Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2016-AVI-044
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans le noyau Linux d'Ubuntu. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un déni de service.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
Vendor | Product | Description | ||
---|---|---|---|---|
Ubuntu | Ubuntu | OpenJDK 6 pour Ubuntu 12.04 LTS | ||
Ubuntu | Ubuntu | Ubuntu 15.10 pour Raspberry Pi 2 | ||
Ubuntu | Ubuntu | Ubuntu 15.10 | ||
Ubuntu | Ubuntu | Ubuntu 12.04 LTS | ||
Ubuntu | Ubuntu | Ubuntu 14.04 LTS | ||
Ubuntu | Ubuntu | Ubuntu 15.04 | ||
Ubuntu | Ubuntu | OpenJDK 7 pour Ubuntu 14.04 LTS, Ubuntu 15.04 et Ubuntu 15.10 |
References
Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "$ref": "https://www.cert.ssi.gouv.fr/openapi.json", "affected_systems": [ { "description": "OpenJDK 6 pour Ubuntu 12.04 LTS", "product": { "name": "Ubuntu", "vendor": { "name": "Ubuntu", "scada": false } } }, { "description": "Ubuntu 15.10 pour Raspberry Pi 2", "product": { "name": "Ubuntu", "vendor": { "name": "Ubuntu", "scada": false } } }, { "description": "Ubuntu 15.10", "product": { "name": "Ubuntu", "vendor": { "name": "Ubuntu", "scada": false } } }, { "description": "Ubuntu 12.04 LTS", "product": { "name": "Ubuntu", "vendor": { "name": "Ubuntu", "scada": false } } }, { "description": "Ubuntu 14.04 LTS", "product": { "name": "Ubuntu", "vendor": { "name": "Ubuntu", "scada": false } } }, { "description": "Ubuntu 15.04", "product": { "name": "Ubuntu", "vendor": { "name": "Ubuntu", "scada": false } } }, { "description": "OpenJDK 7 pour Ubuntu 14.04 LTS, Ubuntu 15.04 et Ubuntu 15.10", "product": { "name": "Ubuntu", "vendor": { "name": "Ubuntu", "scada": false } } } ], "affected_systems_content": null, "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n", "cves": [ { "name": "CVE-2016-0494", "url": "https://www.cve.org/CVERecord?id=CVE-2016-0494" }, { "name": "CVE-2016-0448", "url": "https://www.cve.org/CVERecord?id=CVE-2016-0448" }, { "name": "CVE-2015-8569", "url": "https://www.cve.org/CVERecord?id=CVE-2015-8569" }, { "name": "CVE-2015-8785", "url": "https://www.cve.org/CVERecord?id=CVE-2015-8785" }, { "name": "CVE-2016-0483", "url": "https://www.cve.org/CVERecord?id=CVE-2016-0483" }, { "name": "CVE-2015-8575", "url": "https://www.cve.org/CVERecord?id=CVE-2015-8575" }, { "name": "CVE-2015-8550", "url": "https://www.cve.org/CVERecord?id=CVE-2015-8550" }, { "name": "CVE-2015-7990", "url": "https://www.cve.org/CVERecord?id=CVE-2015-7990" }, { "name": "CVE-2015-7513", "url": "https://www.cve.org/CVERecord?id=CVE-2015-7513" }, { "name": "CVE-2015-7550", "url": "https://www.cve.org/CVERecord?id=CVE-2015-7550" }, { "name": "CVE-2013-7446", "url": "https://www.cve.org/CVERecord?id=CVE-2013-7446" }, { "name": "CVE-2015-7799", "url": "https://www.cve.org/CVERecord?id=CVE-2015-7799" }, { "name": "CVE-2016-0402", "url": "https://www.cve.org/CVERecord?id=CVE-2016-0402" }, { "name": "CVE-2015-8543", "url": "https://www.cve.org/CVERecord?id=CVE-2015-8543" }, { "name": "CVE-2015-7575", "url": "https://www.cve.org/CVERecord?id=CVE-2015-7575" }, { "name": "CVE-2015-8374", "url": "https://www.cve.org/CVERecord?id=CVE-2015-8374" }, { "name": "CVE-2015-8787", "url": "https://www.cve.org/CVERecord?id=CVE-2015-8787" }, { "name": "CVE-2016-0466", "url": "https://www.cve.org/CVERecord?id=CVE-2016-0466" } ], "initial_release_date": "2016-02-02T00:00:00", "last_revision_date": "2016-02-02T00:00:00", "links": [], "reference": "CERTFR-2016-AVI-044", "revisions": [ { "description": "version initiale.", "revision_date": "2016-02-02T00:00:00.000000" } ], "risks": [ { "description": "D\u00e9ni de service \u00e0 distance" }, { "description": "Ex\u00e9cution de code arbitraire \u00e0 distance" }, { "description": "D\u00e9ni de service" }, { "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es" }, { "description": "\u00c9l\u00e9vation de privil\u00e8ges" } ], "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ele noyau Linux d\u0027Ubuntu\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et un d\u00e9ni de service.\n", "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu", "vendor_advisories": [ { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-2885-1 du 01 f\u00e9vrier 2016", "url": "http://www.ubuntu.com/usn/usn-2885-1/" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-2890-1 du 01 f\u00e9vrier 2016", "url": "http://www.ubuntu.com/usn/usn-2890-1/" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-2887-2 du 01 f\u00e9vrier 2016", "url": "http://www.ubuntu.com/usn/usn-2887-2/" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-2889-2 du 01 f\u00e9vrier 2016", "url": "http://www.ubuntu.com/usn/usn-2889-2/" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-2884-1 du 01 f\u00e9vrier 2016", "url": "http://www.ubuntu.com/usn/usn-2884-1/" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-2886-1 du 01 f\u00e9vrier 2016", "url": "http://www.ubuntu.com/usn/usn-2886-1/" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-2888-1 du 01 f\u00e9vrier 2016", "url": "http://www.ubuntu.com/usn/usn-2888-1/" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-2890-2 du 01 f\u00e9vrier 2016", "url": "http://www.ubuntu.com/usn/usn-2890-2/" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-2890-3 du 01 f\u00e9vrier 2016", "url": "http://www.ubuntu.com/usn/usn-2890-3/" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-2887-1 du 01 f\u00e9vrier 2016", "url": "http://www.ubuntu.com/usn/usn-2887-1/" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-2889-1 du 01 f\u00e9vrier 2016", "url": "http://www.ubuntu.com/usn/usn-2889-1/" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-2886-2 du 01 f\u00e9vrier 2016", "url": "http://www.ubuntu.com/usn/usn-2886-2/" } ] }
CVE-2015-8550 (GCVE-0-2015-8550)
Vulnerability from cvelistv5
Published
2016-04-14 14:00
Modified
2024-08-06 08:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service (host OS crash) or gain privileges by writing to memory shared between the frontend and backend, aka a double fetch vulnerability.
References
URL | Tags | ||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T08:20:43.458Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" }, { "name": "DSA-3519", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3519" }, { "name": "79592", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/79592" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://xenbits.xen.org/xsa/advisory-155.html" }, { "name": "SUSE-SU-2016:1764", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html" }, { "name": "SUSE-SU-2016:1102", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "name": "1034479", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1034479" }, { "name": "GLSA-201604-03", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201604-03" }, { "name": "DSA-3471", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3471" }, { "name": "DSA-3434", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3434" }, { "name": "SUSE-SU-2016:0911", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2015-12-17T00:00:00", "descriptions": [ { "lang": "en", "value": "Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service (host OS crash) or gain privileges by writing to memory shared between the frontend and backend, aka a double fetch vulnerability." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-11-03T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" }, { "name": "DSA-3519", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3519" }, { "name": "79592", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/79592" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://xenbits.xen.org/xsa/advisory-155.html" }, { "name": "SUSE-SU-2016:1764", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html" }, { "name": "SUSE-SU-2016:1102", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "name": "1034479", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1034479" }, { "name": "GLSA-201604-03", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201604-03" }, { "name": "DSA-3471", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3471" }, { "name": "DSA-3434", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3434" }, { "name": "SUSE-SU-2016:0911", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-8550", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service (host OS crash) or gain privileges by writing to memory shared between the frontend and backend, aka a double fetch vulnerability." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" }, { "name": "DSA-3519", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3519" }, { "name": "79592", "refsource": "BID", "url": "http://www.securityfocus.com/bid/79592" }, { "name": "http://xenbits.xen.org/xsa/advisory-155.html", "refsource": "CONFIRM", "url": "http://xenbits.xen.org/xsa/advisory-155.html" }, { "name": "SUSE-SU-2016:1764", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html" }, { "name": "SUSE-SU-2016:1102", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "name": "1034479", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1034479" }, { "name": "GLSA-201604-03", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201604-03" }, { "name": "DSA-3471", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3471" }, { "name": "DSA-3434", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3434" }, { "name": "SUSE-SU-2016:0911", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-8550", "datePublished": "2016-04-14T14:00:00", "dateReserved": "2015-12-14T00:00:00", "dateUpdated": "2024-08-06T08:20:43.458Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2015-7550 (GCVE-0-2015-7550)
Vulnerability from cvelistv5
Published
2016-02-08 02:00
Modified
2024-08-06 07:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The keyctl_read_key function in security/keys/keyctl.c in the Linux kernel before 4.3.4 does not properly use a semaphore, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted application that leverages a race condition between keyctl_revoke and keyctl_read calls.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T07:51:28.463Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "79903", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/79903" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.4" }, { "name": "USN-2911-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2911-1" }, { "name": "USN-2890-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2890-3" }, { "name": "SUSE-SU-2016:1102", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1291197" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/b4a1b4f5047e4f54e194681125c74c0aa64d637d" }, { "name": "USN-2911-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2911-2" }, { "name": "SUSE-SU-2016:2074", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "name": "USN-2890-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2890-2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security-tracker.debian.org/tracker/CVE-2015-7550" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b4a1b4f5047e4f54e194681125c74c0aa64d637d" }, { "name": "USN-2890-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2890-1" }, { "name": "DSA-3434", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3434" }, { "name": "USN-2888-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2888-1" }, { "name": "SUSE-SU-2016:0911", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-01-22T00:00:00", "descriptions": [ { "lang": "en", "value": "The keyctl_read_key function in security/keys/keyctl.c in the Linux kernel before 4.3.4 does not properly use a semaphore, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted application that leverages a race condition between keyctl_revoke and keyctl_read calls." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-11-03T18:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "79903", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/79903" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.4" }, { "name": "USN-2911-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2911-1" }, { "name": "USN-2890-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2890-3" }, { "name": "SUSE-SU-2016:1102", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1291197" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/torvalds/linux/commit/b4a1b4f5047e4f54e194681125c74c0aa64d637d" }, { "name": "USN-2911-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2911-2" }, { "name": "SUSE-SU-2016:2074", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "name": "USN-2890-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2890-2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security-tracker.debian.org/tracker/CVE-2015-7550" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b4a1b4f5047e4f54e194681125c74c0aa64d637d" }, { "name": "USN-2890-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2890-1" }, { "name": "DSA-3434", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3434" }, { "name": "USN-2888-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2888-1" }, { "name": "SUSE-SU-2016:0911", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2015-7550", "datePublished": "2016-02-08T02:00:00", "dateReserved": "2015-09-29T00:00:00", "dateUpdated": "2024-08-06T07:51:28.463Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2016-0402 (GCVE-0-2016-0402)
Vulnerability from cvelistv5
Published
2016-01-21 02:00
Modified
2024-08-05 22:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect integrity via unknown vectors related to Networking.
References
URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T22:15:24.209Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "openSUSE-SU-2016:0272", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html" }, { "name": "81096", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/81096" }, { "name": "1034715", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1034715" }, { "name": "openSUSE-SU-2016:0279", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html" }, { "name": "GLSA-201610-08", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201610-08" }, { "name": "USN-2884-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2884-1" }, { "name": "DSA-3465", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3465" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" }, { "name": "USN-2885-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2885-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" }, { "name": "RHSA-2016:1430", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2016:1430" }, { "name": "RHSA-2016:0049", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0049.html" }, { "name": "openSUSE-SU-2016:0270", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html" }, { "name": "RHSA-2016:0053", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0053.html" }, { "name": "SUSE-SU-2016:0269", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html" }, { "name": "RHSA-2016:0067", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0067.html" }, { "name": "openSUSE-SU-2016:0263", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html" }, { "name": "SUSE-SU-2016:0256", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html" }, { "name": "GLSA-201603-14", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201603-14" }, { "name": "RHSA-2016:0057", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0057.html" }, { "name": "RHSA-2016:0055", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0055.html" }, { "name": "RHSA-2016:0054", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0054.html" }, { "name": "RHSA-2016:0056", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0056.html" }, { "name": "openSUSE-SU-2016:0268", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html" }, { "name": "RHSA-2016:0050", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0050.html" }, { "name": "DSA-3458", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3458" }, { "name": "SUSE-SU-2016:0265", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-01-19T00:00:00", "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect integrity via unknown vectors related to Networking." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-06-30T16:57:01", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle" }, "references": [ { "name": "openSUSE-SU-2016:0272", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html" }, { "name": "81096", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/81096" }, { "name": "1034715", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1034715" }, { "name": "openSUSE-SU-2016:0279", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html" }, { "name": "GLSA-201610-08", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201610-08" }, { "name": "USN-2884-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2884-1" }, { "name": "DSA-3465", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3465" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" }, { "name": "USN-2885-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2885-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" }, { "name": "RHSA-2016:1430", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2016:1430" }, { "name": "RHSA-2016:0049", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0049.html" }, { "name": "openSUSE-SU-2016:0270", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html" }, { "name": "RHSA-2016:0053", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0053.html" }, { "name": "SUSE-SU-2016:0269", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html" }, { "name": "RHSA-2016:0067", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0067.html" }, { "name": "openSUSE-SU-2016:0263", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html" }, { "name": "SUSE-SU-2016:0256", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html" }, { "name": "GLSA-201603-14", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201603-14" }, { "name": "RHSA-2016:0057", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0057.html" }, { "name": "RHSA-2016:0055", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0055.html" }, { "name": "RHSA-2016:0054", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0054.html" }, { "name": "RHSA-2016:0056", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0056.html" }, { "name": "openSUSE-SU-2016:0268", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html" }, { "name": "RHSA-2016:0050", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0050.html" }, { "name": "DSA-3458", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3458" }, { "name": "SUSE-SU-2016:0265", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2016-0402", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect integrity via unknown vectors related to Networking." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "openSUSE-SU-2016:0272", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html" }, { "name": "81096", "refsource": "BID", "url": "http://www.securityfocus.com/bid/81096" }, { "name": "1034715", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1034715" }, { "name": "openSUSE-SU-2016:0279", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html" }, { "name": "GLSA-201610-08", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201610-08" }, { "name": "USN-2884-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2884-1" }, { "name": "DSA-3465", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3465" }, { "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" }, { "name": "USN-2885-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2885-1" }, { "name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" }, { "name": "RHSA-2016:1430", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2016:1430" }, { "name": "RHSA-2016:0049", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-0049.html" }, { "name": "openSUSE-SU-2016:0270", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html" }, { "name": "RHSA-2016:0053", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-0053.html" }, { "name": "SUSE-SU-2016:0269", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html" }, { "name": "RHSA-2016:0067", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-0067.html" }, { "name": "openSUSE-SU-2016:0263", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html" }, { "name": "SUSE-SU-2016:0256", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html" }, { "name": "GLSA-201603-14", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201603-14" }, { "name": "RHSA-2016:0057", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-0057.html" }, { "name": "RHSA-2016:0055", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-0055.html" }, { "name": "RHSA-2016:0054", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-0054.html" }, { "name": "RHSA-2016:0056", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-0056.html" }, { "name": "openSUSE-SU-2016:0268", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html" }, { "name": "RHSA-2016:0050", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-0050.html" }, { "name": "DSA-3458", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3458" }, { "name": "SUSE-SU-2016:0265", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2016-0402", "datePublished": "2016-01-21T02:00:00", "dateReserved": "2015-12-09T00:00:00", "dateUpdated": "2024-08-05T22:15:24.209Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2016-0466 (GCVE-0-2016-0466)
Vulnerability from cvelistv5
Published
2016-01-21 02:00
Modified
2024-08-05 22:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect availability via vectors related to JAXP.
References
URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T22:22:54.926Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "openSUSE-SU-2016:0272", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html" }, { "name": "1034715", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1034715" }, { "name": "openSUSE-SU-2016:0279", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html" }, { "name": "81118", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/81118" }, { "name": "GLSA-201610-08", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201610-08" }, { "name": "USN-2884-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2884-1" }, { "name": "DSA-3465", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3465" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" }, { "name": "USN-2885-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2885-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" }, { "name": "RHSA-2016:1430", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2016:1430" }, { "name": "RHSA-2016:0049", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0049.html" }, { "name": "openSUSE-SU-2016:0270", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10148" }, { "name": "RHSA-2016:0053", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0053.html" }, { "name": "SUSE-SU-2016:0269", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html" }, { "name": "RHSA-2016:0067", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0067.html" }, { "name": "openSUSE-SU-2016:0263", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html" }, { "name": "SUSE-SU-2016:0256", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html" }, { "name": "GLSA-201603-14", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201603-14" }, { "name": "RHSA-2016:0057", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0057.html" }, { "name": "RHSA-2016:0055", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0055.html" }, { "name": "RHSA-2016:0054", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0054.html" }, { "name": "RHSA-2016:0056", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0056.html" }, { "name": "openSUSE-SU-2016:0268", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html" }, { "name": "RHSA-2016:0050", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0050.html" }, { "name": "DSA-3458", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3458" }, { "name": "SUSE-SU-2016:0265", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-01-19T00:00:00", "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect availability via vectors related to JAXP." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-06-30T16:57:01", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle" }, "references": [ { "name": "openSUSE-SU-2016:0272", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html" }, { "name": "1034715", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1034715" }, { "name": "openSUSE-SU-2016:0279", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html" }, { "name": "81118", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/81118" }, { "name": "GLSA-201610-08", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201610-08" }, { "name": "USN-2884-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2884-1" }, { "name": "DSA-3465", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3465" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" }, { "name": "USN-2885-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2885-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" }, { "name": "RHSA-2016:1430", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2016:1430" }, { "name": "RHSA-2016:0049", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0049.html" }, { "name": "openSUSE-SU-2016:0270", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10148" }, { "name": "RHSA-2016:0053", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0053.html" }, { "name": "SUSE-SU-2016:0269", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html" }, { "name": "RHSA-2016:0067", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0067.html" }, { "name": "openSUSE-SU-2016:0263", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html" }, { "name": "SUSE-SU-2016:0256", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html" }, { "name": "GLSA-201603-14", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201603-14" }, { "name": "RHSA-2016:0057", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0057.html" }, { "name": "RHSA-2016:0055", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0055.html" }, { "name": "RHSA-2016:0054", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0054.html" }, { "name": "RHSA-2016:0056", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0056.html" }, { "name": "openSUSE-SU-2016:0268", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html" }, { "name": "RHSA-2016:0050", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0050.html" }, { "name": "DSA-3458", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3458" }, { "name": "SUSE-SU-2016:0265", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2016-0466", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect availability via vectors related to JAXP." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "openSUSE-SU-2016:0272", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html" }, { "name": "1034715", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1034715" }, { "name": "openSUSE-SU-2016:0279", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html" }, { "name": "81118", "refsource": "BID", "url": "http://www.securityfocus.com/bid/81118" }, { "name": "GLSA-201610-08", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201610-08" }, { "name": "USN-2884-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2884-1" }, { "name": "DSA-3465", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3465" }, { "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" }, { "name": "USN-2885-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2885-1" }, { "name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" }, { "name": "RHSA-2016:1430", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2016:1430" }, { "name": "RHSA-2016:0049", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-0049.html" }, { "name": "openSUSE-SU-2016:0270", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html" }, { "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10148", "refsource": "CONFIRM", "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10148" }, { "name": "RHSA-2016:0053", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-0053.html" }, { "name": "SUSE-SU-2016:0269", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html" }, { "name": "RHSA-2016:0067", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-0067.html" }, { "name": "openSUSE-SU-2016:0263", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html" }, { "name": "SUSE-SU-2016:0256", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html" }, { "name": "GLSA-201603-14", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201603-14" }, { "name": "RHSA-2016:0057", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-0057.html" }, { "name": "RHSA-2016:0055", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-0055.html" }, { "name": "RHSA-2016:0054", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-0054.html" }, { "name": "RHSA-2016:0056", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-0056.html" }, { "name": "openSUSE-SU-2016:0268", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html" }, { "name": "RHSA-2016:0050", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-0050.html" }, { "name": "DSA-3458", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3458" }, { "name": "SUSE-SU-2016:0265", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2016-0466", "datePublished": "2016-01-21T02:00:00", "dateReserved": "2015-12-09T00:00:00", "dateUpdated": "2024-08-05T22:22:54.926Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2015-7799 (GCVE-0-2015-7799)
Vulnerability from cvelistv5
Published
2015-10-19 10:00
Modified
2024-08-06 07:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel through 4.2.3 does not ensure that certain slot numbers are valid, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call.
References
URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T07:59:00.391Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "SUSE-SU-2015:2292", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00018.html" }, { "name": "USN-2841-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2841-2" }, { "name": "77033", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/77033" }, { "name": "SUSE-SU-2015:2350", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.html" }, { "name": "1033809", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1033809" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://code.google.com/p/android/issues/detail?id=187973" }, { "name": "USN-2886-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2886-1" }, { "name": "USN-2843-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2843-1" }, { "name": "SUSE-SU-2015:2194", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html" }, { "name": "USN-2844-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2844-1" }, { "name": "openSUSE-SU-2015:2232", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00039.html" }, { "name": "USN-2842-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2842-2" }, { "name": "USN-2843-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2843-2" }, { "name": "SUSE-SU-2015:2339", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.html" }, { "name": "USN-2842-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2842-1" }, { "name": "[oss-security] 20151010 Re: CVE request - Android OS - Using the PPP character device driver caused the system to restart - Linux kernel", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2015/10/10/3" }, { "name": "SUSE-SU-2016:2074", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271134" }, { "name": "USN-2841-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2841-1" }, { "name": "DSA-3426", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2015/dsa-3426" }, { "name": "USN-2843-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2843-3" }, { "name": "openSUSE-SU-2016:1008", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2015-10-09T00:00:00", "descriptions": [ { "lang": "en", "value": "The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel through 4.2.3 does not ensure that certain slot numbers are valid, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-03-23T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "SUSE-SU-2015:2292", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00018.html" }, { "name": "USN-2841-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2841-2" }, { "name": "77033", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/77033" }, { "name": "SUSE-SU-2015:2350", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.html" }, { "name": "1033809", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1033809" }, { "tags": [ "x_refsource_MISC" ], "url": "https://code.google.com/p/android/issues/detail?id=187973" }, { "name": "USN-2886-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2886-1" }, { "name": "USN-2843-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2843-1" }, { "name": "SUSE-SU-2015:2194", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html" }, { "name": "USN-2844-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2844-1" }, { "name": "openSUSE-SU-2015:2232", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00039.html" }, { "name": "USN-2842-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2842-2" }, { "name": "USN-2843-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2843-2" }, { "name": "SUSE-SU-2015:2339", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.html" }, { "name": "USN-2842-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2842-1" }, { "name": "[oss-security] 20151010 Re: CVE request - Android OS - Using the PPP character device driver caused the system to restart - Linux kernel", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2015/10/10/3" }, { "name": "SUSE-SU-2016:2074", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271134" }, { "name": "USN-2841-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2841-1" }, { "name": "DSA-3426", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2015/dsa-3426" }, { "name": "USN-2843-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2843-3" }, { "name": "openSUSE-SU-2016:1008", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-7799", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel through 4.2.3 does not ensure that certain slot numbers are valid, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "SUSE-SU-2015:2292", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00018.html" }, { "name": "USN-2841-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2841-2" }, { "name": "77033", "refsource": "BID", "url": "http://www.securityfocus.com/bid/77033" }, { "name": "SUSE-SU-2015:2350", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.html" }, { "name": "1033809", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1033809" }, { "name": "https://code.google.com/p/android/issues/detail?id=187973", "refsource": "MISC", "url": "https://code.google.com/p/android/issues/detail?id=187973" }, { "name": "USN-2886-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2886-1" }, { "name": "USN-2843-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2843-1" }, { "name": "SUSE-SU-2015:2194", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html" }, { "name": "USN-2844-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2844-1" }, { "name": "openSUSE-SU-2015:2232", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00039.html" }, { "name": "USN-2842-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2842-2" }, { "name": "USN-2843-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2843-2" }, { "name": "SUSE-SU-2015:2339", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.html" }, { "name": "USN-2842-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2842-1" }, { "name": "[oss-security] 20151010 Re: CVE request - Android OS - Using the PPP character device driver caused the system to restart - Linux kernel", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/10/10/3" }, { "name": "SUSE-SU-2016:2074", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1271134", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271134" }, { "name": "USN-2841-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2841-1" }, { "name": "DSA-3426", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2015/dsa-3426" }, { "name": "USN-2843-3", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2843-3" }, { "name": "openSUSE-SU-2016:1008", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-7799", "datePublished": "2015-10-19T10:00:00", "dateReserved": "2015-10-09T00:00:00", "dateUpdated": "2024-08-06T07:59:00.391Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2016-0494 (GCVE-0-2016-0494)
Vulnerability from cvelistv5
Published
2016-01-21 02:00
Modified
2024-08-05 22:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
References
URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T22:22:55.218Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "openSUSE-SU-2016:0272", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html" }, { "name": "1034715", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1034715" }, { "name": "openSUSE-SU-2016:0279", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html" }, { "name": "GLSA-201610-08", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201610-08" }, { "name": "USN-2884-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2884-1" }, { "name": "DSA-3465", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3465" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" }, { "name": "USN-2885-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2885-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" }, { "name": "RHSA-2016:1430", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2016:1430" }, { "name": "RHSA-2016:0049", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0049.html" }, { "name": "openSUSE-SU-2016:0270", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html" }, { "name": "RHSA-2016:0053", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0053.html" }, { "name": "SUSE-SU-2016:0269", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html" }, { "name": "RHSA-2016:0067", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0067.html" }, { "name": "openSUSE-SU-2016:0263", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html" }, { "name": "SUSE-SU-2016:0256", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html" }, { "name": "GLSA-201603-14", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201603-14" }, { "name": "RHSA-2016:0057", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0057.html" }, { "name": "RHSA-2016:0055", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0055.html" }, { "name": "RHSA-2016:0054", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0054.html" }, { "name": "RHSA-2016:0056", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0056.html" }, { "name": "openSUSE-SU-2016:0268", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html" }, { "name": "RHSA-2016:0050", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0050.html" }, { "name": "DSA-3458", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3458" }, { "name": "SUSE-SU-2016:0265", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-01-19T00:00:00", "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-06-30T16:57:01", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle" }, "references": [ { "name": "openSUSE-SU-2016:0272", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html" }, { "name": "1034715", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1034715" }, { "name": "openSUSE-SU-2016:0279", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html" }, { "name": "GLSA-201610-08", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201610-08" }, { "name": "USN-2884-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2884-1" }, { "name": "DSA-3465", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3465" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" }, { "name": "USN-2885-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2885-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" }, { "name": "RHSA-2016:1430", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2016:1430" }, { "name": "RHSA-2016:0049", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0049.html" }, { "name": "openSUSE-SU-2016:0270", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html" }, { "name": "RHSA-2016:0053", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0053.html" }, { "name": "SUSE-SU-2016:0269", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html" }, { "name": "RHSA-2016:0067", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0067.html" }, { "name": "openSUSE-SU-2016:0263", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html" }, { "name": "SUSE-SU-2016:0256", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html" }, { "name": "GLSA-201603-14", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201603-14" }, { "name": "RHSA-2016:0057", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0057.html" }, { "name": "RHSA-2016:0055", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0055.html" }, { "name": "RHSA-2016:0054", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0054.html" }, { "name": "RHSA-2016:0056", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0056.html" }, { "name": "openSUSE-SU-2016:0268", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html" }, { "name": "RHSA-2016:0050", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0050.html" }, { "name": "DSA-3458", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3458" }, { "name": "SUSE-SU-2016:0265", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2016-0494", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "openSUSE-SU-2016:0272", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html" }, { "name": "1034715", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1034715" }, { "name": "openSUSE-SU-2016:0279", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html" }, { "name": "GLSA-201610-08", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201610-08" }, { "name": "USN-2884-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2884-1" }, { "name": "DSA-3465", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3465" }, { "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" }, { "name": "USN-2885-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2885-1" }, { "name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" }, { "name": "RHSA-2016:1430", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2016:1430" }, { "name": "RHSA-2016:0049", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-0049.html" }, { "name": "openSUSE-SU-2016:0270", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html" }, { "name": "RHSA-2016:0053", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-0053.html" }, { "name": "SUSE-SU-2016:0269", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html" }, { "name": "RHSA-2016:0067", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-0067.html" }, { "name": "openSUSE-SU-2016:0263", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html" }, { "name": "SUSE-SU-2016:0256", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html" }, { "name": "GLSA-201603-14", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201603-14" }, { "name": "RHSA-2016:0057", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-0057.html" }, { "name": "RHSA-2016:0055", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-0055.html" }, { "name": "RHSA-2016:0054", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-0054.html" }, { "name": "RHSA-2016:0056", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-0056.html" }, { "name": "openSUSE-SU-2016:0268", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html" }, { "name": "RHSA-2016:0050", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-0050.html" }, { "name": "DSA-3458", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3458" }, { "name": "SUSE-SU-2016:0265", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2016-0494", "datePublished": "2016-01-21T02:00:00", "dateReserved": "2015-12-09T00:00:00", "dateUpdated": "2024-08-05T22:22:55.218Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2015-7575 (GCVE-0-2015-7575)
Vulnerability from cvelistv5
Published
2016-01-09 02:00
Modified
2024-08-06 07:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision.
References
URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T07:51:28.586Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "DSA-3688", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3688" }, { "name": "DSA-3457", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3457" }, { "name": "DSA-3491", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3491" }, { "name": "openSUSE-SU-2016:0272", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html" }, { "name": "1036467", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1036467" }, { "name": "GLSA-201701-46", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201701-46" }, { "name": "openSUSE-SU-2016:0279", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html" }, { "name": "openSUSE-SU-2016:0161", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00058.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" }, { "name": "USN-2884-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2884-1" }, { "name": "79684", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/79684" }, { "name": "DSA-3465", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3465" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://developer.mozilla.org/docs/Mozilla/Projects/NSS/NSS_3.20.2_release_notes" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" }, { "name": "RHSA-2016:1430", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2016:1430" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1158489" }, { "name": "RHSA-2016:0049", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0049.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "name": "openSUSE-SU-2016:0270", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html" }, { "name": "openSUSE-SU-2016:0308", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html" }, { "name": "DSA-3437", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3437" }, { "name": "RHSA-2016:0053", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0053.html" }, { "name": "USN-2904-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2904-1" }, { "name": "openSUSE-SU-2015:2405", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00139.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20160225-0001/" }, { "name": "SUSE-SU-2016:0269", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html" }, { "name": "DSA-3436", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3436" }, { "name": "openSUSE-SU-2016:0263", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html" }, { "name": "USN-2866-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2866-1" }, { "name": "SUSE-SU-2016:0256", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html" }, { "name": "91787", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/91787" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-150.html" }, { "name": "RHSA-2016:0055", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0055.html" }, { "name": "GLSA-201801-15", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201801-15" }, { "name": "RHSA-2016:0054", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0054.html" }, { "name": "openSUSE-SU-2016:0488", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00101.html" }, { "name": "GLSA-201706-18", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201706-18" }, { "name": "USN-2864-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2864-1" }, { "name": "openSUSE-SU-2016:0162", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00059.html" }, { "name": "openSUSE-SU-2016:0605", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00166.html" }, { "name": "RHSA-2016:0056", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0056.html" }, { "name": "openSUSE-SU-2016:0268", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html" }, { "name": "openSUSE-SU-2016:0307", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html" }, { "name": "RHSA-2016:0050", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0050.html" }, { "name": "DSA-3458", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3458" }, { "name": "SUSE-SU-2016:0265", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html" }, { "name": "USN-2865-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2865-1" }, { "name": "1034541", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1034541" }, { "name": "openSUSE-SU-2016:0007", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00005.html" }, { "name": "USN-2863-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2863-1" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2015-12-22T00:00:00", "descriptions": [ { "lang": "en", "value": "Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-15T10:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "DSA-3688", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3688" }, { "name": "DSA-3457", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3457" }, { "name": "DSA-3491", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3491" }, { "name": "openSUSE-SU-2016:0272", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html" }, { "name": "1036467", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1036467" }, { "name": "GLSA-201701-46", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201701-46" }, { "name": "openSUSE-SU-2016:0279", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html" }, { "name": "openSUSE-SU-2016:0161", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00058.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" }, { "name": "USN-2884-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2884-1" }, { "name": "79684", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/79684" }, { "name": "DSA-3465", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3465" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://developer.mozilla.org/docs/Mozilla/Projects/NSS/NSS_3.20.2_release_notes" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" }, { "name": "RHSA-2016:1430", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2016:1430" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1158489" }, { "name": "RHSA-2016:0049", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0049.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "name": "openSUSE-SU-2016:0270", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html" }, { "name": "openSUSE-SU-2016:0308", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html" }, { "name": "DSA-3437", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3437" }, { "name": "RHSA-2016:0053", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0053.html" }, { "name": "USN-2904-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2904-1" }, { "name": "openSUSE-SU-2015:2405", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00139.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20160225-0001/" }, { "name": "SUSE-SU-2016:0269", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html" }, { "name": "DSA-3436", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3436" }, { "name": "openSUSE-SU-2016:0263", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html" }, { "name": "USN-2866-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2866-1" }, { "name": "SUSE-SU-2016:0256", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html" }, { "name": "91787", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/91787" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-150.html" }, { "name": "RHSA-2016:0055", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0055.html" }, { "name": "GLSA-201801-15", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201801-15" }, { "name": "RHSA-2016:0054", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0054.html" }, { "name": "openSUSE-SU-2016:0488", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00101.html" }, { "name": "GLSA-201706-18", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201706-18" }, { "name": "USN-2864-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2864-1" }, { "name": "openSUSE-SU-2016:0162", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00059.html" }, { "name": "openSUSE-SU-2016:0605", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00166.html" }, { "name": "RHSA-2016:0056", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0056.html" }, { "name": "openSUSE-SU-2016:0268", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html" }, { "name": "openSUSE-SU-2016:0307", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html" }, { "name": "RHSA-2016:0050", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0050.html" }, { "name": "DSA-3458", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3458" }, { "name": "SUSE-SU-2016:0265", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html" }, { "name": "USN-2865-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2865-1" }, { "name": "1034541", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1034541" }, { "name": "openSUSE-SU-2016:0007", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00005.html" }, { "name": "USN-2863-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2863-1" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2015-7575", "datePublished": "2016-01-09T02:00:00", "dateReserved": "2015-09-29T00:00:00", "dateUpdated": "2024-08-06T07:51:28.586Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2015-8787 (GCVE-0-2015-8787)
Vulnerability from cvelistv5
Published
2016-02-08 02:00
Modified
2024-08-06 08:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The nf_nat_redirect_ipv4 function in net/netfilter/nf_nat_redirect.c in the Linux kernel before 4.4 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by sending certain IPv4 packets to an incompletely configured interface, a related issue to CVE-2003-1604.
References
URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T08:29:22.037Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "[oss-security] 20160127 CVE Request: Linux: NULL pointer dereference netfilter/nf_nat_redirect.c in nf_nat_redirect_ipv4 function", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2016/01/27/6" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/94f9cd81436c85d8c3a318ba92e236ede73752fc" }, { "name": "USN-2890-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2890-3" }, { "name": "USN-2889-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2889-1" }, { "name": "USN-2889-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2889-2" }, { "name": "FEDORA-2016-5d43766e33", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html" }, { "name": "USN-2890-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2890-2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html" }, { "name": "USN-2890-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2890-1" }, { "name": "openSUSE-SU-2016:1008", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300731" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=94f9cd81436c85d8c3a318ba92e236ede73752fc" }, { "name": "FEDORA-2016-2f25d12c51", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176464.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2015-10-27T00:00:00", "descriptions": [ { "lang": "en", "value": "The nf_nat_redirect_ipv4 function in net/netfilter/nf_nat_redirect.c in the Linux kernel before 4.4 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by sending certain IPv4 packets to an incompletely configured interface, a related issue to CVE-2003-1604." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-12-02T20:57:01", "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "shortName": "debian" }, "references": [ { "name": "[oss-security] 20160127 CVE Request: Linux: NULL pointer dereference netfilter/nf_nat_redirect.c in nf_nat_redirect_ipv4 function", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2016/01/27/6" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/torvalds/linux/commit/94f9cd81436c85d8c3a318ba92e236ede73752fc" }, { "name": "USN-2890-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2890-3" }, { "name": "USN-2889-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2889-1" }, { "name": "USN-2889-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2889-2" }, { "name": "FEDORA-2016-5d43766e33", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html" }, { "name": "USN-2890-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2890-2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html" }, { "name": "USN-2890-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2890-1" }, { "name": "openSUSE-SU-2016:1008", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300731" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=94f9cd81436c85d8c3a318ba92e236ede73752fc" }, { "name": "FEDORA-2016-2f25d12c51", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176464.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@debian.org", "ID": "CVE-2015-8787", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The nf_nat_redirect_ipv4 function in net/netfilter/nf_nat_redirect.c in the Linux kernel before 4.4 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by sending certain IPv4 packets to an incompletely configured interface, a related issue to CVE-2003-1604." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "[oss-security] 20160127 CVE Request: Linux: NULL pointer dereference netfilter/nf_nat_redirect.c in nf_nat_redirect_ipv4 function", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/01/27/6" }, { "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" }, { "name": "https://github.com/torvalds/linux/commit/94f9cd81436c85d8c3a318ba92e236ede73752fc", "refsource": "CONFIRM", "url": "https://github.com/torvalds/linux/commit/94f9cd81436c85d8c3a318ba92e236ede73752fc" }, { "name": "USN-2890-3", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2890-3" }, { "name": "USN-2889-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2889-1" }, { "name": "USN-2889-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2889-2" }, { "name": "FEDORA-2016-5d43766e33", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html" }, { "name": "USN-2890-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2890-2" }, { "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html" }, { "name": "USN-2890-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2890-1" }, { "name": "openSUSE-SU-2016:1008", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1300731", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300731" }, { "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=94f9cd81436c85d8c3a318ba92e236ede73752fc", "refsource": "CONFIRM", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=94f9cd81436c85d8c3a318ba92e236ede73752fc" }, { "name": "FEDORA-2016-2f25d12c51", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176464.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "assignerShortName": "debian", "cveId": "CVE-2015-8787", "datePublished": "2016-02-08T02:00:00", "dateReserved": "2016-01-27T00:00:00", "dateUpdated": "2024-08-06T08:29:22.037Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2013-7446 (GCVE-0-2013-7446)
Vulnerability from cvelistv5
Published
2015-12-28 11:00
Modified
2024-08-06 18:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls.
References
URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T18:09:16.999Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "SUSE-SU-2016:0750", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00038.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://groups.google.com/forum/#%21topic/syzkaller/3twDUI4Cpm8" }, { "name": "1034557", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1034557" }, { "name": "SUSE-SU-2016:2010", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html" }, { "name": "SUSE-SU-2016:2011", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00023.html" }, { "name": "SUSE-SU-2016:2003", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00017.html" }, { "name": "SUSE-SU-2016:0751", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00039.html" }, { "name": "SUSE-SU-2016:0747", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00035.html" }, { "name": "SUSE-SU-2016:0755", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00043.html" }, { "name": "SUSE-SU-2016:1994", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html" }, { "name": "USN-2887-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2887-2" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://forums.grsecurity.net/viewtopic.php?f=3\u0026t=4150" }, { "name": "SUSE-SU-2016:0757", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00045.html" }, { "name": "SUSE-SU-2016:1961", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html" }, { "name": "SUSE-SU-2016:2001", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html" }, { "name": "[netdev] 20150304 [PATCH net] af_unix: don\u0027t poll dead peers", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.spinics.net/lists/netdev/msg318826.html" }, { "name": "SUSE-SU-2016:0753", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00041.html" }, { "name": "USN-2886-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2886-1" }, { "name": "USN-2887-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2887-1" }, { "name": "USN-2890-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2890-3" }, { "name": "SUSE-SU-2016:2006", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7d267278a9ece963d77eefec61630223fce08c6c" }, { "name": "USN-2889-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2889-1" }, { "name": "SUSE-SU-2016:2014", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html" }, { "name": "openSUSE-SU-2016:1641", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html" }, { "name": "USN-2889-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2889-2" }, { "name": "SUSE-SU-2016:0746", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00034.html" }, { "name": "[linux-kernel] 20150913 List corruption on epoll_ctl(EPOLL_CTL_DEL) an AF_UNIX socket", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lkml.org/lkml/2015/9/13/195" }, { "name": "SUSE-SU-2016:0749", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00037.html" }, { "name": "SUSE-SU-2016:1102", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.3" }, { "name": "77638", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/77638" }, { "name": "SUSE-SU-2016:2009", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html" }, { "name": "SUSE-SU-2016:2005", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html" }, { "name": "[linux-kernel] 20140515 eventpoll __list_del_entry corruption (was: perf: use after free in perf_remove_from_context)", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lkml.org/lkml/2014/5/15/532" }, { "name": "SUSE-SU-2016:2007", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html" }, { "name": "SUSE-SU-2016:2074", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "name": "USN-2890-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2890-2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1282688" }, { "name": "SUSE-SU-2016:2000", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html" }, { "name": "SUSE-SU-2016:0745", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00033.html" }, { "name": "DSA-3426", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2015/dsa-3426" }, { "name": "SUSE-SU-2016:1995", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html" }, { "name": "[oss-security] 20151118 Re: CVE request - Linux kernel - Unix sockets use after free - peer_wait_queue prematurely freed", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2015/11/18/16" }, { "name": "SUSE-SU-2016:2002", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html" }, { "name": "[linux-kernel] 20131014 Re: epoll oops.", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lkml.org/lkml/2013/10/14/424" }, { "name": "SUSE-SU-2016:0756", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00044.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/7d267278a9ece963d77eefec61630223fce08c6c" }, { "name": "USN-2890-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2890-1" }, { "name": "SUSE-SU-2016:0754", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00042.html" }, { "name": "SUSE-SU-2016:0752", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00040.html" }, { "name": "USN-2888-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2888-1" }, { "name": "SUSE-SU-2016:0911", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2013-10-14T00:00:00", "descriptions": [ { "lang": "en", "value": "Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-12-05T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "SUSE-SU-2016:0750", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00038.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://groups.google.com/forum/#%21topic/syzkaller/3twDUI4Cpm8" }, { "name": "1034557", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1034557" }, { "name": "SUSE-SU-2016:2010", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html" }, { "name": "SUSE-SU-2016:2011", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00023.html" }, { "name": "SUSE-SU-2016:2003", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00017.html" }, { "name": "SUSE-SU-2016:0751", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00039.html" }, { "name": "SUSE-SU-2016:0747", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00035.html" }, { "name": "SUSE-SU-2016:0755", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00043.html" }, { "name": "SUSE-SU-2016:1994", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html" }, { "name": "USN-2887-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2887-2" }, { "tags": [ "x_refsource_MISC" ], "url": "https://forums.grsecurity.net/viewtopic.php?f=3\u0026t=4150" }, { "name": "SUSE-SU-2016:0757", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00045.html" }, { "name": "SUSE-SU-2016:1961", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html" }, { "name": "SUSE-SU-2016:2001", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html" }, { "name": "[netdev] 20150304 [PATCH net] af_unix: don\u0027t poll dead peers", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.spinics.net/lists/netdev/msg318826.html" }, { "name": "SUSE-SU-2016:0753", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00041.html" }, { "name": "USN-2886-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2886-1" }, { "name": "USN-2887-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2887-1" }, { "name": "USN-2890-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2890-3" }, { "name": "SUSE-SU-2016:2006", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7d267278a9ece963d77eefec61630223fce08c6c" }, { "name": "USN-2889-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2889-1" }, { "name": "SUSE-SU-2016:2014", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html" }, { "name": "openSUSE-SU-2016:1641", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html" }, { "name": "USN-2889-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2889-2" }, { "name": "SUSE-SU-2016:0746", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00034.html" }, { "name": "[linux-kernel] 20150913 List corruption on epoll_ctl(EPOLL_CTL_DEL) an AF_UNIX socket", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lkml.org/lkml/2015/9/13/195" }, { "name": "SUSE-SU-2016:0749", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00037.html" }, { "name": "SUSE-SU-2016:1102", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.3" }, { "name": "77638", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/77638" }, { "name": "SUSE-SU-2016:2009", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html" }, { "name": "SUSE-SU-2016:2005", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html" }, { "name": "[linux-kernel] 20140515 eventpoll __list_del_entry corruption (was: perf: use after free in perf_remove_from_context)", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lkml.org/lkml/2014/5/15/532" }, { "name": "SUSE-SU-2016:2007", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html" }, { "name": "SUSE-SU-2016:2074", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "name": "USN-2890-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2890-2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1282688" }, { "name": "SUSE-SU-2016:2000", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html" }, { "name": "SUSE-SU-2016:0745", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00033.html" }, { "name": "DSA-3426", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2015/dsa-3426" }, { "name": "SUSE-SU-2016:1995", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html" }, { "name": "[oss-security] 20151118 Re: CVE request - Linux kernel - Unix sockets use after free - peer_wait_queue prematurely freed", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2015/11/18/16" }, { "name": "SUSE-SU-2016:2002", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html" }, { "name": "[linux-kernel] 20131014 Re: epoll oops.", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lkml.org/lkml/2013/10/14/424" }, { "name": "SUSE-SU-2016:0756", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00044.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/torvalds/linux/commit/7d267278a9ece963d77eefec61630223fce08c6c" }, { "name": "USN-2890-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2890-1" }, { "name": "SUSE-SU-2016:0754", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00042.html" }, { "name": "SUSE-SU-2016:0752", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00040.html" }, { "name": "USN-2888-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2888-1" }, { "name": "SUSE-SU-2016:0911", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-7446", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "SUSE-SU-2016:0750", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00038.html" }, { "name": "https://groups.google.com/forum/#!topic/syzkaller/3twDUI4Cpm8", "refsource": "CONFIRM", "url": "https://groups.google.com/forum/#!topic/syzkaller/3twDUI4Cpm8" }, { "name": "1034557", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1034557" }, { "name": "SUSE-SU-2016:2010", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html" }, { "name": "SUSE-SU-2016:2011", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00023.html" }, { "name": "SUSE-SU-2016:2003", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00017.html" }, { "name": "SUSE-SU-2016:0751", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00039.html" }, { "name": "SUSE-SU-2016:0747", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00035.html" }, { "name": "SUSE-SU-2016:0755", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00043.html" }, { "name": "SUSE-SU-2016:1994", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html" }, { "name": "USN-2887-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2887-2" }, { "name": "https://forums.grsecurity.net/viewtopic.php?f=3\u0026t=4150", "refsource": "MISC", "url": "https://forums.grsecurity.net/viewtopic.php?f=3\u0026t=4150" }, { "name": "SUSE-SU-2016:0757", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00045.html" }, { "name": "SUSE-SU-2016:1961", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html" }, { "name": "SUSE-SU-2016:2001", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html" }, { "name": "[netdev] 20150304 [PATCH net] af_unix: don\u0027t poll dead peers", "refsource": "MLIST", "url": "http://www.spinics.net/lists/netdev/msg318826.html" }, { "name": "SUSE-SU-2016:0753", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00041.html" }, { "name": "USN-2886-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2886-1" }, { "name": "USN-2887-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2887-1" }, { "name": "USN-2890-3", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2890-3" }, { "name": "SUSE-SU-2016:2006", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html" }, { "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7d267278a9ece963d77eefec61630223fce08c6c", "refsource": "CONFIRM", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7d267278a9ece963d77eefec61630223fce08c6c" }, { "name": "USN-2889-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2889-1" }, { "name": "SUSE-SU-2016:2014", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html" }, { "name": "openSUSE-SU-2016:1641", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html" }, { "name": "USN-2889-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2889-2" }, { "name": "SUSE-SU-2016:0746", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00034.html" }, { "name": "[linux-kernel] 20150913 List corruption on epoll_ctl(EPOLL_CTL_DEL) an AF_UNIX socket", "refsource": "MLIST", "url": "https://lkml.org/lkml/2015/9/13/195" }, { "name": "SUSE-SU-2016:0749", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00037.html" }, { "name": "SUSE-SU-2016:1102", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.3", "refsource": "CONFIRM", "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.3" }, { "name": "77638", "refsource": "BID", "url": "http://www.securityfocus.com/bid/77638" }, { "name": "SUSE-SU-2016:2009", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html" }, { "name": "SUSE-SU-2016:2005", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html" }, { "name": "[linux-kernel] 20140515 eventpoll __list_del_entry corruption (was: perf: use after free in perf_remove_from_context)", "refsource": "MLIST", "url": "https://lkml.org/lkml/2014/5/15/532" }, { "name": "SUSE-SU-2016:2007", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html" }, { "name": "SUSE-SU-2016:2074", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "name": "USN-2890-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2890-2" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1282688", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1282688" }, { "name": "SUSE-SU-2016:2000", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html" }, { "name": "SUSE-SU-2016:0745", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00033.html" }, { "name": "DSA-3426", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2015/dsa-3426" }, { "name": "SUSE-SU-2016:1995", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html" }, { "name": "[oss-security] 20151118 Re: CVE request - Linux kernel - Unix sockets use after free - peer_wait_queue prematurely freed", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/11/18/16" }, { "name": "SUSE-SU-2016:2002", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html" }, { "name": "[linux-kernel] 20131014 Re: epoll oops.", "refsource": "MLIST", "url": "https://lkml.org/lkml/2013/10/14/424" }, { "name": "SUSE-SU-2016:0756", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00044.html" }, { "name": "https://github.com/torvalds/linux/commit/7d267278a9ece963d77eefec61630223fce08c6c", "refsource": "CONFIRM", "url": "https://github.com/torvalds/linux/commit/7d267278a9ece963d77eefec61630223fce08c6c" }, { "name": "USN-2890-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2890-1" }, { "name": "SUSE-SU-2016:0754", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00042.html" }, { "name": "SUSE-SU-2016:0752", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00040.html" }, { "name": "USN-2888-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2888-1" }, { "name": "SUSE-SU-2016:0911", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-7446", "datePublished": "2015-12-28T11:00:00", "dateReserved": "2015-11-18T00:00:00", "dateUpdated": "2024-08-06T18:09:16.999Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2015-8569 (GCVE-0-2015-8569)
Vulnerability from cvelistv5
Published
2015-12-28 11:00
Modified
2024-08-06 08:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel through 4.3.3 do not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application.
References
URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T08:20:43.262Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "[oss-security] 20151215 Re: CVE Request: Linux Kernel: information leak from getsockname", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2015/12/15/11" }, { "name": "USN-2886-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2886-1" }, { "name": "USN-2890-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2890-3" }, { "name": "79428", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/79428" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=09ccfd238e5a0e670d8178cf50180ea81ae09ae1" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://twitter.com/grsecurity/statuses/676744240802750464" }, { "name": "SUSE-SU-2016:1102", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "name": "[linux-kernel] 20151214 Information leak in pptp_bind", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lkml.org/lkml/2015/12/14/252" }, { "name": "FEDORA-2016-5d43766e33", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html" }, { "name": "SUSE-SU-2016:2074", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "name": "USN-2890-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2890-2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/09ccfd238e5a0e670d8178cf50180ea81ae09ae1" }, { "name": "1034549", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1034549" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1292045" }, { "name": "USN-2890-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2890-1" }, { "name": "DSA-3434", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3434" }, { "name": "USN-2888-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2888-1" }, { "name": "SUSE-SU-2016:0911", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2015-12-14T00:00:00", "descriptions": [ { "lang": "en", "value": "The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel through 4.3.3 do not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-01-06T16:16:06", "orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "microfocus" }, "references": [ { "name": "[oss-security] 20151215 Re: CVE Request: Linux Kernel: information leak from getsockname", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2015/12/15/11" }, { "name": "USN-2886-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2886-1" }, { "name": "USN-2890-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2890-3" }, { "name": "79428", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/79428" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=09ccfd238e5a0e670d8178cf50180ea81ae09ae1" }, { "tags": [ "x_refsource_MISC" ], "url": "http://twitter.com/grsecurity/statuses/676744240802750464" }, { "name": "SUSE-SU-2016:1102", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "name": "[linux-kernel] 20151214 Information leak in pptp_bind", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lkml.org/lkml/2015/12/14/252" }, { "name": "FEDORA-2016-5d43766e33", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html" }, { "name": "SUSE-SU-2016:2074", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "name": "USN-2890-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2890-2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/torvalds/linux/commit/09ccfd238e5a0e670d8178cf50180ea81ae09ae1" }, { "name": "1034549", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1034549" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1292045" }, { "name": "USN-2890-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2890-1" }, { "name": "DSA-3434", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3434" }, { "name": "USN-2888-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2888-1" }, { "name": "SUSE-SU-2016:0911", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@microfocus.com", "ID": "CVE-2015-8569", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel through 4.3.3 do not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "[oss-security] 20151215 Re: CVE Request: Linux Kernel: information leak from getsockname", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/12/15/11" }, { "name": "USN-2886-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2886-1" }, { "name": "USN-2890-3", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2890-3" }, { "name": "79428", "refsource": "BID", "url": "http://www.securityfocus.com/bid/79428" }, { "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=09ccfd238e5a0e670d8178cf50180ea81ae09ae1", "refsource": "CONFIRM", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=09ccfd238e5a0e670d8178cf50180ea81ae09ae1" }, { "name": "http://twitter.com/grsecurity/statuses/676744240802750464", "refsource": "MISC", "url": "http://twitter.com/grsecurity/statuses/676744240802750464" }, { "name": "SUSE-SU-2016:1102", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "name": "[linux-kernel] 20151214 Information leak in pptp_bind", "refsource": "MLIST", "url": "https://lkml.org/lkml/2015/12/14/252" }, { "name": "FEDORA-2016-5d43766e33", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html" }, { "name": "SUSE-SU-2016:2074", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "name": "USN-2890-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2890-2" }, { "name": "https://github.com/torvalds/linux/commit/09ccfd238e5a0e670d8178cf50180ea81ae09ae1", "refsource": "CONFIRM", "url": "https://github.com/torvalds/linux/commit/09ccfd238e5a0e670d8178cf50180ea81ae09ae1" }, { "name": "1034549", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1034549" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1292045", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1292045" }, { "name": "USN-2890-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2890-1" }, { "name": "DSA-3434", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3434" }, { "name": "USN-2888-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2888-1" }, { "name": "SUSE-SU-2016:0911", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "assignerShortName": "microfocus", "cveId": "CVE-2015-8569", "datePublished": "2015-12-28T11:00:00", "dateReserved": "2015-12-15T00:00:00", "dateUpdated": "2024-08-06T08:20:43.262Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2015-8575 (GCVE-0-2015-8575)
Vulnerability from cvelistv5
Published
2016-02-08 02:00
Modified
2024-08-06 08:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel before 4.3.4 does not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application.
References
URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T08:20:43.539Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1292840" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.4" }, { "name": "[oss-security] 20151216 Re: CVE Request: Linux Kernel: information leak from getsockname", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2015/12/16/3" }, { "name": "USN-2886-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2886-1" }, { "name": "USN-2890-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2890-3" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/5233252fce714053f0151680933571a2da9cbfb4" }, { "name": "SUSE-SU-2016:1102", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5233252fce714053f0151680933571a2da9cbfb4" }, { "name": "79724", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/79724" }, { "name": "FEDORA-2016-5d43766e33", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html" }, { "name": "SUSE-SU-2016:2074", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "name": "USN-2890-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2890-2" }, { "name": "USN-2890-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2890-1" }, { "name": "DSA-3434", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3434" }, { "name": "USN-2888-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2888-1" }, { "name": "SUSE-SU-2016:0911", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2015-12-16T00:00:00", "descriptions": [ { "lang": "en", "value": "The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel before 4.3.4 does not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-01-06T16:16:03", "orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "microfocus" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1292840" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.4" }, { "name": "[oss-security] 20151216 Re: CVE Request: Linux Kernel: information leak from getsockname", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2015/12/16/3" }, { "name": "USN-2886-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2886-1" }, { "name": "USN-2890-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2890-3" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/torvalds/linux/commit/5233252fce714053f0151680933571a2da9cbfb4" }, { "name": "SUSE-SU-2016:1102", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5233252fce714053f0151680933571a2da9cbfb4" }, { "name": "79724", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/79724" }, { "name": "FEDORA-2016-5d43766e33", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html" }, { "name": "SUSE-SU-2016:2074", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "name": "USN-2890-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2890-2" }, { "name": "USN-2890-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2890-1" }, { "name": "DSA-3434", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3434" }, { "name": "USN-2888-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2888-1" }, { "name": "SUSE-SU-2016:0911", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@microfocus.com", "ID": "CVE-2015-8575", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel before 4.3.4 does not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1292840", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1292840" }, { "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.4", "refsource": "CONFIRM", "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.4" }, { "name": "[oss-security] 20151216 Re: CVE Request: Linux Kernel: information leak from getsockname", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/12/16/3" }, { "name": "USN-2886-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2886-1" }, { "name": "USN-2890-3", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2890-3" }, { "name": "https://github.com/torvalds/linux/commit/5233252fce714053f0151680933571a2da9cbfb4", "refsource": "CONFIRM", "url": "https://github.com/torvalds/linux/commit/5233252fce714053f0151680933571a2da9cbfb4" }, { "name": "SUSE-SU-2016:1102", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5233252fce714053f0151680933571a2da9cbfb4", "refsource": "CONFIRM", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5233252fce714053f0151680933571a2da9cbfb4" }, { "name": "79724", "refsource": "BID", "url": "http://www.securityfocus.com/bid/79724" }, { "name": "FEDORA-2016-5d43766e33", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html" }, { "name": "SUSE-SU-2016:2074", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "name": "USN-2890-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2890-2" }, { "name": "USN-2890-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2890-1" }, { "name": "DSA-3434", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3434" }, { "name": "USN-2888-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2888-1" }, { "name": "SUSE-SU-2016:0911", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "assignerShortName": "microfocus", "cveId": "CVE-2015-8575", "datePublished": "2016-02-08T02:00:00", "dateReserved": "2015-12-16T00:00:00", "dateUpdated": "2024-08-06T08:20:43.539Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2016-0448 (GCVE-0-2016-0448)
Vulnerability from cvelistv5
Published
2016-01-21 02:00
Modified
2024-08-05 22:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66, and Java SE Embedded 8u65 allows remote authenticated users to affect confidentiality via vectors related to JMX.
References
URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T22:22:54.684Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "openSUSE-SU-2016:0272", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html" }, { "name": "1034715", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1034715" }, { "name": "openSUSE-SU-2016:0279", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html" }, { "name": "GLSA-201610-08", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201610-08" }, { "name": "USN-2884-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2884-1" }, { "name": "DSA-3465", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3465" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" }, { "name": "USN-2885-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2885-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" }, { "name": "RHSA-2016:1430", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2016:1430" }, { "name": "81123", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/81123" }, { "name": "RHSA-2016:0049", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0049.html" }, { "name": "openSUSE-SU-2016:0270", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html" }, { "name": "RHSA-2016:0053", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0053.html" }, { "name": "SUSE-SU-2016:0269", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html" }, { "name": "RHSA-2016:0067", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0067.html" }, { "name": "openSUSE-SU-2016:0263", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html" }, { "name": "SUSE-SU-2016:0256", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html" }, { "name": "GLSA-201603-14", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201603-14" }, { "name": "RHSA-2016:0057", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0057.html" }, { "name": "RHSA-2016:0055", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0055.html" }, { "name": "RHSA-2016:0054", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0054.html" }, { "name": "RHSA-2016:0056", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0056.html" }, { "name": "openSUSE-SU-2016:0268", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html" }, { "name": "RHSA-2016:0050", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0050.html" }, { "name": "DSA-3458", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3458" }, { "name": "SUSE-SU-2016:0265", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-01-19T00:00:00", "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66, and Java SE Embedded 8u65 allows remote authenticated users to affect confidentiality via vectors related to JMX." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-06-30T16:57:01", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle" }, "references": [ { "name": "openSUSE-SU-2016:0272", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html" }, { "name": "1034715", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1034715" }, { "name": "openSUSE-SU-2016:0279", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html" }, { "name": "GLSA-201610-08", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201610-08" }, { "name": "USN-2884-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2884-1" }, { "name": "DSA-3465", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3465" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" }, { "name": "USN-2885-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2885-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" }, { "name": "RHSA-2016:1430", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2016:1430" }, { "name": "81123", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/81123" }, { "name": "RHSA-2016:0049", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0049.html" }, { "name": "openSUSE-SU-2016:0270", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html" }, { "name": "RHSA-2016:0053", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0053.html" }, { "name": "SUSE-SU-2016:0269", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html" }, { "name": "RHSA-2016:0067", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0067.html" }, { "name": "openSUSE-SU-2016:0263", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html" }, { "name": "SUSE-SU-2016:0256", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html" }, { "name": "GLSA-201603-14", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201603-14" }, { "name": "RHSA-2016:0057", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0057.html" }, { "name": "RHSA-2016:0055", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0055.html" }, { "name": "RHSA-2016:0054", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0054.html" }, { "name": "RHSA-2016:0056", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0056.html" }, { "name": "openSUSE-SU-2016:0268", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html" }, { "name": "RHSA-2016:0050", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0050.html" }, { "name": "DSA-3458", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3458" }, { "name": "SUSE-SU-2016:0265", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2016-0448", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66, and Java SE Embedded 8u65 allows remote authenticated users to affect confidentiality via vectors related to JMX." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "openSUSE-SU-2016:0272", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html" }, { "name": "1034715", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1034715" }, { "name": "openSUSE-SU-2016:0279", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html" }, { "name": "GLSA-201610-08", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201610-08" }, { "name": "USN-2884-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2884-1" }, { "name": "DSA-3465", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3465" }, { "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" }, { "name": "USN-2885-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2885-1" }, { "name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" }, { "name": "RHSA-2016:1430", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2016:1430" }, { "name": "81123", "refsource": "BID", "url": "http://www.securityfocus.com/bid/81123" }, { "name": "RHSA-2016:0049", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-0049.html" }, { "name": "openSUSE-SU-2016:0270", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html" }, { "name": "RHSA-2016:0053", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-0053.html" }, { "name": "SUSE-SU-2016:0269", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html" }, { "name": "RHSA-2016:0067", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-0067.html" }, { "name": "openSUSE-SU-2016:0263", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html" }, { "name": "SUSE-SU-2016:0256", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html" }, { "name": "GLSA-201603-14", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201603-14" }, { "name": "RHSA-2016:0057", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-0057.html" }, { "name": "RHSA-2016:0055", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-0055.html" }, { "name": "RHSA-2016:0054", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-0054.html" }, { "name": "RHSA-2016:0056", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-0056.html" }, { "name": "openSUSE-SU-2016:0268", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html" }, { "name": "RHSA-2016:0050", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-0050.html" }, { "name": "DSA-3458", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3458" }, { "name": "SUSE-SU-2016:0265", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2016-0448", "datePublished": "2016-01-21T02:00:00", "dateReserved": "2015-12-09T00:00:00", "dateUpdated": "2024-08-05T22:22:54.684Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2015-7990 (GCVE-0-2015-7990)
Vulnerability from cvelistv5
Published
2015-12-28 11:00
Modified
2024-08-06 08:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Race condition in the rds_sendmsg function in net/rds/sendmsg.c in the Linux kernel before 4.3.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6937.
References
URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T08:06:31.579Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "SUSE-SU-2015:2292", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00018.html" }, { "name": "SUSE-SU-2016:0337", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00009.html" }, { "name": "SUSE-SU-2015:2350", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1276437" }, { "name": "SUSE-SU-2016:0434", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00034.html" }, { "name": "USN-2887-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2887-2" }, { "name": "[linux-kernel] 20151016 [PATCH] RDS: fix race condition when sending a message on unbound socket.", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lkml.org/lkml/2015/10/16/530" }, { "name": "1034453", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1034453" }, { "name": "USN-2886-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2886-1" }, { "name": "USN-2887-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2887-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=952384" }, { "name": "SUSE-SU-2015:2194", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html" }, { "name": "USN-2890-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2890-3" }, { "name": "openSUSE-SU-2015:2232", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00039.html" }, { "name": "SUSE-SU-2016:0380", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00017.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8c7188b23474cca017b3ef354c4a58456f68303a" }, { "name": "USN-2889-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2889-1" }, { "name": "SUSE-SU-2016:0354", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00013.html" }, { "name": "SUSE-SU-2016:0335", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00007.html" }, { "name": "SUSE-SU-2015:2339", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.html" }, { "name": "SUSE-SU-2015:2108", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00035.html" }, { "name": "USN-2889-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2889-2" }, { "name": "[oss-security] 20151027 Re: CVE-2015-6937 - Linux kernel - NULL pointer dereference in net/rds/connection.c", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2015/10/27/5" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.3" }, { "name": "SUSE-SU-2016:0383", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00019.html" }, { "name": "SUSE-SU-2016:0386", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00021.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" }, { "name": "SUSE-SU-2016:2074", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "name": "USN-2890-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2890-2" }, { "name": "77340", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/77340" }, { "name": "SUSE-SU-2016:0384", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00020.html" }, { "name": "DSA-3396", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2015/dsa-3396" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/8c7188b23474cca017b3ef354c4a58456f68303a" }, { "name": "USN-2890-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2890-1" }, { "name": "SUSE-SU-2016:0387", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00022.html" }, { "name": "SUSE-SU-2016:0381", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00018.html" }, { "name": "USN-2888-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2888-1" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2015-10-16T00:00:00", "descriptions": [ { "lang": "en", "value": "Race condition in the rds_sendmsg function in net/rds/sendmsg.c in the Linux kernel before 4.3.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6937." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-17T00:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "SUSE-SU-2015:2292", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00018.html" }, { "name": "SUSE-SU-2016:0337", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00009.html" }, { "name": "SUSE-SU-2015:2350", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1276437" }, { "name": "SUSE-SU-2016:0434", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00034.html" }, { "name": "USN-2887-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2887-2" }, { "name": "[linux-kernel] 20151016 [PATCH] RDS: fix race condition when sending a message on unbound socket.", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lkml.org/lkml/2015/10/16/530" }, { "name": "1034453", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1034453" }, { "name": "USN-2886-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2886-1" }, { "name": "USN-2887-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2887-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=952384" }, { "name": "SUSE-SU-2015:2194", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html" }, { "name": "USN-2890-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2890-3" }, { "name": "openSUSE-SU-2015:2232", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00039.html" }, { "name": "SUSE-SU-2016:0380", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00017.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8c7188b23474cca017b3ef354c4a58456f68303a" }, { "name": "USN-2889-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2889-1" }, { "name": "SUSE-SU-2016:0354", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00013.html" }, { "name": "SUSE-SU-2016:0335", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00007.html" }, { "name": "SUSE-SU-2015:2339", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.html" }, { "name": "SUSE-SU-2015:2108", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00035.html" }, { "name": "USN-2889-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2889-2" }, { "name": "[oss-security] 20151027 Re: CVE-2015-6937 - Linux kernel - NULL pointer dereference in net/rds/connection.c", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2015/10/27/5" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.3" }, { "name": "SUSE-SU-2016:0383", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00019.html" }, { "name": "SUSE-SU-2016:0386", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00021.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" }, { "name": "SUSE-SU-2016:2074", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "name": "USN-2890-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2890-2" }, { "name": "77340", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/77340" }, { "name": "SUSE-SU-2016:0384", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00020.html" }, { "name": "DSA-3396", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2015/dsa-3396" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/torvalds/linux/commit/8c7188b23474cca017b3ef354c4a58456f68303a" }, { "name": "USN-2890-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2890-1" }, { "name": "SUSE-SU-2016:0387", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00022.html" }, { "name": "SUSE-SU-2016:0381", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00018.html" }, { "name": "USN-2888-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2888-1" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-7990", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Race condition in the rds_sendmsg function in net/rds/sendmsg.c in the Linux kernel before 4.3.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6937." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "SUSE-SU-2015:2292", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00018.html" }, { "name": "SUSE-SU-2016:0337", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00009.html" }, { "name": "SUSE-SU-2015:2350", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.html" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1276437", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1276437" }, { "name": "SUSE-SU-2016:0434", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00034.html" }, { "name": "USN-2887-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2887-2" }, { "name": "[linux-kernel] 20151016 [PATCH] RDS: fix race condition when sending a message on unbound socket.", "refsource": "MLIST", "url": "https://lkml.org/lkml/2015/10/16/530" }, { "name": "1034453", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1034453" }, { "name": "USN-2886-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2886-1" }, { "name": "USN-2887-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2887-1" }, { "name": "https://bugzilla.suse.com/show_bug.cgi?id=952384", "refsource": "CONFIRM", "url": "https://bugzilla.suse.com/show_bug.cgi?id=952384" }, { "name": "SUSE-SU-2015:2194", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html" }, { "name": "USN-2890-3", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2890-3" }, { "name": "openSUSE-SU-2015:2232", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00039.html" }, { "name": "SUSE-SU-2016:0380", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00017.html" }, { "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8c7188b23474cca017b3ef354c4a58456f68303a", "refsource": "CONFIRM", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8c7188b23474cca017b3ef354c4a58456f68303a" }, { "name": "USN-2889-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2889-1" }, { "name": "SUSE-SU-2016:0354", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00013.html" }, { "name": "SUSE-SU-2016:0335", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00007.html" }, { "name": "SUSE-SU-2015:2339", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.html" }, { "name": "SUSE-SU-2015:2108", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00035.html" }, { "name": "USN-2889-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2889-2" }, { "name": "[oss-security] 20151027 Re: CVE-2015-6937 - Linux kernel - NULL pointer dereference in net/rds/connection.c", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/10/27/5" }, { "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.3", "refsource": "CONFIRM", "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.3" }, { "name": "SUSE-SU-2016:0383", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00019.html" }, { "name": "SUSE-SU-2016:0386", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00021.html" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" }, { "name": "SUSE-SU-2016:2074", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "name": "USN-2890-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2890-2" }, { "name": "77340", "refsource": "BID", "url": "http://www.securityfocus.com/bid/77340" }, { "name": "SUSE-SU-2016:0384", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00020.html" }, { "name": "DSA-3396", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2015/dsa-3396" }, { "name": "https://github.com/torvalds/linux/commit/8c7188b23474cca017b3ef354c4a58456f68303a", "refsource": "CONFIRM", "url": "https://github.com/torvalds/linux/commit/8c7188b23474cca017b3ef354c4a58456f68303a" }, { "name": "USN-2890-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2890-1" }, { "name": "SUSE-SU-2016:0387", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00022.html" }, { "name": "SUSE-SU-2016:0381", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00018.html" }, { "name": "USN-2888-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2888-1" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-7990", "datePublished": "2015-12-28T11:00:00", "dateReserved": "2015-10-28T00:00:00", "dateUpdated": "2024-08-06T08:06:31.579Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2015-8785 (GCVE-0-2015-8785)
Vulnerability from cvelistv5
Published
2016-02-08 02:00
Modified
2024-08-06 08:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov.
References
URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T08:29:21.986Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1290642" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/3ca8138f014a913f98e6ef40e939868e1e9ea876" }, { "name": "USN-2886-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2886-1" }, { "name": "DSA-3503", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3503" }, { "name": "81688", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/81688" }, { "name": "SUSE-SU-2016:1764", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html" }, { "name": "SUSE-SU-2016:1102", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3ca8138f014a913f98e6ef40e939868e1e9ea876" }, { "name": "SUSE-SU-2016:2074", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html" }, { "name": "[oss-security] 20160124 CVE Request: Linux: fuse: possible denial of service in fuse_fill_write_pages()", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2016/01/24/1" }, { "name": "openSUSE-SU-2016:1008", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html" }, { "name": "SUSE-SU-2016:0911", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2015-11-10T00:00:00", "descriptions": [ { "lang": "en", "value": "The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-12-02T20:57:01", "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "shortName": "debian" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1290642" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/torvalds/linux/commit/3ca8138f014a913f98e6ef40e939868e1e9ea876" }, { "name": "USN-2886-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2886-1" }, { "name": "DSA-3503", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3503" }, { "name": "81688", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/81688" }, { "name": "SUSE-SU-2016:1764", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html" }, { "name": "SUSE-SU-2016:1102", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3ca8138f014a913f98e6ef40e939868e1e9ea876" }, { "name": "SUSE-SU-2016:2074", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html" }, { "name": "[oss-security] 20160124 CVE Request: Linux: fuse: possible denial of service in fuse_fill_write_pages()", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2016/01/24/1" }, { "name": "openSUSE-SU-2016:1008", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html" }, { "name": "SUSE-SU-2016:0911", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@debian.org", "ID": "CVE-2015-8785", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1290642", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1290642" }, { "name": "https://github.com/torvalds/linux/commit/3ca8138f014a913f98e6ef40e939868e1e9ea876", "refsource": "CONFIRM", "url": "https://github.com/torvalds/linux/commit/3ca8138f014a913f98e6ef40e939868e1e9ea876" }, { "name": "USN-2886-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2886-1" }, { "name": "DSA-3503", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3503" }, { "name": "81688", "refsource": "BID", "url": "http://www.securityfocus.com/bid/81688" }, { "name": "SUSE-SU-2016:1764", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html" }, { "name": "SUSE-SU-2016:1102", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3ca8138f014a913f98e6ef40e939868e1e9ea876", "refsource": "CONFIRM", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3ca8138f014a913f98e6ef40e939868e1e9ea876" }, { "name": "SUSE-SU-2016:2074", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html" }, { "name": "[oss-security] 20160124 CVE Request: Linux: fuse: possible denial of service in fuse_fill_write_pages()", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/01/24/1" }, { "name": "openSUSE-SU-2016:1008", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html" }, { "name": "SUSE-SU-2016:0911", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "assignerShortName": "debian", "cveId": "CVE-2015-8785", "datePublished": "2016-02-08T02:00:00", "dateReserved": "2016-01-24T00:00:00", "dateUpdated": "2024-08-06T08:29:21.986Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2015-8543 (GCVE-0-2015-8543)
Vulnerability from cvelistv5
Published
2015-12-28 11:00
Modified
2024-08-06 08:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The networking implementation in the Linux kernel through 4.3.3, as used in Android and other products, does not validate protocol identifiers for certain protocol families, which allows local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application.
References
URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T08:20:43.195Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2016:0855", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0855.html" }, { "name": "1034892", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1034892" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" }, { "name": "USN-2886-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2886-1" }, { "name": "USN-2890-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2890-3" }, { "name": "RHSA-2016:2584", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html" }, { "name": "RHSA-2016:2574", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html" }, { "name": "SUSE-SU-2016:1102", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "name": "79698", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/79698" }, { "name": "SUSE-SU-2016:2074", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "name": "USN-2890-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2890-2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/79462ad02e861803b3840cc782248c7359451cd9" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=79462ad02e861803b3840cc782248c7359451cd9" }, { "name": "DSA-3426", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2015/dsa-3426" }, { "name": "[oss-security] 20151209 Re: CVE request - Android kernel - IPv6 connect cause a denial of service", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2015/12/09/5" }, { "name": "USN-2890-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2890-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1290475" }, { "name": "DSA-3434", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3434" }, { "name": "USN-2888-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2888-1" }, { "name": "SUSE-SU-2016:0911", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2015-12-09T00:00:00", "descriptions": [ { "lang": "en", "value": "The networking implementation in the Linux kernel through 4.3.3, as used in Android and other products, does not validate protocol identifiers for certain protocol families, which allows local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-04T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "RHSA-2016:0855", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0855.html" }, { "name": "1034892", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1034892" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" }, { "name": "USN-2886-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2886-1" }, { "name": "USN-2890-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2890-3" }, { "name": "RHSA-2016:2584", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html" }, { "name": "RHSA-2016:2574", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html" }, { "name": "SUSE-SU-2016:1102", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "name": "79698", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/79698" }, { "name": "SUSE-SU-2016:2074", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "name": "USN-2890-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2890-2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/torvalds/linux/commit/79462ad02e861803b3840cc782248c7359451cd9" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=79462ad02e861803b3840cc782248c7359451cd9" }, { "name": "DSA-3426", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2015/dsa-3426" }, { "name": "[oss-security] 20151209 Re: CVE request - Android kernel - IPv6 connect cause a denial of service", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2015/12/09/5" }, { "name": "USN-2890-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2890-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1290475" }, { "name": "DSA-3434", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3434" }, { "name": "USN-2888-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2888-1" }, { "name": "SUSE-SU-2016:0911", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-8543", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The networking implementation in the Linux kernel through 4.3.3, as used in Android and other products, does not validate protocol identifiers for certain protocol families, which allows local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2016:0855", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-0855.html" }, { "name": "1034892", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1034892" }, { "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" }, { "name": "USN-2886-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2886-1" }, { "name": "USN-2890-3", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2890-3" }, { "name": "RHSA-2016:2584", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html" }, { "name": "RHSA-2016:2574", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html" }, { "name": "SUSE-SU-2016:1102", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "name": "79698", "refsource": "BID", "url": "http://www.securityfocus.com/bid/79698" }, { "name": "SUSE-SU-2016:2074", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "name": "USN-2890-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2890-2" }, { "name": "https://github.com/torvalds/linux/commit/79462ad02e861803b3840cc782248c7359451cd9", "refsource": "CONFIRM", "url": "https://github.com/torvalds/linux/commit/79462ad02e861803b3840cc782248c7359451cd9" }, { "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=79462ad02e861803b3840cc782248c7359451cd9", "refsource": "CONFIRM", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=79462ad02e861803b3840cc782248c7359451cd9" }, { "name": "DSA-3426", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2015/dsa-3426" }, { "name": "[oss-security] 20151209 Re: CVE request - Android kernel - IPv6 connect cause a denial of service", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/12/09/5" }, { "name": "USN-2890-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2890-1" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1290475", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1290475" }, { "name": "DSA-3434", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3434" }, { "name": "USN-2888-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2888-1" }, { "name": "SUSE-SU-2016:0911", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-8543", "datePublished": "2015-12-28T11:00:00", "dateReserved": "2015-12-11T00:00:00", "dateUpdated": "2024-08-06T08:20:43.195Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2015-7513 (GCVE-0-2015-7513)
Vulnerability from cvelistv5
Published
2016-02-08 02:00
Modified
2024-08-06 07:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
arch/x86/kvm/x86.c in the Linux kernel before 4.4 does not reset the PIT counter values during state restoration, which allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via a zero value, related to the kvm_vm_ioctl_set_pit and kvm_vm_ioctl_set_pit2 functions.
References
URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T07:51:28.131Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "[oss-security] 20160107 CVE-2015-7513 Kernel: kvm: divide by zero issue leads to DoS", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2016/01/07/2" }, { "name": "FEDORA-2016-26e19f042a", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175792.html" }, { "name": "USN-2887-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2887-2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/0185604c2d82c560dab2f2933a18f797e74ab5a8" }, { "name": "USN-2886-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2886-1" }, { "name": "USN-2887-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2887-1" }, { "name": "USN-2890-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2890-3" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0185604c2d82c560dab2f2933a18f797e74ab5a8" }, { "name": "USN-2889-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2889-1" }, { "name": "FEDORA-2016-b59fd603be", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176194.html" }, { "name": "USN-2889-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2889-2" }, { "name": "79901", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/79901" }, { "name": "FEDORA-2016-5d43766e33", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html" }, { "name": "USN-2890-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2890-2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1284847" }, { "name": "USN-2890-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2890-1" }, { "name": "DSA-3434", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3434" }, { "name": "1034602", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1034602" }, { "name": "USN-2888-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2888-1" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-01-07T00:00:00", "descriptions": [ { "lang": "en", "value": "arch/x86/kvm/x86.c in the Linux kernel before 4.4 does not reset the PIT counter values during state restoration, which allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via a zero value, related to the kvm_vm_ioctl_set_pit and kvm_vm_ioctl_set_pit2 functions." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-11-03T18:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "[oss-security] 20160107 CVE-2015-7513 Kernel: kvm: divide by zero issue leads to DoS", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2016/01/07/2" }, { "name": "FEDORA-2016-26e19f042a", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175792.html" }, { "name": "USN-2887-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2887-2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/torvalds/linux/commit/0185604c2d82c560dab2f2933a18f797e74ab5a8" }, { "name": "USN-2886-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2886-1" }, { "name": "USN-2887-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2887-1" }, { "name": "USN-2890-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2890-3" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0185604c2d82c560dab2f2933a18f797e74ab5a8" }, { "name": "USN-2889-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2889-1" }, { "name": "FEDORA-2016-b59fd603be", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176194.html" }, { "name": "USN-2889-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2889-2" }, { "name": "79901", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/79901" }, { "name": "FEDORA-2016-5d43766e33", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html" }, { "name": "USN-2890-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2890-2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1284847" }, { "name": "USN-2890-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2890-1" }, { "name": "DSA-3434", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3434" }, { "name": "1034602", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1034602" }, { "name": "USN-2888-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2888-1" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2015-7513", "datePublished": "2016-02-08T02:00:00", "dateReserved": "2015-09-29T00:00:00", "dateUpdated": "2024-08-06T07:51:28.131Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2016-0483 (GCVE-0-2016-0483)
Vulnerability from cvelistv5
Published
2016-01-21 02:00
Modified
2024-08-05 22:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a heap-based buffer overflow in the readImage function, which allows remote attackers to execute arbitrary code via crafted image data.
References
URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T22:22:54.250Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-032" }, { "name": "openSUSE-SU-2016:0272", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html" }, { "name": "1034715", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1034715" }, { "name": "openSUSE-SU-2016:0279", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html" }, { "name": "GLSA-201610-08", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201610-08" }, { "name": "USN-2884-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2884-1" }, { "name": "DSA-3465", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3465" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" }, { "name": "USN-2885-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2885-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" }, { "name": "RHSA-2016:1430", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2016:1430" }, { "name": "RHSA-2016:0049", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0049.html" }, { "name": "openSUSE-SU-2016:0270", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html" }, { "name": "RHSA-2016:0053", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0053.html" }, { "name": "SUSE-SU-2016:0269", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html" }, { "name": "RHSA-2016:0067", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0067.html" }, { "name": "openSUSE-SU-2016:0263", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html" }, { "name": "SUSE-SU-2016:0256", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html" }, { "name": "GLSA-201603-14", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201603-14" }, { "name": "RHSA-2016:0057", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0057.html" }, { "name": "RHSA-2016:0055", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0055.html" }, { "name": "RHSA-2016:0054", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0054.html" }, { "name": "RHSA-2016:0056", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0056.html" }, { "name": "openSUSE-SU-2016:0268", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html" }, { "name": "RHSA-2016:0050", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0050.html" }, { "name": "DSA-3458", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3458" }, { "name": "SUSE-SU-2016:0265", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-01-19T00:00:00", "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a heap-based buffer overflow in the readImage function, which allows remote attackers to execute arbitrary code via crafted image data." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-06-30T16:57:01", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-032" }, { "name": "openSUSE-SU-2016:0272", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html" }, { "name": "1034715", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1034715" }, { "name": "openSUSE-SU-2016:0279", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html" }, { "name": "GLSA-201610-08", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201610-08" }, { "name": "USN-2884-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2884-1" }, { "name": "DSA-3465", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3465" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" }, { "name": "USN-2885-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2885-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" }, { "name": "RHSA-2016:1430", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2016:1430" }, { "name": "RHSA-2016:0049", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0049.html" }, { "name": "openSUSE-SU-2016:0270", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html" }, { "name": "RHSA-2016:0053", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0053.html" }, { "name": "SUSE-SU-2016:0269", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html" }, { "name": "RHSA-2016:0067", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0067.html" }, { "name": "openSUSE-SU-2016:0263", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html" }, { "name": "SUSE-SU-2016:0256", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html" }, { "name": "GLSA-201603-14", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201603-14" }, { "name": "RHSA-2016:0057", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0057.html" }, { "name": "RHSA-2016:0055", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0055.html" }, { "name": "RHSA-2016:0054", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0054.html" }, { "name": "RHSA-2016:0056", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0056.html" }, { "name": "openSUSE-SU-2016:0268", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html" }, { "name": "RHSA-2016:0050", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0050.html" }, { "name": "DSA-3458", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3458" }, { "name": "SUSE-SU-2016:0265", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2016-0483", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Unspecified vulnerability in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a heap-based buffer overflow in the readImage function, which allows remote attackers to execute arbitrary code via crafted image data." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-032", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-032" }, { "name": "openSUSE-SU-2016:0272", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html" }, { "name": "1034715", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1034715" }, { "name": "openSUSE-SU-2016:0279", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html" }, { "name": "GLSA-201610-08", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201610-08" }, { "name": "USN-2884-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2884-1" }, { "name": "DSA-3465", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3465" }, { "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" }, { "name": "USN-2885-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2885-1" }, { "name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" }, { "name": "RHSA-2016:1430", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2016:1430" }, { "name": "RHSA-2016:0049", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-0049.html" }, { "name": "openSUSE-SU-2016:0270", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html" }, { "name": "RHSA-2016:0053", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-0053.html" }, { "name": "SUSE-SU-2016:0269", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html" }, { "name": "RHSA-2016:0067", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-0067.html" }, { "name": "openSUSE-SU-2016:0263", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html" }, { "name": "SUSE-SU-2016:0256", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html" }, { "name": "GLSA-201603-14", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201603-14" }, { "name": "RHSA-2016:0057", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-0057.html" }, { "name": "RHSA-2016:0055", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-0055.html" }, { "name": "RHSA-2016:0054", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-0054.html" }, { "name": "RHSA-2016:0056", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-0056.html" }, { "name": "openSUSE-SU-2016:0268", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html" }, { "name": "RHSA-2016:0050", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-0050.html" }, { "name": "DSA-3458", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3458" }, { "name": "SUSE-SU-2016:0265", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2016-0483", "datePublished": "2016-01-21T02:00:00", "dateReserved": "2015-12-09T00:00:00", "dateUpdated": "2024-08-05T22:22:54.250Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2015-8374 (GCVE-0-2015-8374)
Vulnerability from cvelistv5
Published
2015-12-28 11:00
Modified
2024-08-06 08:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
fs/btrfs/inode.c in the Linux kernel before 4.3.3 mishandles compressed inline extents, which allows local users to obtain sensitive pre-truncation information from a file via a clone action.
References
URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T08:13:32.361Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1034895", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1034895" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/0305cd5f7fca85dae392b9ba85b116896eb7c1c7" }, { "name": "USN-2887-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2887-2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html" }, { "name": "[oss-security] 20151127 CVE request: Linux kernel, information disclosure after file truncate on BTRFS", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2015/11/27/2" }, { "name": "USN-2886-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2886-1" }, { "name": "USN-2887-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2887-1" }, { "name": "USN-2890-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2890-3" }, { "name": "RHSA-2016:2584", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html" }, { "name": "USN-2889-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2889-1" }, { "name": "RHSA-2016:2574", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html" }, { "name": "USN-2889-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2889-2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.3" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1286261" }, { "name": "78219", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/78219" }, { "name": "USN-2890-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2890-2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html" }, { "name": "DSA-3426", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2015/dsa-3426" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0305cd5f7fca85dae392b9ba85b116896eb7c1c7" }, { "name": "USN-2890-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2890-1" }, { "name": "USN-2888-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2888-1" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2015-10-16T00:00:00", "descriptions": [ { "lang": "en", "value": "fs/btrfs/inode.c in the Linux kernel before 4.3.3 mishandles compressed inline extents, which allows local users to obtain sensitive pre-truncation information from a file via a clone action." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-04T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "1034895", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1034895" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/torvalds/linux/commit/0305cd5f7fca85dae392b9ba85b116896eb7c1c7" }, { "name": "USN-2887-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2887-2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html" }, { "name": "[oss-security] 20151127 CVE request: Linux kernel, information disclosure after file truncate on BTRFS", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2015/11/27/2" }, { "name": "USN-2886-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2886-1" }, { "name": "USN-2887-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2887-1" }, { "name": "USN-2890-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2890-3" }, { "name": "RHSA-2016:2584", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html" }, { "name": "USN-2889-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2889-1" }, { "name": "RHSA-2016:2574", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html" }, { "name": "USN-2889-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2889-2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.3" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1286261" }, { "name": "78219", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/78219" }, { "name": "USN-2890-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2890-2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html" }, { "name": "DSA-3426", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2015/dsa-3426" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0305cd5f7fca85dae392b9ba85b116896eb7c1c7" }, { "name": "USN-2890-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2890-1" }, { "name": "USN-2888-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2888-1" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-8374", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "fs/btrfs/inode.c in the Linux kernel before 4.3.3 mishandles compressed inline extents, which allows local users to obtain sensitive pre-truncation information from a file via a clone action." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "1034895", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1034895" }, { "name": "https://github.com/torvalds/linux/commit/0305cd5f7fca85dae392b9ba85b116896eb7c1c7", "refsource": "CONFIRM", "url": "https://github.com/torvalds/linux/commit/0305cd5f7fca85dae392b9ba85b116896eb7c1c7" }, { "name": "USN-2887-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2887-2" }, { "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html" }, { "name": "[oss-security] 20151127 CVE request: Linux kernel, information disclosure after file truncate on BTRFS", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/11/27/2" }, { "name": "USN-2886-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2886-1" }, { "name": "USN-2887-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2887-1" }, { "name": "USN-2890-3", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2890-3" }, { "name": "RHSA-2016:2584", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html" }, { "name": "USN-2889-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2889-1" }, { "name": "RHSA-2016:2574", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html" }, { "name": "USN-2889-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2889-2" }, { "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.3", "refsource": "CONFIRM", "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.3" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1286261", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1286261" }, { "name": "78219", "refsource": "BID", "url": "http://www.securityfocus.com/bid/78219" }, { "name": "USN-2890-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2890-2" }, { "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html" }, { "name": "DSA-3426", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2015/dsa-3426" }, { "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0305cd5f7fca85dae392b9ba85b116896eb7c1c7", "refsource": "CONFIRM", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0305cd5f7fca85dae392b9ba85b116896eb7c1c7" }, { "name": "USN-2890-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2890-1" }, { "name": "USN-2888-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2888-1" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-8374", "datePublished": "2015-12-28T11:00:00", "dateReserved": "2015-11-27T00:00:00", "dateUpdated": "2024-08-06T08:13:32.361Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…