483207d6f842cde" }, { "source": "security@ubuntu.com", "tags": [ "Exploit", "Mailing List", "Third Party Advisory" ], "url": "http://jon.oberheide.org/files/i-can-haz-modharden.c" }, { "source": "security@ubuntu.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/046947.html" }, { "source": "security@ubuntu.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html" }, { "source": "security@ubuntu.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00005.html" }, { "source": "security@ubuntu.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html" }, { "source": "security@ubuntu.com", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/41512" }, { "source": "security@ubuntu.com", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2010/dsa-2094" }, { "source": "security@ubuntu.com", "tags": [ "Broken Link" ], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.53" }, { "source": "security@ubuntu.com", "tags": [ "Broken Link" ], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.21" }, { "source": "security@ubuntu.com", "tags": [ "Broken Link" ], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34.6" }, { "source": "security@ubuntu.com", "tags": [ "Broken Link" ], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35.4" }, { "source": "security@ubuntu.com", "tags": [ "Broken Link" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:198" }, { "source": "security@ubuntu.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2010/08/20/2" }, { "source": "security@ubuntu.com", "tags": [ "Exploit", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/42585" }, { "source": "security@ubuntu.com", "tags": [ "Broken Link" ], "url": "http://www.vupen.com/english/advisories/2010/2430" }, { "source": "security@ubuntu.com", "tags": [ "Broken Link" ], "url": "http://www.vupen.com/english/advisories/2011/0298" }, { "source": "security@ubuntu.com", "tags": [ "Issue Tracking", "Patch", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=625699" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5b75c4973ce779520b9d1e392483207d6f842cde" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Mailing List", "Third Party Advisory" ], "url": "http://jon.oberheide.org/files/i-can-haz-modharden.c" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/046947.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00005.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/41512" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2010/dsa-2094" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.53" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.21" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34.6" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35.4" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:198" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2010/08/20/2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/42585" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.vupen.com/english/advisories/2010/2430" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.vupen.com/english/advisories/2011/0298" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Patch", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=625699" } ], "sourceIdentifier": "security@ubuntu.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-190" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2013-01-13 20:55
Modified
2024-11-21 01:48
Severity ?
Summary
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
mozilla | firefox | * | |
mozilla | firefox | * | |
mozilla | firefox | * | |
mozilla | seamonkey | * | |
mozilla | thunderbird | * | |
mozilla | thunderbird_esr | * | |
mozilla | thunderbird_esr | * | |
opensuse | opensuse | 11.4 | |
opensuse | opensuse | 12.1 | |
opensuse | opensuse | 12.2 | |
suse | linux_enterprise_desktop | 10 | |
suse | linux_enterprise_desktop | 11 | |
suse | linux_enterprise_server | 10 | |
suse | linux_enterprise_server | 11 | |
suse | linux_enterprise_server | 11 | |
suse | linux_enterprise_software_development_kit | 10 | |
suse | linux_enterprise_software_development_kit | 11 | |
canonical | ubuntu_linux | 10.04 | |
canonical | ubuntu_linux | 11.10 | |
canonical | ubuntu_linux | 12.04 | |
canonical | ubuntu_linux | 12.10 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "B79F0682-C77C-4B65-B267-C370CFC70295", "versionEndExcluding": "18.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "BC13B81F-BA13-445C-9352-52C07DE5722C", "versionEndExcluding": "10.0.12", "versionStartIncluding": "10.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "DBE1BFA6-20EE-44C2-8D48-17CAF2EE2D30", "versionEndExcluding": "17.0.2", "versionStartIncluding": "17.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*", "matchCriteriaId": "1BA9E754-FE4D-4123-9FA8-E2AD38CC7320", "versionEndExcluding": "2.15", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "EAC3A76A-FEC9-461E-BA82-1D62DEB45B34", "versionEndExcluding": "17.0.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*", "matchCriteriaId": "D45B1950-19B6-4C22-8828-6C203FA4804C", "versionEndExcluding": "10.0.12", "versionStartIncluding": "10.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*", "matchCriteriaId": "DCE07E1B-A9A5-44BC-98BB-A76B5F2EB133", "versionEndExcluding": "17.0.2", "versionStartIncluding": "17.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*", "matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*", "matchCriteriaId": "EBB2C482-D2A4-48B3-ACE7-E1DFDCC409B5", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*", "matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:*:*:*:*", "matchCriteriaId": "F0545634-EC4A-48E8-AB3D-49802FB11758", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*", "matchCriteriaId": "00720D8C-3FF3-4B1C-B74B-91F01A544399", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:*:*:*:*", "matchCriteriaId": "A53FF936-C785-4CEF-BAD0-3C3EB90EE466", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*", "matchCriteriaId": "88D6E858-FD8F-4C55-B7D5-CEEDA2BBA898", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*", "matchCriteriaId": "DB4D6749-81A1-41D7-BF4F-1C45A7F49A22", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4:*:*:*:*:*:*", "matchCriteriaId": "436EF2ED-FDBB-4B64-8EC4-33C3E4253F06", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2:*:*:*:*:*:*", "matchCriteriaId": "5AA37837-3083-4DC7-94F4-54FD5D7CB53C", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*", "matchCriteriaId": "01EDA41C-6B2E-49AF-B503-EB3882265C11", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*", "matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." }, { "lang": "es", "value": "M\u00faltiples vulnerabilidades sin especificar en el motor de navegaci\u00f3n en Mozilla Firefox anterior a 18.0, Firefox ESR 10.x anterior a 10.0.12 y 17.x anterior a 17.0.2, Thunderbird anterior a 17.0.2, Thunderbird ESR 10.x anterior a 10.0.12 y 17.x anterior a 17.0.2, y SeaMonkey anterior a 2.15, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria y ca\u00edda de aplicaci\u00f3n) o posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores desconocidos." } ], "id": "CVE-2013-0749", "lastModified": "2024-11-21T01:48:07.540", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2013-01-13T20:55:01.667", "references": [ { "source": "security@mozilla.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html" }, { "source": "security@mozilla.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html" }, { "source": "security@mozilla.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html" }, { "source": "security@mozilla.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html" }, { "source": "security@mozilla.org", "tags": [ "Vendor Advisory" ], "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-01.html" }, { "source": "security@mozilla.org", "tags": [ "Broken Link" ], "url": "http://www.palemoon.org/releasenotes-ng.shtml" }, { "source": "security@mozilla.org", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-1681-1" }, { "source": "security@mozilla.org", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-1681-2" }, { "source": "security@mozilla.org", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-1681-4" }, { "source": "security@mozilla.org", "tags": [ "Issue Tracking", "Patch", "Vendor Advisory" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=785358" }, { "source": "security@mozilla.org", "tags": [ "Issue Tracking", "Patch", "Vendor Advisory" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=794426" }, { "source": "security@mozilla.org", "tags": [ "Exploit", "Issue Tracking", "Vendor Advisory" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=805745" }, { "source": "security@mozilla.org", "tags": [ "Exploit", "Issue Tracking", "Vendor Advisory" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=805814" }, { "source": "security@mozilla.org", "tags": [ "Issue Tracking", "Patch", "Vendor Advisory" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808481" }, { "source": "security@mozilla.org", "tags": [ "Issue Tracking", "Vendor Advisory" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=812847" }, { "source": "security@mozilla.org", "tags": [ "Issue Tracking", "Vendor Advisory" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=814407" }, { "source": "security@mozilla.org", "tags": [ "Issue Tracking", "Vendor Advisory" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=814839" }, { "source": "security@mozilla.org", "tags": [ "Issue Tracking", "Vendor Advisory" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=816994" }, { "source": "security@mozilla.org", "tags": [ "Third Party Advisory" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16953" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-01.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.palemoon.org/releasenotes-ng.shtml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-1681-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-1681-2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-1681-4" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Patch", "Vendor Advisory" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=785358" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Patch", "Vendor Advisory" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=794426" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Issue Tracking", "Vendor Advisory" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=805745" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Issue Tracking", "Vendor Advisory" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=805814" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Patch", "Vendor Advisory" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808481" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Vendor Advisory" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=812847" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Vendor Advisory" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=814407" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Vendor Advisory" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=814839" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Vendor Advisory" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=816994" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16953" } ], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2013-02-13 01:55
Modified
2024-11-21 01:45
Severity ?
Summary
Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service (guest OS crash) and possibly execute arbitrary guest code via a large packet.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
qemu | qemu | * | |
fedoraproject | fedora | 16 | |
fedoraproject | fedora | 17 | |
fedoraproject | fedora | 18 | |
opensuse | opensuse | 12.1 | |
opensuse | opensuse | 12.2 | |
suse | linux_enterprise_server | 11 | |
redhat | enterprise_linux_desktop | 5.0 | |
redhat | enterprise_linux_desktop | 6.0 | |
redhat | enterprise_linux_eus | 5.9 | |
redhat | enterprise_linux_eus | 6.4 | |
redhat | enterprise_linux_server | 5.0 | |
redhat | enterprise_linux_server | 6.0 | |
redhat | enterprise_linux_server_aus | 5.9 | |
redhat | enterprise_linux_server_aus | 6.4 | |
redhat | enterprise_linux_workstation | 5.0 | |
redhat | enterprise_linux_workstation | 6.0 | |
redhat | virtualization | 3.0 | |
redhat | enterprise_linux | 6.0 | |
debian | debian_linux | 6.0 | |
canonical | ubuntu_linux | 10.04 | |
canonical | ubuntu_linux | 11.10 | |
canonical | ubuntu_linux | 12.04 | |
canonical | ubuntu_linux | 12.10 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "matchCriteriaId": "2E663E62-0A5F-4B37-B629-51EE53A5FDCD", "versionEndExcluding": "1.3.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*", "matchCriteriaId": "706C6399-CAD1-46E3-87A2-8DFE2CF497ED", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*", "matchCriteriaId": "2DA9D861-3EAF-42F5-B0B6-A4CD7BDD6188", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*", "matchCriteriaId": "E14271AE-1309-48F3-B9C6-D7DEEC488279", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*", "matchCriteriaId": "EBB2C482-D2A4-48B3-ACE7-E1DFDCC409B5", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*", "matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:ltss:*:*:*", "matchCriteriaId": "67960FB9-13D1-4DEE-8158-31BF31BCBE6F", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:5.9:*:*:*:*:*:*:*", "matchCriteriaId": "6252E88C-27FF-420D-A64A-C34124CF7E6A", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:6.4:*:*:*:*:*:*:*", "matchCriteriaId": "8A8E07B7-3739-4BEB-88F8-C7F62431E889", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9:*:*:*:*:*:*:*", "matchCriteriaId": "92C9F1C4-55B0-426D-BB5E-01372C23AF97", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*", "matchCriteriaId": "AF83BB87-B203-48F9-9D06-48A5FE399050", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:redhat:virtualization:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "D86166F9-BBF0-4650-8CCD-0F9C97104D21", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*", "matchCriteriaId": "01EDA41C-6B2E-49AF-B503-EB3882265C11", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*", "matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service (guest OS crash) and possibly execute arbitrary guest code via a large packet." }, { "lang": "es", "value": "Desbordamiento de buffer en la funci\u00f3n e1000_receive del controlador de dispositivo e1000 (hw/e1000.c) en QEMU v1.3.0-rc2 y otras versiones, cuando las banderas de PAS y LPE est\u00e1n deshabilitadas, permiten ataques remotos que provocan una denegaci\u00f3n de servicios (errores en el sistema operativo invitado) y posiblemente ejecutar c\u00f3digo arbitrario." } ], "id": "CVE-2012-6075", "lastModified": "2024-11-21T01:45:46.030", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2013-02-13T01:55:03.027", "references": [ { "source": "secalert@redhat.com", "url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=b0d9ffcd0251161c7c92f94804dcf599dfa3edeb" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097541.html" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097575.html" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097705.html" }, { "source": "secalert@redhat.com", "tags": [ "Patch", "Third Party Advisory" ], "url": "http://lists.nongnu.org/archive/html/qemu-devel/2012-12/msg00533.html" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00051.html" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00052.html" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0599.html" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0608.html" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0609.html" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0610.html" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0639.html" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/55082" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://security.gentoo.org/glsa/glsa-201309-24.xml" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2013/dsa-2607" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2013/dsa-2608" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2013/dsa-2619" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2012/12/30/1" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/57420" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-1692-1" }, { "source": "secalert@redhat.com", "tags": [ "Issue Tracking", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=889301" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=b0d9ffcd0251161c7c92f94804dcf599dfa3edeb" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097541.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097575.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097705.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "http://lists.nongnu.org/archive/html/qemu-devel/2012-12/msg00533.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00051.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00052.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0599.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0608.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0609.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0610.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0639.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/55082" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://security.gentoo.org/glsa/glsa-201309-24.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2013/dsa-2607" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2013/dsa-2608" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2013/dsa-2619" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2012/12/30/1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/57420" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-1692-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=889301" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-120" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2014-05-11 21:55
Modified
2024-11-21 02:04
Severity ?
Summary
The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device.
References