Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2016-1008 (GCVE-0-2016-1008)
Vulnerability from cvelistv5
Published
2016-03-09 11:00
Modified
2024-08-05 22:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC Classic before 15.006.30121, and Acrobat and Acrobat Reader DC Continuous before 15.010.20060 on Windows and OS X allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:38:41.405Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "84216",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/84216"
},
{
"name": "1035199",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035199"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-190"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/acrobat/apsb16-09.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC Classic before 15.006.30121, and Acrobat and Acrobat Reader DC Continuous before 15.010.20060 on Windows and OS X allows local users to gain privileges via a Trojan horse DLL in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-01T15:57:02",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"name": "84216",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/84216"
},
{
"name": "1035199",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035199"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-190"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://helpx.adobe.com/security/products/acrobat/apsb16-09.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2016-1008",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC Classic before 15.006.30121, and Acrobat and Acrobat Reader DC Continuous before 15.010.20060 on Windows and OS X allows local users to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "84216",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/84216"
},
{
"name": "1035199",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035199"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-16-190",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-190"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb16-09.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb16-09.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2016-1008",
"datePublished": "2016-03-09T11:00:00",
"dateReserved": "2015-12-22T00:00:00",
"dateUpdated": "2024-08-05T22:38:41.405Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2016-1008\",\"sourceIdentifier\":\"psirt@adobe.com\",\"published\":\"2016-03-09T11:59:38.390\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC Classic before 15.006.30121, and Acrobat and Acrobat Reader DC Continuous before 15.010.20060 on Windows and OS X allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de b\u00fasqueda de ruta no confiable en Adobe Reader y Acrobat en versiones anteriores a 11.0.15, Acrobat y Acrobat Reader DC Classic en versiones anteriores a 15.006.30121 y Acrobat y Acrobat Reader DC Continuous en versiones anteriores a 15.010.20060 on Windows y OS X permiten a usarios locales obtener privilegios a trav\u00e9s de un Troyano DLL en un directorio no especificado.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.5,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"11.0.14\",\"matchCriteriaId\":\"0F640519-AC29-4AAD-9E5D-FAA2A42930A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*\",\"versionEndIncluding\":\"15.006.30119\",\"matchCriteriaId\":\"14199FDB-C9BB-4695-BE8F-CF7F6A16C41A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*\",\"versionEndIncluding\":\"15.010.20059\",\"matchCriteriaId\":\"D969AF0E-E641-41B8-98CE-9572B6BC59E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"11.0.14\",\"matchCriteriaId\":\"929937F6-EFBC-4C9A-8241-4C25E98DF2EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*\",\"versionEndIncluding\":\"15.010.20059\",\"matchCriteriaId\":\"39A607EC-FB10-42C2-B8EF-95772AD6D3E0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30119:*:*:*:classic:*:*:*\",\"matchCriteriaId\":\"8C9D040E-7C2E-4CBA-AC27-3D5A8C49A098\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0FF5999A-9D12-4CDD-8DE9-A89C10B2D574\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CF61F35-5905-4BA9-AD7E-7DB261D2F256\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/84216\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://www.securitytracker.com/id/1035199\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://www.zerodayinitiative.com/advisories/ZDI-16-190\",\"source\":\"psirt@adobe.com\"},{\"url\":\"https://helpx.adobe.com/security/products/acrobat/apsb16-09.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/84216\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1035199\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.zerodayinitiative.com/advisories/ZDI-16-190\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://helpx.adobe.com/security/products/acrobat/apsb16-09.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
}
}
CERTFR-2017-AVI-034
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-LTSS | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 12 | ||
| SUSE | N/A | SUSE Linux Enterprise Debuginfo 11-SP2 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server pour SAP 12 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 11-SP2-LTSS |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise Server 12-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 12",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Debuginfo 11-SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server pour SAP 12",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 11-SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-7097",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7097"
},
{
"name": "CVE-2016-7916",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7916"
},
{
"name": "CVE-2016-5829",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5829"
},
{
"name": "CVE-2013-4312",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4312"
},
{
"name": "CVE-2016-4578",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4578"
},
{
"name": "CVE-2016-4997",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4997"
},
{
"name": "CVE-2016-4805",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4805"
},
{
"name": "CVE-2016-4470",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4470"
},
{
"name": "CVE-2015-7833",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7833"
},
{
"name": "CVE-2016-4485",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4485"
},
{
"name": "CVE-2016-9793",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9793"
},
{
"name": "CVE-2016-1583",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1583"
},
{
"name": "CVE-2016-9756",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9756"
},
{
"name": "CVE-2016-5244",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5244"
},
{
"name": "CVE-2004-0230",
"url": "https://www.cve.org/CVERecord?id=CVE-2004-0230"
},
{
"name": "CVE-2015-1350",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1350"
},
{
"name": "CVE-2016-9685",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9685"
},
{
"name": "CVE-2016-7425",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7425"
},
{
"name": "CVE-2016-4565",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4565"
},
{
"name": "CVE-2016-4913",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4913"
},
{
"name": "CVE-2016-9555",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9555"
},
{
"name": "CVE-2016-8399",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8399"
},
{
"name": "CVE-2016-8633",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8633"
},
{
"name": "CVE-2015-7513",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7513"
},
{
"name": "CVE-2016-3841",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3841"
},
{
"name": "CVE-2015-8956",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8956"
},
{
"name": "CVE-2012-6704",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6704"
},
{
"name": "CVE-2016-4569",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4569"
},
{
"name": "CVE-2016-1008",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1008"
},
{
"name": "CVE-2016-6480",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6480"
},
{
"name": "CVE-2016-4580",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4580"
},
{
"name": "CVE-2016-9806",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9806"
},
{
"name": "CVE-2016-2187",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2187"
},
{
"name": "CVE-2016-7042",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7042"
},
{
"name": "CVE-2016-0823",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0823"
},
{
"name": "CVE-2016-2189",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2189"
},
{
"name": "CVE-2016-4998",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4998"
},
{
"name": "CVE-2016-4482",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4482"
},
{
"name": "CVE-2016-8646",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8646"
},
{
"name": "CVE-2016-7117",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7117"
},
{
"name": "CVE-2015-8962",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8962"
},
{
"name": "CVE-2016-7910",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7910"
},
{
"name": "CVE-2016-7911",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7911"
},
{
"name": "CVE-2017-5551",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5551"
},
{
"name": "CVE-2015-8964",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8964"
},
{
"name": "CVE-2016-6828",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6828"
},
{
"name": "CVE-2016-8632",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8632"
}
],
"initial_release_date": "2017-01-31T00:00:00",
"last_revision_date": "2017-01-31T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2017:0307-1 du 27 janvier 2017",
"url": "https://www.suse.com//support/update/announcement/2017/suse-su-20170307-1.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2017:0333-1 du 30 janvier 2017",
"url": "https://www.suse.com//support/update/announcement/2017/suse-su-20170333-1.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SSUSE-SU-2017:0303-1 du 27 janvier 2017",
"url": "https://www.suse.com//support/update/announcement/2017/suse-su-20170303-1.html"
}
],
"reference": "CERTFR-2017-AVI-034",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2017-01-31T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ele noyau Linux de SUSE\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2017:0333-1 du 30 janvier 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2017:0307-1 du 27 janvier 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SSUSE-SU-2017:0303-1 du 27 janvier 2017",
"url": null
}
]
}
CERTFR-2017-AVI-044
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans le noyau Linux de Suse. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | N/A | SUSE Linux Enterprise Debuginfo 11-SP4 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 11-SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise Software Development Kit 11-SP4 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 11-EXTRA |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise Debuginfo 11-SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 11-SP4",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Software Development Kit 11-SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 11-EXTRA",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2013-6368",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-6368"
},
{
"name": "CVE-2016-7916",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7916"
},
{
"name": "CVE-2016-9793",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9793"
},
{
"name": "CVE-2016-9756",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9756"
},
{
"name": "CVE-2004-0230",
"url": "https://www.cve.org/CVERecord?id=CVE-2004-0230"
},
{
"name": "CVE-2015-1350",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1350"
},
{
"name": "CVE-2016-5696",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5696"
},
{
"name": "CVE-2016-9685",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9685"
},
{
"name": "CVE-2016-9555",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9555"
},
{
"name": "CVE-2016-8399",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8399"
},
{
"name": "CVE-2016-8633",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8633"
},
{
"name": "CVE-2012-6704",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6704"
},
{
"name": "CVE-2016-9576",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9576"
},
{
"name": "CVE-2016-1008",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1008"
},
{
"name": "CVE-2016-8646",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8646"
},
{
"name": "CVE-2015-8962",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8962"
},
{
"name": "CVE-2016-7910",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7910"
},
{
"name": "CVE-2016-7911",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7911"
},
{
"name": "CVE-2017-5551",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5551"
},
{
"name": "CVE-2015-8964",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8964"
},
{
"name": "CVE-2016-8632",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8632"
}
],
"initial_release_date": "2017-02-10T00:00:00",
"last_revision_date": "2017-02-10T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Suse suse-su-20170437-1 du 09 f\u00e9vrier 2017",
"url": "https://www.suse.com//support/update/announcement/2017/suse-su-20170437-1.html"
}
],
"reference": "CERTFR-2017-AVI-044",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2017-02-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ele noyau Linux de Suse\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9\ndes donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Suse",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Suse suse-su-20170437-1 du 09 f\u00e9vrier 2017",
"url": null
}
]
}
CERTFR-2017-AVI-054
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans le noyau Linux de Suse. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et une exécution de code arbitraire.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 11-SP3-LTSS | ||
| SUSE | N/A | SUSE Linux Enterprise Point of Sale 11-SP3 | ||
| SUSE | N/A | SUSE Manager 2.1 | ||
| SUSE | N/A | SUSE Linux Enterprise Debuginfo 11-SP3 | ||
| SUSE | N/A | SUSE OpenStack Cloud 5 | ||
| SUSE | SUSE Manager Proxy | SUSE Manager Proxy 2.1 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 11-EXTRA |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise Server 11-SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Point of Sale 11-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager 2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Debuginfo 11-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE OpenStack Cloud 5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Proxy 2.1",
"product": {
"name": "SUSE Manager Proxy",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 11-EXTRA",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-7097",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7097"
},
{
"name": "CVE-2016-7916",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7916"
},
{
"name": "CVE-2016-9793",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9793"
},
{
"name": "CVE-2016-9756",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9756"
},
{
"name": "CVE-2004-0230",
"url": "https://www.cve.org/CVERecord?id=CVE-2004-0230"
},
{
"name": "CVE-2015-1350",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1350"
},
{
"name": "CVE-2016-9685",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9685"
},
{
"name": "CVE-2016-7425",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7425"
},
{
"name": "CVE-2016-9555",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9555"
},
{
"name": "CVE-2016-8399",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8399"
},
{
"name": "CVE-2016-8633",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8633"
},
{
"name": "CVE-2016-3841",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3841"
},
{
"name": "CVE-2015-8956",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8956"
},
{
"name": "CVE-2012-6704",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6704"
},
{
"name": "CVE-2016-9576",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9576"
},
{
"name": "CVE-2016-1008",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1008"
},
{
"name": "CVE-2016-7042",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7042"
},
{
"name": "CVE-2016-0823",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0823"
},
{
"name": "CVE-2016-8646",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8646"
},
{
"name": "CVE-2016-7117",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7117"
},
{
"name": "CVE-2015-8962",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8962"
},
{
"name": "CVE-2016-7910",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7910"
},
{
"name": "CVE-2016-7911",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7911"
},
{
"name": "CVE-2017-5551",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5551"
},
{
"name": "CVE-2015-8970",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8970"
},
{
"name": "CVE-2015-8964",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8964"
},
{
"name": "CVE-2016-6828",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6828"
},
{
"name": "CVE-2016-8632",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8632"
}
],
"initial_release_date": "2017-02-20T00:00:00",
"last_revision_date": "2017-02-20T00:00:00",
"links": [],
"reference": "CERTFR-2017-AVI-054",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2017-02-20T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ele noyau Linux de Suse\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code arbitraire \u00e0 distance et\nune ex\u00e9cution de code arbitraire.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Suse",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Suse du 17 f\u00e9vrier 2017",
"url": "https://www.suse.com//support/update/announcement/2017/suse-su-20170494-1.html"
}
]
}
CERTFR-2017-AVI-042
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans le noyau Linux de Suse. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une exécution de code arbitraire et un déni de service.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
SUSE Linux Enterprise Real Time Extension 12-SP1
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eSUSE Linux Enterprise Real Time Extension 12-SP1\u003c/P\u003e",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-9794",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9794"
},
{
"name": "CVE-2017-2584",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2584"
},
{
"name": "CVE-2016-7914",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7914"
},
{
"name": "CVE-2016-7913",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7913"
},
{
"name": "CVE-2016-9793",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9793"
},
{
"name": "CVE-2016-9756",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9756"
},
{
"name": "CVE-2016-9555",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9555"
},
{
"name": "CVE-2016-8399",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8399"
},
{
"name": "CVE-2016-8633",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8633"
},
{
"name": "CVE-2015-8963",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8963"
},
{
"name": "CVE-2016-9083",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9083"
},
{
"name": "CVE-2016-9576",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9576"
},
{
"name": "CVE-2017-2583",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2583"
},
{
"name": "CVE-2016-1008",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1008"
},
{
"name": "CVE-2016-9806",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9806"
},
{
"name": "CVE-2016-8655",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8655"
},
{
"name": "CVE-2016-8645",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8645"
},
{
"name": "CVE-2015-8962",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8962"
},
{
"name": "CVE-2016-7910",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7910"
},
{
"name": "CVE-2016-7911",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7911"
},
{
"name": "CVE-2017-5551",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5551"
},
{
"name": "CVE-2015-8964",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8964"
},
{
"name": "CVE-2016-9084",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9084"
},
{
"name": "CVE-2016-8632",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8632"
}
],
"initial_release_date": "2017-02-07T00:00:00",
"last_revision_date": "2017-02-07T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Suse suse-su-20170407-1 du 06 f\u00e9vrier 2017",
"url": "https://www.suse.com//support/update/announcement/2017/suse-su-20170407-1.html"
}
],
"reference": "CERTFR-2017-AVI-042",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2017-02-07T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ele noyau Linux de Suse\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une ex\u00e9cution de code arbitraire et un d\u00e9ni de service.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Suse",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Suse suse-su-20170407-1 du 06 f\u00e9vrier 2017",
"url": null
}
]
}
CERTFR-2017-AVI-131
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un déni de service.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | SUSE Linux Enterprise Real Time | SUSE Linux Enterprise Real Time Extension 11-SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise Debuginfo 11-SP4 |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise Real Time Extension 11-SP4",
"product": {
"name": "SUSE Linux Enterprise Real Time",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Debuginfo 11-SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-9794",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9794"
},
{
"name": "CVE-2013-6368",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-6368"
},
{
"name": "CVE-2016-7097",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7097"
},
{
"name": "CVE-2016-7916",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7916"
},
{
"name": "CVE-2016-9793",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9793"
},
{
"name": "CVE-2016-9756",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9756"
},
{
"name": "CVE-2004-0230",
"url": "https://www.cve.org/CVERecord?id=CVE-2004-0230"
},
{
"name": "CVE-2015-1350",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1350"
},
{
"name": "CVE-2016-5696",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5696"
},
{
"name": "CVE-2016-9685",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9685"
},
{
"name": "CVE-2016-9555",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9555"
},
{
"name": "CVE-2016-8399",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8399"
},
{
"name": "CVE-2016-8633",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8633"
},
{
"name": "CVE-2016-3841",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3841"
},
{
"name": "CVE-2015-8956",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8956"
},
{
"name": "CVE-2012-6704",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6704"
},
{
"name": "CVE-2016-9576",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9576"
},
{
"name": "CVE-2016-1008",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1008"
},
{
"name": "CVE-2016-7042",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7042"
},
{
"name": "CVE-2016-8646",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8646"
},
{
"name": "CVE-2016-7117",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7117"
},
{
"name": "CVE-2015-8962",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8962"
},
{
"name": "CVE-2016-7910",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7910"
},
{
"name": "CVE-2016-7911",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7911"
},
{
"name": "CVE-2017-5551",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5551"
},
{
"name": "CVE-2015-8964",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8964"
},
{
"name": "CVE-2016-8632",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8632"
}
],
"initial_release_date": "2017-04-26T00:00:00",
"last_revision_date": "2017-04-26T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2017:1102-1 du 25 avril 2017",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20171102-1/"
}
],
"reference": "CERTFR-2017-AVI-131",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2017-04-26T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ele noyau Linux de SUSE\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et un d\u00e9ni de service.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2017:1102-1 du 25 avril 2017",
"url": null
}
]
}
CERTFR-2017-AVI-050
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une exécution de code arbitraire et un déni de service.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 12 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP1 | ||
| SUSE | SUSE Linux Enterprise Desktop | SUSE Linux Enterprise Desktop 12-SP1 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Public Cloud 12 | ||
| SUSE | N/A | SUSE Linux Enterprise Workstation Extension 12-SP1 | ||
| SUSE | N/A | SUSE Linux Enterprise Software Development Kit 12-SP1 |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise Live Patching 12",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP1",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Desktop 12-SP1",
"product": {
"name": "SUSE Linux Enterprise Desktop",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Public Cloud 12",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Workstation Extension 12-SP1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Software Development Kit 12-SP1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-2584",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2584"
},
{
"name": "CVE-2016-7914",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7914"
},
{
"name": "CVE-2016-7913",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7913"
},
{
"name": "CVE-2016-9793",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9793"
},
{
"name": "CVE-2016-9756",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9756"
},
{
"name": "CVE-2016-8399",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8399"
},
{
"name": "CVE-2016-8633",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8633"
},
{
"name": "CVE-2015-8963",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8963"
},
{
"name": "CVE-2016-9083",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9083"
},
{
"name": "CVE-2017-2583",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2583"
},
{
"name": "CVE-2016-1008",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1008"
},
{
"name": "CVE-2016-9806",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9806"
},
{
"name": "CVE-2016-8645",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8645"
},
{
"name": "CVE-2015-8962",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8962"
},
{
"name": "CVE-2016-7910",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7910"
},
{
"name": "CVE-2016-7911",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7911"
},
{
"name": "CVE-2017-5551",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5551"
},
{
"name": "CVE-2015-8964",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8964"
},
{
"name": "CVE-2016-9084",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9084"
}
],
"initial_release_date": "2017-02-15T00:00:00",
"last_revision_date": "2017-02-15T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2017:0464-1 du 14 f\u00e9vrier 2017",
"url": "https://www.suse.com//support/update/announcement/2017/suse-su-20170464-1.html"
}
],
"reference": "CERTFR-2017-AVI-050",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2017-02-15T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ele noyau Linux de SUSE\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une ex\u00e9cution de code arbitraire et un d\u00e9ni de service.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux SUSE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2017:0464-1 du 14 f\u00e9vrier 2017",
"url": null
}
]
}
CERTFR-2016-AVI-085
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans les produits Adobe. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Adobe | N/A | Adobe Reader XI versions antérieures à 11.0.15 pour Windows et Macintosh | ||
| Adobe | N/A | Adobe Digital Editions versions antérieures à 4.5.1 pour Windows, Macintosh, iOS et Android | ||
| Adobe | Acrobat DC | Adobe Acrobat DC versions antérieures à 15.010.20060 pour Windows et Macintosh | ||
| Adobe | Acrobat | Adobe Acrobat XI versions antérieures à 11.0.15 pour Windows et Macintosh | ||
| Adobe | Acrobat DC | Adobe Acrobat DC (Classic) versions antérieures à 15.06.30121 pour Windows et Macintosh | ||
| Adobe | Acrobat Reader DC | Adobe Acrobat Reader DC (Classic) versions antérieures à 15.06.30121 pour Windows et Macintosh | ||
| Adobe | Acrobat Reader DC | Adobe Acrobat Reader DC versions antérieures à 15.010.20060 pour Windows et Macintosh |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Adobe Reader XI versions ant\u00e9rieures \u00e0 11.0.15 pour Windows et Macintosh",
"product": {
"name": "N/A",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Digital Editions versions ant\u00e9rieures \u00e0 4.5.1 pour Windows, Macintosh, iOS et Android",
"product": {
"name": "N/A",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Acrobat DC versions ant\u00e9rieures \u00e0 15.010.20060 pour Windows et Macintosh",
"product": {
"name": "Acrobat DC",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Acrobat XI versions ant\u00e9rieures \u00e0 11.0.15 pour Windows et Macintosh",
"product": {
"name": "Acrobat",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Acrobat DC (Classic) versions ant\u00e9rieures \u00e0 15.06.30121 pour Windows et Macintosh",
"product": {
"name": "Acrobat DC",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Acrobat Reader DC (Classic) versions ant\u00e9rieures \u00e0 15.06.30121 pour Windows et Macintosh",
"product": {
"name": "Acrobat Reader DC",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Acrobat Reader DC versions ant\u00e9rieures \u00e0 15.010.20060 pour Windows et Macintosh",
"product": {
"name": "Acrobat Reader DC",
"vendor": {
"name": "Adobe",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-1009",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1009"
},
{
"name": "CVE-2016-0954",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0954"
},
{
"name": "CVE-2016-1007",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1007"
},
{
"name": "CVE-2016-1008",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1008"
}
],
"initial_release_date": "2016-03-08T00:00:00",
"last_revision_date": "2016-03-08T00:00:00",
"links": [],
"reference": "CERTFR-2016-AVI-085",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-03-08T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Adobe\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Adobe",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Adobe apsb16-06 du 08 mars 2016",
"url": "https://helpx.adobe.com/security/products/Digital-Editions/apsb16-06.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Adobe apsb16-09 du 08 mars 2016",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb16-09.html"
}
]
}
CERTFR-2017-AVI-058
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans le noyau Linux d'Ubuntu. Elles permettent à un attaquant de provoquer un déni de service, une atteinte à la confidentialité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ubuntu 16.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 12.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 16.10",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 14.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-5549",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5549"
},
{
"name": "CVE-2017-2584",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2584"
},
{
"name": "CVE-2017-6074",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6074"
},
{
"name": "CVE-2017-2583",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2583"
},
{
"name": "CVE-2016-1008",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1008"
},
{
"name": "CVE-2016-9588",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9588"
},
{
"name": "CVE-2016-9191",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9191"
},
{
"name": "CVE-2016-7910",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7910"
},
{
"name": "CVE-2016-7911",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7911"
}
],
"initial_release_date": "2017-02-22T00:00:00",
"last_revision_date": "2017-02-22T00:00:00",
"links": [],
"reference": "CERTFR-2017-AVI-058",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2017-02-22T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ele noyau Linux d\u0027Ubuntu\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service, une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu usn-3207-1 du 21 f\u00e9vrier 2017",
"url": "https://www.ubuntu.com/usn/usn-3207-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu usn-3208-1 du 22 f\u00e9vrier 2017",
"url": "https://www.ubuntu.com/usn/usn-3208-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu usn-3207-2 du 21 f\u00e9vrier 2017",
"url": "https://www.ubuntu.com/usn/usn-3207-2/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu usn-3208-2 du 22 f\u00e9vrier 2017",
"url": "https://www.ubuntu.com/usn/usn-3208-2/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu usn-3209-1 du 22 f\u00e9vrier 2017",
"url": "https://www.ubuntu.com/usn/usn-3209-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu usn-3206-1 du 21 f\u00e9vrier 2017",
"url": "https://www.ubuntu.com/usn/usn-3206-1/"
}
]
}
CERTFR-2017-AVI-053
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une exécution de code arbitraire et un déni de service.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server pour SAP 12 sans le dernier correctif de sécurité | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-LTSS sans le dernier correctif de sécurité | ||
| SUSE | N/A | SUSE Linux Enterprise Module pour Public Cloud 12 sans le dernier correctif de sécurité |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise Server pour SAP 12 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-LTSS sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module pour Public Cloud 12 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-7097",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7097"
},
{
"name": "CVE-2016-5829",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5829"
},
{
"name": "CVE-2017-2584",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2584"
},
{
"name": "CVE-2016-7914",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7914"
},
{
"name": "CVE-2016-4470",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4470"
},
{
"name": "CVE-2016-5828",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5828"
},
{
"name": "CVE-2016-7913",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7913"
},
{
"name": "CVE-2016-9793",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9793"
},
{
"name": "CVE-2016-9756",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9756"
},
{
"name": "CVE-2014-9904",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9904"
},
{
"name": "CVE-2016-5696",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5696"
},
{
"name": "CVE-2016-7425",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7425"
},
{
"name": "CVE-2016-8399",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8399"
},
{
"name": "CVE-2016-8633",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8633"
},
{
"name": "CVE-2015-8963",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8963"
},
{
"name": "CVE-2016-6130",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6130"
},
{
"name": "CVE-2015-8956",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8956"
},
{
"name": "CVE-2016-9083",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9083"
},
{
"name": "CVE-2017-2583",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2583"
},
{
"name": "CVE-2016-1008",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1008"
},
{
"name": "CVE-2016-6480",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6480"
},
{
"name": "CVE-2016-9806",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9806"
},
{
"name": "CVE-2016-7042",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7042"
},
{
"name": "CVE-2016-6327",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6327"
},
{
"name": "CVE-2016-4998",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4998"
},
{
"name": "CVE-2016-8645",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8645"
},
{
"name": "CVE-2015-8962",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8962"
},
{
"name": "CVE-2016-7910",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7910"
},
{
"name": "CVE-2016-7911",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7911"
},
{
"name": "CVE-2017-5551",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5551"
},
{
"name": "CVE-2015-8964",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8964"
},
{
"name": "CVE-2016-8658",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8658"
},
{
"name": "CVE-2016-9084",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9084"
},
{
"name": "CVE-2016-6828",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6828"
}
],
"initial_release_date": "2017-02-16T00:00:00",
"last_revision_date": "2017-02-16T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2017:0471-1 du 15 f\u00e9vrier 2017",
"url": "https://www.suse.com//support/update/announcement/2017/suse-su-20170471-1.html"
}
],
"reference": "CERTFR-2017-AVI-053",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2017-02-16T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ele noyau Linux de SUSE\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une ex\u00e9cution de code arbitraire et un d\u00e9ni de service.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2017:0471-1 du 15 f\u00e9vrier 2017",
"url": null
}
]
}
fkie_cve-2016-1008
Vulnerability from fkie_nvd
Published
2016-03-09 11:59
Modified
2025-04-12 10:46
Severity ?
Summary
Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC Classic before 15.006.30121, and Acrobat and Acrobat Reader DC Continuous before 15.010.20060 on Windows and OS X allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@adobe.com | http://www.securityfocus.com/bid/84216 | ||
| psirt@adobe.com | http://www.securitytracker.com/id/1035199 | ||
| psirt@adobe.com | http://www.zerodayinitiative.com/advisories/ZDI-16-190 | ||
| psirt@adobe.com | https://helpx.adobe.com/security/products/acrobat/apsb16-09.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/84216 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1035199 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.zerodayinitiative.com/advisories/ZDI-16-190 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://helpx.adobe.com/security/products/acrobat/apsb16-09.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| adobe | acrobat | * | |
| adobe | acrobat_dc | * | |
| adobe | acrobat_dc | * | |
| adobe | acrobat_reader | * | |
| adobe | acrobat_reader_dc | * | |
| adobe | acrobat_reader_dc | 15.006.30119 | |
| apple | mac_os_x | * | |
| microsoft | windows | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0F640519-AC29-4AAD-9E5D-FAA2A42930A3",
"versionEndIncluding": "11.0.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*",
"matchCriteriaId": "14199FDB-C9BB-4695-BE8F-CF7F6A16C41A",
"versionEndIncluding": "15.006.30119",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*",
"matchCriteriaId": "D969AF0E-E641-41B8-98CE-9572B6BC59E9",
"versionEndIncluding": "15.010.20059",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*",
"matchCriteriaId": "929937F6-EFBC-4C9A-8241-4C25E98DF2EB",
"versionEndIncluding": "11.0.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*",
"matchCriteriaId": "39A607EC-FB10-42C2-B8EF-95772AD6D3E0",
"versionEndIncluding": "15.010.20059",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30119:*:*:*:classic:*:*:*",
"matchCriteriaId": "8C9D040E-7C2E-4CBA-AC27-3D5A8C49A098",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC Classic before 15.006.30121, and Acrobat and Acrobat Reader DC Continuous before 15.010.20060 on Windows and OS X allows local users to gain privileges via a Trojan horse DLL in an unspecified directory."
},
{
"lang": "es",
"value": "Vulnerabilidad de b\u00fasqueda de ruta no confiable en Adobe Reader y Acrobat en versiones anteriores a 11.0.15, Acrobat y Acrobat Reader DC Classic en versiones anteriores a 15.006.30121 y Acrobat y Acrobat Reader DC Continuous en versiones anteriores a 15.010.20060 on Windows y OS X permiten a usarios locales obtener privilegios a trav\u00e9s de un Troyano DLL en un directorio no especificado."
}
],
"id": "CVE-2016-1008",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.5,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-03-09T11:59:38.390",
"references": [
{
"source": "psirt@adobe.com",
"url": "http://www.securityfocus.com/bid/84216"
},
{
"source": "psirt@adobe.com",
"url": "http://www.securitytracker.com/id/1035199"
},
{
"source": "psirt@adobe.com",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-190"
},
{
"source": "psirt@adobe.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://helpx.adobe.com/security/products/acrobat/apsb16-09.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/84216"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035199"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-190"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://helpx.adobe.com/security/products/acrobat/apsb16-09.html"
}
],
"sourceIdentifier": "psirt@adobe.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
var-201603-0203
Vulnerability from variot
Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC Classic before 15.006.30121, and Acrobat and Acrobat Reader DC Continuous before 15.010.20060 on Windows and OS X allows local users to gain privileges via a Trojan horse DLL in an unspecified directory. DLL You may get permission through. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must open a malicious file.The specific flaw exists within the handling of DLL search paths. In specific situations an attacker can force Acrobat Pro DC to load an arbitrary DLL from specific locations. An attacker can leverage this vulnerability to execute code under the context of the current process. Adobe Acrobat DC, etc. are all products of Adobe (Adobe) in the United States. Acrobat DC is a desktop PDF solution; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. A security vulnerability exists in several Adobe products due to the program not properly initializing gesture properties
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201603-0203",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "acrobat reader dc",
"scope": "eq",
"trust": 1.6,
"vendor": "adobe",
"version": "15.006.30119"
},
{
"model": "acrobat",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "11.0.14"
},
{
"model": "acrobat reader",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "11.0.14"
},
{
"model": "acrobat dc",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "15.010.20059"
},
{
"model": "acrobat dc",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "15.006.30119"
},
{
"model": "acrobat reader dc",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "15.010.20059"
},
{
"model": "acrobat",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "xi desktop 11.0.15 (windows/macintosh)"
},
{
"model": "acrobat dc",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "classic 15.006.30121 (windows/macintosh)"
},
{
"model": "acrobat dc",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "continuous track 15.010.20060 (windows/macintosh)"
},
{
"model": "acrobat reader dc",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "classic 15.006.30121 (windows/macintosh)"
},
{
"model": "acrobat reader dc",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "continuous track 15.010.20060 (windows/macintosh)"
},
{
"model": "reader",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "xi desktop 11.0.15 (windows/macintosh)"
},
{
"model": "acrobat pro dc",
"scope": null,
"trust": 0.7,
"vendor": "adobe",
"version": null
},
{
"model": "acrobat",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "11.0.14"
},
{
"model": "acrobat reader dc",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "15.010.20059"
},
{
"model": "acrobat dc",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "15.010.20059"
},
{
"model": "acrobat dc",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "15.006.30119"
},
{
"model": "acrobat reader",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "11.0.14"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-190"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001699"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-078"
},
{
"db": "NVD",
"id": "CVE-2016-1008"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:adobe:acrobat",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:acrobat_dc",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:acrobat_reader_dc",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:acrobat_reader",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001699"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AbdulAziz Hariri and Jasiel Spelman of HP Zero Day Initiative",
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-190"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-078"
}
],
"trust": 1.3
},
"cve": "CVE-2016-1008",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2016-1008",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-1008",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-88820",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.5,
"id": "CVE-2016-1008",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-1008",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-1008",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2016-1008",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201603-078",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-88820",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-1008",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-190"
},
{
"db": "VULHUB",
"id": "VHN-88820"
},
{
"db": "VULMON",
"id": "CVE-2016-1008"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001699"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-078"
},
{
"db": "NVD",
"id": "CVE-2016-1008"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC Classic before 15.006.30121, and Acrobat and Acrobat Reader DC Continuous before 15.010.20060 on Windows and OS X allows local users to gain privileges via a Trojan horse DLL in an unspecified directory. DLL You may get permission through. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must open a malicious file.The specific flaw exists within the handling of DLL search paths. In specific situations an attacker can force Acrobat Pro DC to load an arbitrary DLL from specific locations. An attacker can leverage this vulnerability to execute code under the context of the current process. Adobe Acrobat DC, etc. are all products of Adobe (Adobe) in the United States. Acrobat DC is a desktop PDF solution; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. A security vulnerability exists in several Adobe products due to the program not properly initializing gesture properties",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1008"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001699"
},
{
"db": "ZDI",
"id": "ZDI-16-190"
},
{
"db": "VULHUB",
"id": "VHN-88820"
},
{
"db": "VULMON",
"id": "CVE-2016-1008"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-1008",
"trust": 3.3
},
{
"db": "ZDI",
"id": "ZDI-16-190",
"trust": 1.8
},
{
"db": "BID",
"id": "84216",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1035199",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001699",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3111",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201603-078",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-88820",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-1008",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-190"
},
{
"db": "VULHUB",
"id": "VHN-88820"
},
{
"db": "VULMON",
"id": "CVE-2016-1008"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001699"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-078"
},
{
"db": "NVD",
"id": "CVE-2016-1008"
}
]
},
"id": "VAR-201603-0203",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-88820"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:27:02.661000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APSB16-09",
"trust": 1.5,
"url": "https://helpx.adobe.com/security/products/acrobat/apsb16-09.html"
},
{
"title": "APSB16-09",
"trust": 0.8,
"url": "https://helpx.adobe.com/jp/security/products/acrobat/apsb16-09.html"
},
{
"title": "Multiple Adobe Fixes for product arbitrary code execution vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60438"
},
{
"title": null,
"trust": 0.1,
"url": "https://threatpost.com/adobe-patches-reader-and-acrobat-teases-upcoming-flash-update/116662/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-190"
},
{
"db": "VULMON",
"id": "CVE-2016-1008"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001699"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-078"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88820"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001699"
},
{
"db": "NVD",
"id": "CVE-2016-1008"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://helpx.adobe.com/security/products/acrobat/apsb16-09.html"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/84216"
},
{
"trust": 1.1,
"url": "http://www.zerodayinitiative.com/advisories/zdi-16-190"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1035199"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1008"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1008"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-190"
},
{
"db": "VULHUB",
"id": "VHN-88820"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001699"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-078"
},
{
"db": "NVD",
"id": "CVE-2016-1008"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-16-190"
},
{
"db": "VULHUB",
"id": "VHN-88820"
},
{
"db": "VULMON",
"id": "CVE-2016-1008"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001699"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-078"
},
{
"db": "NVD",
"id": "CVE-2016-1008"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-03-08T00:00:00",
"db": "ZDI",
"id": "ZDI-16-190"
},
{
"date": "2016-03-09T00:00:00",
"db": "VULHUB",
"id": "VHN-88820"
},
{
"date": "2016-03-09T00:00:00",
"db": "VULMON",
"id": "CVE-2016-1008"
},
{
"date": "2016-03-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001699"
},
{
"date": "2016-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201603-078"
},
{
"date": "2016-03-09T11:59:38.390000",
"db": "NVD",
"id": "CVE-2016-1008"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-03-08T00:00:00",
"db": "ZDI",
"id": "ZDI-16-190"
},
{
"date": "2016-12-03T00:00:00",
"db": "VULHUB",
"id": "VHN-88820"
},
{
"date": "2016-12-03T00:00:00",
"db": "VULMON",
"id": "CVE-2016-1008"
},
{
"date": "2016-03-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001699"
},
{
"date": "2016-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201603-078"
},
{
"date": "2024-11-21T02:45:34.943000",
"db": "NVD",
"id": "CVE-2016-1008"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201603-078"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerability gained in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001699"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201603-078"
}
],
"trust": 0.6
}
}
ghsa-pph4-2379-r5vx
Vulnerability from github
Published
2022-05-17 03:32
Modified
2022-05-17 03:32
Severity ?
VLAI Severity ?
Details
Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC Classic before 15.006.30121, and Acrobat and Acrobat Reader DC Continuous before 15.010.20060 on Windows and OS X allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.
{
"affected": [],
"aliases": [
"CVE-2016-1008"
],
"database_specific": {
"cwe_ids": [
"CWE-20"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-03-09T11:59:00Z",
"severity": "HIGH"
},
"details": "Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC Classic before 15.006.30121, and Acrobat and Acrobat Reader DC Continuous before 15.010.20060 on Windows and OS X allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.",
"id": "GHSA-pph4-2379-r5vx",
"modified": "2022-05-17T03:32:13Z",
"published": "2022-05-17T03:32:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1008"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb16-09.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/84216"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1035199"
},
{
"type": "WEB",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-190"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
cnvd-2016-01539
Vulnerability from cnvd
Title
多款Adobe产品任意代码执行漏洞(CNVD-2016-01539)
Description
Adobe Acrobat DC等都是美国奥多比(Adobe)公司的产品。Acrobat DC是一套桌面版PDF解决方案;Acrobat Reader DC是一套用于查看、打印和批注PDF的工具。Classic和Continuous是Acrobat DC和Acrobat Reader DC产品下载中心所提供的两种更新机制。
多款Adobe产品存在安全漏洞。由于程序未能正确初始化手势属性。远程攻击者利用该漏洞执行任意代码。
Severity
高
VLAI Severity ?
Patch Name
多款Adobe产品任意代码执行漏洞(CNVD-2016-01539)的补丁
Patch Description
Adobe Acrobat DC等都是美国奥多比(Adobe)公司的产品。Acrobat DC是一套桌面版PDF解决方案;Acrobat Reader DC是一套用于查看、打印和批注PDF的工具。Classic和Continuous是Acrobat DC和Acrobat Reader DC产品下载中心所提供的两种更新机制。
多款Adobe产品存在安全漏洞。由于程序未能正确初始化手势属性。远程攻击者利用该漏洞执行任意代码。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接: https://helpx.adobe.com/security/products/acrobat/apsb16-09.html
Reference
https://helpx.adobe.com/security/products/acrobat/apsb16-09.html
http://www.zerodayinitiative.com/advisories/ZDI-16-190
Impacted products
| Name | ['Adobe Reader and Acrobat < 11.0.15', 'Adobe Acrobat/Acrobat Reader DC Classic < 15.006.30121', 'Adobe Acrobat/Acrobat Reader DC Continuous(on Windows/OS X) < 15.010.20060'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2016-1008"
}
},
"description": "Adobe Acrobat DC\u7b49\u90fd\u662f\u7f8e\u56fd\u5965\u591a\u6bd4\uff08Adobe\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Acrobat DC\u662f\u4e00\u5957\u684c\u9762\u7248PDF\u89e3\u51b3\u65b9\u6848\uff1bAcrobat Reader DC\u662f\u4e00\u5957\u7528\u4e8e\u67e5\u770b\u3001\u6253\u5370\u548c\u6279\u6ce8PDF\u7684\u5de5\u5177\u3002Classic\u548cContinuous\u662fAcrobat DC\u548cAcrobat Reader DC\u4ea7\u54c1\u4e0b\u8f7d\u4e2d\u5fc3\u6240\u63d0\u4f9b\u7684\u4e24\u79cd\u66f4\u65b0\u673a\u5236\u3002\r\n\r\n\u591a\u6b3eAdobe\u4ea7\u54c1\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u7531\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u521d\u59cb\u5316\u624b\u52bf\u5c5e\u6027\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
"discovererName": "AbdulAziz Hariri and Jasiel Spelman of HPE\u0027s Zero Day Initiative",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://helpx.adobe.com/security/products/acrobat/apsb16-09.html",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2016-01539",
"openTime": "2016-03-10",
"patchDescription": "Adobe Acrobat DC\u7b49\u90fd\u662f\u7f8e\u56fd\u5965\u591a\u6bd4\uff08Adobe\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Acrobat DC\u662f\u4e00\u5957\u684c\u9762\u7248PDF\u89e3\u51b3\u65b9\u6848\uff1bAcrobat Reader DC\u662f\u4e00\u5957\u7528\u4e8e\u67e5\u770b\u3001\u6253\u5370\u548c\u6279\u6ce8PDF\u7684\u5de5\u5177\u3002Classic\u548cContinuous\u662fAcrobat DC\u548cAcrobat Reader DC\u4ea7\u54c1\u4e0b\u8f7d\u4e2d\u5fc3\u6240\u63d0\u4f9b\u7684\u4e24\u79cd\u66f4\u65b0\u673a\u5236\u3002\r\n\r\n\u591a\u6b3eAdobe\u4ea7\u54c1\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u7531\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u521d\u59cb\u5316\u624b\u52bf\u5c5e\u6027\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "\u591a\u6b3eAdobe\u4ea7\u54c1\u4efb\u610f\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2016-01539\uff09\u7684\u8865\u4e01",
"products": {
"product": [
"Adobe Reader and Acrobat \u003c 11.0.15",
"Adobe Acrobat/Acrobat Reader DC Classic \u003c 15.006.30121",
"Adobe Acrobat/Acrobat Reader DC Continuous(on Windows/OS X) \u003c 15.010.20060"
]
},
"referenceLink": "https://helpx.adobe.com/security/products/acrobat/apsb16-09.html\r\nhttp://www.zerodayinitiative.com/advisories/ZDI-16-190",
"serverity": "\u9ad8",
"submitTime": "2016-03-09",
"title": "\u591a\u6b3eAdobe\u4ea7\u54c1\u4efb\u610f\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2016-01539\uff09"
}
gsd-2016-1008
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC Classic before 15.006.30121, and Acrobat and Acrobat Reader DC Continuous before 15.010.20060 on Windows and OS X allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2016-1008",
"description": "Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC Classic before 15.006.30121, and Acrobat and Acrobat Reader DC Continuous before 15.010.20060 on Windows and OS X allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.",
"id": "GSD-2016-1008",
"references": [
"https://www.suse.com/security/cve/CVE-2016-1008.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2016-1008"
],
"details": "Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC Classic before 15.006.30121, and Acrobat and Acrobat Reader DC Continuous before 15.010.20060 on Windows and OS X allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.",
"id": "GSD-2016-1008",
"modified": "2023-12-13T01:21:24.880019Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2016-1008",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC Classic before 15.006.30121, and Acrobat and Acrobat Reader DC Continuous before 15.010.20060 on Windows and OS X allows local users to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "84216",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/84216"
},
{
"name": "1035199",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035199"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-16-190",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-190"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb16-09.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb16-09.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.0.14",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader_dc:15.006.30119:*:*:*:classic:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*",
"cpe_name": [],
"versionEndIncluding": "15.010.20059",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*",
"cpe_name": [],
"versionEndIncluding": "15.010.20059",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*",
"cpe_name": [],
"versionEndIncluding": "15.006.30119",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.0.14",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2016-1008"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC Classic before 15.006.30121, and Acrobat and Acrobat Reader DC Continuous before 15.010.20060 on Windows and OS X allows local users to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb16-09.html",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://helpx.adobe.com/security/products/acrobat/apsb16-09.html"
},
{
"name": "84216",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/84216"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-16-190",
"refsource": "MISC",
"tags": [],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-190"
},
{
"name": "1035199",
"refsource": "SECTRACK",
"tags": [],
"url": "http://www.securitytracker.com/id/1035199"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH"
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.5,
"impactScore": 5.9
}
},
"lastModifiedDate": "2016-12-03T03:19Z",
"publishedDate": "2016-03-09T11:59Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…