Vulnerabilites related to suse - linux_enterprise_server
Vulnerability from fkie_nvd
Published
2010-12-30 19:00
Modified
2024-11-21 01:19
Severity ?
Summary
The econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2, when an econet address is configured, allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a sendmsg call that specifies a NULL value for the remote address field.
References
secalert@redhat.comhttp://archives.neohapsis.com/archives/fulldisclosure/2010-12/0086.htmlBroken Link
secalert@redhat.comhttp://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fa0e846494792e722d817b9d3d625a4ef4896c96
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2011-01/msg00007.htmlMailing List, Third Party Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.htmlMailing List, Third Party Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.htmlMailing List, Third Party Advisory
secalert@redhat.comhttp://openwall.com/lists/oss-security/2010/11/30/1Mailing List, Patch, Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/43056Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/43291Third Party Advisory
secalert@redhat.comhttp://www.debian.org/security/2010/dsa-2126Third Party Advisory
secalert@redhat.comhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2Broken Link
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2010:257Third Party Advisory
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-1023-1Third Party Advisory
secalert@redhat.comhttp://www.vupen.com/english/advisories/2011/0213Third Party Advisory
secalert@redhat.comhttp://www.vupen.com/english/advisories/2011/0298Third Party Advisory
secalert@redhat.comhttp://www.vupen.com/english/advisories/2011/0375Third Party Advisory
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=644156Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/fulldisclosure/2010-12/0086.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fa0e846494792e722d817b9d3d625a4ef4896c96
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00007.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://openwall.com/lists/oss-security/2010/11/30/1Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/43056Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/43291Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2010/dsa-2126Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2010:257Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1023-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2011/0213Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2011/0298Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2011/0375Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=644156Issue Tracking, Patch, Third Party Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "056295BE-D525-4749-887C-CDE2755A6FA6",
              "versionEndExcluding": "2.6.36.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "1E496249-23A8-42FC-A109-634A54B5600F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "640FB29C-1A84-41E1-86DE-B542EA0EF153",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CD2D897-E321-4CED-92E0-11A98B52053C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "25CBACD3-AFB7-410D-927F-0C1FF477D396",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "3DB8A616-865B-4E70-BA2E-BE5F0BA7A351",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*",
              "matchCriteriaId": "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*",
              "matchCriteriaId": "7EBFE35C-E243-43D1-883D-4398D71763CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2BCB73E-27BB-4878-AD9C-90C4F20C25A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*",
              "matchCriteriaId": "01EDA41C-6B2E-49AF-B503-EB3882265C11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "87614B58-24AB-49FB-9C84-E8DDBA16353B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2, when an econet address is configured, allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a sendmsg call that specifies a NULL value for the remote address field."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n econet_sendmsg en net/econet/af_econet.c en el kernel de Linux anteriores a v2.6.36.2, cuando se configura una direcci\u00f3n econet, permite a usuarios locales causar una denegaci\u00f3n de servicio (desreferencia a puntero NULL y OOPS) a trav\u00e9s de una llamada sendmsg que especifica un  valor NULL para el campo de direcci\u00f3n remota."
    }
  ],
  "id": "CVE-2010-3849",
  "lastModified": "2024-11-21T01:19:44.977",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 4.7,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-12-30T19:00:03.533",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-12/0086.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fa0e846494792e722d817b9d3d625a4ef4896c96"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00007.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://openwall.com/lists/oss-security/2010/11/30/1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/43056"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/43291"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2010/dsa-2126"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:257"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1023-1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0213"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0298"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0375"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=644156"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-12/0086.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fa0e846494792e722d817b9d3d625a4ef4896c96"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00007.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://openwall.com/lists/oss-security/2010/11/30/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/43056"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/43291"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2010/dsa-2126"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:257"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1023-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0213"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0298"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0375"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=644156"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-476"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-05-05 10:15
Modified
2024-11-21 05:54
Summary
A Incorrect Default Permissions vulnerability in the packaging of cups of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Leap 15.2, Factory allows local attackers with control of the lp users to create files as root with 0644 permissions without the ability to set the content. This issue affects: SUSE Linux Enterprise Server 11-SP4-LTSS cups versions prior to 1.3.9. SUSE Manager Server 4.0 cups versions prior to 2.2.7. SUSE OpenStack Cloud Crowbar 9 cups versions prior to 1.7.5. openSUSE Leap 15.2 cups versions prior to 2.2.7. openSUSE Factory cups version 2.3.3op2-2.1 and prior versions.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:suse:cups:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBA9434A-422D-4A29-BEEE-F22A4F0A009D",
              "versionEndExcluding": "1.3.9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:ltss:*:*:*",
              "matchCriteriaId": "7B84C8D3-0B59-40DC-881D-D016A422E8CC",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
              "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
              "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
              "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:suse:cups:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "90FDBEA0-97A9-49D1-B8EB-30E71C762103",
              "versionEndExcluding": "2.2.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:suse:manager_server:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51136B38-5715-49B3-BD8D-91F90632247D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:suse:cups:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE74AE32-F7BA-41B3-92FD-B2F5C24C1089",
              "versionEndExcluding": "1.7.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:suse:openstack_cloud_crowbar:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B631400C-0A5A-45A3-9DFA-B419E83D324E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:suse:cups:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "90FDBEA0-97A9-49D1-B8EB-30E71C762103",
              "versionEndExcluding": "2.2.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:suse:cups:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "87BA20B7-2A6B-48A5-80D0-FC5CA3E9A54B",
              "versionEndIncluding": "2.3.3op2-2.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:opensuse:factory:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E29492E1-43D8-43BF-94E3-26A762A66FAA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A Incorrect Default Permissions vulnerability in the packaging of cups of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Leap 15.2, Factory allows local attackers with control of the lp users to create files as root with 0644 permissions without the ability to set the content. This issue affects: SUSE Linux Enterprise Server 11-SP4-LTSS cups versions prior to 1.3.9. SUSE Manager Server 4.0 cups versions prior to 2.2.7. SUSE OpenStack Cloud Crowbar 9 cups versions prior to 1.7.5. openSUSE Leap 15.2 cups versions prior to 2.2.7. openSUSE Factory cups version 2.3.3op2-2.1 and prior versions."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de Permisos Predeterminados Incorrectos en el paquete de cups de SUSE Linux Enterprise Server versi\u00f3n 11-SP4-LTSS, SUSE Manager Server versi\u00f3n 4.0, SUSE OpenStack Cloud Crowbar versi\u00f3n 9;\u0026#xa0;openSUSE Leap versi\u00f3n 15.2, Factory permite a atacantes locales con control de los usuarios lp crear archivos como root con permisos 0644 sin la capacidad de configurar el contenido.\u0026#xa0;Este problema afecta a: cups de SUSE Linux Enterprise Server 11-SP4-LTSS versiones anteriores a 1.3.9.\u0026#xa0;cups de Versiones de SUSE Manager Server 4.0 versiones anteriores a 2.2.7.\u0026#xa0;cups de SUSE OpenStack Cloud Crowbar 9 versiones anteriores a 1.7.5.\u0026#xa0;cups de openSUSE Leap 15.2 versiones anteriores a 2.2.7.\u0026#xa0;cups de openSUSE Factory versi\u00f3n 2.3.3op2-2.1 y versiones anteriores"
    }
  ],
  "id": "CVE-2021-25317",
  "lastModified": "2024-11-21T05:54:44.187",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 3.3,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 1.4,
        "source": "meissner@suse.de",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 3.3,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-05-05T10:15:08.133",
  "references": [
    {
      "source": "meissner@suse.de",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=1184161"
    },
    {
      "source": "meissner@suse.de",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GWPGZLT3U776Q5YPPSA6LGFWWBDWBVH3/"
    },
    {
      "source": "meissner@suse.de",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H74BP746O5NNVCBUTLLZYAFBPESFVECV/"
    },
    {
      "source": "meissner@suse.de",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S37IDQGHTORQ3Z6VRDQIGBYVOI27YG47/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=1184161"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GWPGZLT3U776Q5YPPSA6LGFWWBDWBVH3/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H74BP746O5NNVCBUTLLZYAFBPESFVECV/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S37IDQGHTORQ3Z6VRDQIGBYVOI27YG47/"
    }
  ],
  "sourceIdentifier": "meissner@suse.de",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-276"
        }
      ],
      "source": "meissner@suse.de",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-03-19 10:55
Modified
2024-11-21 02:04
Severity ?
Summary
The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not properly validate a certain key type, which allows remote attackers to cause a denial of service (application crash) via vectors that trigger generation of a key that supports the Elliptic Curve ec-dual-use algorithm.
References
security@mozilla.orghttp://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.htmlMailing List, Third Party Advisory
security@mozilla.orghttp://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.htmlMailing List, Third Party Advisory
security@mozilla.orghttp://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.htmlMailing List, Third Party Advisory
security@mozilla.orghttp://lists.opensuse.org/opensuse-security-announce/2014-04/msg00016.htmlMailing List, Third Party Advisory
security@mozilla.orghttp://www.mozilla.org/security/announce/2014/mfsa2014-18.htmlVendor Advisory
security@mozilla.orghttp://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlMailing List, Third Party Advisory
security@mozilla.orghttps://bugzilla.mozilla.org/show_bug.cgi?id=935618Issue Tracking, Vendor Advisory
security@mozilla.orghttps://security.gentoo.org/glsa/201504-01Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00016.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/security/announce/2014/mfsa2014-18.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=935618Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201504-01Third Party Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "3ED68ADD-BBDA-4485-BC76-58F011D72311",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "8B072472-B463-4647-885D-E40B0115C810",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*",
              "matchCriteriaId": "2470C6E8-2024-4CF5-9982-CFF50E88EAE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "2F7F8866-DEAD-44D1-AB10-21EE611AA026",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse_project:opensuse:11.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE8EFFB8-9411-4826-9BFC-A06BA042FC30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse_project:opensuse:12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B91DE6A-D759-4B2C-982B-AF036B43798D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "097F1C3A-4546-43F3-8CC2-50F8AF05B791",
              "versionEndExcluding": "2.25",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "422EC5FE-DA03-4C14-ADED-D6212BE074D5",
              "versionEndExcluding": "28.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not properly validate a certain key type, which allows remote attackers to cause a denial of service (application crash) via vectors that trigger generation of a key that supports the Elliptic Curve ec-dual-use algorithm."
    },
    {
      "lang": "es",
      "value": "El m\u00e9todo crypto.generateCRMFRequest en Mozilla Firefox anterior a 28.0 y SeaMonkey anterior a 2.25 no valida debidamente cierto tipo de clave, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de vectores que provocan la generaci\u00f3n de una clave que soporta el algoritmo Elliptic Curve ec-dual-use."
    }
  ],
  "id": "CVE-2014-1498",
  "lastModified": "2024-11-21T02:04:24.647",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-03-19T10:55:06.350",
  "references": [
    {
      "source": "security@mozilla.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00016.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-18.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=935618"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201504-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00016.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-18.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=935618"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201504-01"
    }
  ],
  "sourceIdentifier": "security@mozilla.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-347"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2023-02-15 10:15
Modified
2024-11-21 07:28
Summary
An Incorrect Default Permissions vulnerability in saphanabootstrap-formula of SUSE Linux Enterprise Module for SAP Applications 15-SP1, SUSE Linux Enterprise Server for SAP 12-SP5; openSUSE Leap 15.4 allows local attackers to escalate to root by manipulating the sudo configuration that is created. This issue affects: SUSE Linux Enterprise Module for SAP Applications 15-SP1 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. SUSE Linux Enterprise Server for SAP 12-SP5 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. openSUSE Leap 15.4 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e.
Impacted products



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:suse:linux_enterprise_module_for_sap_applications:15:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "B1D4273D-67F7-4E62-8EF6-6C7F832269D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE80EB04-7F9D-4C0B-85DB-4A13DEACB5E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp5:*:*:*:sap:*:*",
              "matchCriteriaId": "471E110C-10CC-4C36-BDE1-BBB27EF5C6EA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An Incorrect Default Permissions vulnerability in saphanabootstrap-formula of SUSE Linux Enterprise Module for SAP Applications 15-SP1, SUSE Linux Enterprise Server for SAP 12-SP5; openSUSE Leap 15.4 allows local attackers to escalate to root by manipulating the sudo configuration that is created. This issue affects: SUSE Linux Enterprise Module for SAP Applications 15-SP1 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. SUSE Linux Enterprise Server for SAP 12-SP5 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. openSUSE Leap 15.4 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de permisos predeterminados incorrectos en la f\u00f3rmula saphanabootstrap del m\u00f3dulo SUSE Linux Enterprise para aplicaciones SAP 15-SP1, SUSE Linux Enterprise Server para SAP 12-SP5; openSUSE Leap 15.4 permite a atacantes locales escalar a root manipulando la configuraci\u00f3n sudo que se crea. Este problema afecta: SUSE Linux Enterprise Module para aplicaciones SAP 15-SP1 versiones de f\u00f3rmula saphanabootstrap anteriores a 0.13.1+git.1667812208.4db963e. SUSE Linux Enterprise Server para versiones de f\u00f3rmula saphanabootstrap de SAP 12-SP5 anteriores a 0.13.1+git.1667812208.4db963e. openSUSE Leap 15.4 versiones de f\u00f3rmula saphanabootstrap anteriores a 0.13.1+git.1667812208.4db963e."
    }
  ],
  "id": "CVE-2022-45153",
  "lastModified": "2024-11-21T07:28:51.710",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 5.9,
        "source": "meissner@suse.de",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-02-15T10:15:16.970",
  "references": [
    {
      "source": "meissner@suse.de",
      "tags": [
        "Exploit",
        "Issue Tracking"
      ],
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=1205990"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking"
      ],
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=1205990"
    }
  ],
  "sourceIdentifier": "meissner@suse.de",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-276"
        }
      ],
      "source": "meissner@suse.de",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-07-23 11:03
Modified
2024-11-21 01:54
Severity ?
Summary
XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Java SE Embedded 7u40 and earlier, and possibly other products allows remote attackers to cause a denial of service via vectors related to XML attribute names.
References
psirt@us.ibm.comhttp://lists.apple.com/archives/security-announce/2013/Oct/msg00001.htmlBroken Link, Mailing List
psirt@us.ibm.comhttp://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.htmlThird Party Advisory
psirt@us.ibm.comhttp://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.htmlThird Party Advisory
psirt@us.ibm.comhttp://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.htmlThird Party Advisory
psirt@us.ibm.comhttp://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.htmlThird Party Advisory
psirt@us.ibm.comhttp://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.htmlThird Party Advisory
psirt@us.ibm.comhttp://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.htmlThird Party Advisory
psirt@us.ibm.comhttp://lists.opensuse.org/opensuse-security-announce/2013-11/msg00010.htmlThird Party Advisory
psirt@us.ibm.comhttp://lists.opensuse.org/opensuse-updates/2013-11/msg00023.htmlThird Party Advisory
psirt@us.ibm.comhttp://marc.info/?l=bugtraq&m=138674031212883&w=2Issue Tracking, Mailing List, Third Party Advisory
psirt@us.ibm.comhttp://marc.info/?l=bugtraq&m=138674073720143&w=2Issue Tracking, Mailing List, Third Party Advisory
psirt@us.ibm.comhttp://rhn.redhat.com/errata/RHSA-2013-1059.htmlBroken Link
psirt@us.ibm.comhttp://rhn.redhat.com/errata/RHSA-2013-1060.htmlBroken Link
psirt@us.ibm.comhttp://rhn.redhat.com/errata/RHSA-2013-1081.htmlBroken Link
psirt@us.ibm.comhttp://rhn.redhat.com/errata/RHSA-2013-1440.htmlBroken Link
psirt@us.ibm.comhttp://rhn.redhat.com/errata/RHSA-2013-1447.htmlBroken Link
psirt@us.ibm.comhttp://rhn.redhat.com/errata/RHSA-2013-1451.htmlBroken Link
psirt@us.ibm.comhttp://rhn.redhat.com/errata/RHSA-2013-1505.htmlBroken Link
psirt@us.ibm.comhttp://rhn.redhat.com/errata/RHSA-2014-1818.htmlBroken Link
psirt@us.ibm.comhttp://rhn.redhat.com/errata/RHSA-2014-1821.htmlBroken Link
psirt@us.ibm.comhttp://rhn.redhat.com/errata/RHSA-2014-1822.htmlBroken Link
psirt@us.ibm.comhttp://rhn.redhat.com/errata/RHSA-2014-1823.htmlBroken Link
psirt@us.ibm.comhttp://rhn.redhat.com/errata/RHSA-2015-0675.htmlBroken Link
psirt@us.ibm.comhttp://rhn.redhat.com/errata/RHSA-2015-0720.htmlBroken Link
psirt@us.ibm.comhttp://rhn.redhat.com/errata/RHSA-2015-0765.htmlBroken Link
psirt@us.ibm.comhttp://rhn.redhat.com/errata/RHSA-2015-0773.htmlBroken Link
psirt@us.ibm.comhttp://secunia.com/advisories/56257Third Party Advisory
psirt@us.ibm.comhttp://security.gentoo.org/glsa/glsa-201406-32.xmlThird Party Advisory
psirt@us.ibm.comhttp://support.apple.com/kb/HT5982Third Party Advisory
psirt@us.ibm.comhttp://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=965250&r2=1499506&view=patchPatch, Vendor Advisory
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IC98015Vendor Advisory
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21644197Vendor Advisory
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21653371Vendor Advisory
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21657539Vendor Advisory
psirt@us.ibm.comhttp://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.htmlThird Party Advisory
psirt@us.ibm.comhttp://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_filenet_content_manager_and_ibm_content_foundation_xml_4j_denial_of_service_attack_cve_2013_4002Vendor Advisory
psirt@us.ibm.comhttp://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_July_2013Vendor Advisory
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg21648172Broken Link
psirt@us.ibm.comhttp://www.securityfocus.com/bid/61310Third Party Advisory, VDB Entry
psirt@us.ibm.comhttp://www.ubuntu.com/usn/USN-2033-1Third Party Advisory
psirt@us.ibm.comhttp://www.ubuntu.com/usn/USN-2089-1Third Party Advisory
psirt@us.ibm.comhttps://access.redhat.com/errata/RHSA-2014:0414Third Party Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/85260VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://issues.apache.org/jira/browse/XERCESJ-1679Issue Tracking, Vendor Advisory
psirt@us.ibm.comhttps://lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73%40%3Cj-users.xerces.apache.org%3E
psirt@us.ibm.comhttps://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E
psirt@us.ibm.comhttps://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E
psirt@us.ibm.comhttps://www.oracle.com/security-alerts/cpuapr2022.html
psirt@us.ibm.comhttps://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.htmlBroken Link, Mailing List
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00010.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2013-11/msg00023.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=138674031212883&w=2Issue Tracking, Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=138674073720143&w=2Issue Tracking, Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-1059.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-1060.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-1081.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-1440.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-1447.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-1451.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-1505.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2014-1818.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2014-1821.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2014-1822.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2014-1823.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2015-0675.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2015-0720.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2015-0765.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2015-0773.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/56257Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-201406-32.xmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://support.apple.com/kb/HT5982Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=965250&r2=1499506&view=patchPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IC98015Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21644197Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21653371Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21657539Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_filenet_content_manager_and_ibm_content_foundation_xml_4j_denial_of_service_attack_cve_2013_4002Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_July_2013Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg21648172Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/61310Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2033-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2089-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2014:0414Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/85260VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://issues.apache.org/jira/browse/XERCESJ-1679Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73%40%3Cj-users.xerces.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuapr2022.html
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.htmlThird Party Advisory
Impacted products
Vendor Product Version
ibm java 5.0.0.0
ibm java 5.0.11.0
ibm java 5.0.11.1
ibm java 5.0.11.2
ibm java 5.0.12.0
ibm java 5.0.12.1
ibm java 5.0.12.2
ibm java 5.0.12.3
ibm java 5.0.12.4
ibm java 5.0.12.5
ibm java 5.0.13.0
ibm java 5.0.14.0
ibm java 5.0.15.0
ibm java 5.0.16.0
ibm java 5.0.16.1
ibm java 5.0.16.2
ibm java 6.0.0.0
ibm java 6.0.1.0
ibm java 6.0.2.0
ibm java 6.0.3.0
ibm java 6.0.4.0
ibm java 6.0.5.0
ibm java 6.0.6.0
ibm java 6.0.7.0
ibm java 6.0.8.0
ibm java 6.0.8.1
ibm java 6.0.9.0
ibm java 6.0.9.1
ibm java 6.0.9.2
ibm java 6.0.10.0
ibm java 6.0.10.1
ibm java 6.0.11.0
ibm java 6.0.12.0
ibm java 6.0.13.0
ibm java 6.0.13.1
ibm java 6.0.13.2
ibm java 7.0.0.0
ibm java 7.0.1.0
ibm java 7.0.2.0
ibm java 7.0.3.0
ibm java 7.0.4.0
ibm java 7.0.4.1
ibm java 7.0.4.2
oracle jdk 1.5.0
oracle jdk 1.6.0
oracle jdk 1.7.0
oracle jre 1.5.0
oracle jre 1.6.0
oracle jre 1.7.0
oracle jrockit *
oracle jrockit *
ibm sterling_b2b_integrator 5.2.4
ibm host_on-demand 11.0
ibm host_on-demand 11.0.1
ibm host_on-demand 11.0.2
ibm host_on-demand 11.0.3
ibm host_on-demand 11.0.4
ibm host_on-demand 11.0.5
ibm host_on-demand 11.0.5.1
ibm host_on-demand 11.0.6
ibm host_on-demand 11.0.6.1
ibm host_on-demand 11.0.7
ibm host_on-demand 11.0.8
microsoft windows -
ibm tivoli_application_dependency_discovery_manager 7.2.2
ibm aix -
linux linux_kernel -
microsoft windows -
oracle solaris -
ibm sterling_b2b_integrator 5.1
ibm sterling_b2b_integrator 5.2
ibm sterling_file_gateway 2.1
ibm sterling_file_gateway 2.2
hp hp-ux -
ibm aix -
ibm i -
linux linux_kernel -
microsoft windows -
oracle solaris -
opensuse opensuse 12.2
opensuse opensuse 12.3
suse linux_enterprise_desktop 10
suse linux_enterprise_desktop 11
suse linux_enterprise_java 10
suse linux_enterprise_java 11
suse linux_enterprise_java 11
suse linux_enterprise_sdk 11
suse linux_enterprise_sdk 11
suse linux_enterprise_server 9
suse linux_enterprise_server 10
suse linux_enterprise_server 10
suse linux_enterprise_server 11
suse linux_enterprise_server 11
suse linux_enterprise_server 11
suse linux_enterprise_server 11
canonical ubuntu_linux 10.04
canonical ubuntu_linux 12.04
canonical ubuntu_linux 12.10
canonical ubuntu_linux 13.04
canonical ubuntu_linux 13.10
apache xerces2_java *



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:java:5.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "03D3F84F-3F6E-4DF1-B162-152293D951EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:5.0.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A18121C3-F3F1-4EC7-A64E-3F6A0C9788C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:5.0.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAD59912-7325-4AE1-ACCF-D4F804AF3947",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:5.0.11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "62783157-E3B6-4A23-8D2F-1FBD0762E9A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:5.0.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "14CC0D53-8AB8-4D44-82BB-0E6A974C36AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:5.0.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "91A3129F-17A6-4F32-BD5D-34E4A1D1A840",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:5.0.12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2845FF4-2620-4B8D-96CF-CC26B3DEA3C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:5.0.12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC7CD279-54B6-4F6B-AE14-299FB319C690",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:5.0.12.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EA269CA-4676-4008-89EF-20FAB89886A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:5.0.12.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D22105B6-1378-4E1C-B28A-FCAE00A2D5CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:5.0.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "601762D3-1188-4945-931D-EB8DAC2847A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:5.0.14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA4A30A6-498C-46B8-8EFC-45EB13354EAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:5.0.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "414CC00A-C797-4C34-8709-75DC061DCDE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:5.0.16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4401B967-0550-44F1-8753-9632120D2A44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:5.0.16.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4961693D-F56C-46CD-B721-6A15E2837C17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:5.0.16.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA4FBB66-CF6A-42D2-B122-1861F4139E75",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:java:6.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "14AD4A87-382A-41F0-96D8-0F0A9B738773",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:6.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33701DDF-6882-41D3-A11B-A1F4585A77A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:6.0.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "25C58BBA-06AC-40CD-A906-FD1B3B0AAB69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:6.0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "76C5B430-EE11-4674-B4B0-895D66E3B32F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:6.0.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1837D84-6B4F-40D8-9A3F-71C328F659BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:6.0.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D20A369B-2168-4883-A84C-BB48A71AFB33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:6.0.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3628AAB4-E524-46E5-AAF4-1980256F13CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:6.0.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "30DC9FE3-CDE9-4F83-989B-4E431BA18B56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:6.0.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C17B1C6B-04CE-49FB-B9BD-98ECD626B26F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:6.0.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "81F529EB-2BCA-4E3E-93E4-2A9880CDA367",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:6.0.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DEAC3D6-F9F8-4F82-9BF1-FF0EC07A3274",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:6.0.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7694638C-CDAC-44DF-B9F9-F7237CD98017",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:6.0.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "23903A3C-1760-4836-BAE6-BDD32CBB4CBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:6.0.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2477E033-D26B-4D71-839B-5FE4B0927559",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:6.0.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1CAB7BF-265E-411D-A584-E78DE171F065",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:6.0.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E45F670-232F-4CE5-8926-6463E5619506",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:6.0.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B70E6E3-15B3-4D48-AE49-B9184A58EECE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:6.0.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5BCE3FD-B89B-4141-8103-9DB941AD60D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:6.0.13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EADFB3B-738F-4919-B165-9ECEED46EA6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:6.0.13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B23A5431-E599-4848-AB83-B299898F5EF0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:java:7.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A8BF650-B8F5-467E-8DBF-81788B55F345",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:7.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1752A831-916F-4A7D-8AAE-1CEFACC51F91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:7.0.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C9744C4-76BE-428B-AFF2-5BCE00A58322",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:7.0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "48B1DE45-90F9-416B-9087-8AEF5B0A3C46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:7.0.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EF6A045-0DF6-463B-A0DB-6C31D8C2984C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:7.0.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A731493C-9B46-4105-9902-B15BA0E0FB11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:7.0.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "49454369-A494-4EAA-88D5-181570DEBB4A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.5.0:update51:*:*:*:*:*:*",
              "matchCriteriaId": "04C71221-E477-4DF8-B10A-3AC64511E4EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update60:*:*:*:*:*:*",
              "matchCriteriaId": "FF7DE0E6-F329-417B-8035-B4EBF9C97483",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update40:*:*:*:*:*:*",
              "matchCriteriaId": "220536FA-695D-4DE8-9813-494E3D061B78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.5.0:update51:*:*:*:*:*:*",
              "matchCriteriaId": "ACB55CC5-0EC7-44B2-B5A9-A5B1EE584791",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update60:*:*:*:*:*:*",
              "matchCriteriaId": "4F6B5E73-6751-475A-B9BF-3414D3476208",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update40:*:*:*:*:*:*",
              "matchCriteriaId": "7CB654DC-1D3D-4475-8815-335AC573F54C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jrockit:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF26274E-5364-4FC1-9603-A78C365596DB",
              "versionEndIncluding": "r27.7.6",
              "versionStartIncluding": "r27.7.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jrockit:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "583E7A18-48C5-4AEE-A9C1-239D678E275A",
              "versionEndIncluding": "r28.2.8",
              "versionStartIncluding": "r28.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:sterling_b2b_integrator:5.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF65201D-8980-450A-A542-3B5473A6F374",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:host_on-demand:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E51D5AEF-B3D4-4782-9988-BC1DB3F3F296",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:host_on-demand:11.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E179FC2F-C700-4998-9D7A-3B945874CAC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:host_on-demand:11.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2341D5E7-15CD-4C8F-ABE8-AA915BFA2804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:host_on-demand:11.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "474DC3BA-27F2-452A-85AD-BCC476EDD35B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:host_on-demand:11.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "997CA07C-EBB7-4D7F-AF23-A161817BF4A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:host_on-demand:11.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BFE87FC-7B77-4840-8185-1707CB37323B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:host_on-demand:11.0.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C77DD8B3-A227-4350-8699-FEC822119393",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:host_on-demand:11.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FA56704-18EB-4F3B-A36F-BCEF67B07C0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:host_on-demand:11.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "420CC5FF-0300-4FA7-AB53-78C1A0B83C11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:host_on-demand:11.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7132A0E-C2A1-403E-9516-A6911563D7B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:host_on-demand:11.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F32CA797-ED68-426E-9370-E16C90075E01",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB2F6EF3-721A-43AB-AAFD-BE3EEDB0AA61",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*",
              "matchCriteriaId": "F5027746-8216-452D-83C5-2F8E9546F2A5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:sterling_b2b_integrator:5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "40363692-5283-4D0C-BAE1-C049C02A0294",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:sterling_b2b_integrator:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F805BA3A-178D-416E-9DED-4258F71A17C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:sterling_file_gateway:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A40AC14-AC2B-4A0D-A9CC-3A00B48D8975",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:sterling_file_gateway:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1554D69E-D68E-46CA-B1F7-C24CAABF58E8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C684FC45-C9BA-4EF0-BD06-BB289450DD21",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*",
              "matchCriteriaId": "F5027746-8216-452D-83C5-2F8E9546F2A5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:-:*:*:*",
              "matchCriteriaId": "4339DE06-19FB-4B8E-B6AE-3495F605AD05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "3ED68ADD-BBDA-4485-BC76-58F011D72311",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_java:10:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "3CF5C5B9-2CB9-4CD8-B94F-A674ED909CC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_java:11:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "252CF7A7-3FEB-4503-AEE8-B67139C5B0D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_java:11:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "79D7DBBA-6849-45F7-AFEF-C765569C481A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_sdk:11:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "2C634990-2690-4E3B-B21F-6687A6A34644",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_sdk:11:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "73B7BC23-6CCA-41B2-8F61-EDB95F1AFB1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CD2D897-E321-4CED-92E0-11A98B52053C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:ltss:*:*:*",
              "matchCriteriaId": "CED02712-1031-4206-AC4D-E68710F46EC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:-:*:*:*",
              "matchCriteriaId": "D1D7B467-58DD-45F1-9F1F-632620DF072A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*",
              "matchCriteriaId": "88D6E858-FD8F-4C55-B7D5-CEEDA2BBA898",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*",
              "matchCriteriaId": "DB4D6749-81A1-41D7-BF4F-1C45A7F49A22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*",
              "matchCriteriaId": "E534C201-BCC5-473C-AAA7-AAB97CEB5437",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*",
              "matchCriteriaId": "2470C6E8-2024-4CF5-9982-CFF50E88EAE9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*",
              "matchCriteriaId": "01EDA41C-6B2E-49AF-B503-EB3882265C11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
              "matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFAA48D9-BEB4-4E49-AD50-325C262D46D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F61F047-129C-41A6-8A27-FFCBB8563E91",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:xerces2_java:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CFD62E4-794A-43C0-8C65-A44D970D1569",
              "versionEndExcluding": "2.12.0",
              "versionStartIncluding": "2.4.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Java SE Embedded 7u40 and earlier, and possibly other products allows remote attackers to cause a denial of service via vectors related to XML attribute names."
    },
    {
      "lang": "es",
      "value": "XMLscanner.java en Apache Xerces2 Java Parser, en versiones anteriores a la 2.12.0, tal y como se emple\u00f3 en Java Runtime Environment (JRE) en IBM Java, en versiones 5.0 anteriores a la 5.0 SR16-FP3, 6 anteriores a la 6 SR14, 6.0.1 anteriores a la 6.0.1 SR6 y 7 anteriores a la 7 SR5, as\u00ed como en Oracle Java SE 7u40 y anteriores, Java SE 6u60 y anteriores, Java SE 5.0u51 y anteriores, JRockit R28.2.8 y anteriores, JRockit R27.7.6 y anteriores, Java SE Embedded 7u40 y anteriores y, posiblemente, otros productos, permite que los atacantes remotos realicen una denegaci\u00f3n de servicio (DoS) mediante vectores relacionados con los nombres de atributo XML."
    }
  ],
  "id": "CVE-2013-4002",
  "lastModified": "2024-11-21T01:54:41.567",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-07-23T11:03:19.790",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Broken Link",
        "Mailing List"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00010.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00023.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Issue Tracking",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://marc.info/?l=bugtraq\u0026m=138674031212883\u0026w=2"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Issue Tracking",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://marc.info/?l=bugtraq\u0026m=138674073720143\u0026w=2"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1059.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1060.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1081.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1440.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1447.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1451.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1505.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1818.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1821.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1822.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1823.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0773.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/56257"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://support.apple.com/kb/HT5982"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=965250\u0026r2=1499506\u0026view=patch"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC98015"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644197"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21653371"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21657539"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_filenet_content_manager_and_ibm_content_foundation_xml_4j_denial_of_service_attack_cve_2013_4002"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_July_2013"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21648172"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/61310"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2033-1"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2089-1"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2014:0414"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85260"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://issues.apache.org/jira/browse/XERCESJ-1679"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73%40%3Cj-users.xerces.apache.org%3E"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Mailing List"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00010.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00023.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://marc.info/?l=bugtraq\u0026m=138674031212883\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://marc.info/?l=bugtraq\u0026m=138674073720143\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1059.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1060.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1081.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1440.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1447.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1451.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1505.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1818.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1821.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1822.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1823.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0773.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/56257"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://support.apple.com/kb/HT5982"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=965250\u0026r2=1499506\u0026view=patch"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC98015"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644197"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21653371"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21657539"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_filenet_content_manager_and_ibm_content_foundation_xml_4j_denial_of_service_attack_cve_2013_4002"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_July_2013"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21648172"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/61310"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2033-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2089-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2014:0414"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85260"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://issues.apache.org/jira/browse/XERCESJ-1679"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73%40%3Cj-users.xerces.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-02-28 06:18
Modified
2024-11-21 02:05
Severity ?
Summary
The security_context_to_sid_core function in security/selinux/ss/services.c in the Linux kernel before 3.13.4 allows local users to cause a denial of service (system crash) by leveraging the CAP_MAC_ADMIN capability to set a zero-length security context.
References
secalert@redhat.comhttp://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2172fa709ab32ca60e86179dc67d0857be8e2c98
secalert@redhat.comhttp://linux.oracle.com/errata/ELSA-2014-0771.htmlThird Party Advisory
secalert@redhat.comhttp://linux.oracle.com/errata/ELSA-2014-3043.htmlThird Party Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.htmlMailing List, Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/59262Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/59309Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/59406Third Party Advisory
secalert@redhat.comhttp://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.4Release Notes, Vendor Advisory
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2014/02/07/2Mailing List, Third Party Advisory
secalert@redhat.comhttp://www.securityfocus.com/bid/65459Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-2128-1Third Party Advisory
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-2129-1Third Party Advisory
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-2133-1Third Party Advisory
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-2134-1Third Party Advisory
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-2135-1Third Party Advisory
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-2136-1Third Party Advisory
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-2137-1Third Party Advisory
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-2138-1Third Party Advisory
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-2139-1Third Party Advisory
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-2140-1Third Party Advisory
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-2141-1Third Party Advisory
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=1062356Issue Tracking, Third Party Advisory
secalert@redhat.comhttps://github.com/torvalds/linux/commit/2172fa709ab32ca60e86179dc67d0857be8e2c98Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2172fa709ab32ca60e86179dc67d0857be8e2c98
af854a3a-2127-422b-91ae-364da2661108http://linux.oracle.com/errata/ELSA-2014-0771.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://linux.oracle.com/errata/ELSA-2014-3043.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59262Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59309Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59406Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.4Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2014/02/07/2Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/65459Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2128-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2129-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2133-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2134-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2135-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2136-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2137-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2138-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2139-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2140-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2141-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=1062356Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/torvalds/linux/commit/2172fa709ab32ca60e86179dc67d0857be8e2c98Patch, Third Party Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5D0B9E7-C5EF-4C15-BD87-FA13FD781E06",
              "versionEndExcluding": "3.13.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:ltss:*:*:*",
              "matchCriteriaId": "35BBD83D-BDC7-4678-BE94-639F59281139",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*",
              "matchCriteriaId": "01EDA41C-6B2E-49AF-B503-EB3882265C11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F61F047-129C-41A6-8A27-FFCBB8563E91",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The security_context_to_sid_core function in security/selinux/ss/services.c in the Linux kernel before 3.13.4 allows local users to cause a denial of service (system crash) by leveraging the CAP_MAC_ADMIN capability to set a zero-length security context."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n security_context_to_sid_core en security/selinux/ss/services.c en el kernel de Linux anterior a 3.13.4 permite a usuarios locales causar una denegaci\u00f3n de servicio (ca\u00edda del sistema) mediante el aprovechamiento de la funcionalidad CAP_MAC_ADMIN para configurar un contexto de seguridad de longitud cero."
    }
  ],
  "id": "CVE-2014-1874",
  "lastModified": "2024-11-21T02:05:11.030",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 4.9,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-02-28T06:18:54.587",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2172fa709ab32ca60e86179dc67d0857be8e2c98"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://linux.oracle.com/errata/ELSA-2014-0771.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://linux.oracle.com/errata/ELSA-2014-3043.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/59262"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/59309"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/59406"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.4"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2014/02/07/2"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/65459"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2128-1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2129-1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2133-1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2134-1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2135-1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2136-1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2137-1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2138-1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2139-1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2140-1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2141-1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1062356"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/torvalds/linux/commit/2172fa709ab32ca60e86179dc67d0857be8e2c98"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2172fa709ab32ca60e86179dc67d0857be8e2c98"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://linux.oracle.com/errata/ELSA-2014-0771.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://linux.oracle.com/errata/ELSA-2014-3043.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/59262"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/59309"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/59406"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2014/02/07/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/65459"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2128-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2129-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2133-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2134-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2135-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2136-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2137-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2138-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2139-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2140-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2141-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1062356"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/torvalds/linux/commit/2172fa709ab32ca60e86179dc67d0857be8e2c98"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-10-15 22:55
Modified
2024-11-21 02:14
Severity ?
Summary
Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB FULLTEXT SEARCH DML.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1A7C5B0-7426-48BB-B5BD-F423663A0786",
              "versionEndIncluding": "5.6.19",
              "versionStartIncluding": "5.6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*",
              "matchCriteriaId": "D2DF4815-B8CB-4AD3-B91D-2E09A8E318E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*",
              "matchCriteriaId": "15FC9014-BD85-4382-9D04-C0703E901D7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-:*:*:*:*:*:*",
              "matchCriteriaId": "1831D45A-EE6E-4220-8F8C-248B69520948",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:-:*:*:*:*:*:*",
              "matchCriteriaId": "028ABA8F-4E7B-4CD0-B6FC-3A0941E254BA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "504AA794-4421-422D-A1C7-BB5AE334FD55",
              "versionEndExcluding": "10.0.13",
              "versionStartIncluding": "10.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB FULLTEXT SEARCH DML."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad sin especificar en Oracle MySQL Server 5.6.19 y anteriores permite a usuarios remotos autenticados afectar a la disponibilidad a trav\u00e9s de vectores relacionados con SERVER:INNODB FULLTEXT SEARCH DML."
    }
  ],
  "id": "CVE-2014-6564",
  "lastModified": "2024-11-21T02:14:39.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-10-15T22:55:08.627",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/70511"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/70511"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-06-07 14:55
Modified
2025-02-07 14:57
Summary
The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.
References
chrome-cve-admin@google.comhttp://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e9c243a5a6de0be8e584c604d353412584b592f8Broken Link
chrome-cve-admin@google.comhttp://linux.oracle.com/errata/ELSA-2014-0771.htmlThird Party Advisory
chrome-cve-admin@google.comhttp://linux.oracle.com/errata/ELSA-2014-3037.htmlThird Party Advisory
chrome-cve-admin@google.comhttp://linux.oracle.com/errata/ELSA-2014-3038.htmlThird Party Advisory
chrome-cve-admin@google.comhttp://linux.oracle.com/errata/ELSA-2014-3039.htmlThird Party Advisory
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2014-06/msg00014.htmlMailing List, Third Party Advisory
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2014-06/msg00018.htmlMailing List, Third Party Advisory
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2014-06/msg00025.htmlMailing List, Third Party Advisory
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2014-07/msg00006.htmlMailing List, Third Party Advisory
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.htmlMailing List, Third Party Advisory
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.htmlMailing List, Third Party Advisory
chrome-cve-admin@google.comhttp://openwall.com/lists/oss-security/2014/06/05/24Mailing List
chrome-cve-admin@google.comhttp://openwall.com/lists/oss-security/2014/06/06/20Mailing List
chrome-cve-admin@google.comhttp://rhn.redhat.com/errata/RHSA-2014-0800.htmlThird Party Advisory
chrome-cve-admin@google.comhttp://secunia.com/advisories/58500Broken Link
chrome-cve-admin@google.comhttp://secunia.com/advisories/58990Broken Link
chrome-cve-admin@google.comhttp://secunia.com/advisories/59029Broken Link
chrome-cve-admin@google.comhttp://secunia.com/advisories/59092Broken Link
chrome-cve-admin@google.comhttp://secunia.com/advisories/59153Broken Link
chrome-cve-admin@google.comhttp://secunia.com/advisories/59262Broken Link
chrome-cve-admin@google.comhttp://secunia.com/advisories/59309Broken Link
chrome-cve-admin@google.comhttp://secunia.com/advisories/59386Broken Link
chrome-cve-admin@google.comhttp://secunia.com/advisories/59599Broken Link
chrome-cve-admin@google.comhttp://www.debian.org/security/2014/dsa-2949Exploit
chrome-cve-admin@google.comhttp://www.exploit-db.com/exploits/35370Third Party Advisory, VDB Entry
chrome-cve-admin@google.comhttp://www.openwall.com/lists/oss-security/2014/06/05/22Mailing List
chrome-cve-admin@google.comhttp://www.openwall.com/lists/oss-security/2021/02/01/4Mailing List
chrome-cve-admin@google.comhttp://www.securityfocus.com/bid/67906Broken Link, Third Party Advisory, VDB Entry
chrome-cve-admin@google.comhttp://www.securitytracker.com/id/1030451Broken Link, Third Party Advisory, VDB Entry
chrome-cve-admin@google.comhttp://www.ubuntu.com/usn/USN-2237-1Third Party Advisory
chrome-cve-admin@google.comhttp://www.ubuntu.com/usn/USN-2240-1Third Party Advisory
chrome-cve-admin@google.comhttps://bugzilla.redhat.com/show_bug.cgi?id=1103626Issue Tracking, Third Party Advisory
chrome-cve-admin@google.comhttps://elongl.github.io/exploitation/2021/01/08/cve-2014-3153.htmlExploit
chrome-cve-admin@google.comhttps://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=13fbca4c6ecd96ec1a1cfa2e4f2ce191fe928a5eMailing List, Patch
chrome-cve-admin@google.comhttps://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54a217887a7b658e2650c3feff22756ab80c7339Mailing List, Patch
chrome-cve-admin@google.comhttps://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b3eaa9fc5cd0a4d74b18f6b8dc617aeaf1873270Mailing List, Patch
chrome-cve-admin@google.comhttps://github.com/elongl/CVE-2014-3153Third Party Advisory
chrome-cve-admin@google.comhttps://github.com/torvalds/linux/commit/e9c243a5a6de0be8e584c604d353412584b592f8Patch
chrome-cve-admin@google.comhttps://www.openwall.com/lists/oss-security/2021/02/01/4Mailing List
af854a3a-2127-422b-91ae-364da2661108http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e9c243a5a6de0be8e584c604d353412584b592f8Broken Link
af854a3a-2127-422b-91ae-364da2661108http://linux.oracle.com/errata/ELSA-2014-0771.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://linux.oracle.com/errata/ELSA-2014-3037.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://linux.oracle.com/errata/ELSA-2014-3038.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://linux.oracle.com/errata/ELSA-2014-3039.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00014.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00018.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00025.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00006.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://openwall.com/lists/oss-security/2014/06/05/24Mailing List
af854a3a-2127-422b-91ae-364da2661108http://openwall.com/lists/oss-security/2014/06/06/20Mailing List
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2014-0800.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/58500Broken Link
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/58990Broken Link
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59029Broken Link
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59092Broken Link
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59153Broken Link
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59262Broken Link
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59309Broken Link
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59386Broken Link
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59599Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2014/dsa-2949Exploit
af854a3a-2127-422b-91ae-364da2661108http://www.exploit-db.com/exploits/35370Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2014/06/05/22Mailing List
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2021/02/01/4Mailing List
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/67906Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1030451Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2237-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2240-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=1103626Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://elongl.github.io/exploitation/2021/01/08/cve-2014-3153.htmlExploit
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=13fbca4c6ecd96ec1a1cfa2e4f2ce191fe928a5eMailing List, Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54a217887a7b658e2650c3feff22756ab80c7339Mailing List, Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b3eaa9fc5cd0a4d74b18f6b8dc617aeaf1873270Mailing List, Patch
af854a3a-2127-422b-91ae-364da2661108https://github.com/elongl/CVE-2014-3153Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/torvalds/linux/commit/e9c243a5a6de0be8e584c604d353412584b592f8Patch
af854a3a-2127-422b-91ae-364da2661108https://www.openwall.com/lists/oss-security/2021/02/01/4Mailing List



{
  "cisaActionDue": "2022-06-15",
  "cisaExploitAdd": "2022-05-25",
  "cisaRequiredAction": "Apply updates per vendor instructions.",
  "cisaVulnerabilityName": "Linux Kernel Privilege Escalation Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C788C70-FEF6-43C2-BF1B-9F6BAC084B49",
              "versionEndExcluding": "3.2.60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB7FAE85-A7F7-403F-B3F8-51D26A7AD5CF",
              "versionEndExcluding": "3.4.92",
              "versionStartIncluding": "3.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F7D3761-1031-4407-9D83-51387E0EFAE3",
              "versionEndExcluding": "3.10.42",
              "versionStartIncluding": "3.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "865055FF-2CF7-477F-A939-DE7EB4F0F88D",
              "versionEndExcluding": "3.12.22",
              "versionStartIncluding": "3.11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "281F5CC1-AF2E-4076-A09D-3E808A9F6896",
              "versionEndExcluding": "3.14.6",
              "versionStartIncluding": "3.13",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD6D0378-F0F4-4AAA-80AF-8287C790EC96",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "3ED68ADD-BBDA-4485-BC76-58F011D72311",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_high_availability_extension:11:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "A3A907A3-2A3A-46D4-8D75-914649877B65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "3DB41B45-D94D-4A58-88B0-B3EC3EC350E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*",
              "matchCriteriaId": "F13F07CC-739B-465C-9184-0E9D708BD4C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*",
              "matchCriteriaId": "CB6476C7-03F2-4939-AB85-69AA524516D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*",
              "matchCriteriaId": "E534C201-BCC5-473C-AAA7-AAB97CEB5437",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*",
              "matchCriteriaId": "2470C6E8-2024-4CF5-9982-CFF50E88EAE9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
              "matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:oracle:linux:5:-:*:*:*:*:*:*",
              "matchCriteriaId": "62A2AC02-A933-4E51-810E-5D040B476B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*",
              "matchCriteriaId": "D7B037A8-72A6-4DFF-94B2-D688A5F6F876",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n futex_requeue en kernel/futex.c en el kernel de Linux hasta 3.14.5 no asegura que las llamadas tengan dos direcciones futex diferentes, lo que permite a usuarios locales ganar privilegios a trav\u00e9s de un comando FUTEX_REQUEUE manipulado que facilita la modificaci\u00f3n insegura del objeto o funci\u00f3n a la espera."
    }
  ],
  "id": "CVE-2014-3153",
  "lastModified": "2025-02-07T14:57:04.983",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2014-06-07T14:55:27.240",
  "references": [
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e9c243a5a6de0be8e584c604d353412584b592f8"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://linux.oracle.com/errata/ELSA-2014-0771.html"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://linux.oracle.com/errata/ELSA-2014-3037.html"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://linux.oracle.com/errata/ELSA-2014-3038.html"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://linux.oracle.com/errata/ELSA-2014-3039.html"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00014.html"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00018.html"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00025.html"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00006.html"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Mailing List"
      ],
      "url": "http://openwall.com/lists/oss-security/2014/06/05/24"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Mailing List"
      ],
      "url": "http://openwall.com/lists/oss-security/2014/06/06/20"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0800.html"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/58500"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/58990"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/59029"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/59092"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/59153"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/59262"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/59309"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/59386"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/59599"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.debian.org/security/2014/dsa-2949"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.exploit-db.com/exploits/35370"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Mailing List"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2014/06/05/22"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Mailing List"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/02/01/4"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/67906"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1030451"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2237-1"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2240-1"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1103626"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Exploit"
      ],
      "url": "https://elongl.github.io/exploitation/2021/01/08/cve-2014-3153.html"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=13fbca4c6ecd96ec1a1cfa2e4f2ce191fe928a5e"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54a217887a7b658e2650c3feff22756ab80c7339"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b3eaa9fc5cd0a4d74b18f6b8dc617aeaf1873270"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/elongl/CVE-2014-3153"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/torvalds/linux/commit/e9c243a5a6de0be8e584c604d353412584b592f8"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Mailing List"
      ],
      "url": "https://www.openwall.com/lists/oss-security/2021/02/01/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e9c243a5a6de0be8e584c604d353412584b592f8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://linux.oracle.com/errata/ELSA-2014-0771.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://linux.oracle.com/errata/ELSA-2014-3037.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://linux.oracle.com/errata/ELSA-2014-3038.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://linux.oracle.com/errata/ELSA-2014-3039.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00014.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00018.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00025.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://openwall.com/lists/oss-security/2014/06/05/24"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://openwall.com/lists/oss-security/2014/06/06/20"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0800.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/58500"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/58990"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/59029"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/59092"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/59153"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/59262"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/59309"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/59386"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/59599"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.debian.org/security/2014/dsa-2949"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.exploit-db.com/exploits/35370"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2014/06/05/22"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/02/01/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/67906"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1030451"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2237-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2240-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1103626"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://elongl.github.io/exploitation/2021/01/08/cve-2014-3153.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=13fbca4c6ecd96ec1a1cfa2e4f2ce191fe928a5e"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54a217887a7b658e2650c3feff22756ab80c7339"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b3eaa9fc5cd0a4d74b18f6b8dc617aeaf1873270"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/elongl/CVE-2014-3153"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/torvalds/linux/commit/e9c243a5a6de0be8e584c604d353412584b592f8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "https://www.openwall.com/lists/oss-security/2021/02/01/4"
    }
  ],
  "sourceIdentifier": "chrome-cve-admin@google.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2012-07-03 16:40
Modified
2024-11-21 01:31
Severity ?
Summary
The Linux kernel before 3.2.2 does not properly restrict SG_IO ioctl calls, which allows local users to bypass intended restrictions on disk read and write operations by sending a SCSI command to (1) a partition block device or (2) an LVM volume.
References
secalert@redhat.comhttp://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=0bfc96cb77224736dfa35c3c555d37b3646ef35e
secalert@redhat.comhttp://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ec8013beddd717d1740cfefb1a9b900deef85462
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2012-04/msg00021.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html
secalert@redhat.comhttp://secunia.com/advisories/48898
secalert@redhat.comhttp://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.2
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2011/12/22/5
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=752375
secalert@redhat.comhttps://github.com/torvalds/linux/commit/0bfc96cb77224736dfa35c3c555d37b3646ef35eExploit, Patch
secalert@redhat.comhttps://github.com/torvalds/linux/commit/ec8013beddd717d1740cfefb1a9b900deef85462Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=0bfc96cb77224736dfa35c3c555d37b3646ef35e
af854a3a-2127-422b-91ae-364da2661108http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ec8013beddd717d1740cfefb1a9b900deef85462
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00021.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48898
af854a3a-2127-422b-91ae-364da2661108http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.2
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2011/12/22/5
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=752375
af854a3a-2127-422b-91ae-364da2661108https://github.com/torvalds/linux/commit/0bfc96cb77224736dfa35c3c555d37b3646ef35eExploit, Patch
af854a3a-2127-422b-91ae-364da2661108https://github.com/torvalds/linux/commit/ec8013beddd717d1740cfefb1a9b900deef85462Exploit, Patch
Impacted products
Vendor Product Version
suse linux_enterprise_server 10
linux linux_kernel *
linux linux_kernel 3.0
linux linux_kernel 3.0
linux linux_kernel 3.0
linux linux_kernel 3.0
linux linux_kernel 3.0
linux linux_kernel 3.0
linux linux_kernel 3.0
linux linux_kernel 3.0.1
linux linux_kernel 3.0.2
linux linux_kernel 3.0.3
linux linux_kernel 3.0.4
linux linux_kernel 3.0.5
linux linux_kernel 3.0.6
linux linux_kernel 3.0.7
linux linux_kernel 3.0.8
linux linux_kernel 3.0.9
linux linux_kernel 3.0.10
linux linux_kernel 3.0.11
linux linux_kernel 3.0.12
linux linux_kernel 3.0.13
linux linux_kernel 3.0.14
linux linux_kernel 3.0.15
linux linux_kernel 3.0.16
linux linux_kernel 3.0.17
linux linux_kernel 3.0.18
linux linux_kernel 3.0.19
linux linux_kernel 3.0.20
linux linux_kernel 3.0.21
linux linux_kernel 3.0.22
linux linux_kernel 3.0.23
linux linux_kernel 3.0.24
linux linux_kernel 3.0.25
linux linux_kernel 3.0.26
linux linux_kernel 3.0.27
linux linux_kernel 3.0.28
linux linux_kernel 3.0.29
linux linux_kernel 3.0.30
linux linux_kernel 3.0.31
linux linux_kernel 3.0.32
linux linux_kernel 3.0.33
linux linux_kernel 3.0.34
linux linux_kernel 3.1
linux linux_kernel 3.1
linux linux_kernel 3.1
linux linux_kernel 3.1
linux linux_kernel 3.1
linux linux_kernel 3.1.1
linux linux_kernel 3.1.2
linux linux_kernel 3.1.3
linux linux_kernel 3.1.4
linux linux_kernel 3.1.5
linux linux_kernel 3.1.6
linux linux_kernel 3.1.7
linux linux_kernel 3.1.8
linux linux_kernel 3.1.9
linux linux_kernel 3.1.10
linux linux_kernel 3.2



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "A53FF936-C785-4CEF-BAD0-3C3EB90EE466",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E239663C-BBE3-4762-9FEB-9034F1666235",
              "versionEndIncluding": "3.2.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D30AEC07-3CBD-4F4F-9646-BEAA1D98750B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "C2AA8E68-691B-499C-AEDD-3C0BFFE70044",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "9440475B-5960-4066-A204-F30AAFC87846",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "53BCFBFB-6AF0-4525-8623-7633CC5E17DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "6ED4E86A-74F0-436A-BEB4-3F4EE93A5421",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc6:*:*:*:*:*:*",
              "matchCriteriaId": "BF0365B0-8E16-4F30-BD92-5DD538CC8135",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc7:*:*:*:*:*:*",
              "matchCriteriaId": "079505E8-2942-4C33-93D1-35ADA4C39E72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "38989541-2360-4E0A-AE5A-3D6144AA6114",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E51646B-7A0E-40F3-B8C9-239C1DA81DD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "42A8A507-F8E2-491C-A144-B2448A1DB26E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "901FC6F3-2C2A-4112-AE27-AB102BBE8DEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "203AD334-DB9F-41B0-A4D1-A6C158EF8C40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3611753-E440-410F-8250-600C996A4B8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "9739BB47-EEAF-42F1-A557-2AE2EA9526A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A95E3BB-0AFC-4C2E-B9BE-C975E902A266",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "482A6C9A-9B8E-4D1C-917A-F16370745E7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6D87357-63E0-41D0-9F02-1BCBF9A77E63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "3765A2D6-2D78-4FB1-989E-D5106BFA3F5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "F54257DB-7023-43C4-AC4D-9590B815CD92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "61FF5FCD-A4A1-4803-AC53-320A4C838AF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F096553-064F-46A2-877B-F32F163A0F49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0D762D1-E3AD-40EA-8D39-83EEB51B5E85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6187D19-7148-4B87-AD7E-244FF9EE0FA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "99AC64C2-E391-485C-9CD7-BA09C8FA5E63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CDA5E95-7805-441B-BEF7-4448EA45E964",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "51561053-6C28-4F38-BC9B-3F7A7508EB72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "118F4A5B-C498-4FC3-BE28-50D18EBE4F22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD38EBE6-FE1A-4B55-9FB5-07952253B7A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A491E47-82AD-4055-9444-2EC0D6715326",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "13C5FD16-23B6-467F-9438-5B554922F974",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C67235F-5B51-4BF7-89EC-4810F720246F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "08405DEF-05F4-45F0-AC95-DBF914A36D93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A7B9C4B-4A41-4175-9F07-191C1EE98C1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "B306E0A8-4D4A-4895-8128-A500D30A7E0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "295C839A-F34E-4853-A926-55EABC639412",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AFD5F49-7EF9-4CFE-95BD-8FD19B500B0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "00B3DDDD-B2F6-4753-BA38-65A24017857D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "33FCD39E-F4BF-432D-9CF9-F195CF5844F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7308690-CB0D-4758-B80F-D2ADCD2A9D66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "313A470B-8A2B-478A-82B5-B27D2718331C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.34:*:*:*:*:*:*:*",
              "matchCriteriaId": "83FF021E-07E3-41CC-AAE8-D99D7FF24B9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DFFE5A6-6A67-4992-84A3-C0F05FACDEAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:3.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "13BBD2A3-AE10-48B9-8776-4FB1CAC37D44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:3.1:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "B25680CC-8918-4F27-8D7E-A6579215450B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:3.1:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "92C48B4C-410C-4BA8-A28A-B2E928320FCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:3.1:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "CB447523-855B-461E-8197-95169BE86EB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B155BBDF-6DF6-4FF5-9C41-D8A5266DCC67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:3.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "28476DEC-9630-4B40-9D4D-9BC151DC4CA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:3.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5646880A-2355-4BDD-89E7-825863A0311F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:3.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FF99148-267A-46F8-9927-A9082269BAF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:3.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A783C083-5D9C-48F9-B5A6-A97A9604FB19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:3.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B817A24-03AC-46CD-BEFA-505457FD2A5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:3.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "51CF1BCE-090E-4B70-BA16-ACB74411293B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:3.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "187AAD67-10D7-4B57-B4C6-00443E246AF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:3.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "F341CE88-C5BC-4CDD-9CB5-B6BAD7152E63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:3.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "37ACE2A6-C229-4236-8E9F-235F008F3AA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3220B70-917F-4F9F-8A3B-2BF581281E8D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Linux kernel before 3.2.2 does not properly restrict SG_IO ioctl calls, which allows local users to bypass intended restrictions on disk read and write operations by sending a SCSI command to (1) a partition block device or (2) an LVM volume."
    },
    {
      "lang": "es",
      "value": "El kernel de Linux anterior a v3.2.2 no restringe adecuadamente llamadas SG_IO ioctl, permitiendo a usuarios locales eludir restricciones de lectura y escritura en disco  mediante el env\u00edo de un comando SCSI a (1) un dispositivo de bloques de particiones o (2) un volumen LVM."
    }
  ],
  "id": "CVE-2011-4127",
  "lastModified": "2024-11-21T01:31:53.993",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-07-03T16:40:31.350",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=0bfc96cb77224736dfa35c3c555d37b3646ef35e"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ec8013beddd717d1740cfefb1a9b900deef85462"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00021.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/48898"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2011/12/22/5"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=752375"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "https://github.com/torvalds/linux/commit/0bfc96cb77224736dfa35c3c555d37b3646ef35e"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "https://github.com/torvalds/linux/commit/ec8013beddd717d1740cfefb1a9b900deef85462"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=0bfc96cb77224736dfa35c3c555d37b3646ef35e"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ec8013beddd717d1740cfefb1a9b900deef85462"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48898"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2011/12/22/5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=752375"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "https://github.com/torvalds/linux/commit/0bfc96cb77224736dfa35c3c555d37b3646ef35e"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "https://github.com/torvalds/linux/commit/ec8013beddd717d1740cfefb1a9b900deef85462"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2023-02-15 10:15
Modified
2024-11-21 07:28
Summary
A Cleartext Storage of Sensitive Information vulnerability in suppportutils of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 15 SP3 allows attackers that get access to the support logs to gain knowledge of the stored credentials This issue affects: SUSE Linux Enterprise Server 12 supportutils version 3.0.10-95.51.1CWE-312: Cleartext Storage of Sensitive Information and prior versions. SUSE Linux Enterprise Server 15 supportutils version 3.1.21-150000.5.44.1 and prior versions. SUSE Linux Enterprise Server 15 SP3 supportutils version 3.1.21-150300.7.35.15.1 and prior versions.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:opensuse:supportutils:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CA61E84-D366-4E82-A0F2-B26445610EB6",
              "versionEndIncluding": "3.0.10-95.51.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*",
              "matchCriteriaId": "15FC9014-BD85-4382-9D04-C0703E901D7A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:opensuse:supportutils:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CA4BD70-03B8-4CBD-8532-C75BC77F3722",
              "versionEndIncluding": "3.1.21-150000.5.44.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:15:-:*:*:*:*:*:*",
              "matchCriteriaId": "0BB4DDAB-D900-4EC0-99E8-1D6AB48F6D20",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:opensuse:supportutils:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "02F152EA-2162-4750-9A40-01BAD9FAF936",
              "versionEndIncluding": "3.1.21-150300.7.35.15.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:15:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "6C2EACE6-C127-4B13-8002-8EEBEE8D549B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A Cleartext Storage of Sensitive Information vulnerability in suppportutils of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 15 SP3 allows attackers that get access to the support logs to gain knowledge of the stored credentials This issue affects: SUSE Linux Enterprise Server 12 supportutils version 3.0.10-95.51.1CWE-312: Cleartext Storage of Sensitive Information and prior versions. SUSE Linux Enterprise Server 15 supportutils version 3.1.21-150000.5.44.1 and prior versions. SUSE Linux Enterprise Server 15 SP3 supportutils version 3.1.21-150300.7.35.15.1 and prior versions."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de almacenamiento de texto plano de informaci\u00f3n confidencial en las utilidades de soporte de SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 15 SP3 permite a los atacantes que obtienen acceso a los registros de soporte obtener conocimiento de las credenciales almacenadas. Este problema afecta a: SUSE Linux Enterprise Server 12 supportutils versi\u00f3n 3.0.10-95.51.1CWE-312: almacenamiento de texto plano de informaci\u00f3n confidencial y versiones anteriores. SUSE Linux Enterprise Server 15 supportutils versi\u00f3n 3.1.21-150000.5.44.1 y versiones anteriores. SUSE Linux Enterprise Server 15 SP3 supportutils versi\u00f3n 3.1.21-150300.7.35.15.1 y versiones anteriores."
    }
  ],
  "id": "CVE-2022-45154",
  "lastModified": "2024-11-21T07:28:51.833",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "LOW",
          "baseScore": 4.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 2.5,
        "source": "meissner@suse.de",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-02-15T10:15:17.377",
  "references": [
    {
      "source": "meissner@suse.de",
      "tags": [
        "Exploit",
        "Issue Tracking"
      ],
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=1207598"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking"
      ],
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=1207598"
    }
  ],
  "sourceIdentifier": "meissner@suse.de",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-312"
        }
      ],
      "source": "meissner@suse.de",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-01-13 20:55
Modified
2024-11-21 01:48
Severity ?
Summary
Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging improper interaction between plugin objects and SVG elements.
References
security@mozilla.orghttp://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.htmlMailing List, Third Party Advisory
security@mozilla.orghttp://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.htmlMailing List, Third Party Advisory
security@mozilla.orghttp://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.htmlMailing List, Third Party Advisory
security@mozilla.orghttp://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.htmlMailing List, Third Party Advisory
security@mozilla.orghttp://rhn.redhat.com/errata/RHSA-2013-0144.htmlThird Party Advisory
security@mozilla.orghttp://rhn.redhat.com/errata/RHSA-2013-0145.htmlThird Party Advisory
security@mozilla.orghttp://www.mozilla.org/security/announce/2013/mfsa2013-15.htmlVendor Advisory
security@mozilla.orghttp://www.ubuntu.com/usn/USN-1681-1Third Party Advisory
security@mozilla.orghttp://www.ubuntu.com/usn/USN-1681-2Third Party Advisory
security@mozilla.orghttp://www.ubuntu.com/usn/USN-1681-4Third Party Advisory
security@mozilla.orghttps://bugzilla.mozilla.org/show_bug.cgi?id=813906Issue Tracking, Vendor Advisory
security@mozilla.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17087Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-0144.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-0145.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/security/announce/2013/mfsa2013-15.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1681-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1681-2Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1681-4Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=813906Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17087Third Party Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B79F0682-C77C-4B65-B267-C370CFC70295",
              "versionEndExcluding": "18.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC13B81F-BA13-445C-9352-52C07DE5722C",
              "versionEndExcluding": "10.0.12",
              "versionStartIncluding": "10.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBE1BFA6-20EE-44C2-8D48-17CAF2EE2D30",
              "versionEndExcluding": "17.0.2",
              "versionStartIncluding": "17.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BA9E754-FE4D-4123-9FA8-E2AD38CC7320",
              "versionEndExcluding": "2.15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EAC3A76A-FEC9-461E-BA82-1D62DEB45B34",
              "versionEndExcluding": "17.0.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D45B1950-19B6-4C22-8828-6C203FA4804C",
              "versionEndExcluding": "10.0.12",
              "versionStartIncluding": "10.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCE07E1B-A9A5-44BC-98BB-A76B5F2EB133",
              "versionEndExcluding": "17.0.2",
              "versionStartIncluding": "17.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB2C482-D2A4-48B3-ACE7-E1DFDCC409B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "F0545634-EC4A-48E8-AB3D-49802FB11758",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "00720D8C-3FF3-4B1C-B74B-91F01A544399",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "A53FF936-C785-4CEF-BAD0-3C3EB90EE466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*",
              "matchCriteriaId": "88D6E858-FD8F-4C55-B7D5-CEEDA2BBA898",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*",
              "matchCriteriaId": "DB4D6749-81A1-41D7-BF4F-1C45A7F49A22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "436EF2ED-FDBB-4B64-8EC4-33C3E4253F06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "5AA37837-3083-4DC7-94F4-54FD5D7CB53C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:5.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "6252E88C-27FF-420D-A64A-C34124CF7E6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8382A145-CDD9-437E-9DE7-A349956778B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "92C9F1C4-55B0-426D-BB5E-01372C23AF97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*",
              "matchCriteriaId": "01EDA41C-6B2E-49AF-B503-EB3882265C11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging improper interaction between plugin objects and SVG elements."
    },
    {
      "lang": "es",
      "value": "Mozilla Firefox anterior a v18.0, Firefox ESR v10.x anterior a v10.0.12 y v17.x anterior a v17.0.2, Thunderbird anterior a v17.0.2, Thunderbird ESR v10.x anterior a v10.0.12 y 17.x anterior a v17.0.2, y SeaMonkey anterior a v2.15 permite a atacantes remotos ejecutar c\u00f3digo JavaScript de su elecci\u00f3n con privilegios chrome utilizando una interacci\u00f3n inapropiada entre los objetos de plugin y elementos SVG."
    }
  ],
  "id": "CVE-2013-0758",
  "lastModified": "2024-11-21T01:48:08.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-01-13T20:55:02.040",
  "references": [
    {
      "source": "security@mozilla.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0144.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0145.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-15.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1681-1"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1681-2"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1681-4"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=813906"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17087"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0144.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0145.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-15.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1681-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1681-2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1681-4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=813906"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17087"
    }
  ],
  "sourceIdentifier": "security@mozilla.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-12-11 15:55
Modified
2024-11-21 01:57
Severity ?
Summary
Multiple integer overflows in the binary-search implementation in SpiderMonkey in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 might allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JavaScript code.
References
security@mozilla.orghttp://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.htmlMailing List, Third Party Advisory
security@mozilla.orghttp://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.htmlMailing List, Third Party Advisory
security@mozilla.orghttp://lists.opensuse.org/opensuse-security-announce/2013-12/msg00010.htmlMailing List, Third Party Advisory
security@mozilla.orghttp://lists.opensuse.org/opensuse-updates/2013-12/msg00085.htmlMailing List, Third Party Advisory
security@mozilla.orghttp://lists.opensuse.org/opensuse-updates/2013-12/msg00086.htmlMailing List, Third Party Advisory
security@mozilla.orghttp://lists.opensuse.org/opensuse-updates/2013-12/msg00087.htmlMailing List, Third Party Advisory
security@mozilla.orghttp://lists.opensuse.org/opensuse-updates/2014-01/msg00002.htmlMailing List, Third Party Advisory
security@mozilla.orghttp://www.mozilla.org/security/announce/2013/mfsa2013-110.htmlVendor Advisory
security@mozilla.orghttp://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlThird Party Advisory
security@mozilla.orghttp://www.securitytracker.com/id/1029470Third Party Advisory, VDB Entry
security@mozilla.orghttp://www.securitytracker.com/id/1029476Third Party Advisory, VDB Entry
security@mozilla.orghttp://www.ubuntu.com/usn/USN-2052-1Third Party Advisory
security@mozilla.orghttps://bugzilla.mozilla.org/show_bug.cgi?id=917841Issue Tracking, Vendor Advisory
security@mozilla.orghttps://security.gentoo.org/glsa/201504-01Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00010.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2013-12/msg00086.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2013-12/msg00087.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2014-01/msg00002.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/security/announce/2013/mfsa2013-110.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1029470Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1029476Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2052-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=917841Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201504-01Third Party Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "3ED68ADD-BBDA-4485-BC76-58F011D72311",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*",
              "matchCriteriaId": "E534C201-BCC5-473C-AAA7-AAB97CEB5437",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*",
              "matchCriteriaId": "2470C6E8-2024-4CF5-9982-CFF50E88EAE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "2F7F8866-DEAD-44D1-AB10-21EE611AA026",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "50A3A702-C2B1-4311-9EBC-D62079E3DCD5",
              "versionEndExcluding": "26.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D337932C-EF9D-4511-87DB-54262C6635D9",
              "versionEndExcluding": "2.23",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFAA48D9-BEB4-4E49-AD50-325C262D46D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F61F047-129C-41A6-8A27-FFCBB8563E91",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*",
              "matchCriteriaId": "5991814D-CA77-4C25-90D2-DB542B17E0AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple integer overflows in the binary-search implementation in SpiderMonkey in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 might allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JavaScript code."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples desbordamientos de enteros en la implementaci\u00f3n binary-search de SpiderMonkey de Mozilla Firefox anterior a la versi\u00f3n 26.0 y SeaMonkey anterior a 2.23 podr\u00eda permite a atacantes remotos provocar una denegaci\u00f3n de servicio (acceso a array fuera de l\u00edmites) o posiblemente tener otro impacto no especificado a trav\u00e9s de c\u00f3digo JavaScript."
    }
  ],
  "id": "CVE-2013-5619",
  "lastModified": "2024-11-21T01:57:50.520",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-12-11T15:55:13.073",
  "references": [
    {
      "source": "security@mozilla.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00010.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00086.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00087.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00002.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-110.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1029470"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1029476"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2052-1"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=917841"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201504-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00010.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00086.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00087.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-110.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1029470"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1029476"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2052-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=917841"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201504-01"
    }
  ],
  "sourceIdentifier": "security@mozilla.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-190"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2012-11-21 12:55
Modified
2024-11-21 01:42
Severity ?
Summary
Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 do not prevent use of a "top" frame name-attribute value to access the location property, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a binary plugin.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-updates/2012-11/msg00090.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-updates/2012-11/msg00092.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-updates/2012-11/msg00093.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://rhn.redhat.com/errata/RHSA-2012-1482.htmlThird Party Advisory
cve@mitre.orghttp://rhn.redhat.com/errata/RHSA-2012-1483.htmlThird Party Advisory
cve@mitre.orghttp://secunia.com/advisories/51359Third Party Advisory
cve@mitre.orghttp://secunia.com/advisories/51360Third Party Advisory
cve@mitre.orghttp://secunia.com/advisories/51369Third Party Advisory
cve@mitre.orghttp://secunia.com/advisories/51370Third Party Advisory
cve@mitre.orghttp://secunia.com/advisories/51381Third Party Advisory
cve@mitre.orghttp://secunia.com/advisories/51434Third Party Advisory
cve@mitre.orghttp://secunia.com/advisories/51439Third Party Advisory
cve@mitre.orghttp://secunia.com/advisories/51440Third Party Advisory
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDVSA-2012:173Third Party Advisory
cve@mitre.orghttp://www.mozilla.org/security/announce/2012/mfsa2012-103.htmlVendor Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/56629Third Party Advisory, VDB Entry
cve@mitre.orghttp://www.ubuntu.com/usn/USN-1636-1Third Party Advisory
cve@mitre.orghttp://www.ubuntu.com/usn/USN-1638-1Third Party Advisory
cve@mitre.orghttp://www.ubuntu.com/usn/USN-1638-2Third Party Advisory
cve@mitre.orghttp://www.ubuntu.com/usn/USN-1638-3Third Party Advisory
cve@mitre.orghttps://bugzilla.mozilla.org/show_bug.cgi?id=792405Issue Tracking, Patch, Vendor Advisory
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/80181Third Party Advisory, VDB Entry
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16880Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2012-1482.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2012-1483.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/51359Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/51360Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/51369Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/51370Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/51381Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/51434Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/51439Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/51440Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2012:173Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/security/announce/2012/mfsa2012-103.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/56629Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1636-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1638-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1638-2Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1638-3Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=792405Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/80181Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16880Third Party Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "23C27B04-A1E0-4930-AF63-E2B1E57F75BE",
              "versionEndExcluding": "17.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "46BBBC83-F777-4899-9F6A-094CDD9CFF0F",
              "versionEndExcluding": "10.0.11",
              "versionStartIncluding": "10.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9DEF1D7-9412-4632-A689-AFD71FEFACC0",
              "versionEndExcluding": "2.14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "61E5E742-2A0F-4483-A784-EACBEE1DF267",
              "versionEndExcluding": "17.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "828E00D1-8F2A-43AF-93DB-B1985CE68A8A",
              "versionEndExcluding": "10.0.11",
              "versionStartIncluding": "10.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB2C482-D2A4-48B3-ACE7-E1DFDCC409B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "F0545634-EC4A-48E8-AB3D-49802FB11758",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "00720D8C-3FF3-4B1C-B74B-91F01A544399",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "A53FF936-C785-4CEF-BAD0-3C3EB90EE466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "F084E6C1-8DB0-4D1F-B8EB-5D2CD9AD6E87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*",
              "matchCriteriaId": "DB4D6749-81A1-41D7-BF4F-1C45A7F49A22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "436EF2ED-FDBB-4B64-8EC4-33C3E4253F06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "5AA37837-3083-4DC7-94F4-54FD5D7CB53C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8382A145-CDD9-437E-9DE7-A349956778B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*",
              "matchCriteriaId": "01EDA41C-6B2E-49AF-B503-EB3882265C11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 do not prevent use of a \"top\" frame name-attribute value to access the location property, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a binary plugin."
    },
    {
      "lang": "es",
      "value": "Mozilla Firefox anterior a v17.0, Firefox ESR v10.x anterior a v10.0.11, Thunderbird anterior a v17.0, Thunderbird ESR v10.x anterior a v10.0.11, y SeaMonkey anterior a v2.14 no previene el uso del valor del nombre de atributo de marco \"top\" para acceder a la localizaci\u00f3n correctamente, lo que hace mas f\u00e1cil para atacantes remotos llevar a cabo ataques XSS mediante vectores que comprenden un plugin binario."
    }
  ],
  "id": "CVE-2012-4209",
  "lastModified": "2024-11-21T01:42:25.567",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2012-11-21T12:55:02.180",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1482.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1483.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/51359"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/51360"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/51369"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/51370"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/51381"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/51434"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/51439"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/51440"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:173"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-103.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/56629"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1636-1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1638-1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1638-2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1638-3"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=792405"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80181"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16880"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1482.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1483.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/51359"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/51360"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/51369"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/51370"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/51381"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/51434"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/51439"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/51440"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:173"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-103.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/56629"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1636-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1638-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1638-2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1638-3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=792405"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80181"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16880"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2010-11-30 22:14
Modified
2024-11-21 01:20
Severity ?
Summary
The snd_hdspm_hwdep_ioctl function in sound/pci/rme9652/hdspm.c in the Linux kernel before 2.6.36-rc6 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via an SNDRV_HDSPM_IOCTL_GET_CONFIG_INFO ioctl call.
References
cve@mitre.orghttp://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e68d3b316ab7b02a074edc4f770e6a746390cb7d
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lkml.org/lkml/2010/9/25/41Mailing List, Patch, Third Party Advisory
cve@mitre.orghttp://secunia.com/advisories/42778Third Party Advisory
cve@mitre.orghttp://secunia.com/advisories/42801Third Party Advisory
cve@mitre.orghttp://secunia.com/advisories/42884Third Party Advisory
cve@mitre.orghttp://secunia.com/advisories/42890Third Party Advisory
cve@mitre.orghttp://secunia.com/advisories/43291Third Party Advisory
cve@mitre.orghttp://secunia.com/advisories/46397Third Party Advisory
cve@mitre.orghttp://www.debian.org/security/2010/dsa-2126Third Party Advisory
cve@mitre.orghttp://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.36/ChangeLog-2.6.36-rc6Broken Link
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2010/09/25/2Mailing List, Patch, Third Party Advisory
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2010/10/06/6Mailing List, Third Party Advisory
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2010/10/07/1Mailing List, Patch, Third Party Advisory
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2010/10/25/3Mailing List, Patch, Third Party Advisory
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2011-0007.htmlThird Party Advisory
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2011-0017.htmlThird Party Advisory
cve@mitre.orghttp://www.securityfocus.com/archive/1/520102/100/0/threadedThird Party Advisory, VDB Entry
cve@mitre.orghttp://www.securityfocus.com/bid/45063Third Party Advisory, VDB Entry
cve@mitre.orghttp://www.vmware.com/security/advisories/VMSA-2011-0012.htmlThird Party Advisory
cve@mitre.orghttp://www.vupen.com/english/advisories/2011/0012Third Party Advisory
cve@mitre.orghttp://www.vupen.com/english/advisories/2011/0298Third Party Advisory
cve@mitre.orghttp://www.vupen.com/english/advisories/2011/0375Third Party Advisory
cve@mitre.orghttps://bugzilla.redhat.com/show_bug.cgi?id=648670Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e68d3b316ab7b02a074edc4f770e6a746390cb7d
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lkml.org/lkml/2010/9/25/41Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/42778Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/42801Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/42884Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/42890Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/43291Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/46397Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2010/dsa-2126Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.36/ChangeLog-2.6.36-rc6Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2010/09/25/2Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2010/10/06/6Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2010/10/07/1Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2010/10/25/3Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2011-0007.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2011-0017.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/520102/100/0/threadedThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/45063Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.vmware.com/security/advisories/VMSA-2011-0012.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2011/0012Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2011/0298Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2011/0375Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=648670Issue Tracking, Patch, Third Party Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8DCE5E2-B055-4F05-8F0F-F19D1B7BA8D7",
              "versionEndExcluding": "2.6.36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.36:-:*:*:*:*:*:*",
              "matchCriteriaId": "D4407EF9-4ECF-408F-9ECB-0705E3FB65D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.36:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "DBE26099-6D2C-4FAF-B15C-CBF985D59171",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.36:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "F2C193FF-3723-4BE9-8787-DED7D455FA8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.36:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "F874FE6A-968D-47E1-900A-E154E41EDAF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.36:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "14B7B8AE-CE83-4F0E-9138-6F165D97C19F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.36:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "B434ACFB-2B01-491A-B2E5-40FA0E11B3B1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A01C8B7E-EB19-40EA-B1D2-9AE5EA536C95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5646FDE9-CF21-46A9-B89D-F5BBDB4249AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "1E496249-23A8-42FC-A109-634A54B5600F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "640FB29C-1A84-41E1-86DE-B542EA0EF153",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CD2D897-E321-4CED-92E0-11A98B52053C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "25CBACD3-AFB7-410D-927F-0C1FF477D396",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "3DB8A616-865B-4E70-BA2E-BE5F0BA7A351",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The snd_hdspm_hwdep_ioctl function in sound/pci/rme9652/hdspm.c in the Linux kernel before 2.6.36-rc6 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via an SNDRV_HDSPM_IOCTL_GET_CONFIG_INFO ioctl call."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n snd_hdspm_hwdep_ioctl en sound/pci/rme9652/hdspm.c en el kernel de Linux anterior a v2.6.36-rc6 no inicializa una determinada estructura, lo que permite a usuarios locales obtener informaci\u00f3n sensible de la pila de la memoria del kernel a trav\u00e9s de una llamada ioctl SNDRV_HDSPM_IOCTL_GET_CONFIG_INFO.\r\n"
    }
  ],
  "id": "CVE-2010-4081",
  "lastModified": "2024-11-21T01:20:12.093",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 1.9,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-11-30T22:14:00.630",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e68d3b316ab7b02a074edc4f770e6a746390cb7d"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://lkml.org/lkml/2010/9/25/41"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/42778"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/42801"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/42884"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/42890"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/43291"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/46397"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2010/dsa-2126"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.36/ChangeLog-2.6.36-rc6"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2010/09/25/2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2010/10/06/6"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2010/10/07/1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2010/10/25/3"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2011-0007.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2011-0017.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/45063"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0012"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0298"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0375"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=648670"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e68d3b316ab7b02a074edc4f770e6a746390cb7d"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://lkml.org/lkml/2010/9/25/41"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/42778"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/42801"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/42884"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/42890"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/43291"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/46397"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2010/dsa-2126"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.36/ChangeLog-2.6.36-rc6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2010/09/25/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2010/10/06/6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2010/10/07/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2010/10/25/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2011-0007.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2011-0017.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/45063"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0012"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0298"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0375"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=648670"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-909"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2011-11-04 21:55
Modified
2024-11-21 01:29
Severity ?
Summary
Directory traversal vulnerability in pure-FTPd 1.0.22 and possibly other versions, when running on SUSE Linux Enterprise Server and possibly other operating systems, when the Netware OES remote server feature is enabled, allows local users to overwrite arbitrary files via unknown vectors.
Impacted products
Vendor Product Version
pureftpd pure-ftpd *
pureftpd pure-ftpd 0.90
pureftpd pure-ftpd 0.91
pureftpd pure-ftpd 0.92
pureftpd pure-ftpd 0.93
pureftpd pure-ftpd 0.94
pureftpd pure-ftpd 0.95
pureftpd pure-ftpd 0.95
pureftpd pure-ftpd 0.95
pureftpd pure-ftpd 0.95
pureftpd pure-ftpd 0.95
pureftpd pure-ftpd 0.95.1
pureftpd pure-ftpd 0.95.2
pureftpd pure-ftpd 0.96
pureftpd pure-ftpd 0.96
pureftpd pure-ftpd 0.96.1
pureftpd pure-ftpd 0.97
pureftpd pure-ftpd 0.97
pureftpd pure-ftpd 0.97
pureftpd pure-ftpd 0.97
pureftpd pure-ftpd 0.97
pureftpd pure-ftpd 0.97-final
pureftpd pure-ftpd 0.97.1
pureftpd pure-ftpd 0.97.2
pureftpd pure-ftpd 0.97.3
pureftpd pure-ftpd 0.97.4
pureftpd pure-ftpd 0.97.5
pureftpd pure-ftpd 0.97.6
pureftpd pure-ftpd 0.97.7
pureftpd pure-ftpd 0.97.7
pureftpd pure-ftpd 0.97.7
pureftpd pure-ftpd 0.97.7
pureftpd pure-ftpd 0.98
pureftpd pure-ftpd 0.98
pureftpd pure-ftpd 0.98
pureftpd pure-ftpd 0.98.1
pureftpd pure-ftpd 0.98.2
pureftpd pure-ftpd 0.98.2
pureftpd pure-ftpd 0.98.3
pureftpd pure-ftpd 0.98.4
pureftpd pure-ftpd 0.98.5
pureftpd pure-ftpd 0.98.6
pureftpd pure-ftpd 0.98.7
pureftpd pure-ftpd 0.99
pureftpd pure-ftpd 0.99
pureftpd pure-ftpd 0.99
pureftpd pure-ftpd 0.99
pureftpd pure-ftpd 0.99
pureftpd pure-ftpd 0.99.1
pureftpd pure-ftpd 0.99.1
pureftpd pure-ftpd 0.99.1
pureftpd pure-ftpd 0.99.2
pureftpd pure-ftpd 0.99.2
pureftpd pure-ftpd 0.99.3
pureftpd pure-ftpd 0.99.4
pureftpd pure-ftpd 0.99.9
pureftpd pure-ftpd 1.0.0
pureftpd pure-ftpd 1.0.1
pureftpd pure-ftpd 1.0.2
pureftpd pure-ftpd 1.0.3
pureftpd pure-ftpd 1.0.4
pureftpd pure-ftpd 1.0.5
pureftpd pure-ftpd 1.0.6
pureftpd pure-ftpd 1.0.7
pureftpd pure-ftpd 1.0.8
pureftpd pure-ftpd 1.0.9
pureftpd pure-ftpd 1.0.10
pureftpd pure-ftpd 1.0.11
pureftpd pure-ftpd 1.0.12
pureftpd pure-ftpd 1.0.13
pureftpd pure-ftpd 1.0.14
pureftpd pure-ftpd 1.0.15
pureftpd pure-ftpd 1.0.16
pureftpd pure-ftpd 1.0.16
pureftpd pure-ftpd 1.0.16
pureftpd pure-ftpd 1.0.17
pureftpd pure-ftpd 1.0.17
pureftpd pure-ftpd 1.0.18
pureftpd pure-ftpd 1.0.19
pureftpd pure-ftpd 1.0.20
pureftpd pure-ftpd 1.0.21
suse linux_enterprise_desktop 10
suse linux_enterprise_desktop 11
suse linux_enterprise_server 10
suse linux_enterprise_server 10
suse linux_enterprise_server 11
suse linux_enterprise_server 11



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5EC9019-1B5F-433E-8BD4-E9AAAAB902A0",
              "versionEndIncluding": "1.0.22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BAA8918-A2CB-47A3-BEA5-012202416E2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.91:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7AC08B4-58AC-415A-9B66-40A1E3CCD0F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.92:*:*:*:*:*:*:*",
              "matchCriteriaId": "109D76F0-FB16-4DB5-8CD9-5FC4B7A888F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.93:*:*:*:*:*:*:*",
              "matchCriteriaId": "D21A2797-A1E1-41D1-A4F9-88A6BDB39386",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.94:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6F60D6F-5EED-4F98-B837-8DA704AE655E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.95:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6FB0AE1-D1C1-49BA-92EB-22610F805C24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.95:pre1:*:*:*:*:*:*",
              "matchCriteriaId": "BD46FE70-94F7-49A8-8C89-7D49D660A3B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.95:pre2:*:*:*:*:*:*",
              "matchCriteriaId": "63769E2B-D1EA-4A63-87C9-74791641C2A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.95:pre3:*:*:*:*:*:*",
              "matchCriteriaId": "C656D161-2438-4ACA-AB14-2A9D86509870",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.95:pre4:*:*:*:*:*:*",
              "matchCriteriaId": "05B9AB24-3961-4BEF-A60E-99FE716DF9A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.95.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "75803E7D-E4C4-429A-831D-E9BD35D3822F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.95.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AF6AB58-64E1-4B6E-BE3A-F1EF3A4D6D25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.96:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEE4E7D4-64C3-401D-88BD-25480BB0353E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.96:pre1:*:*:*:*:*:*",
              "matchCriteriaId": "68510DBF-72AE-468B-8105-69B6A57A04F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.96.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DE75C61-AEB4-49FF-92F0-59BE2DC235A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97:pre1:*:*:*:*:*:*",
              "matchCriteriaId": "55A5149F-EFD9-47A6-9E0A-5CC527F692C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97:pre2:*:*:*:*:*:*",
              "matchCriteriaId": "1457138A-4081-455B-B5BA-28D7CC14EC6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97:pre3:*:*:*:*:*:*",
              "matchCriteriaId": "840635FC-4FDB-4198-A79B-792B643A9388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97:pre4:*:*:*:*:*:*",
              "matchCriteriaId": "82E5881B-7BCE-47A9-883E-0F5B9D223F81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97:pre5:*:*:*:*:*:*",
              "matchCriteriaId": "ED101A1B-A785-4F81-9C94-DB4F12BAA088",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97-final:*:*:*:*:*:*:*",
              "matchCriteriaId": "1664490B-CA34-44A3-8EEC-71A07799E870",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C151E6E5-AC14-4C12-B1E4-4FDED6F5CF33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC7E10AE-9B98-4801-91CD-F6EEC75B9C0D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFF21C85-76FC-463C-8661-60BE2D3CAC10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "21110017-470F-4C38-B09F-8DF94E48EFE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BA24CD0-22DA-4689-981D-88FAA7FCC1C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1931478E-A672-4CF6-9BDC-B3C73B7DA5A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "71C4863E-76DA-4E38-B2C7-B30037633030",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.7:pre1:*:*:*:*:*:*",
              "matchCriteriaId": "1E60DE27-EE96-44D1-9469-ACB4EB03CCBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.7:pre2:*:*:*:*:*:*",
              "matchCriteriaId": "2059AE45-9F9C-4D26-B53A-E61576EBF163",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.7:pre3:*:*:*:*:*:*",
              "matchCriteriaId": "7BD78C76-3679-47DD-B9A9-CDA0B34EEDEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98:final:*:*:*:*:*:*",
              "matchCriteriaId": "6AC69E38-9872-460F-841B-BBE1110FC1B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98:pre1:*:*:*:*:*:*",
              "matchCriteriaId": "7F812030-6DC3-4A8C-824F-3185AC4F0619",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98:pre2:*:*:*:*:*:*",
              "matchCriteriaId": "1917ECFC-BCD2-464C-B4C7-6D87A3B50DC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "57A8D91C-EEEB-4F76-8010-2CB174A9B091",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1831F7D-7366-4775-9B70-832F3BAB23E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98.2:a:*:*:*:*:*:*",
              "matchCriteriaId": "FE763375-34A0-4D2D-BEC2-D9F9232A1D01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "962C592B-1B02-49EE-9C82-2EA1B0F0F4DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA327868-1A00-4BFE-AB29-3DBE57545EBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "09575AA6-7F8C-4A9C-B781-C892B00C3035",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3810E39-63C2-486A-9FFC-C7BBC6DCD455",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "07E6BD24-3843-479E-9DD0-56C69F8A0B71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99:*:*:*:*:*:*:*",
              "matchCriteriaId": "41E823CA-D59A-404F-A064-25F557BEBD5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99:a:*:*:*:*:*:*",
              "matchCriteriaId": "D4C84C4B-3133-4589-B17E-903F78086A3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99:b:*:*:*:*:*:*",
              "matchCriteriaId": "366DE55B-E2FC-4CA1-B35C-1F09942A31A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99:pre1:*:*:*:*:*:*",
              "matchCriteriaId": "A1B51DC2-7C58-4073-B352-02A0B56D447E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99:pre2:*:*:*:*:*:*",
              "matchCriteriaId": "209642A4-56B7-4345-B09D-57636A3D221F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD057E44-D7B8-414C-A21D-DEC8753F0C50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99.1:a:*:*:*:*:*:*",
              "matchCriteriaId": "79BC687A-A16D-4923-B592-549E12272045",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99.1:b:*:*:*:*:*:*",
              "matchCriteriaId": "2C400CA8-7CE1-4E6D-ABAD-102E4BD12C6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D968FE34-54C4-4C06-8EB7-0537EDAAD6FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99.2:a:*:*:*:*:*:*",
              "matchCriteriaId": "1C6966F1-F1F5-45F6-B446-8408EB1DE9FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CAD1DE8-7D55-4C0B-B691-E8D8AA6E2689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "70576B73-12AF-463B-96AB-18725ACDECFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "39F6EBD8-4BFD-49FC-A087-8698DB462880",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3737B53D-E0BC-430F-9B00-5F13C15E3EF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF48827A-8F95-4D07-BB35-AD43A048072B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "10DB2640-6C1B-4B95-998C-3737809C9E40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A4B5B69-85CF-40C8-BC79-C340A6445F8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8992045B-1EC7-4254-966E-AECDAEFD950E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "14C4E0E1-FC73-4641-A7AC-47E25EAE251B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF00DCF7-A5B8-4B62-9F4F-EB2273589215",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "947E46FD-1B9D-4F64-8C10-FF332796CFE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "B72E9F25-975E-4609-A741-F472CEB53265",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D76E5AE-B1D2-4362-915A-A6C15225F772",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD6BC5DF-3A1E-4B1F-87E9-857AE413841C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "3928B3DD-CA7E-4204-A49A-7B6E1F973B47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "091BB6EB-7263-4DD2-8B57-B1FF73D61B7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.13:a:*:*:*:*:*:*",
              "matchCriteriaId": "C462D2DB-B831-4395-A697-412AF5269E9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "C705AE7A-8F8B-49C1-BEA4-B1486AAE9E2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0AB8F16-5A30-4D85-A3E0-E8EECD5EEA69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.16:a:*:*:*:*:*:*",
              "matchCriteriaId": "893F2C07-21F3-4B1E-B295-6B4DD20B97B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.16:b:*:*:*:*:*:*",
              "matchCriteriaId": "A6F4CFB6-9BD7-467E-ACDD-879D782DD2A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.16:c:*:*:*:*:*:*",
              "matchCriteriaId": "E10A65F7-517F-4966-B83F-7323C8ADA70C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76D15CD-FECF-435F-A7E4-54FE53638C1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.17:a:*:*:*:*:*:*",
              "matchCriteriaId": "F621BF1C-B9F1-4055-B5D8-6FC70BB3A6D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "8669B8EC-482D-44CD-B30E-7D83423E1BC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "B67A0244-D65F-4CCE-A084-31AD9A3D9B8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFD2D751-2B85-428E-8766-36F92B338C5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "579ECF9F-EBED-49BC-A804-86C71554D06C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "F0545634-EC4A-48E8-AB3D-49802FB11758",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "60FBDD82-691C-4D9D-B71B-F9AFF6931B53",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "25CBACD3-AFB7-410D-927F-0C1FF477D396",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "A53FF936-C785-4CEF-BAD0-3C3EB90EE466",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "EE26596F-F10E-44EF-88CA-0080646E91B9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:vmware:*:*:*:*:*",
              "matchCriteriaId": "B654E601-9B41-416B-9619-A60E6151EC68",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Directory traversal vulnerability in pure-FTPd 1.0.22 and possibly other versions, when running on SUSE Linux Enterprise Server and possibly other operating systems, when the Netware OES remote server feature is enabled, allows local users to overwrite arbitrary files via unknown vectors."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de salto de directorio en Pure-ftpd v1.0.22 y posiblemente en otras versiones, cuando se ejecutan en SUSE Linux Enterprise Server y posiblemente otros sistemas operativos y cuando la funci\u00f3n de servidor remoto Netware OES est\u00e1 activada, permite a usuarios locales sobreescribir ficheros arbitrarios a trav\u00e9s de vectores desconocidos."
    }
  ],
  "id": "CVE-2011-3171",
  "lastModified": "2024-11-21T01:29:53.840",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 3.6,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-11-04T21:55:02.550",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00015.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00016.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/49541"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69686"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00015.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00016.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/49541"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69686"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-01-13 20:55
Modified
2024-11-21 01:48
Severity ?
Summary
Use-after-free vulnerability in the ~nsHTMLEditRules implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
References
security@mozilla.orghttp://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.htmlMailing List, Third Party Advisory
security@mozilla.orghttp://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.htmlMailing List, Third Party Advisory
security@mozilla.orghttp://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.htmlMailing List, Third Party Advisory
security@mozilla.orghttp://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.htmlMailing List, Third Party Advisory
security@mozilla.orghttp://rhn.redhat.com/errata/RHSA-2013-0144.htmlThird Party Advisory
security@mozilla.orghttp://rhn.redhat.com/errata/RHSA-2013-0145.htmlThird Party Advisory
security@mozilla.orghttp://www.mozilla.org/security/announce/2013/mfsa2013-02.htmlVendor Advisory
security@mozilla.orghttp://www.securityfocus.com/bid/57194Third Party Advisory, VDB Entry
security@mozilla.orghttp://www.ubuntu.com/usn/USN-1681-1Third Party Advisory
security@mozilla.orghttp://www.ubuntu.com/usn/USN-1681-2Third Party Advisory
security@mozilla.orghttp://www.ubuntu.com/usn/USN-1681-4Third Party Advisory
security@mozilla.orghttps://bugzilla.mozilla.org/show_bug.cgi?id=803853Issue Tracking, Patch, Vendor Advisory
security@mozilla.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16189Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-0144.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-0145.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/security/announce/2013/mfsa2013-02.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/57194Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1681-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1681-2Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1681-4Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=803853Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16189Third Party Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B79F0682-C77C-4B65-B267-C370CFC70295",
              "versionEndExcluding": "18.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC13B81F-BA13-445C-9352-52C07DE5722C",
              "versionEndExcluding": "10.0.12",
              "versionStartIncluding": "10.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBE1BFA6-20EE-44C2-8D48-17CAF2EE2D30",
              "versionEndExcluding": "17.0.2",
              "versionStartIncluding": "17.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BA9E754-FE4D-4123-9FA8-E2AD38CC7320",
              "versionEndExcluding": "2.15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EAC3A76A-FEC9-461E-BA82-1D62DEB45B34",
              "versionEndExcluding": "17.0.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D45B1950-19B6-4C22-8828-6C203FA4804C",
              "versionEndExcluding": "10.0.12",
              "versionStartIncluding": "10.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCE07E1B-A9A5-44BC-98BB-A76B5F2EB133",
              "versionEndExcluding": "17.0.2",
              "versionStartIncluding": "17.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB2C482-D2A4-48B3-ACE7-E1DFDCC409B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "F0545634-EC4A-48E8-AB3D-49802FB11758",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "00720D8C-3FF3-4B1C-B74B-91F01A544399",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "A53FF936-C785-4CEF-BAD0-3C3EB90EE466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*",
              "matchCriteriaId": "88D6E858-FD8F-4C55-B7D5-CEEDA2BBA898",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*",
              "matchCriteriaId": "DB4D6749-81A1-41D7-BF4F-1C45A7F49A22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "436EF2ED-FDBB-4B64-8EC4-33C3E4253F06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "5AA37837-3083-4DC7-94F4-54FD5D7CB53C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:5.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "6252E88C-27FF-420D-A64A-C34124CF7E6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8382A145-CDD9-437E-9DE7-A349956778B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "92C9F1C4-55B0-426D-BB5E-01372C23AF97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*",
              "matchCriteriaId": "01EDA41C-6B2E-49AF-B503-EB3882265C11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Use-after-free vulnerability in the ~nsHTMLEditRules implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de uso despu\u00e9s de liberaci\u00f3n de la implementaci\u00f3n ~nsHTMLEditRules en Mozilla Firefox anterior a v18.0, Firefox ESR v10.x anterior a v10.0.12 y v17.x anterior a v17.0.1, Thunderbird anterior a v17.0.12, Thunderbird ESR v10.x anterior a 10.0.12 y v17.x anterior a 17.0.1, y SeaMonkey anterior a v2.15 que permite a atacantes remotos permite a atacantes remotos ejecutar c\u00f3digo arbitrio o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria din\u00e1mica) a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2013-0766",
  "lastModified": "2024-11-21T01:48:10.023",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-01-13T20:55:02.337",
  "references": [
    {
      "source": "security@mozilla.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0144.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0145.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-02.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/57194"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1681-1"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1681-2"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1681-4"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=803853"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16189"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0144.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0145.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-02.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/57194"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1681-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1681-2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1681-4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=803853"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16189"
    }
  ],
  "sourceIdentifier": "security@mozilla.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-10-23 02:29
Modified
2024-11-21 03:56
Summary
chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0" name).
References
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2019:2049Third Party Advisory
cve@mitre.orghttps://bugs.debian.org/911637Issue Tracking, Mailing List, Third Party Advisory
cve@mitre.orghttps://github.com/kyz/libmspack/commit/8759da8db6ec9e866cb8eb143313f397f925bb4fExploit, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2018/10/msg00017.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://security.gentoo.org/glsa/201903-20Third Party Advisory
cve@mitre.orghttps://usn.ubuntu.com/3814-1/Third Party Advisory
cve@mitre.orghttps://usn.ubuntu.com/3814-2/Third Party Advisory
cve@mitre.orghttps://usn.ubuntu.com/3814-3/Third Party Advisory
cve@mitre.orghttps://www.openwall.com/lists/oss-security/2018/10/22/1Mailing List, Patch, Third Party Advisory
cve@mitre.orghttps://www.starwindsoftware.com/security/sw-20181213-0002/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:2049Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugs.debian.org/911637Issue Tracking, Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/kyz/libmspack/commit/8759da8db6ec9e866cb8eb143313f397f925bb4fExploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2018/10/msg00017.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201903-20Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3814-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3814-2/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3814-3/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.openwall.com/lists/oss-security/2018/10/22/1Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.starwindsoftware.com/security/sw-20181213-0002/Third Party Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:kyzer:libmspack:0.3:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "A8922C30-64ED-4C15-999E-58AB0812814C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kyzer:libmspack:0.4:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "979ED5F0-4DE8-4091-BFD5-CD98AFF2BB43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kyzer:libmspack:0.5:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "F9DBC30C-9FC0-4471-B63B-0E948E2569C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kyzer:libmspack:0.6:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "880442E9-7E36-4A6E-AA77-2310750AE21E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kyzer:libmspack:0.7:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "BE5A7D47-85EC-4045-9FB4-369CCD4044B2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:ltss:*:*:*",
              "matchCriteriaId": "B12243B2-D726-404C-ABFF-F1AB51BA1783",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:ga:*:*:ltss:*:*:*",
              "matchCriteriaId": "3DC6D86E-8C71-4836-9F7C-7416E9250C42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:ltss:*:*:*",
              "matchCriteriaId": "0651347C-AE16-4155-98EF-A0A2C63A37A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp2:*:*:ltss:*:*:*",
              "matchCriteriaId": "32C12523-2500-44D0-97EE-E740BD3E61B3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:starwindsoftware:starwind_virtual_san:-:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "B649CB6C-394E-4F87-BB60-CB2C7825AA6D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has \u0027\\0\u0027 as its first or second character (such as the \"/\\0\" name)."
    },
    {
      "lang": "es",
      "value": "chmd_read_headers en mspack/chmd.c en libmspack en versiones anteriores a la 0.8alpha acepta un nombre de archivo que tiene \"\\0\" como su primer o segundo car\u00e1cter (como el nombre \"/\\0\")."
    }
  ],
  "id": "CVE-2018-18585",
  "lastModified": "2024-11-21T03:56:12.477",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-10-23T02:29:00.513",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:2049"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://bugs.debian.org/911637"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/kyz/libmspack/commit/8759da8db6ec9e866cb8eb143313f397f925bb4f"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00017.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201903-20"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3814-1/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3814-2/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3814-3/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.openwall.com/lists/oss-security/2018/10/22/1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.starwindsoftware.com/security/sw-20181213-0002/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:2049"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://bugs.debian.org/911637"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/kyz/libmspack/commit/8759da8db6ec9e866cb8eb143313f397f925bb4f"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00017.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201903-20"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3814-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3814-2/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3814-3/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.openwall.com/lists/oss-security/2018/10/22/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.starwindsoftware.com/security/sw-20181213-0002/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-476"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-03-02 16:15
Modified
2024-11-21 04:33
Summary
A UNIX Symbolic Link (Symlink) Following vulnerability in the mysql-systemd-helper of the mariadb packaging of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allows local attackers to change the permissions of arbitrary files to 0640. This issue affects: SUSE Linux Enterprise Server 12 mariadb versions prior to 10.2.31-3.25.1. SUSE Linux Enterprise Server 15 mariadb versions prior to 10.2.31-3.26.1.
Impacted products



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:*:*:*:*:*:*:*",
              "matchCriteriaId": "F922115C-1907-4F65-9F23-3E63A8BCD4A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:15:*:*:*:*:*:*:*",
              "matchCriteriaId": "70A029CD-2AC4-4877-B1A4-5C72B351BA27",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A UNIX Symbolic Link (Symlink) Following vulnerability in the mysql-systemd-helper of the mariadb packaging of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allows local attackers to change the permissions of arbitrary files to 0640. This issue affects: SUSE Linux Enterprise Server 12 mariadb versions prior to 10.2.31-3.25.1. SUSE Linux Enterprise Server 15 mariadb versions prior to 10.2.31-3.26.1."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de tipo Symbolic Link (Symlink) Following en mysql-systemd-helper del paquete mariadb de SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, permite a atacantes locales cambiar los permisos de archivos arbitrarios a 0640. Este problema afecta a: mariadb de SUSE Linux Enterprise Server 12 versiones anteriores a 10.2.31-3.25.1. mariadb de SUSE Linux Enterprise Server 15 versiones anteriores a 10.2.31-3.26.1."
    }
  ],
  "id": "CVE-2019-18901",
  "lastModified": "2024-11-21T04:33:48.580",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "LOW",
          "baseScore": 5.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 2.5,
        "source": "meissner@suse.de",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-03-02T16:15:11.940",
  "references": [
    {
      "source": "meissner@suse.de",
      "tags": [
        "Broken Link",
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00007.html"
    },
    {
      "source": "meissner@suse.de",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=1160895"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00007.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=1160895"
    }
  ],
  "sourceIdentifier": "meissner@suse.de",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-59"
        }
      ],
      "source": "meissner@suse.de",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-59"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-04-19 21:59
Modified
2024-11-21 02:21
Severity ?
Summary
Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function.
References
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html
secalert@redhat.comhttp://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html
secalert@redhat.comhttp://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2017-0680.html
secalert@redhat.comhttp://seclists.org/fulldisclosure/2019/Jun/18
secalert@redhat.comhttp://seclists.org/fulldisclosure/2019/Sep/7
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2016/01/19/11
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2016/01/20/1
secalert@redhat.comhttp://www.securityfocus.com/bid/83306
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-2985-1
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-2985-2
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2017:1916
secalert@redhat.comhttps://seclists.org/bugtraq/2019/Jun/14
secalert@redhat.comhttps://seclists.org/bugtraq/2019/Sep/7
secalert@redhat.comhttps://security.gentoo.org/glsa/201702-11
secalert@redhat.comhttps://sourceware.org/bugzilla/show_bug.cgi?id=16962
secalert@redhat.comhttps://www.sourceware.org/ml/libc-alpha/2016-02/msg00502.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2017-0680.html
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2019/Jun/18
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2019/Sep/7
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2016/01/19/11
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2016/01/20/1
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/83306
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2985-1
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2985-2
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1916
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/bugtraq/2019/Jun/14
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/bugtraq/2019/Sep/7
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201702-11
af854a3a-2127-422b-91ae-364da2661108https://sourceware.org/bugzilla/show_bug.cgi?id=16962
af854a3a-2127-422b-91ae-364da2661108https://www.sourceware.org/ml/libc-alpha/2016-02/msg00502.htmlVendor Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11.0:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "1FADFCB2-7D70-4778-9199-516E667177C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11.0:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "174A8501-CFE4-430E-BB1F-DDF89F94A117",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11.0:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "480C8C21-8DA3-4EF2-8BCF-7CED031A3B81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11.0:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "1F33821F-22ED-4B6A-B70B-D38EDA658EE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11.0:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "10F15C47-008C-4FFC-980B-A14E176C1F1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1EB0F28-F23A-4969-8A3E-66DA2EFA40C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "3A0BA503-3F96-48DA-AF47-FBA37A9D0C48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11.0:sp2:*:*:lts:*:*:*",
              "matchCriteriaId": "380DDE38-767C-455A-8474-29BF32D66D48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11.0:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "01E21741-9D7D-42DD-B70D-5FD3053DE780",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11.0:sp3:*:*:*:vmware:*:*",
              "matchCriteriaId": "FD3677E0-7423-452A-8C1E-A20C5CC34CA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11.0:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "D5BAC17C-EF31-4E94-9020-47B781AD94B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "2076747F-A98E-4DD9-9B52-BF1732BCAD3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11.0:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "ACC73EF8-7AD9-4113-9E3F-C93AF818CEB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11.0:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "51FA1B64-D002-41CC-908F-3798122ACD25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB2A1559-651C-46B0-B436-8E03DC8A60D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "5A633996-2FD7-467C-BAA6-529E16BD06D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C649194-B8C2-49F7-A819-C635EE584ABF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*",
              "matchCriteriaId": "E79AB8DD-C907-4038-A931-1A5A4CFB6A5B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1E32895-9C7B-4DE8-9BB5-0177406EB761",
              "versionEndIncluding": "2.22",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples desbordamientos de buffer basado en pila en la GNU C Library (tambi\u00e9n conocida como glibc o libc6) en versiones anteriores a 2.23 permiten a atacantes dependientes del contexto causar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) o posiblemente ejecutar c\u00f3digo arbirario a trav\u00e9s de un argumento largo en la funci\u00f3n (1) nan, (2) nanf o (3) nanl."
    }
  ],
  "id": "CVE-2014-9761",
  "lastModified": "2024-11-21T02:21:36.940",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-04-19T21:59:00.113",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2017-0680.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://seclists.org/fulldisclosure/2019/Jun/18"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://seclists.org/fulldisclosure/2019/Sep/7"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2016/01/19/11"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2016/01/20/1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/83306"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-2985-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-2985-2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2017:1916"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://seclists.org/bugtraq/2019/Jun/14"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://seclists.org/bugtraq/2019/Sep/7"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://security.gentoo.org/glsa/201702-11"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=16962"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.sourceware.org/ml/libc-alpha/2016-02/msg00502.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2017-0680.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/fulldisclosure/2019/Jun/18"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/fulldisclosure/2019/Sep/7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2016/01/19/11"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2016/01/20/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/83306"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2985-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2985-2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2017:1916"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://seclists.org/bugtraq/2019/Jun/14"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://seclists.org/bugtraq/2019/Sep/7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/201702-11"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=16962"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.sourceware.org/ml/libc-alpha/2016-02/msg00502.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2012-11-21 12:55
Modified
2024-11-21 01:45
Severity ?
Summary
Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 implement cross-origin wrappers with a filtering behavior that does not properly restrict write actions, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-updates/2012-11/msg00090.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-updates/2012-11/msg00092.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-updates/2012-11/msg00093.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://osvdb.org/87588Broken Link
cve@mitre.orghttp://rhn.redhat.com/errata/RHSA-2012-1482.htmlThird Party Advisory
cve@mitre.orghttp://rhn.redhat.com/errata/RHSA-2012-1483.htmlThird Party Advisory
cve@mitre.orghttp://secunia.com/advisories/51359Third Party Advisory
cve@mitre.orghttp://secunia.com/advisories/51360Third Party Advisory
cve@mitre.orghttp://secunia.com/advisories/51369Third Party Advisory
cve@mitre.orghttp://secunia.com/advisories/51370Third Party Advisory
cve@mitre.orghttp://secunia.com/advisories/51381Third Party Advisory
cve@mitre.orghttp://secunia.com/advisories/51434Third Party Advisory
cve@mitre.orghttp://secunia.com/advisories/51439Third Party Advisory
cve@mitre.orghttp://secunia.com/advisories/51440Third Party Advisory
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDVSA-2012:173Third Party Advisory
cve@mitre.orghttp://www.mozilla.org/security/announce/2012/mfsa2012-100.htmlVendor Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/56631Third Party Advisory, VDB Entry
cve@mitre.orghttp://www.ubuntu.com/usn/USN-1636-1Third Party Advisory
cve@mitre.orghttp://www.ubuntu.com/usn/USN-1638-1Third Party Advisory
cve@mitre.orghttp://www.ubuntu.com/usn/USN-1638-2Third Party Advisory
cve@mitre.orghttp://www.ubuntu.com/usn/USN-1638-3Third Party Advisory
cve@mitre.orghttps://bugzilla.mozilla.org/show_bug.cgi?id=805807Issue Tracking, Patch, Vendor Advisory
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/80178Third Party Advisory, VDB Entry
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16590Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/87588Broken Link
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2012-1482.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2012-1483.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/51359Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/51360Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/51369Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/51370Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/51381Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/51434Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/51439Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/51440Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2012:173Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/security/announce/2012/mfsa2012-100.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/56631Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1636-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1638-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1638-2Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1638-3Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=805807Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/80178Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16590Third Party Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D350E7E-4990-4C93-80AD-AC5C27040549",
              "versionEndExcluding": "10.0.11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "23C27B04-A1E0-4930-AF63-E2B1E57F75BE",
              "versionEndExcluding": "17.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9DEF1D7-9412-4632-A689-AFD71FEFACC0",
              "versionEndExcluding": "2.14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "61E5E742-2A0F-4483-A784-EACBEE1DF267",
              "versionEndExcluding": "17.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "261324A9-B458-48B0-B8EC-5412FB8728E9",
              "versionEndExcluding": "10.0.11",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB2C482-D2A4-48B3-ACE7-E1DFDCC409B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "F0545634-EC4A-48E8-AB3D-49802FB11758",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "00720D8C-3FF3-4B1C-B74B-91F01A544399",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "A53FF936-C785-4CEF-BAD0-3C3EB90EE466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*",
              "matchCriteriaId": "88D6E858-FD8F-4C55-B7D5-CEEDA2BBA898",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*",
              "matchCriteriaId": "DB4D6749-81A1-41D7-BF4F-1C45A7F49A22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "436EF2ED-FDBB-4B64-8EC4-33C3E4253F06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "5AA37837-3083-4DC7-94F4-54FD5D7CB53C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*",
              "matchCriteriaId": "01EDA41C-6B2E-49AF-B503-EB3882265C11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8382A145-CDD9-437E-9DE7-A349956778B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 implement cross-origin wrappers with a filtering behavior that does not properly restrict write actions, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site."
    },
    {
      "lang": "es",
      "value": "Mozilla Firefox antes de 17.0, Firefox ESR 10.x antes de 10.0.11, Thunderbird antes de 17,0, Thunderbird ESR 10.x antes de 10.0.11, y SeaMonkey antes de 2.14 implementan envoltorios origen cruzado con un comportamiento de filtrado que no restringe correctamente las acciones de escritura, lo que permite a atacantes remotos realizar ataques de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) a trav\u00e9s de un sitio web modificado."
    }
  ],
  "id": "CVE-2012-5841",
  "lastModified": "2024-11-21T01:45:21.170",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2012-11-21T12:55:03.697",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/87588"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1482.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1483.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/51359"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/51360"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/51369"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/51370"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/51381"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/51434"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/51439"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/51440"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:173"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-100.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/56631"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1636-1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1638-1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1638-2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1638-3"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=805807"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80178"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16590"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/87588"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1482.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1483.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/51359"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/51360"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/51369"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/51370"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/51381"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/51434"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/51439"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/51440"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:173"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-100.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/56631"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1636-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1638-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1638-2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1638-3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=805807"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80178"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16590"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2011-12-15 03:57
Modified
2024-11-21 01:32
Severity ?
Summary
The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code, or cause a denial of service (heap memory corruption), via a crafted component registration (CRG) marker segment in a JPEG2000 file.
References
cret@cert.orghttp://lists.fedoraproject.org/pipermail/package-announce/2011-December/071458.htmlMailing List, Third Party Advisory
cret@cert.orghttp://lists.fedoraproject.org/pipermail/package-announce/2012-January/071561.htmlMailing List, Third Party Advisory
cret@cert.orghttp://lists.opensuse.org/opensuse-security-announce/2011-12/msg00010.htmlMailing List, Third Party Advisory
cret@cert.orghttp://osvdb.org/77596Broken Link
cret@cert.orghttp://rhn.redhat.com/errata/RHSA-2015-0698.htmlThird Party Advisory
cret@cert.orghttp://secunia.com/advisories/47193Not Applicable
cret@cert.orghttp://secunia.com/advisories/47306Not Applicable
cret@cert.orghttp://secunia.com/advisories/47353Not Applicable
cret@cert.orghttp://www-01.ibm.com/support/docview.wss?uid=swg21660640Broken Link
cret@cert.orghttp://www.debian.org/security/2011/dsa-2371Third Party Advisory
cret@cert.orghttp://www.kb.cert.org/vuls/id/887409Third Party Advisory, US Government Resource
cret@cert.orghttp://www.oracle.com/technetwork/topics/security/cpujan2012-366304.htmlThird Party Advisory
cret@cert.orghttp://www.redhat.com/support/errata/RHSA-2011-1807.htmlThird Party Advisory
cret@cert.orghttp://www.redhat.com/support/errata/RHSA-2011-1811.htmlThird Party Advisory
cret@cert.orghttp://www.securityfocus.com/bid/50992Broken Link, VDB Entry
cret@cert.orghttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606Release Notes
cret@cert.orghttp://www.ubuntu.com/usn/USN-1315-1Third Party Advisory
cret@cert.orghttps://bugzilla.redhat.com/show_bug.cgi?id=747726Issue Tracking
cret@cert.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/71701Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071458.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071561.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00010.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/77596Broken Link
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2015-0698.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/47193Not Applicable
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/47306Not Applicable
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/47353Not Applicable
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21660640Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2011/dsa-2371Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/887409Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2011-1807.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2011-1811.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/50992Broken Link, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606Release Notes
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1315-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=747726Issue Tracking
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/71701Third Party Advisory, VDB Entry



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:jasper_project:jasper:1.900.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "79C699BE-8585-4A07-88AE-E17CF17D92CD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:outside_in_technology:8.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "64AA8532-9055-4A9B-BC52-B6D0EDAB8D10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:outside_in_technology:8.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "506DA542-BD41-4102-A15E-481C81A0AB04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*",
              "matchCriteriaId": "01EDA41C-6B2E-49AF-B503-EB3882265C11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "87614B58-24AB-49FB-9C84-E8DDBA16353B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF49D26F-142E-468B-87C1-BABEA445255C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:*",
              "matchCriteriaId": "9396E005-22D8-4342-9323-C7DEA379191D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*",
              "matchCriteriaId": "706C6399-CAD1-46E3-87A2-8DFE2CF497ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "60FBDD82-691C-4D9D-B71B-F9AFF6931B53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:-:*:*",
              "matchCriteriaId": "A44C3422-0D42-473E-ABB4-279D7494EE2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:vmware:*:*",
              "matchCriteriaId": "A6B7CDCA-6F39-4113-B5D3-3AA9D7F3D809",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "E8C91701-DF37-4F7B-AB9A-B1BFDB4991F8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D986CAD0-F4E0-4F97-B240-8967CD4466FB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code, or cause a denial of service (heap memory corruption), via a crafted component registration (CRG) marker segment in a JPEG2000 file."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n jpc_crg_getparms de libjasper/jpc/jpc_cs.c de JasPer 1.900.1 utiliza un tipo de datos incorrecto durante un c\u00e1lculo determinado de tama\u00f1o, lo que permite a atacantes remotos provocar un desbordamiento de buffer de memoria din\u00e1mica y ejecutar c\u00f3digo arbitrario, o provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria din\u00e1mica), a trav\u00e9s de un archivo JPEG2000 mal formado."
    }
  ],
  "id": "CVE-2011-4517",
  "lastModified": "2024-11-21T01:32:27.893",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2011-12-15T03:57:34.277",
  "references": [
    {
      "source": "cret@cert.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071458.html"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071561.html"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00010.html"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/77596"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0698.html"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://secunia.com/advisories/47193"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://secunia.com/advisories/47306"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://secunia.com/advisories/47353"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2011/dsa-2371"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/887409"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2011-1807.html"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2011-1811.html"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Broken Link",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/50992"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Release Notes"
      ],
      "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.538606"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1315-1"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=747726"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71701"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071458.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071561.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00010.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/77596"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0698.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://secunia.com/advisories/47193"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://secunia.com/advisories/47306"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://secunia.com/advisories/47353"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2011/dsa-2371"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/887409"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2011-1807.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2011-1811.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/50992"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes"
      ],
      "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.538606"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1315-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=747726"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71701"
    }
  ],
  "sourceIdentifier": "cret@cert.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-10-15 22:55
Modified
2024-11-21 02:14
Severity ?
Summary
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6494.
References
secalert_us@oracle.comhttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698Third Party Advisory
secalert_us@oracle.comhttp://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.htmlMailing List, Third Party Advisory
secalert_us@oracle.comhttp://secunia.com/advisories/61579Not Applicable
secalert_us@oracle.comhttp://secunia.com/advisories/62073Not Applicable
secalert_us@oracle.comhttp://security.gentoo.org/glsa/glsa-201411-02.xmlThird Party Advisory
secalert_us@oracle.comhttp://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.htmlVendor Advisory
secalert_us@oracle.comhttp://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.htmlPatch, Vendor Advisory
secalert_us@oracle.comhttp://www.securityfocus.com/bid/70469Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/61579Not Applicable
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/62073Not Applicable
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-201411-02.xmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/70469Third Party Advisory, VDB Entry



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:juniper:junos_space:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6133CA80-A291-487F-AE06-85D4AA154727",
              "versionEndIncluding": "15.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF35B328-2B85-4093-9288-2EF6043AA8DF",
              "versionEndExcluding": "5.5.40",
              "versionStartIncluding": "5.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C55CD8E-8ADC-470C-9042-5C63221A2F09",
              "versionEndExcluding": "10.0.15",
              "versionStartIncluding": "10.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAA995C3-9B96-4B6F-A3E9-587F8468F551",
              "versionEndIncluding": "5.5.39",
              "versionStartIncluding": "5.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3E71621-9463-4E83-A99C-1D51E6352770",
              "versionEndIncluding": "5.6.20",
              "versionStartIncluding": "5.6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*",
              "matchCriteriaId": "D2DF4815-B8CB-4AD3-B91D-2E09A8E318E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*",
              "matchCriteriaId": "15FC9014-BD85-4382-9D04-C0703E901D7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-:*:*:*:*:*:*",
              "matchCriteriaId": "1831D45A-EE6E-4220-8F8C-248B69520948",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:-:*:*:*:*:*:*",
              "matchCriteriaId": "028ABA8F-4E7B-4CD0-B6FC-3A0941E254BA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6494."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad sin especificar en Oracle MySQL Server 5.5.39 y anteriores y 5.6.20 y anteriores, permite a atacantes remotos afectar la disponibilidad a trav\u00e9s de vectores relacionados con CLIENT:SSL:yaSSL, una vulnerabilidad diferente a CVE-2014-6494."
    }
  ],
  "id": "CVE-2014-6496",
  "lastModified": "2024-11-21T02:14:30.450",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-10-15T22:55:06.077",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10698"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://secunia.com/advisories/61579"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://secunia.com/advisories/62073"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://security.gentoo.org/glsa/glsa-201411-02.xml"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/70469"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10698"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://secunia.com/advisories/61579"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://secunia.com/advisories/62073"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://security.gentoo.org/glsa/glsa-201411-02.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/70469"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2015-04-16 16:59
Modified
2024-11-21 02:23
Severity ?
Summary
Unspecified vulnerability in Oracle Java SE 7u76 and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-0492.
References
secalert_us@oracle.comhttp://lists.opensuse.org/opensuse-security-announce/2015-04/msg00017.html
secalert_us@oracle.comhttp://lists.opensuse.org/opensuse-security-announce/2015-04/msg00018.html
secalert_us@oracle.comhttp://lists.opensuse.org/opensuse-security-announce/2015-05/msg00002.html
secalert_us@oracle.comhttp://rhn.redhat.com/errata/RHSA-2015-0854.html
secalert_us@oracle.comhttp://rhn.redhat.com/errata/RHSA-2015-0857.html
secalert_us@oracle.comhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.htmlVendor Advisory
secalert_us@oracle.comhttp://www.securityfocus.com/bid/74135
secalert_us@oracle.comhttp://www.securitytracker.com/id/1032120
secalert_us@oracle.comhttps://security.gentoo.org/glsa/201603-11
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00017.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00018.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00002.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2015-0854.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2015-0857.html
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/74135
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1032120
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201603-11
Impacted products
Vendor Product Version
oracle jdk 1.7.0
oracle jdk 1.8.0
oracle jre 1.7.0
oracle jre 1.8.0
oracle javafx 2.2.76
opensuse opensuse 13.2
suse linux_enterprise_server 11



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update76:*:*:*:*:*:*",
              "matchCriteriaId": "A2C5FA21-4D3B-4739-92A1-B87A1A63F29B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update40:*:*:*:*:*:*",
              "matchCriteriaId": "8348D050-22EF-49AC-960A-ADBA1441FFC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update76:*:*:*:*:*:*",
              "matchCriteriaId": "50E5F104-C20F-4E6B-AD70-8FEC1B9A9B46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update40:*:*:*:*:*:*",
              "matchCriteriaId": "BB2AF8BC-7643-4CBF-83C0-CA4656AC4FB4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:javafx:2.2.76:*:*:*:*:*:*:*",
              "matchCriteriaId": "40229F01-B2C6-44EA-8DF8-C316B52F5848",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "8B072472-B463-4647-885D-E40B0115C810",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in Oracle Java SE 7u76 and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-0492."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no especificada en Oracle Java SE 7u76 y 8u40, y Java FX 2.2.76, permite a atacantes remotos afectar la confidencialidad, la integridad y la disponibilidad a trav\u00e9s de vectores desconocidos, una vulnerabilidad diferente a CVE-2015-0492."
    }
  ],
  "evaluatorComment": "Per Oracle:  Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. (http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html)",
  "id": "CVE-2015-0484",
  "lastModified": "2024-11-21T02:23:10.183",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-04-16T16:59:36.260",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00017.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00018.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00002.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0854.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0857.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://www.securityfocus.com/bid/74135"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://www.securitytracker.com/id/1032120"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://security.gentoo.org/glsa/201603-11"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00017.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00018.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0854.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0857.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/74135"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1032120"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/201603-11"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2010-09-08 20:00
Modified
2024-11-21 01:17
Severity ?
Summary
Integer overflow in net/can/bcm.c in the Controller Area Network (CAN) implementation in the Linux kernel before 2.6.27.53, 2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2.6.35.x before 2.6.35.4 allows attackers to execute arbitrary code or cause a denial of service (system crash) via crafted CAN traffic.
References
security@ubuntu.comhttp://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5b75c4973ce779520b9d1e392483207d6f842cde
security@ubuntu.comhttp://jon.oberheide.org/files/i-can-haz-modharden.cExploit, Mailing List, Third Party Advisory
security@ubuntu.comhttp://lists.fedoraproject.org/pipermail/package-announce/2010-September/046947.htmlMailing List, Third Party Advisory
security@ubuntu.comhttp://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.htmlMailing List, Third Party Advisory
security@ubuntu.comhttp://lists.opensuse.org/opensuse-security-announce/2010-09/msg00005.htmlMailing List, Third Party Advisory
security@ubuntu.comhttp://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.htmlMailing List, Third Party Advisory
security@ubuntu.comhttp://secunia.com/advisories/41512Broken Link
security@ubuntu.comhttp://www.debian.org/security/2010/dsa-2094Third Party Advisory
security@ubuntu.comhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.53Broken Link
security@ubuntu.comhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.21Broken Link
security@ubuntu.comhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34.6Broken Link
security@ubuntu.comhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35.4Broken Link
security@ubuntu.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2010:198Broken Link
security@ubuntu.comhttp://www.openwall.com/lists/oss-security/2010/08/20/2Mailing List, Third Party Advisory
security@ubuntu.comhttp://www.securityfocus.com/bid/42585Exploit, Third Party Advisory, VDB Entry
security@ubuntu.comhttp://www.vupen.com/english/advisories/2010/2430Broken Link
security@ubuntu.comhttp://www.vupen.com/english/advisories/2011/0298Broken Link
security@ubuntu.comhttps://bugzilla.redhat.com/show_bug.cgi?id=625699Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5b75c4973ce779520b9d1e392483207d6f842cde
af854a3a-2127-422b-91ae-364da2661108http://jon.oberheide.org/files/i-can-haz-modharden.cExploit, Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2010-September/046947.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00005.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/41512Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2010/dsa-2094Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.53Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.21Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34.6Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35.4Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2010:198Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2010/08/20/2Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/42585Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/2430Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2011/0298Broken Link
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=625699Issue Tracking, Patch, Third Party Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FE382AE-9C6D-4BEB-8E3F-97B28833C183",
              "versionEndExcluding": "2.6.27.53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EE59977-7454-4176-A2D6-2302E120C851",
              "versionEndExcluding": "2.6.32.21",
              "versionStartIncluding": "2.6.32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "63D85B69-8DB7-4D3E-9354-CCBC549E7370",
              "versionEndExcluding": "2.6.34.6",
              "versionStartIncluding": "2.6.34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7A5EF87-D414-4E4D-A558-FDD6D1910A08",
              "versionEndExcluding": "2.6.35.4",
              "versionStartIncluding": "2.6.35",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*",
              "matchCriteriaId": "E44669D7-6C1E-4844-B78A-73E253A7CC17",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5646FDE9-CF21-46A9-B89D-F5BBDB4249AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "60FBDD82-691C-4D9D-B71B-F9AFF6931B53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_high_availability_extension:11:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "EB74DEB4-2BD1-4A65-AFDA-C331BC20C178",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_real_time:11:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "947E05EB-6995-47C1-BE9A-D22E3810533D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "EE26596F-F10E-44EF-88CA-0080646E91B9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Integer overflow in net/can/bcm.c in the Controller Area Network (CAN) implementation in the Linux kernel before 2.6.27.53, 2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2.6.35.x before 2.6.35.4 allows attackers to execute arbitrary code or cause a denial of service (system crash) via crafted CAN traffic."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de enterno en net/can/bcm en la implementaci\u00f3n Controller Area Network (CAN) del kernel de Linux anterior a v2.6.27.53, v2.6.32.x anterior a v2.6.32.21, v2.6.34.x anterior a v2.6.34.6, y v2.6.35.x anterior a v2.6.35.4, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n o provocar una denegaci\u00f3n de servicio (ca\u00edda de sistema) a trav\u00e9s de tr\u00e1fico CAN manipulado."
    }
  ],
  "id": "CVE-2010-2959",
  "lastModified": "2024-11-21T01:17:44.207",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-09-08T20:00:03.760",
  "references": [
    {
      "source": "security@ubuntu.com",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5b75c4973ce779520b9d1e392483207d6f842cde"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Exploit",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://jon.oberheide.org/files/i-can-haz-modharden.c"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/046947.html"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00005.html"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/41512"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2010/dsa-2094"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.53"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.21"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34.6"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35.4"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:198"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2010/08/20/2"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/42585"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/2430"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0298"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=625699"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5b75c4973ce779520b9d1e392483207d6f842cde"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://jon.oberheide.org/files/i-can-haz-modharden.c"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/046947.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00005.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/41512"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2010/dsa-2094"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.53"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.21"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34.6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35.4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:198"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2010/08/20/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/42585"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/2430"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0298"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=625699"
    }
  ],
  "sourceIdentifier": "security@ubuntu.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-190"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-01-13 20:55
Modified
2024-11-21 01:48
Severity ?
Summary
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
References
security@mozilla.orghttp://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.htmlMailing List, Third Party Advisory
security@mozilla.orghttp://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.htmlMailing List, Third Party Advisory
security@mozilla.orghttp://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.htmlMailing List, Third Party Advisory
security@mozilla.orghttp://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.htmlMailing List, Third Party Advisory
security@mozilla.orghttp://www.mozilla.org/security/announce/2013/mfsa2013-01.htmlVendor Advisory
security@mozilla.orghttp://www.palemoon.org/releasenotes-ng.shtmlBroken Link
security@mozilla.orghttp://www.ubuntu.com/usn/USN-1681-1Third Party Advisory
security@mozilla.orghttp://www.ubuntu.com/usn/USN-1681-2Third Party Advisory
security@mozilla.orghttp://www.ubuntu.com/usn/USN-1681-4Third Party Advisory
security@mozilla.orghttps://bugzilla.mozilla.org/show_bug.cgi?id=785358Issue Tracking, Patch, Vendor Advisory
security@mozilla.orghttps://bugzilla.mozilla.org/show_bug.cgi?id=794426Issue Tracking, Patch, Vendor Advisory
security@mozilla.orghttps://bugzilla.mozilla.org/show_bug.cgi?id=805745Exploit, Issue Tracking, Vendor Advisory
security@mozilla.orghttps://bugzilla.mozilla.org/show_bug.cgi?id=805814Exploit, Issue Tracking, Vendor Advisory
security@mozilla.orghttps://bugzilla.mozilla.org/show_bug.cgi?id=808481Issue Tracking, Patch, Vendor Advisory
security@mozilla.orghttps://bugzilla.mozilla.org/show_bug.cgi?id=812847Issue Tracking, Vendor Advisory
security@mozilla.orghttps://bugzilla.mozilla.org/show_bug.cgi?id=814407Issue Tracking, Vendor Advisory
security@mozilla.orghttps://bugzilla.mozilla.org/show_bug.cgi?id=814839Issue Tracking, Vendor Advisory
security@mozilla.orghttps://bugzilla.mozilla.org/show_bug.cgi?id=816994Issue Tracking, Vendor Advisory
security@mozilla.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16953Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/security/announce/2013/mfsa2013-01.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.palemoon.org/releasenotes-ng.shtmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1681-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1681-2Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1681-4Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=785358Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=794426Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=805745Exploit, Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=805814Exploit, Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=808481Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=812847Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=814407Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=814839Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=816994Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16953Third Party Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B79F0682-C77C-4B65-B267-C370CFC70295",
              "versionEndExcluding": "18.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC13B81F-BA13-445C-9352-52C07DE5722C",
              "versionEndExcluding": "10.0.12",
              "versionStartIncluding": "10.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBE1BFA6-20EE-44C2-8D48-17CAF2EE2D30",
              "versionEndExcluding": "17.0.2",
              "versionStartIncluding": "17.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BA9E754-FE4D-4123-9FA8-E2AD38CC7320",
              "versionEndExcluding": "2.15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EAC3A76A-FEC9-461E-BA82-1D62DEB45B34",
              "versionEndExcluding": "17.0.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D45B1950-19B6-4C22-8828-6C203FA4804C",
              "versionEndExcluding": "10.0.12",
              "versionStartIncluding": "10.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCE07E1B-A9A5-44BC-98BB-A76B5F2EB133",
              "versionEndExcluding": "17.0.2",
              "versionStartIncluding": "17.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB2C482-D2A4-48B3-ACE7-E1DFDCC409B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "F0545634-EC4A-48E8-AB3D-49802FB11758",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "00720D8C-3FF3-4B1C-B74B-91F01A544399",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "A53FF936-C785-4CEF-BAD0-3C3EB90EE466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*",
              "matchCriteriaId": "88D6E858-FD8F-4C55-B7D5-CEEDA2BBA898",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*",
              "matchCriteriaId": "DB4D6749-81A1-41D7-BF4F-1C45A7F49A22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "436EF2ED-FDBB-4B64-8EC4-33C3E4253F06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "5AA37837-3083-4DC7-94F4-54FD5D7CB53C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*",
              "matchCriteriaId": "01EDA41C-6B2E-49AF-B503-EB3882265C11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades sin especificar en el motor de navegaci\u00f3n en Mozilla Firefox anterior a 18.0, Firefox ESR 10.x anterior a 10.0.12 y 17.x anterior a 17.0.2, Thunderbird anterior a 17.0.2, Thunderbird ESR 10.x anterior a 10.0.12 y 17.x anterior a 17.0.2, y SeaMonkey anterior a 2.15, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria y ca\u00edda de aplicaci\u00f3n) o posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores desconocidos."
    }
  ],
  "id": "CVE-2013-0749",
  "lastModified": "2024-11-21T01:48:07.540",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-01-13T20:55:01.667",
  "references": [
    {
      "source": "security@mozilla.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-01.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.palemoon.org/releasenotes-ng.shtml"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1681-1"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1681-2"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1681-4"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=785358"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=794426"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=805745"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=805814"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808481"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=812847"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=814407"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=814839"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=816994"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16953"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-01.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.palemoon.org/releasenotes-ng.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1681-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1681-2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1681-4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=785358"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=794426"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=805745"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=805814"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808481"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=812847"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=814407"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=814839"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=816994"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16953"
    }
  ],
  "sourceIdentifier": "security@mozilla.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-02-13 01:55
Modified
2024-11-21 01:45
Severity ?
Summary
Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service (guest OS crash) and possibly execute arbitrary guest code via a large packet.
References
secalert@redhat.comhttp://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=b0d9ffcd0251161c7c92f94804dcf599dfa3edeb
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2013-January/097541.htmlThird Party Advisory
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2013-January/097575.htmlThird Party Advisory
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2013-January/097705.htmlThird Party Advisory
secalert@redhat.comhttp://lists.nongnu.org/archive/html/qemu-devel/2012-12/msg00533.htmlPatch, Third Party Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.htmlThird Party Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2013-04/msg00051.htmlThird Party Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2013-04/msg00052.htmlThird Party Advisory
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2013-0599.htmlThird Party Advisory
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2013-0608.htmlThird Party Advisory
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2013-0609.htmlThird Party Advisory
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2013-0610.htmlThird Party Advisory
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2013-0639.htmlThird Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/55082Third Party Advisory
secalert@redhat.comhttp://security.gentoo.org/glsa/glsa-201309-24.xmlThird Party Advisory
secalert@redhat.comhttp://www.debian.org/security/2013/dsa-2607Third Party Advisory
secalert@redhat.comhttp://www.debian.org/security/2013/dsa-2608Third Party Advisory
secalert@redhat.comhttp://www.debian.org/security/2013/dsa-2619Third Party Advisory
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2012/12/30/1Mailing List, Third Party Advisory
secalert@redhat.comhttp://www.securityfocus.com/bid/57420Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-1692-1Third Party Advisory
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=889301Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=b0d9ffcd0251161c7c92f94804dcf599dfa3edeb
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097541.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097575.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097705.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.nongnu.org/archive/html/qemu-devel/2012-12/msg00533.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2013-04/msg00051.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2013-04/msg00052.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-0599.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-0608.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-0609.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-0610.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-0639.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/55082Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-201309-24.xmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2013/dsa-2607Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2013/dsa-2608Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2013/dsa-2619Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2012/12/30/1Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/57420Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1692-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=889301Issue Tracking, Third Party Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E663E62-0A5F-4B37-B629-51EE53A5FDCD",
              "versionEndExcluding": "1.3.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*",
              "matchCriteriaId": "706C6399-CAD1-46E3-87A2-8DFE2CF497ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DA9D861-3EAF-42F5-B0B6-A4CD7BDD6188",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*",
              "matchCriteriaId": "E14271AE-1309-48F3-B9C6-D7DEEC488279",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB2C482-D2A4-48B3-ACE7-E1DFDCC409B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:ltss:*:*:*",
              "matchCriteriaId": "67960FB9-13D1-4DEE-8158-31BF31BCBE6F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:5.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "6252E88C-27FF-420D-A64A-C34124CF7E6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A8E07B7-3739-4BEB-88F8-C7F62431E889",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "92C9F1C4-55B0-426D-BB5E-01372C23AF97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF83BB87-B203-48F9-9D06-48A5FE399050",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:virtualization:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D86166F9-BBF0-4650-8CCD-0F9C97104D21",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*",
              "matchCriteriaId": "01EDA41C-6B2E-49AF-B503-EB3882265C11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service (guest OS crash) and possibly execute arbitrary guest code via a large packet."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de buffer en la funci\u00f3n e1000_receive del controlador de dispositivo e1000 (hw/e1000.c) en QEMU v1.3.0-rc2 y otras versiones, cuando las banderas de PAS y LPE est\u00e1n deshabilitadas, permiten ataques remotos que provocan una denegaci\u00f3n de servicios (errores en el sistema operativo invitado) y posiblemente ejecutar c\u00f3digo arbitrario."
    }
  ],
  "id": "CVE-2012-6075",
  "lastModified": "2024-11-21T01:45:46.030",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-02-13T01:55:03.027",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=b0d9ffcd0251161c7c92f94804dcf599dfa3edeb"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097541.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097575.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097705.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://lists.nongnu.org/archive/html/qemu-devel/2012-12/msg00533.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00051.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00052.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0599.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0608.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0609.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0610.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0639.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/55082"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://security.gentoo.org/glsa/glsa-201309-24.xml"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2013/dsa-2607"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2013/dsa-2608"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2013/dsa-2619"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2012/12/30/1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/57420"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1692-1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=889301"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=b0d9ffcd0251161c7c92f94804dcf599dfa3edeb"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097541.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097575.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097705.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://lists.nongnu.org/archive/html/qemu-devel/2012-12/msg00533.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00051.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00052.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0599.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0608.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0609.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0610.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0639.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/55082"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://security.gentoo.org/glsa/glsa-201309-24.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2013/dsa-2607"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2013/dsa-2608"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2013/dsa-2619"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2012/12/30/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/57420"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1692-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=889301"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-120"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}