certfr_avis - certfr-2017-avi-111

Vendor	Product	Description
N/A	N/A	Juniper EX Series avec IPv6
Juniper Networks	Junos OS	Junos OS versions 15.1 et postérieures avec BGP
Juniper Networks	N/A	NorthStar Controller Application antérieures à la version 2.1.0 SP1
Juniper Networks	Junos OS	Junos OS
Juniper Networks	N/A	Juniper SRX, vSRX et J-Series avec le serveur DNS Proxy actif

CVE-2017-2316 (GCVE-0-2017-2316)

Vulnerability from cvelistv5

Published

2017-04-24 15:00

Modified

2024-08-05 13:48

Severity ?

CWE

buffer overflow vulnerability leading to a denial of service

Summary

A buffer overflow vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to cause a buffer overflow leading to a denial of service.

References

URL

Tags

	https://kb.juniper.net/JSA10783	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/97601	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	Juniper Networks	NorthStar Controller Application	Version: prior to version 2.1.0 Service Pack 1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:48:05.421Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA10783"
          },
          {
            "name": "97601",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97601"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "NorthStar Controller Application",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "status": "affected",
              "version": "prior to version 2.1.0 Service Pack 1"
            }
          ]
        }
      ],
      "datePublic": "2017-04-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A buffer overflow vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to cause a buffer overflow leading to a denial of service."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "buffer overflow vulnerability leading to a denial of service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-04-25T09:57:01",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.juniper.net/JSA10783"
        },
        {
          "name": "97601",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97601"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "sirt@juniper.net",
          "ID": "CVE-2017-2316",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "NorthStar Controller Application",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "prior to version 2.1.0 Service Pack 1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Juniper Networks"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A buffer overflow vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to cause a buffer overflow leading to a denial of service."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "buffer overflow vulnerability leading to a denial of service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.juniper.net/JSA10783",
              "refsource": "CONFIRM",
              "url": "https://kb.juniper.net/JSA10783"
            },
            {
              "name": "97601",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97601"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2017-2316",
    "datePublished": "2017-04-24T15:00:00",
    "dateReserved": "2016-12-01T00:00:00",
    "dateUpdated": "2024-08-05T13:48:05.421Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-2326 (GCVE-0-2017-2326)

Vulnerability from cvelistv5

Published

2017-04-24 15:00

Modified

2024-08-05 13:48

Severity ?

CWE

information disclosure

Summary

An information disclosure vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unprivileged, authenticated, network-based attacker to replicate the underlying Junos OS VM and all data it maintains to their local system for future analysis.

References

URL

Tags

	http://www.securityfocus.com/bid/97691	vdb-entry, x_refsource_BID
	https://kb.juniper.net/JSA10783	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Juniper Networks	NorthStar Controller Application	Version: prior to version 2.1.0 Service Pack 1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:48:05.234Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "97691",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97691"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA10783"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "NorthStar Controller Application",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "status": "affected",
              "version": "prior to version 2.1.0 Service Pack 1"
            }
          ]
        }
      ],
      "datePublic": "2017-04-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An information disclosure vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unprivileged, authenticated, network-based attacker to replicate the underlying Junos OS VM and all data it maintains to their local system for future analysis."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "information disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-04-25T09:57:01",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "name": "97691",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97691"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.juniper.net/JSA10783"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "sirt@juniper.net",
          "ID": "CVE-2017-2326",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "NorthStar Controller Application",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "prior to version 2.1.0 Service Pack 1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Juniper Networks"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An information disclosure vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unprivileged, authenticated, network-based attacker to replicate the underlying Junos OS VM and all data it maintains to their local system for future analysis."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "information disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "97691",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97691"
            },
            {
              "name": "https://kb.juniper.net/JSA10783",
              "refsource": "CONFIRM",
              "url": "https://kb.juniper.net/JSA10783"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2017-2326",
    "datePublished": "2017-04-24T15:00:00",
    "dateReserved": "2016-12-01T00:00:00",
    "dateUpdated": "2024-08-05T13:48:05.234Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-8104 (GCVE-0-2015-8104)

Vulnerability from cvelistv5

Published

2015-11-16 00:00

Modified

2025-04-23 15:40

Severity ?

10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE

n/a

Summary

The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c.

References

URL

Tags

	http://rhn.redhat.com/errata/RHSA-2015-2636.html	vendor-advisory
	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
	http://www.ubuntu.com/usn/USN-2841-2	vendor-advisory
	http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172187.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.html	vendor-advisory
	https://kb.juniper.net/JSA10783
	https://bugzilla.redhat.com/show_bug.cgi?id=1278496
	http://www.debian.org/security/2016/dsa-3454	vendor-advisory
	http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
	http://rhn.redhat.com/errata/RHSA-2015-2645.html	vendor-advisory
	http://www.ubuntu.com/usn/USN-2840-1	vendor-advisory
	http://www.securityfocus.com/bid/77524	vdb-entry
	https://github.com/torvalds/linux/commit/cbdb967af3d54993f5814f1cee0ed311a055377d
	http://lists.opensuse.org/opensuse-updates/2015-12/msg00053.html	vendor-advisory
	http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
	http://www.openwall.com/lists/oss-security/2015/11/10/5	mailing-list
	http://www.ubuntu.com/usn/USN-2843-1	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html	vendor-advisory
	http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
	http://www.ubuntu.com/usn/USN-2844-1	vendor-advisory
	http://lists.opensuse.org/opensuse-updates/2015-12/msg00039.html	vendor-advisory
	http://www.ubuntu.com/usn/USN-2842-2	vendor-advisory
	http://xenbits.xen.org/xsa/advisory-156.html
	http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00013.html	vendor-advisory
	http://www.ubuntu.com/usn/USN-2843-2	vendor-advisory
	http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172300.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00035.html	vendor-advisory
	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
	http://www.ubuntu.com/usn/USN-2842-1	vendor-advisory
	http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172435.html	vendor-advisory
	http://www.debian.org/security/2015/dsa-3414	vendor-advisory
	http://support.citrix.com/article/CTX202583
	http://www.securitytracker.com/id/1034105	vdb-entry
	http://www.securityfocus.com/bid/91787	vdb-entry
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html	vendor-advisory
	http://www.ubuntu.com/usn/USN-2841-1	vendor-advisory
	http://support.citrix.com/article/CTX203879
	http://www.debian.org/security/2015/dsa-3426	vendor-advisory
	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cbdb967af3d54993f5814f1cee0ed311a055377d
	http://rhn.redhat.com/errata/RHSA-2016-0046.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html	vendor-advisory
	http://www.openwall.com/lists/oss-security/2023/10/10/4	mailing-list

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T08:13:31.081Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2015:2636",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-2636.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
          },
          {
            "name": "USN-2841-2",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2841-2"
          },
          {
            "name": "FEDORA-2015-f150b2a8c8",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172187.html"
          },
          {
            "name": "SUSE-SU-2015:2350",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA10783"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1278496"
          },
          {
            "name": "DSA-3454",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3454"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
          },
          {
            "name": "RHSA-2015:2645",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-2645.html"
          },
          {
            "name": "USN-2840-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2840-1"
          },
          {
            "name": "77524",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/77524"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/cbdb967af3d54993f5814f1cee0ed311a055377d"
          },
          {
            "name": "openSUSE-SU-2015:2250",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00053.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
          },
          {
            "name": "[oss-security] 20151110 CVE-2015-8104 kernel: kvm: guest to host DoS by triggering an infinite loop in microcode via #DB exception",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/11/10/5"
          },
          {
            "name": "USN-2843-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2843-1"
          },
          {
            "name": "SUSE-SU-2015:2194",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
          },
          {
            "name": "USN-2844-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2844-1"
          },
          {
            "name": "openSUSE-SU-2015:2232",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00039.html"
          },
          {
            "name": "USN-2842-2",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2842-2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://xenbits.xen.org/xsa/advisory-156.html"
          },
          {
            "name": "SUSE-SU-2016:0354",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00013.html"
          },
          {
            "name": "USN-2843-2",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2843-2"
          },
          {
            "name": "FEDORA-2015-668d213dc3",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172300.html"
          },
          {
            "name": "SUSE-SU-2015:2339",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.html"
          },
          {
            "name": "SUSE-SU-2015:2108",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00035.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
          },
          {
            "name": "USN-2842-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2842-1"
          },
          {
            "name": "FEDORA-2015-394835a3f6",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172435.html"
          },
          {
            "name": "DSA-3414",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3414"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://support.citrix.com/article/CTX202583"
          },
          {
            "name": "1034105",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034105"
          },
          {
            "name": "91787",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91787"
          },
          {
            "name": "SUSE-SU-2016:2074",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
          },
          {
            "name": "USN-2841-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2841-1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://support.citrix.com/article/CTX203879"
          },
          {
            "name": "DSA-3426",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3426"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cbdb967af3d54993f5814f1cee0ed311a055377d"
          },
          {
            "name": "RHSA-2016:0046",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0046.html"
          },
          {
            "name": "openSUSE-SU-2016:1008",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html"
          },
          {
            "name": "[oss-security] 20231010 Xen Security Advisory 444 v3 (CVE-2023-34327,CVE-2023-34328) - x86/AMD: Debug Mask handling",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/10/10/4"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 10,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2015-8104",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T13:47:48.570746Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-23T15:40:54.273Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-11-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-10T14:06:16.207Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "RHSA-2015:2636",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-2636.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
        },
        {
          "name": "USN-2841-2",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2841-2"
        },
        {
          "name": "FEDORA-2015-f150b2a8c8",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172187.html"
        },
        {
          "name": "SUSE-SU-2015:2350",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.html"
        },
        {
          "url": "https://kb.juniper.net/JSA10783"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1278496"
        },
        {
          "name": "DSA-3454",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3454"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
        },
        {
          "name": "RHSA-2015:2645",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-2645.html"
        },
        {
          "name": "USN-2840-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2840-1"
        },
        {
          "name": "77524",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/77524"
        },
        {
          "url": "https://github.com/torvalds/linux/commit/cbdb967af3d54993f5814f1cee0ed311a055377d"
        },
        {
          "name": "openSUSE-SU-2015:2250",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00053.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
        },
        {
          "name": "[oss-security] 20151110 CVE-2015-8104 kernel: kvm: guest to host DoS by triggering an infinite loop in microcode via #DB exception",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/11/10/5"
        },
        {
          "name": "USN-2843-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2843-1"
        },
        {
          "name": "SUSE-SU-2015:2194",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
        },
        {
          "name": "USN-2844-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2844-1"
        },
        {
          "name": "openSUSE-SU-2015:2232",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00039.html"
        },
        {
          "name": "USN-2842-2",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2842-2"
        },
        {
          "url": "http://xenbits.xen.org/xsa/advisory-156.html"
        },
        {
          "name": "SUSE-SU-2016:0354",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00013.html"
        },
        {
          "name": "USN-2843-2",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2843-2"
        },
        {
          "name": "FEDORA-2015-668d213dc3",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172300.html"
        },
        {
          "name": "SUSE-SU-2015:2339",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.html"
        },
        {
          "name": "SUSE-SU-2015:2108",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00035.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
        },
        {
          "name": "USN-2842-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2842-1"
        },
        {
          "name": "FEDORA-2015-394835a3f6",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172435.html"
        },
        {
          "name": "DSA-3414",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3414"
        },
        {
          "url": "http://support.citrix.com/article/CTX202583"
        },
        {
          "name": "1034105",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1034105"
        },
        {
          "name": "91787",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/91787"
        },
        {
          "name": "SUSE-SU-2016:2074",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
        },
        {
          "name": "USN-2841-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2841-1"
        },
        {
          "url": "http://support.citrix.com/article/CTX203879"
        },
        {
          "name": "DSA-3426",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3426"
        },
        {
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cbdb967af3d54993f5814f1cee0ed311a055377d"
        },
        {
          "name": "RHSA-2016:0046",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0046.html"
        },
        {
          "name": "openSUSE-SU-2016:1008",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html"
        },
        {
          "name": "[oss-security] 20231010 Xen Security Advisory 444 v3 (CVE-2023-34327,CVE-2023-34328) - x86/AMD: Debug Mask handling",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2023/10/10/4"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-8104",
    "datePublished": "2015-11-16T00:00:00.000Z",
    "dateReserved": "2015-11-09T00:00:00.000Z",
    "dateUpdated": "2025-04-23T15:40:54.273Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-2325 (GCVE-0-2017-2325)

Vulnerability from cvelistv5

Published

2017-04-24 15:00

Modified

2024-08-05 13:48

Severity ?

CWE

buffer overflow leading to a denial of service

Summary

A buffer overflow vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to cause a buffer overflow leading to a denial of service.

References

URL

Tags

	https://kb.juniper.net/JSA10783	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/97602	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	Juniper Networks	NorthStar Controller Application	Version: prior to version 2.1.0 Service Pack 1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:48:05.317Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA10783"
          },
          {
            "name": "97602",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97602"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "NorthStar Controller Application",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "status": "affected",
              "version": "prior to version 2.1.0 Service Pack 1"
            }
          ]
        }
      ],
      "datePublic": "2017-04-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A buffer overflow vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to cause a buffer overflow leading to a denial of service."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "buffer overflow leading to a denial of service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-04-25T09:57:01",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.juniper.net/JSA10783"
        },
        {
          "name": "97602",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97602"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "sirt@juniper.net",
          "ID": "CVE-2017-2325",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "NorthStar Controller Application",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "prior to version 2.1.0 Service Pack 1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Juniper Networks"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A buffer overflow vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to cause a buffer overflow leading to a denial of service."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "buffer overflow leading to a denial of service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.juniper.net/JSA10783",
              "refsource": "CONFIRM",
              "url": "https://kb.juniper.net/JSA10783"
            },
            {
              "name": "97602",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97602"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2017-2325",
    "datePublished": "2017-04-24T15:00:00",
    "dateReserved": "2016-12-01T00:00:00",
    "dateUpdated": "2024-08-05T13:48:05.317Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-7979 (GCVE-0-2015-7979)

Vulnerability from cvelistv5

Published

2017-01-30 21:00

Modified

2024-08-06 08:06

Severity ?

CWE

n/a

Summary

NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (client-server association tear down) by sending broadcast packets with invalid authentication to a broadcast client.

References

URL

Tags

	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd	vendor-advisory, x_refsource_CISCO
	http://www.ubuntu.com/usn/USN-3096-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html	vendor-advisory, x_refsource_SUSE
	http://www.debian.org/security/2016/dsa-3629	vendor-advisory, x_refsource_DEBIAN
	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03766en_us	x_refsource_CONFIRM
	http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2016:1141	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html	vendor-advisory, x_refsource_SUSE
	http://www.securitytracker.com/id/1034782	vdb-entry, x_refsource_SECTRACK
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html	vendor-advisory, x_refsource_SUSE
	https://www.kb.cert.org/vuls/id/718152	third-party-advisory, x_refsource_CERT-VN
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html	vendor-advisory, x_refsource_SUSE
	http://rhn.redhat.com/errata/RHSA-2016-1552.html	vendor-advisory, x_refsource_REDHAT
	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03750en_us	x_refsource_CONFIRM
	http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176434.html	vendor-advisory, x_refsource_FEDORA
	http://rhn.redhat.com/errata/RHSA-2016-2583.html	vendor-advisory, x_refsource_REDHAT
	https://security.netapp.com/advisory/ntap-20171031-0001/	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html	vendor-advisory, x_refsource_SUSE
	http://www.securityfocus.com/bid/81816	vdb-entry, x_refsource_BID
	http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security	x_refsource_CONFIRM
	http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html	vendor-advisory, x_refsource_FEDORA
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html	vendor-advisory, x_refsource_SUSE
	https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc	vendor-advisory, x_refsource_FREEBSD
	https://bto.bluecoat.com/security-advisory/sa113	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html	vendor-advisory, x_refsource_SUSE
	https://security.gentoo.org/glsa/201607-15	vendor-advisory, x_refsource_GENTOO
	https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf	x_refsource_CONFIRM
	https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T08:06:31.532Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20160120 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products - January 2016",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
          },
          {
            "name": "USN-3096-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3096-1"
          },
          {
            "name": "SUSE-SU-2016:1177",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
          },
          {
            "name": "DSA-3629",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3629"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03766en_us"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
          },
          {
            "name": "RHSA-2016:1141",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2016:1141"
          },
          {
            "name": "SUSE-SU-2016:1912",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
          },
          {
            "name": "1034782",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034782"
          },
          {
            "name": "openSUSE-SU-2016:1292",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
          },
          {
            "name": "VU#718152",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/718152"
          },
          {
            "name": "SUSE-SU-2016:1247",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
          },
          {
            "name": "RHSA-2016:1552",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1552.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03750en_us"
          },
          {
            "name": "FEDORA-2016-8bb1932088",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176434.html"
          },
          {
            "name": "RHSA-2016:2583",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
          },
          {
            "name": "SUSE-SU-2016:1311",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
          },
          {
            "name": "81816",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/81816"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security"
          },
          {
            "name": "FEDORA-2016-34bc10a2c8",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html"
          },
          {
            "name": "SUSE-SU-2016:2094",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
          },
          {
            "name": "SUSE-SU-2016:1175",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
          },
          {
            "name": "FreeBSD-SA-16:09",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa113"
          },
          {
            "name": "openSUSE-SU-2016:1423",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
          },
          {
            "name": "GLSA-201607-15",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201607-15"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-01-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (client-server association tear down) by sending broadcast packets with invalid authentication to a broadcast client."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-15T20:21:16",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20160120 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products - January 2016",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
        },
        {
          "name": "USN-3096-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3096-1"
        },
        {
          "name": "SUSE-SU-2016:1177",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
        },
        {
          "name": "DSA-3629",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3629"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03766en_us"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
        },
        {
          "name": "RHSA-2016:1141",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2016:1141"
        },
        {
          "name": "SUSE-SU-2016:1912",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
        },
        {
          "name": "1034782",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1034782"
        },
        {
          "name": "openSUSE-SU-2016:1292",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
        },
        {
          "name": "VU#718152",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/718152"
        },
        {
          "name": "SUSE-SU-2016:1247",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
        },
        {
          "name": "RHSA-2016:1552",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1552.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03750en_us"
        },
        {
          "name": "FEDORA-2016-8bb1932088",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176434.html"
        },
        {
          "name": "RHSA-2016:2583",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
        },
        {
          "name": "SUSE-SU-2016:1311",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
        },
        {
          "name": "81816",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/81816"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security"
        },
        {
          "name": "FEDORA-2016-34bc10a2c8",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html"
        },
        {
          "name": "SUSE-SU-2016:2094",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
        },
        {
          "name": "SUSE-SU-2016:1175",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
        },
        {
          "name": "FreeBSD-SA-16:09",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bto.bluecoat.com/security-advisory/sa113"
        },
        {
          "name": "openSUSE-SU-2016:1423",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
        },
        {
          "name": "GLSA-201607-15",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201607-15"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-7979",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (client-server association tear down) by sending broadcast packets with invalid authentication to a broadcast client."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20160120 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products - January 2016",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
            },
            {
              "name": "USN-3096-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3096-1"
            },
            {
              "name": "SUSE-SU-2016:1177",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
            },
            {
              "name": "DSA-3629",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3629"
            },
            {
              "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03766en_us",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03766en_us"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
            },
            {
              "name": "RHSA-2016:1141",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2016:1141"
            },
            {
              "name": "SUSE-SU-2016:1912",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
            },
            {
              "name": "1034782",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1034782"
            },
            {
              "name": "openSUSE-SU-2016:1292",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
            },
            {
              "name": "VU#718152",
              "refsource": "CERT-VN",
              "url": "https://www.kb.cert.org/vuls/id/718152"
            },
            {
              "name": "SUSE-SU-2016:1247",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
            },
            {
              "name": "RHSA-2016:1552",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1552.html"
            },
            {
              "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03750en_us",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03750en_us"
            },
            {
              "name": "FEDORA-2016-8bb1932088",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176434.html"
            },
            {
              "name": "RHSA-2016:2583",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20171031-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
            },
            {
              "name": "SUSE-SU-2016:1311",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
            },
            {
              "name": "81816",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/81816"
            },
            {
              "name": "http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security",
              "refsource": "CONFIRM",
              "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security"
            },
            {
              "name": "FEDORA-2016-34bc10a2c8",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html"
            },
            {
              "name": "SUSE-SU-2016:2094",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
            },
            {
              "name": "SUSE-SU-2016:1175",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
            },
            {
              "name": "FreeBSD-SA-16:09",
              "refsource": "FREEBSD",
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
            },
            {
              "name": "https://bto.bluecoat.com/security-advisory/sa113",
              "refsource": "CONFIRM",
              "url": "https://bto.bluecoat.com/security-advisory/sa113"
            },
            {
              "name": "openSUSE-SU-2016:1423",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
            },
            {
              "name": "GLSA-201607-15",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201607-15"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
            },
            {
              "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11",
              "refsource": "MISC",
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-7979",
    "datePublished": "2017-01-30T21:00:00",
    "dateReserved": "2015-10-23T00:00:00",
    "dateUpdated": "2024-08-06T08:06:31.532Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-2321 (GCVE-0-2017-2321)

Vulnerability from cvelistv5

Published

2017-04-24 15:00

Modified

2024-08-05 13:48

Severity ?

CWE

denials of services, modification of system states and files, and potential disclosure of sensitive information

Summary

A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various system services partial to full denials of services, modification of system states and files, and potential disclosure of sensitive information which may assist the attacker in further attacks on the system through the use of multiple attack vectors, including man-in-the-middle attacks, file injections, and malicious execution of commands causing out of bound memory conditions leading to other attacks.

References

URL

Tags

	https://kb.juniper.net/JSA10783	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/97693	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	Juniper Networks	NorthStar Controller Application	Version: prior to version 2.1.0 Service Pack 1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:48:05.312Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA10783"
          },
          {
            "name": "97693",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97693"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "NorthStar Controller Application",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "status": "affected",
              "version": "prior to version 2.1.0 Service Pack 1"
            }
          ]
        }
      ],
      "datePublic": "2017-04-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various system services partial to full denials of services, modification of system states and files, and potential disclosure of sensitive information which may assist the attacker in further attacks on the system through the use of multiple attack vectors, including man-in-the-middle attacks, file injections, and malicious execution of commands causing out of bound memory conditions leading to other attacks."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "denials of services, modification of system states and files, and potential disclosure of sensitive information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-04-25T09:57:01",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.juniper.net/JSA10783"
        },
        {
          "name": "97693",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97693"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "sirt@juniper.net",
          "ID": "CVE-2017-2321",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "NorthStar Controller Application",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "prior to version 2.1.0 Service Pack 1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Juniper Networks"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various system services partial to full denials of services, modification of system states and files, and potential disclosure of sensitive information which may assist the attacker in further attacks on the system through the use of multiple attack vectors, including man-in-the-middle attacks, file injections, and malicious execution of commands causing out of bound memory conditions leading to other attacks."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "denials of services, modification of system states and files, and potential disclosure of sensitive information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.juniper.net/JSA10783",
              "refsource": "CONFIRM",
              "url": "https://kb.juniper.net/JSA10783"
            },
            {
              "name": "97693",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97693"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2017-2321",
    "datePublished": "2017-04-24T15:00:00",
    "dateReserved": "2016-12-01T00:00:00",
    "dateUpdated": "2024-08-05T13:48:05.312Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-7427 (GCVE-0-2016-7427)

Vulnerability from cvelistv5

Published

2017-01-13 16:00

Modified

2024-08-06 01:57

Severity ?

CWE

n/a

Summary

The broadcast mode replay prevention functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via a crafted broadcast mode packet.

References

URL

Tags

	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_us	x_refsource_CONFIRM
	https://usn.ubuntu.com/3707-2/	vendor-advisory, x_refsource_UBUNTU
	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03883en_us	x_refsource_CONFIRM
	http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities	x_refsource_CONFIRM
	http://nwtime.org/ntp428p9_release/	x_refsource_CONFIRM
	http://support.ntp.org/bin/view/Main/NtpBug3114	x_refsource_CONFIRM
	https://www.kb.cert.org/vuls/id/633847	third-party-advisory, x_refsource_CERT-VN
	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03899en_us	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1037354	vdb-entry, x_refsource_SECTRACK
	https://bto.bluecoat.com/security-advisory/sa139	x_refsource_CONFIRM
	https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc	vendor-advisory, x_refsource_FREEBSD
	http://www.securityfocus.com/bid/94447	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:57:47.547Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us"
          },
          {
            "name": "USN-3707-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3707-2/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03883en_us"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://nwtime.org/ntp428p9_release/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.ntp.org/bin/view/Main/NtpBug3114"
          },
          {
            "name": "VU#633847",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/633847"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03899en_us"
          },
          {
            "name": "1037354",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037354"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa139"
          },
          {
            "name": "FreeBSD-SA-16:39",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc"
          },
          {
            "name": "94447",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94447"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-11-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The broadcast mode replay prevention functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via a crafted broadcast mode packet."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-01-24T10:57:02",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us"
        },
        {
          "name": "USN-3707-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3707-2/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03883en_us"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://nwtime.org/ntp428p9_release/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.ntp.org/bin/view/Main/NtpBug3114"
        },
        {
          "name": "VU#633847",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/633847"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03899en_us"
        },
        {
          "name": "1037354",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037354"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bto.bluecoat.com/security-advisory/sa139"
        },
        {
          "name": "FreeBSD-SA-16:39",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc"
        },
        {
          "name": "94447",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94447"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-7427",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The broadcast mode replay prevention functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via a crafted broadcast mode packet."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us"
            },
            {
              "name": "USN-3707-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3707-2/"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03883en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03883en_us"
            },
            {
              "name": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities",
              "refsource": "CONFIRM",
              "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
            },
            {
              "name": "http://nwtime.org/ntp428p9_release/",
              "refsource": "CONFIRM",
              "url": "http://nwtime.org/ntp428p9_release/"
            },
            {
              "name": "http://support.ntp.org/bin/view/Main/NtpBug3114",
              "refsource": "CONFIRM",
              "url": "http://support.ntp.org/bin/view/Main/NtpBug3114"
            },
            {
              "name": "VU#633847",
              "refsource": "CERT-VN",
              "url": "https://www.kb.cert.org/vuls/id/633847"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03899en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03899en_us"
            },
            {
              "name": "1037354",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037354"
            },
            {
              "name": "https://bto.bluecoat.com/security-advisory/sa139",
              "refsource": "CONFIRM",
              "url": "https://bto.bluecoat.com/security-advisory/sa139"
            },
            {
              "name": "FreeBSD-SA-16:39",
              "refsource": "FREEBSD",
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc"
            },
            {
              "name": "94447",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94447"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-7427",
    "datePublished": "2017-01-13T16:00:00",
    "dateReserved": "2016-09-09T00:00:00",
    "dateUpdated": "2024-08-06T01:57:47.547Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-9444 (GCVE-0-2016-9444)

Vulnerability from cvelistv5

Published

2017-01-12 06:06

Modified

2024-08-06 02:50

Severity ?

CWE

n/a

Summary

named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted DS resource record in an answer.

References

URL

Tags

	http://www.securityfocus.com/bid/95393	vdb-entry, x_refsource_BID
	http://www.securitytracker.com/id/1037582	vdb-entry, x_refsource_SECTRACK
	https://security.gentoo.org/glsa/201708-01	vendor-advisory, x_refsource_GENTOO
	https://kb.isc.org/article/AA-01441/74/CVE-2016-9444	x_refsource_CONFIRM
	https://security.netapp.com/advisory/ntap-20180926-0005/	x_refsource_CONFIRM
	http://www.debian.org/security/2017/dsa-3758	vendor-advisory, x_refsource_DEBIAN
	https://access.redhat.com/errata/RHSA-2017:1583	vendor-advisory, x_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2017-0062.html	vendor-advisory, x_refsource_REDHAT
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05381687	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:50:38.365Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "95393",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95393"
          },
          {
            "name": "1037582",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037582"
          },
          {
            "name": "GLSA-201708-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201708-01"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.isc.org/article/AA-01441/74/CVE-2016-9444"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180926-0005/"
          },
          {
            "name": "DSA-3758",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3758"
          },
          {
            "name": "RHSA-2017:1583",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1583"
          },
          {
            "name": "RHSA-2017:0062",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0062.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05381687"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-01-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted DS resource record in an answer."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-09-27T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "95393",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95393"
        },
        {
          "name": "1037582",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037582"
        },
        {
          "name": "GLSA-201708-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201708-01"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.isc.org/article/AA-01441/74/CVE-2016-9444"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180926-0005/"
        },
        {
          "name": "DSA-3758",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3758"
        },
        {
          "name": "RHSA-2017:1583",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1583"
        },
        {
          "name": "RHSA-2017:0062",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0062.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05381687"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-9444",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted DS resource record in an answer."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "95393",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/95393"
            },
            {
              "name": "1037582",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037582"
            },
            {
              "name": "GLSA-201708-01",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201708-01"
            },
            {
              "name": "https://kb.isc.org/article/AA-01441/74/CVE-2016-9444",
              "refsource": "CONFIRM",
              "url": "https://kb.isc.org/article/AA-01441/74/CVE-2016-9444"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180926-0005/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180926-0005/"
            },
            {
              "name": "DSA-3758",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3758"
            },
            {
              "name": "RHSA-2017:1583",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1583"
            },
            {
              "name": "RHSA-2017:0062",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0062.html"
            },
            {
              "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05381687",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05381687"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-9444",
    "datePublished": "2017-01-12T06:06:00",
    "dateReserved": "2016-11-18T00:00:00",
    "dateUpdated": "2024-08-06T02:50:38.365Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-2315 (GCVE-0-2017-2315)

Vulnerability from cvelistv5

Published

2017-04-24 15:00

Modified

2024-08-05 13:48

Severity ?

CWE

denial of service vulnerability due to memory leak

Summary

On Juniper Networks EX Series Ethernet Switches running affected Junos OS versions, a vulnerability in IPv6 processing has been discovered that may allow a specially crafted IPv6 Neighbor Discovery (ND) packet destined to an EX Series Ethernet Switch to cause a slow memory leak. A malicious network-based packet flood of these crafted IPv6 NDP packets may eventually lead to resource exhaustion and a denial of service. The affected Junos OS versions are: 12.3 prior to 12.3R12-S4, 12.3R13; 13.3 prior to 13.3R10; 14.1 prior to 14.1R8-S3, 14.1R9; 14.1X53 prior ro 14.1X53-D12, 14.1X53-D40; 14.1X55 prior to 14.1X55-D35; 14.2 prior to 14.2R6-S4, 14.2R7-S6, 14.2R8; 15.1 prior to 15.1R5; 16.1 before 16.1R3; 16.2 before 16.2R1-S3, 16.2R2. 17.1R1 and all subsequent releases have a resolution for this vulnerability.

References

URL

Tags

	http://www.securitytracker.com/id/1038253	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/bid/97615	vdb-entry, x_refsource_BID
	https://kb.juniper.net/JSA10781	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Juniper Networks	Junos OS on EX series Ethernet Switches with IPv6 enabled	Version: 12.3 prior to 12.3R12-S4, 12.3R13 Version: 13.3 prior to 13.3R10 Version: 14.1 prior to 14.1R8-S3, 14.1R9 Version: 14.1X53 prior ro 14.1X53-D12, 14.1X53-D40 Version: 14.1X55 prior to 14.1X55-D35 Version: 14.2 prior to 14.2R6-S4, 14.2R7-S6, 14.2R8 Version: 15.1 prior to 15.1R5 Version: 16.1 before 16.1R3 Version: 16.2 before 16.2R1-S3, 16.2R2 Version: 17.1R1 and all subsequent releases have a resolution for this vulnerability

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:48:05.274Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1038253",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038253"
          },
          {
            "name": "97615",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97615"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA10781"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Junos OS on EX series Ethernet Switches with IPv6 enabled",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "status": "affected",
              "version": "12.3 prior to 12.3R12-S4, 12.3R13"
            },
            {
              "status": "affected",
              "version": "13.3 prior to 13.3R10"
            },
            {
              "status": "affected",
              "version": "14.1 prior to 14.1R8-S3, 14.1R9"
            },
            {
              "status": "affected",
              "version": "14.1X53 prior ro 14.1X53-D12, 14.1X53-D40"
            },
            {
              "status": "affected",
              "version": " 14.1X55 prior to 14.1X55-D35"
            },
            {
              "status": "affected",
              "version": "14.2 prior to 14.2R6-S4, 14.2R7-S6, 14.2R8"
            },
            {
              "status": "affected",
              "version": "15.1 prior to 15.1R5"
            },
            {
              "status": "affected",
              "version": "16.1 before 16.1R3"
            },
            {
              "status": "affected",
              "version": "16.2 before 16.2R1-S3, 16.2R2"
            },
            {
              "status": "affected",
              "version": "17.1R1 and all subsequent releases have a resolution for this vulnerability"
            }
          ]
        }
      ],
      "datePublic": "2017-04-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "On Juniper Networks EX Series Ethernet Switches running affected Junos OS versions, a vulnerability in IPv6 processing has been discovered that may allow a specially crafted IPv6 Neighbor Discovery (ND) packet destined to an EX Series Ethernet Switch to cause a slow memory leak. A malicious network-based packet flood of these crafted IPv6 NDP packets may eventually lead to resource exhaustion and a denial of service. The affected Junos OS versions are: 12.3 prior to 12.3R12-S4, 12.3R13; 13.3 prior to 13.3R10; 14.1 prior to 14.1R8-S3, 14.1R9; 14.1X53 prior ro 14.1X53-D12, 14.1X53-D40; 14.1X55 prior to 14.1X55-D35; 14.2 prior to 14.2R6-S4, 14.2R7-S6, 14.2R8; 15.1 prior to 15.1R5; 16.1 before 16.1R3; 16.2 before 16.2R1-S3, 16.2R2. 17.1R1 and all subsequent releases have a resolution for this vulnerability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "denial of service vulnerability due to memory leak",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T12:57:01",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "name": "1038253",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038253"
        },
        {
          "name": "97615",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97615"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.juniper.net/JSA10781"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "sirt@juniper.net",
          "ID": "CVE-2017-2315",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Junos OS on EX series Ethernet Switches with IPv6 enabled",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "12.3 prior to 12.3R12-S4, 12.3R13"
                          },
                          {
                            "version_value": "13.3 prior to 13.3R10"
                          },
                          {
                            "version_value": "14.1 prior to 14.1R8-S3, 14.1R9"
                          },
                          {
                            "version_value": "14.1X53 prior ro 14.1X53-D12, 14.1X53-D40"
                          },
                          {
                            "version_value": " 14.1X55 prior to 14.1X55-D35"
                          },
                          {
                            "version_value": "14.2 prior to 14.2R6-S4, 14.2R7-S6, 14.2R8"
                          },
                          {
                            "version_value": "15.1 prior to 15.1R5"
                          },
                          {
                            "version_value": "16.1 before 16.1R3"
                          },
                          {
                            "version_value": "16.2 before 16.2R1-S3, 16.2R2"
                          },
                          {
                            "version_value": "17.1R1 and all subsequent releases have a resolution for this vulnerability"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Juniper Networks"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "On Juniper Networks EX Series Ethernet Switches running affected Junos OS versions, a vulnerability in IPv6 processing has been discovered that may allow a specially crafted IPv6 Neighbor Discovery (ND) packet destined to an EX Series Ethernet Switch to cause a slow memory leak. A malicious network-based packet flood of these crafted IPv6 NDP packets may eventually lead to resource exhaustion and a denial of service. The affected Junos OS versions are: 12.3 prior to 12.3R12-S4, 12.3R13; 13.3 prior to 13.3R10; 14.1 prior to 14.1R8-S3, 14.1R9; 14.1X53 prior ro 14.1X53-D12, 14.1X53-D40; 14.1X55 prior to 14.1X55-D35; 14.2 prior to 14.2R6-S4, 14.2R7-S6, 14.2R8; 15.1 prior to 15.1R5; 16.1 before 16.1R3; 16.2 before 16.2R1-S3, 16.2R2. 17.1R1 and all subsequent releases have a resolution for this vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "denial of service vulnerability due to memory leak"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1038253",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038253"
            },
            {
              "name": "97615",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97615"
            },
            {
              "name": "https://kb.juniper.net/JSA10781",
              "refsource": "CONFIRM",
              "url": "https://kb.juniper.net/JSA10781"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2017-2315",
    "datePublished": "2017-04-24T15:00:00",
    "dateReserved": "2016-12-01T00:00:00",
    "dateUpdated": "2024-08-05T13:48:05.274Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-2318 (GCVE-0-2017-2318)

Vulnerability from cvelistv5

Published

2017-04-24 15:00

Modified

2024-08-05 13:48

Severity ?

CWE

read log files, compromise the integrity of the system or elevation of privileges

Summary

A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to read log files which will compromise the integrity of the system, or provide elevation of privileges.

References

URL

Tags

	https://kb.juniper.net/JSA10783	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/97660	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	Juniper Networks	NorthStar Controller Application	Version: prior to version 2.1.0 Service Pack 1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:48:05.277Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA10783"
          },
          {
            "name": "97660",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97660"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "NorthStar Controller Application",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "status": "affected",
              "version": "prior to version 2.1.0 Service Pack 1"
            }
          ]
        }
      ],
      "datePublic": "2017-04-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to read log files which will compromise the integrity of the system, or provide elevation of privileges."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "read log files, compromise the integrity of the system or elevation of privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-04-25T09:57:01",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.juniper.net/JSA10783"
        },
        {
          "name": "97660",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97660"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "sirt@juniper.net",
          "ID": "CVE-2017-2318",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "NorthStar Controller Application",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "prior to version 2.1.0 Service Pack 1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Juniper Networks"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to read log files which will compromise the integrity of the system, or provide elevation of privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "read log files, compromise the integrity of the system or elevation of privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.juniper.net/JSA10783",
              "refsource": "CONFIRM",
              "url": "https://kb.juniper.net/JSA10783"
            },
            {
              "name": "97660",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97660"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2017-2318",
    "datePublished": "2017-04-24T15:00:00",
    "dateReserved": "2016-12-01T00:00:00",
    "dateUpdated": "2024-08-05T13:48:05.277Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-8138 (GCVE-0-2015-8138)

Vulnerability from cvelistv5

Published

2017-01-30 21:00

Modified

2024-08-06 08:13

Severity ?

CWE

n/a

Summary

NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the origin timestamp validation via a packet with an origin timestamp set to zero.

References

URL

Tags

	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd	vendor-advisory, x_refsource_CISCO
	http://www.ubuntu.com/usn/USN-3096-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html	vendor-advisory, x_refsource_SUSE
	http://www.debian.org/security/2016/dsa-3629	vendor-advisory, x_refsource_DEBIAN
	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03766en_us	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html	vendor-advisory, x_refsource_SUSE
	http://www.securitytracker.com/id/1034782	vdb-entry, x_refsource_SECTRACK
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html	vendor-advisory, x_refsource_SUSE
	https://www.kb.cert.org/vuls/id/718152	third-party-advisory, x_refsource_CERT-VN
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html	vendor-advisory, x_refsource_SUSE
	http://rhn.redhat.com/errata/RHSA-2016-0063.html	vendor-advisory, x_refsource_REDHAT
	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03750en_us	x_refsource_CONFIRM
	http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176434.html	vendor-advisory, x_refsource_FEDORA
	http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html	x_refsource_CONFIRM
	https://security.netapp.com/advisory/ntap-20171004-0002/	x_refsource_CONFIRM
	https://security.netapp.com/advisory/ntap-20171031-0001/	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html	vendor-advisory, x_refsource_SUSE
	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd	vendor-advisory, x_refsource_CISCO
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161123-ntpd	vendor-advisory, x_refsource_CISCO
	http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security	x_refsource_CONFIRM
	http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html	vendor-advisory, x_refsource_FEDORA
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html	vendor-advisory, x_refsource_SUSE
	http://www.securityfocus.com/bid/81811	vdb-entry, x_refsource_BID
	https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc	vendor-advisory, x_refsource_FREEBSD
	https://bto.bluecoat.com/security-advisory/sa113	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html	vendor-advisory, x_refsource_SUSE
	https://security.gentoo.org/glsa/201607-15	vendor-advisory, x_refsource_GENTOO
	https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf	x_refsource_CONFIRM
	https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11	x_refsource_MISC
	https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf	x_refsource_CONFIRM
	https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T08:13:31.677Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20160120 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products - January 2016",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
          },
          {
            "name": "USN-3096-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3096-1"
          },
          {
            "name": "SUSE-SU-2016:1177",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
          },
          {
            "name": "DSA-3629",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3629"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03766en_us"
          },
          {
            "name": "SUSE-SU-2016:1912",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
          },
          {
            "name": "1034782",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034782"
          },
          {
            "name": "openSUSE-SU-2016:1292",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
          },
          {
            "name": "VU#718152",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/718152"
          },
          {
            "name": "SUSE-SU-2016:1247",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
          },
          {
            "name": "RHSA-2016:0063",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0063.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03750en_us"
          },
          {
            "name": "FEDORA-2016-8bb1932088",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176434.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
          },
          {
            "name": "SUSE-SU-2016:1311",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
          },
          {
            "name": "20160428 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd"
          },
          {
            "name": "20161123 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: November 2016",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161123-ntpd"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security"
          },
          {
            "name": "FEDORA-2016-34bc10a2c8",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html"
          },
          {
            "name": "SUSE-SU-2016:2094",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
          },
          {
            "name": "SUSE-SU-2016:1175",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
          },
          {
            "name": "81811",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/81811"
          },
          {
            "name": "FreeBSD-SA-16:09",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa113"
          },
          {
            "name": "openSUSE-SU-2016:1423",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
          },
          {
            "name": "GLSA-201607-15",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201607-15"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-01-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the origin timestamp validation via a packet with an origin timestamp set to zero."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-11-05T17:23:16",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20160120 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products - January 2016",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
        },
        {
          "name": "USN-3096-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3096-1"
        },
        {
          "name": "SUSE-SU-2016:1177",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
        },
        {
          "name": "DSA-3629",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3629"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03766en_us"
        },
        {
          "name": "SUSE-SU-2016:1912",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
        },
        {
          "name": "1034782",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1034782"
        },
        {
          "name": "openSUSE-SU-2016:1292",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
        },
        {
          "name": "VU#718152",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/718152"
        },
        {
          "name": "SUSE-SU-2016:1247",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
        },
        {
          "name": "RHSA-2016:0063",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0063.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03750en_us"
        },
        {
          "name": "FEDORA-2016-8bb1932088",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176434.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
        },
        {
          "name": "SUSE-SU-2016:1311",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
        },
        {
          "name": "20160428 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd"
        },
        {
          "name": "20161123 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: November 2016",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161123-ntpd"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security"
        },
        {
          "name": "FEDORA-2016-34bc10a2c8",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html"
        },
        {
          "name": "SUSE-SU-2016:2094",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
        },
        {
          "name": "SUSE-SU-2016:1175",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
        },
        {
          "name": "81811",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/81811"
        },
        {
          "name": "FreeBSD-SA-16:09",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bto.bluecoat.com/security-advisory/sa113"
        },
        {
          "name": "openSUSE-SU-2016:1423",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
        },
        {
          "name": "GLSA-201607-15",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201607-15"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-8138",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the origin timestamp validation via a packet with an origin timestamp set to zero."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20160120 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products - January 2016",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
            },
            {
              "name": "USN-3096-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3096-1"
            },
            {
              "name": "SUSE-SU-2016:1177",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
            },
            {
              "name": "DSA-3629",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3629"
            },
            {
              "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03766en_us",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03766en_us"
            },
            {
              "name": "SUSE-SU-2016:1912",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
            },
            {
              "name": "1034782",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1034782"
            },
            {
              "name": "openSUSE-SU-2016:1292",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
            },
            {
              "name": "VU#718152",
              "refsource": "CERT-VN",
              "url": "https://www.kb.cert.org/vuls/id/718152"
            },
            {
              "name": "SUSE-SU-2016:1247",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
            },
            {
              "name": "RHSA-2016:0063",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0063.html"
            },
            {
              "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03750en_us",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03750en_us"
            },
            {
              "name": "FEDORA-2016-8bb1932088",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176434.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20171004-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20171031-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
            },
            {
              "name": "SUSE-SU-2016:1311",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
            },
            {
              "name": "20160428 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd"
            },
            {
              "name": "20161123 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: November 2016",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161123-ntpd"
            },
            {
              "name": "http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security",
              "refsource": "CONFIRM",
              "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security"
            },
            {
              "name": "FEDORA-2016-34bc10a2c8",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html"
            },
            {
              "name": "SUSE-SU-2016:2094",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
            },
            {
              "name": "SUSE-SU-2016:1175",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
            },
            {
              "name": "81811",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/81811"
            },
            {
              "name": "FreeBSD-SA-16:09",
              "refsource": "FREEBSD",
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
            },
            {
              "name": "https://bto.bluecoat.com/security-advisory/sa113",
              "refsource": "CONFIRM",
              "url": "https://bto.bluecoat.com/security-advisory/sa113"
            },
            {
              "name": "openSUSE-SU-2016:1423",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
            },
            {
              "name": "GLSA-201607-15",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201607-15"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
            },
            {
              "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11",
              "refsource": "MISC",
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
            },
            {
              "name": "https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19",
              "refsource": "MISC",
              "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-8138",
    "datePublished": "2017-01-30T21:00:00",
    "dateReserved": "2015-11-13T00:00:00",
    "dateUpdated": "2024-08-06T08:13:31.677Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-9147 (GCVE-0-2016-9147)

Vulnerability from cvelistv5

Published

2017-01-12 06:06

Modified

2024-08-06 02:42

Severity ?

CWE

n/a

Summary

named in ISC BIND 9.9.9-P4, 9.9.9-S6, 9.10.4-P4, and 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a response containing an inconsistency among the DNSSEC-related RRsets.

References

URL

Tags

	http://www.securitytracker.com/id/1037582	vdb-entry, x_refsource_SECTRACK
	https://security.gentoo.org/glsa/201708-01	vendor-advisory, x_refsource_GENTOO
	https://kb.isc.org/article/AA-01440/74/CVE-2016-9147	x_refsource_CONFIRM
	https://security.netapp.com/advisory/ntap-20180926-0005/	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2017:1582	vendor-advisory, x_refsource_REDHAT
	http://www.debian.org/security/2017/dsa-3758	vendor-advisory, x_refsource_DEBIAN
	https://access.redhat.com/errata/RHSA-2017:1583	vendor-advisory, x_refsource_REDHAT
	http://www.securityfocus.com/bid/95390	vdb-entry, x_refsource_BID
	http://rhn.redhat.com/errata/RHSA-2017-0064.html	vendor-advisory, x_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2017-0063.html	vendor-advisory, x_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2017-0062.html	vendor-advisory, x_refsource_REDHAT

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:42:11.012Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1037582",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037582"
          },
          {
            "name": "GLSA-201708-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201708-01"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.isc.org/article/AA-01440/74/CVE-2016-9147"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180926-0005/"
          },
          {
            "name": "RHSA-2017:1582",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1582"
          },
          {
            "name": "DSA-3758",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3758"
          },
          {
            "name": "RHSA-2017:1583",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1583"
          },
          {
            "name": "95390",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95390"
          },
          {
            "name": "RHSA-2017:0064",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0064.html"
          },
          {
            "name": "RHSA-2017:0063",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0063.html"
          },
          {
            "name": "RHSA-2017:0062",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0062.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-01-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "named in ISC BIND 9.9.9-P4, 9.9.9-S6, 9.10.4-P4, and 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a response containing an inconsistency among the DNSSEC-related RRsets."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-09-27T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1037582",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037582"
        },
        {
          "name": "GLSA-201708-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201708-01"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.isc.org/article/AA-01440/74/CVE-2016-9147"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180926-0005/"
        },
        {
          "name": "RHSA-2017:1582",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1582"
        },
        {
          "name": "DSA-3758",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3758"
        },
        {
          "name": "RHSA-2017:1583",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1583"
        },
        {
          "name": "95390",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95390"
        },
        {
          "name": "RHSA-2017:0064",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0064.html"
        },
        {
          "name": "RHSA-2017:0063",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0063.html"
        },
        {
          "name": "RHSA-2017:0062",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0062.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-9147",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "named in ISC BIND 9.9.9-P4, 9.9.9-S6, 9.10.4-P4, and 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a response containing an inconsistency among the DNSSEC-related RRsets."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1037582",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037582"
            },
            {
              "name": "GLSA-201708-01",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201708-01"
            },
            {
              "name": "https://kb.isc.org/article/AA-01440/74/CVE-2016-9147",
              "refsource": "CONFIRM",
              "url": "https://kb.isc.org/article/AA-01440/74/CVE-2016-9147"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180926-0005/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180926-0005/"
            },
            {
              "name": "RHSA-2017:1582",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1582"
            },
            {
              "name": "DSA-3758",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3758"
            },
            {
              "name": "RHSA-2017:1583",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1583"
            },
            {
              "name": "95390",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/95390"
            },
            {
              "name": "RHSA-2017:0064",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0064.html"
            },
            {
              "name": "RHSA-2017:0063",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0063.html"
            },
            {
              "name": "RHSA-2017:0062",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0062.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-9147",
    "datePublished": "2017-01-12T06:06:00",
    "dateReserved": "2016-11-03T00:00:00",
    "dateUpdated": "2024-08-06T02:42:11.012Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-9311 (GCVE-0-2016-9311)

Vulnerability from cvelistv5

Published

2017-01-13 16:00

Modified

2024-08-06 02:50

Severity ?

CWE

n/a

Summary

ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted packet.

References

URL

Tags

	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_us	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/94444	vdb-entry, x_refsource_BID
	https://usn.ubuntu.com/3707-2/	vendor-advisory, x_refsource_UBUNTU
	http://rhn.redhat.com/errata/RHSA-2017-0252.html	vendor-advisory, x_refsource_REDHAT
	http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities	x_refsource_CONFIRM
	http://nwtime.org/ntp428p9_release/	x_refsource_CONFIRM
	https://www.kb.cert.org/vuls/id/633847	third-party-advisory, x_refsource_CERT-VN
	http://www.securitytracker.com/id/1037354	vdb-entry, x_refsource_SECTRACK
	https://bto.bluecoat.com/security-advisory/sa139	x_refsource_CONFIRM
	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03799en_us	x_refsource_CONFIRM
	https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc	vendor-advisory, x_refsource_FREEBSD
	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03885en_us	x_refsource_CONFIRM
	http://support.ntp.org/bin/view/Main/NtpBug3119	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:50:36.788Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us"
          },
          {
            "name": "94444",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94444"
          },
          {
            "name": "USN-3707-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3707-2/"
          },
          {
            "name": "RHSA-2017:0252",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0252.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://nwtime.org/ntp428p9_release/"
          },
          {
            "name": "VU#633847",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/633847"
          },
          {
            "name": "1037354",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037354"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa139"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03799en_us"
          },
          {
            "name": "FreeBSD-SA-16:39",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03885en_us"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.ntp.org/bin/view/Main/NtpBug3119"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-11-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted packet."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-01-24T10:57:02",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us"
        },
        {
          "name": "94444",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94444"
        },
        {
          "name": "USN-3707-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3707-2/"
        },
        {
          "name": "RHSA-2017:0252",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0252.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://nwtime.org/ntp428p9_release/"
        },
        {
          "name": "VU#633847",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/633847"
        },
        {
          "name": "1037354",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037354"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bto.bluecoat.com/security-advisory/sa139"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03799en_us"
        },
        {
          "name": "FreeBSD-SA-16:39",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03885en_us"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.ntp.org/bin/view/Main/NtpBug3119"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-9311",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted packet."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us"
            },
            {
              "name": "94444",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94444"
            },
            {
              "name": "USN-3707-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3707-2/"
            },
            {
              "name": "RHSA-2017:0252",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0252.html"
            },
            {
              "name": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities",
              "refsource": "CONFIRM",
              "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
            },
            {
              "name": "http://nwtime.org/ntp428p9_release/",
              "refsource": "CONFIRM",
              "url": "http://nwtime.org/ntp428p9_release/"
            },
            {
              "name": "VU#633847",
              "refsource": "CERT-VN",
              "url": "https://www.kb.cert.org/vuls/id/633847"
            },
            {
              "name": "1037354",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037354"
            },
            {
              "name": "https://bto.bluecoat.com/security-advisory/sa139",
              "refsource": "CONFIRM",
              "url": "https://bto.bluecoat.com/security-advisory/sa139"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03799en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03799en_us"
            },
            {
              "name": "FreeBSD-SA-16:39",
              "refsource": "FREEBSD",
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03885en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03885en_us"
            },
            {
              "name": "http://support.ntp.org/bin/view/Main/NtpBug3119",
              "refsource": "CONFIRM",
              "url": "http://support.ntp.org/bin/view/Main/NtpBug3119"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-9311",
    "datePublished": "2017-01-13T16:00:00",
    "dateReserved": "2016-11-14T00:00:00",
    "dateUpdated": "2024-08-06T02:50:36.788Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-1014 (GCVE-0-2016-1014)

Vulnerability from cvelistv5

Published

2016-04-09 01:00

Modified

2024-08-05 22:38

Severity ?

CWE

n/a

Summary

Untrusted search path vulnerability in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows local users to gain privileges via a Trojan horse resource in an unspecified directory.

References

URL

Tags

	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html	vendor-advisory, x_refsource_SUSE
	http://packetstormsecurity.com/files/137532/Adobe-Flash-Player-DLL-Hijacking.html	x_refsource_MISC
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html	vendor-advisory, x_refsource_SUSE
	http://seclists.org/fulldisclosure/2016/Jun/39	mailing-list, x_refsource_FULLDISC
	http://rhn.redhat.com/errata/RHSA-2016-0610.html	vendor-advisory, x_refsource_REDHAT
	http://www.securityfocus.com/archive/1/538699/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://www.securitytracker.com/id/1035509	vdb-entry, x_refsource_SECTRACK
	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-050	vendor-advisory, x_refsource_MS
	https://helpx.adobe.com/security/products/flash-player/apsb16-10.html	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:38:41.535Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SUSE-SU-2016:1305",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/137532/Adobe-Flash-Player-DLL-Hijacking.html"
          },
          {
            "name": "openSUSE-SU-2016:1306",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html"
          },
          {
            "name": "20160618 [CVE-2016-1014] Escalation of privilege via executable (un)installers of Flash Player",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2016/Jun/39"
          },
          {
            "name": "RHSA-2016:0610",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0610.html"
          },
          {
            "name": "20160617 [CVE-2016-1014] Escalation of privilege via executable (un)installers of Flash Player",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/538699/100/0/threaded"
          },
          {
            "name": "1035509",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035509"
          },
          {
            "name": "MS16-050",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-050"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-10.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-04-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Untrusted search path vulnerability in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows local users to gain privileges via a Trojan horse resource in an unspecified directory."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "name": "SUSE-SU-2016:1305",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/137532/Adobe-Flash-Player-DLL-Hijacking.html"
        },
        {
          "name": "openSUSE-SU-2016:1306",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html"
        },
        {
          "name": "20160618 [CVE-2016-1014] Escalation of privilege via executable (un)installers of Flash Player",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2016/Jun/39"
        },
        {
          "name": "RHSA-2016:0610",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0610.html"
        },
        {
          "name": "20160617 [CVE-2016-1014] Escalation of privilege via executable (un)installers of Flash Player",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/538699/100/0/threaded"
        },
        {
          "name": "1035509",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1035509"
        },
        {
          "name": "MS16-050",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-050"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-10.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2016-1014",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Untrusted search path vulnerability in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows local users to gain privileges via a Trojan horse resource in an unspecified directory."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SUSE-SU-2016:1305",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html"
            },
            {
              "name": "http://packetstormsecurity.com/files/137532/Adobe-Flash-Player-DLL-Hijacking.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/137532/Adobe-Flash-Player-DLL-Hijacking.html"
            },
            {
              "name": "openSUSE-SU-2016:1306",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html"
            },
            {
              "name": "20160618 [CVE-2016-1014] Escalation of privilege via executable (un)installers of Flash Player",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2016/Jun/39"
            },
            {
              "name": "RHSA-2016:0610",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0610.html"
            },
            {
              "name": "20160617 [CVE-2016-1014] Escalation of privilege via executable (un)installers of Flash Player",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/538699/100/0/threaded"
            },
            {
              "name": "1035509",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1035509"
            },
            {
              "name": "MS16-050",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-050"
            },
            {
              "name": "https://helpx.adobe.com/security/products/flash-player/apsb16-10.html",
              "refsource": "CONFIRM",
              "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-10.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2016-1014",
    "datePublished": "2016-04-09T01:00:00",
    "dateReserved": "2015-12-22T00:00:00",
    "dateUpdated": "2024-08-05T22:38:41.535Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-2312 (GCVE-0-2017-2312)

Vulnerability from cvelistv5

Published

2017-04-24 15:00

Modified

2024-08-05 13:48

Severity ?

CWE

denial of service vulnerability due to memory leak

Summary

On Juniper Networks devices running Junos OS affected versions and with LDP enabled, a specific LDP packet destined to the RE (Routing Engine) will consume a small amount of the memory allocated for the rpd (routing protocol daemon) process. Over time, repeatedly receiving this type of LDP packet(s) will cause the memory to exhaust and the rpd process to crash and restart. It is not possible to free up the memory that has been consumed without restarting the rpd process. This issue affects Junos OS based devices with either IPv4 or IPv6 LDP enabled via the [protocols ldp] configuration (the native IPv6 support for LDP is available in Junos OS 16.1 and higher). The interface on which the packet arrives needs to have LDP enabled. The affected Junos versions are: 13.3 prior to 13.3R10; 14.1 prior to 14.1R8; 14.2 prior to 14.2R7-S6 or 14.2R8; 15.1 prior to 15.1F2-S14, 15.1F6-S4, 15.1F7, 15.1R4-S7, 15.1R5; 15.1X49 before 15.1X49-D70; 15.1X53 before 15.1X53-D230, 15.1X53-D63, 15.1X53-D70; 16.1 before 16.1R2. 16.2R1 and all subsequent releases have a resolution for this vulnerability.

References

URL

Tags

	http://www.securityfocus.com/bid/97611	vdb-entry, x_refsource_BID
	http://www.securitytracker.com/id/1038252	vdb-entry, x_refsource_SECTRACK
	https://kb.juniper.net/JSA10777	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Juniper Networks	Junos OS with LDP enabled	Version: 13.3 prior to 13.3R10 Version: 14.1 prior to 14.1R8 Version: 14.2 prior to 14.2R7-S6 or 14.2R8 Version: 15.1 prior to 15.1F2-S14, 15.1F6-S4, 15.1F7, 15.1R4-S7, 15.1R5 Version: 15.1X49 before 15.1X49-D70 Version: 15.1X53 before 15.1X53-D230, 15.1X53-D63, 15.1X53-D70 Version: 16.1 before 16.1R2 Version: 16.2R1 and all subsequent releases have a resolution for this vulnerability

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:48:05.290Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "97611",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97611"
          },
          {
            "name": "1038252",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038252"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA10777"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Junos OS with LDP enabled",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "status": "affected",
              "version": "13.3 prior to 13.3R10"
            },
            {
              "status": "affected",
              "version": "14.1 prior to 14.1R8"
            },
            {
              "status": "affected",
              "version": "14.2 prior to 14.2R7-S6 or 14.2R8"
            },
            {
              "status": "affected",
              "version": "15.1 prior to 15.1F2-S14, 15.1F6-S4, 15.1F7, 15.1R4-S7, 15.1R5"
            },
            {
              "status": "affected",
              "version": "15.1X49 before 15.1X49-D70"
            },
            {
              "status": "affected",
              "version": "15.1X53 before 15.1X53-D230, 15.1X53-D63, 15.1X53-D70"
            },
            {
              "status": "affected",
              "version": "16.1 before 16.1R2"
            },
            {
              "status": "affected",
              "version": "16.2R1 and all subsequent releases have a resolution for this vulnerability"
            }
          ]
        }
      ],
      "datePublic": "2017-04-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "On Juniper Networks devices running Junos OS affected versions and with LDP enabled, a specific LDP packet destined to the RE (Routing Engine) will consume a small amount of the memory allocated for the rpd (routing protocol daemon) process. Over time, repeatedly receiving this type of LDP packet(s) will cause the memory to exhaust and the rpd process to crash and restart. It is not possible to free up the memory that has been consumed without restarting the rpd process. This issue affects Junos OS based devices with either IPv4 or IPv6 LDP enabled via the [protocols ldp] configuration (the native IPv6 support for LDP is available in Junos OS 16.1 and higher). The interface on which the packet arrives needs to have LDP enabled. The affected Junos versions are: 13.3 prior to 13.3R10; 14.1 prior to 14.1R8; 14.2 prior to 14.2R7-S6 or 14.2R8; 15.1 prior to 15.1F2-S14, 15.1F6-S4, 15.1F7, 15.1R4-S7, 15.1R5; 15.1X49 before 15.1X49-D70; 15.1X53 before 15.1X53-D230, 15.1X53-D63, 15.1X53-D70; 16.1 before 16.1R2. 16.2R1 and all subsequent releases have a resolution for this vulnerability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "denial of service vulnerability due to memory leak",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T09:57:01",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "name": "97611",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97611"
        },
        {
          "name": "1038252",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038252"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.juniper.net/JSA10777"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "sirt@juniper.net",
          "ID": "CVE-2017-2312",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Junos OS with LDP enabled",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "13.3 prior to 13.3R10"
                          },
                          {
                            "version_value": "14.1 prior to 14.1R8"
                          },
                          {
                            "version_value": "14.2 prior to 14.2R7-S6 or 14.2R8"
                          },
                          {
                            "version_value": "15.1 prior to 15.1F2-S14, 15.1F6-S4, 15.1F7, 15.1R4-S7, 15.1R5"
                          },
                          {
                            "version_value": "15.1X49 before 15.1X49-D70"
                          },
                          {
                            "version_value": "15.1X53 before 15.1X53-D230, 15.1X53-D63, 15.1X53-D70"
                          },
                          {
                            "version_value": "16.1 before 16.1R2"
                          },
                          {
                            "version_value": "16.2R1 and all subsequent releases have a resolution for this vulnerability"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Juniper Networks"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "On Juniper Networks devices running Junos OS affected versions and with LDP enabled, a specific LDP packet destined to the RE (Routing Engine) will consume a small amount of the memory allocated for the rpd (routing protocol daemon) process. Over time, repeatedly receiving this type of LDP packet(s) will cause the memory to exhaust and the rpd process to crash and restart. It is not possible to free up the memory that has been consumed without restarting the rpd process. This issue affects Junos OS based devices with either IPv4 or IPv6 LDP enabled via the [protocols ldp] configuration (the native IPv6 support for LDP is available in Junos OS 16.1 and higher). The interface on which the packet arrives needs to have LDP enabled. The affected Junos versions are: 13.3 prior to 13.3R10; 14.1 prior to 14.1R8; 14.2 prior to 14.2R7-S6 or 14.2R8; 15.1 prior to 15.1F2-S14, 15.1F6-S4, 15.1F7, 15.1R4-S7, 15.1R5; 15.1X49 before 15.1X49-D70; 15.1X53 before 15.1X53-D230, 15.1X53-D63, 15.1X53-D70; 16.1 before 16.1R2. 16.2R1 and all subsequent releases have a resolution for this vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "denial of service vulnerability due to memory leak"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "97611",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97611"
            },
            {
              "name": "1038252",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038252"
            },
            {
              "name": "https://kb.juniper.net/JSA10777",
              "refsource": "CONFIRM",
              "url": "https://kb.juniper.net/JSA10777"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2017-2312",
    "datePublished": "2017-04-24T15:00:00",
    "dateReserved": "2016-12-01T00:00:00",
    "dateUpdated": "2024-08-05T13:48:05.290Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-2317 (GCVE-0-2017-2317)

Vulnerability from cvelistv5

Published

2017-04-24 15:00

Modified

2024-08-05 13:48

Severity ?

CWE

denials of service, potential information disclosure or modification of system states

Summary

A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause denials of services to underlying database tables leading to potential information disclosure, modification of system states, and partial to full denial of services relying upon data modified by an attacker.

References

URL

Tags

	https://kb.juniper.net/JSA10783	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/97652	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	Juniper Networks	NorthStar Controller Application	Version: prior to version 2.1.0 Service Pack 1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:48:05.212Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA10783"
          },
          {
            "name": "97652",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97652"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "NorthStar Controller Application",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "status": "affected",
              "version": "prior to version 2.1.0 Service Pack 1"
            }
          ]
        }
      ],
      "datePublic": "2017-04-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause denials of services to underlying database tables leading to potential information disclosure, modification of system states, and partial to full denial of services relying upon data modified by an attacker."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "denials of service, potential information disclosure or modification of system states",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-04-25T09:57:01",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.juniper.net/JSA10783"
        },
        {
          "name": "97652",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97652"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "sirt@juniper.net",
          "ID": "CVE-2017-2317",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "NorthStar Controller Application",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "prior to version 2.1.0 Service Pack 1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Juniper Networks"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause denials of services to underlying database tables leading to potential information disclosure, modification of system states, and partial to full denial of services relying upon data modified by an attacker."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "denials of service, potential information disclosure or modification of system states"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.juniper.net/JSA10783",
              "refsource": "CONFIRM",
              "url": "https://kb.juniper.net/JSA10783"
            },
            {
              "name": "97652",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97652"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2017-2317",
    "datePublished": "2017-04-24T15:00:00",
    "dateReserved": "2016-12-01T00:00:00",
    "dateUpdated": "2024-08-05T13:48:05.212Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-2328 (GCVE-0-2017-2328)

Vulnerability from cvelistv5

Published

2017-04-24 15:00

Modified

2024-08-05 13:48

Severity ?

CWE

information leak

Summary

An information leak vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unprivileged, authenticated, user to elevate their permissions through reading unprivileged information stored in the NorthStar controller.

References

URL

Tags

	https://kb.juniper.net/JSA10783	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/97617	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	Juniper Networks	NorthStar Controller Application	Version: prior to version 2.1.0 Service Pack 1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:48:05.291Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA10783"
          },
          {
            "name": "97617",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97617"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "NorthStar Controller Application",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "status": "affected",
              "version": "prior to version 2.1.0 Service Pack 1"
            }
          ]
        }
      ],
      "datePublic": "2017-04-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An information leak vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unprivileged, authenticated, user to elevate their permissions through reading unprivileged information stored in the NorthStar controller."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "information leak",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-04-25T09:57:01",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.juniper.net/JSA10783"
        },
        {
          "name": "97617",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97617"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "sirt@juniper.net",
          "ID": "CVE-2017-2328",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "NorthStar Controller Application",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "prior to version 2.1.0 Service Pack 1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Juniper Networks"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An information leak vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unprivileged, authenticated, user to elevate their permissions through reading unprivileged information stored in the NorthStar controller."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "information leak"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.juniper.net/JSA10783",
              "refsource": "CONFIRM",
              "url": "https://kb.juniper.net/JSA10783"
            },
            {
              "name": "97617",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97617"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2017-2328",
    "datePublished": "2017-04-24T15:00:00",
    "dateReserved": "2016-12-01T00:00:00",
    "dateUpdated": "2024-08-05T13:48:05.291Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-2334 (GCVE-0-2017-2334)

Vulnerability from cvelistv5

Published

2017-04-24 15:00

Modified

2024-08-05 13:48

Severity ?

CWE

information leak

Summary

An information leak vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a network-based malicious attacker to perform a man-in-the-middle attack, thereby stealing authentic credentials from encrypted paths which are easily decrypted, and subsequently gain complete control of the system.

References

URL

Tags

	https://kb.juniper.net/JSA10783	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/97616	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	Juniper Networks	NorthStar Controller Application	Version: prior to version 2.1.0 Service Pack 1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:48:05.234Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA10783"
          },
          {
            "name": "97616",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97616"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "NorthStar Controller Application",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "status": "affected",
              "version": "prior to version 2.1.0 Service Pack 1"
            }
          ]
        }
      ],
      "datePublic": "2017-04-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An information leak vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a network-based malicious attacker to perform a man-in-the-middle attack, thereby stealing authentic credentials from encrypted paths which are easily decrypted, and subsequently gain complete control of the system."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "information leak",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-04-25T09:57:01",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.juniper.net/JSA10783"
        },
        {
          "name": "97616",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97616"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "sirt@juniper.net",
          "ID": "CVE-2017-2334",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "NorthStar Controller Application",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "prior to version 2.1.0 Service Pack 1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Juniper Networks"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An information leak vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a network-based malicious attacker to perform a man-in-the-middle attack, thereby stealing authentic credentials from encrypted paths which are easily decrypted, and subsequently gain complete control of the system."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "information leak"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.juniper.net/JSA10783",
              "refsource": "CONFIRM",
              "url": "https://kb.juniper.net/JSA10783"
            },
            {
              "name": "97616",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97616"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2017-2334",
    "datePublished": "2017-04-24T15:00:00",
    "dateReserved": "2016-12-01T00:00:00",
    "dateUpdated": "2024-08-05T13:48:05.234Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-2320 (GCVE-0-2017-2320)

Vulnerability from cvelistv5

Published

2017-04-24 15:00

Modified

2024-08-05 13:48

Severity ?

CWE

vulnerability that may allow complete compromise the system's confidentiality or integrity or cause a complete denial of service

Summary

A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various denials of services leading to targeted information disclosure, modification of any component of the NorthStar system, including managed systems, and full denial of services to any systems under management which NorthStar interacts with using read-only or read-write credentials.

References

URL

Tags

	https://kb.juniper.net/JSA10783	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/97687	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	Juniper Networks	NorthStar Controller Application	Version: prior to version 2.1.0 Service Pack 1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:48:05.267Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA10783"
          },
          {
            "name": "97687",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97687"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "NorthStar Controller Application",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "status": "affected",
              "version": "prior to version 2.1.0 Service Pack 1"
            }
          ]
        }
      ],
      "datePublic": "2017-04-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various denials of services leading to targeted information disclosure, modification of any component of the NorthStar system, including managed systems, and full denial of services to any systems under management which NorthStar interacts with using read-only or read-write credentials."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "vulnerability that may allow complete compromise the system\u0027s confidentiality or integrity or cause a complete denial of service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-04-25T09:57:01",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.juniper.net/JSA10783"
        },
        {
          "name": "97687",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97687"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "sirt@juniper.net",
          "ID": "CVE-2017-2320",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "NorthStar Controller Application",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "prior to version 2.1.0 Service Pack 1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Juniper Networks"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various denials of services leading to targeted information disclosure, modification of any component of the NorthStar system, including managed systems, and full denial of services to any systems under management which NorthStar interacts with using read-only or read-write credentials."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "vulnerability that may allow complete compromise the system\u0027s confidentiality or integrity or cause a complete denial of service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.juniper.net/JSA10783",
              "refsource": "CONFIRM",
              "url": "https://kb.juniper.net/JSA10783"
            },
            {
              "name": "97687",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97687"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2017-2320",
    "datePublished": "2017-04-24T15:00:00",
    "dateReserved": "2016-12-01T00:00:00",
    "dateUpdated": "2024-08-05T13:48:05.267Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-5307 (GCVE-0-2015-5307)

Vulnerability from cvelistv5

Published

2015-11-16 11:00

Modified

2024-08-06 06:41

Severity ?

CWE

n/a

Summary

The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c.

References

URL

Tags

	http://rhn.redhat.com/errata/RHSA-2015-2636.html	vendor-advisory, x_refsource_REDHAT
	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html	x_refsource_CONFIRM
	http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172187.html	vendor-advisory, x_refsource_FEDORA
	http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.html	vendor-advisory, x_refsource_SUSE
	https://kb.juniper.net/JSA10783	x_refsource_CONFIRM
	http://www.debian.org/security/2016/dsa-3454	vendor-advisory, x_refsource_DEBIAN
	http://www.openwall.com/lists/oss-security/2015/11/10/6	mailing-list, x_refsource_MLIST
	http://rhn.redhat.com/errata/RHSA-2015-2645.html	vendor-advisory, x_refsource_REDHAT
	http://www.ubuntu.com/usn/USN-2802-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-updates/2015-12/msg00053.html	vendor-advisory, x_refsource_SUSE
	http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-2806-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html	vendor-advisory, x_refsource_SUSE
	http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html	x_refsource_CONFIRM
	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54a20552e1eae07aa240fa370a0293e006b5faed	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-updates/2015-12/msg00039.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-2805-1	vendor-advisory, x_refsource_UBUNTU
	http://xenbits.xen.org/xsa/advisory-156.html	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00013.html	vendor-advisory, x_refsource_SUSE
	http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172300.html	vendor-advisory, x_refsource_FEDORA
	http://www.ubuntu.com/usn/USN-2807-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00035.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-2801-1	vendor-advisory, x_refsource_UBUNTU
	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html	x_refsource_CONFIRM
	http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172435.html	vendor-advisory, x_refsource_FEDORA
	http://www.debian.org/security/2015/dsa-3414	vendor-advisory, x_refsource_DEBIAN
	http://support.citrix.com/article/CTX202583	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-2800-1	vendor-advisory, x_refsource_UBUNTU
	http://www.securitytracker.com/id/1034105	vdb-entry, x_refsource_SECTRACK
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-2804-1	vendor-advisory, x_refsource_UBUNTU
	https://bugzilla.redhat.com/show_bug.cgi?id=1277172	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2016-0046.html	vendor-advisory, x_refsource_REDHAT
	http://www.debian.org/security/2015/dsa-3396	vendor-advisory, x_refsource_DEBIAN
	http://www.securityfocus.com/bid/77528	vdb-entry, x_refsource_BID
	http://www.ubuntu.com/usn/USN-2803-1	vendor-advisory, x_refsource_UBUNTU
	https://github.com/torvalds/linux/commit/54a20552e1eae07aa240fa370a0293e006b5faed	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:41:09.291Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2015:2636",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-2636.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
          },
          {
            "name": "FEDORA-2015-f150b2a8c8",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172187.html"
          },
          {
            "name": "SUSE-SU-2015:2350",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA10783"
          },
          {
            "name": "DSA-3454",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3454"
          },
          {
            "name": "[oss-security] 20151110 Re: CVE-2015-5307 kernel: kvm: guest to host DoS by triggering an infinite loop in microcode via #AC exception",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/11/10/6"
          },
          {
            "name": "RHSA-2015:2645",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-2645.html"
          },
          {
            "name": "USN-2802-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2802-1"
          },
          {
            "name": "openSUSE-SU-2015:2250",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00053.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
          },
          {
            "name": "USN-2806-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2806-1"
          },
          {
            "name": "SUSE-SU-2015:2194",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54a20552e1eae07aa240fa370a0293e006b5faed"
          },
          {
            "name": "openSUSE-SU-2015:2232",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00039.html"
          },
          {
            "name": "USN-2805-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2805-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://xenbits.xen.org/xsa/advisory-156.html"
          },
          {
            "name": "SUSE-SU-2016:0354",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00013.html"
          },
          {
            "name": "FEDORA-2015-668d213dc3",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172300.html"
          },
          {
            "name": "USN-2807-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2807-1"
          },
          {
            "name": "SUSE-SU-2015:2339",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.html"
          },
          {
            "name": "SUSE-SU-2015:2108",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00035.html"
          },
          {
            "name": "USN-2801-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2801-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
          },
          {
            "name": "FEDORA-2015-394835a3f6",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172435.html"
          },
          {
            "name": "DSA-3414",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3414"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.citrix.com/article/CTX202583"
          },
          {
            "name": "USN-2800-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2800-1"
          },
          {
            "name": "1034105",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034105"
          },
          {
            "name": "SUSE-SU-2016:2074",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
          },
          {
            "name": "USN-2804-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2804-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1277172"
          },
          {
            "name": "RHSA-2016:0046",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0046.html"
          },
          {
            "name": "DSA-3396",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3396"
          },
          {
            "name": "77528",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/77528"
          },
          {
            "name": "USN-2803-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2803-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/54a20552e1eae07aa240fa370a0293e006b5faed"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-11-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-05-23T01:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2015:2636",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-2636.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
        },
        {
          "name": "FEDORA-2015-f150b2a8c8",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172187.html"
        },
        {
          "name": "SUSE-SU-2015:2350",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.juniper.net/JSA10783"
        },
        {
          "name": "DSA-3454",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3454"
        },
        {
          "name": "[oss-security] 20151110 Re: CVE-2015-5307 kernel: kvm: guest to host DoS by triggering an infinite loop in microcode via #AC exception",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/11/10/6"
        },
        {
          "name": "RHSA-2015:2645",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-2645.html"
        },
        {
          "name": "USN-2802-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2802-1"
        },
        {
          "name": "openSUSE-SU-2015:2250",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00053.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
        },
        {
          "name": "USN-2806-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2806-1"
        },
        {
          "name": "SUSE-SU-2015:2194",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54a20552e1eae07aa240fa370a0293e006b5faed"
        },
        {
          "name": "openSUSE-SU-2015:2232",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00039.html"
        },
        {
          "name": "USN-2805-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2805-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://xenbits.xen.org/xsa/advisory-156.html"
        },
        {
          "name": "SUSE-SU-2016:0354",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00013.html"
        },
        {
          "name": "FEDORA-2015-668d213dc3",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172300.html"
        },
        {
          "name": "USN-2807-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2807-1"
        },
        {
          "name": "SUSE-SU-2015:2339",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.html"
        },
        {
          "name": "SUSE-SU-2015:2108",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00035.html"
        },
        {
          "name": "USN-2801-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2801-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
        },
        {
          "name": "FEDORA-2015-394835a3f6",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172435.html"
        },
        {
          "name": "DSA-3414",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3414"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.citrix.com/article/CTX202583"
        },
        {
          "name": "USN-2800-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2800-1"
        },
        {
          "name": "1034105",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1034105"
        },
        {
          "name": "SUSE-SU-2016:2074",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
        },
        {
          "name": "USN-2804-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2804-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1277172"
        },
        {
          "name": "RHSA-2016:0046",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0046.html"
        },
        {
          "name": "DSA-3396",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3396"
        },
        {
          "name": "77528",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/77528"
        },
        {
          "name": "USN-2803-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2803-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/54a20552e1eae07aa240fa370a0293e006b5faed"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2015-5307",
    "datePublished": "2015-11-16T11:00:00",
    "dateReserved": "2015-07-01T00:00:00",
    "dateUpdated": "2024-08-06T06:41:09.291Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-8864 (GCVE-0-2016-8864)

Vulnerability from cvelistv5

Published

2016-11-02 17:00

Modified

2024-08-06 02:35

Severity ?

CWE

n/a

Summary

named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c.

References

URL

Tags

	https://kb.isc.org/article/AA-01438	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2016-2871.html	vendor-advisory, x_refsource_REDHAT
	http://www.securitytracker.com/id/1037156	vdb-entry, x_refsource_SECTRACK
	https://security.netapp.com/advisory/ntap-20180926-0005/	x_refsource_CONFIRM
	http://www.debian.org/security/2016/dsa-3703	vendor-advisory, x_refsource_DEBIAN
	https://security.FreeBSD.org/advisories/FreeBSD-SA-16:34.bind.asc	vendor-advisory, x_refsource_FREEBSD
	https://kb.isc.org/article/AA-01435	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2017:1583	vendor-advisory, x_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2016-2141.html	vendor-advisory, x_refsource_REDHAT
	https://security.gentoo.org/glsa/201701-26	vendor-advisory, x_refsource_GENTOO
	http://rhn.redhat.com/errata/RHSA-2016-2142.html	vendor-advisory, x_refsource_REDHAT
	https://kb.isc.org/article/AA-01437	x_refsource_CONFIRM
	https://kb.isc.org/article/AA-01436	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/94067	vdb-entry, x_refsource_BID
	https://kb.isc.org/article/AA-01434	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2016-2615.html	vendor-advisory, x_refsource_REDHAT
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05381687	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:35:02.198Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.isc.org/article/AA-01438"
          },
          {
            "name": "RHSA-2016:2871",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2871.html"
          },
          {
            "name": "1037156",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037156"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180926-0005/"
          },
          {
            "name": "DSA-3703",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3703"
          },
          {
            "name": "FreeBSD-SA-16:34",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:34.bind.asc"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.isc.org/article/AA-01435"
          },
          {
            "name": "RHSA-2017:1583",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1583"
          },
          {
            "name": "RHSA-2016:2141",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2141.html"
          },
          {
            "name": "GLSA-201701-26",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-26"
          },
          {
            "name": "RHSA-2016:2142",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2142.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.isc.org/article/AA-01437"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.isc.org/article/AA-01436"
          },
          {
            "name": "94067",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94067"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.isc.org/article/AA-01434"
          },
          {
            "name": "RHSA-2016:2615",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2615.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05381687"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-11-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-09-27T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.isc.org/article/AA-01438"
        },
        {
          "name": "RHSA-2016:2871",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2871.html"
        },
        {
          "name": "1037156",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037156"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180926-0005/"
        },
        {
          "name": "DSA-3703",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3703"
        },
        {
          "name": "FreeBSD-SA-16:34",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:34.bind.asc"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.isc.org/article/AA-01435"
        },
        {
          "name": "RHSA-2017:1583",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1583"
        },
        {
          "name": "RHSA-2016:2141",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2141.html"
        },
        {
          "name": "GLSA-201701-26",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-26"
        },
        {
          "name": "RHSA-2016:2142",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2142.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.isc.org/article/AA-01437"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.isc.org/article/AA-01436"
        },
        {
          "name": "94067",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94067"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.isc.org/article/AA-01434"
        },
        {
          "name": "RHSA-2016:2615",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2615.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05381687"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-8864",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.isc.org/article/AA-01438",
              "refsource": "CONFIRM",
              "url": "https://kb.isc.org/article/AA-01438"
            },
            {
              "name": "RHSA-2016:2871",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2871.html"
            },
            {
              "name": "1037156",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037156"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180926-0005/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180926-0005/"
            },
            {
              "name": "DSA-3703",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3703"
            },
            {
              "name": "FreeBSD-SA-16:34",
              "refsource": "FREEBSD",
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:34.bind.asc"
            },
            {
              "name": "https://kb.isc.org/article/AA-01435",
              "refsource": "CONFIRM",
              "url": "https://kb.isc.org/article/AA-01435"
            },
            {
              "name": "RHSA-2017:1583",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1583"
            },
            {
              "name": "RHSA-2016:2141",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2141.html"
            },
            {
              "name": "GLSA-201701-26",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201701-26"
            },
            {
              "name": "RHSA-2016:2142",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2142.html"
            },
            {
              "name": "https://kb.isc.org/article/AA-01437",
              "refsource": "CONFIRM",
              "url": "https://kb.isc.org/article/AA-01437"
            },
            {
              "name": "https://kb.isc.org/article/AA-01436",
              "refsource": "CONFIRM",
              "url": "https://kb.isc.org/article/AA-01436"
            },
            {
              "name": "94067",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94067"
            },
            {
              "name": "https://kb.isc.org/article/AA-01434",
              "refsource": "CONFIRM",
              "url": "https://kb.isc.org/article/AA-01434"
            },
            {
              "name": "RHSA-2016:2615",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2615.html"
            },
            {
              "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05381687",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05381687"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-8864",
    "datePublished": "2016-11-02T17:00:00",
    "dateReserved": "2016-10-20T00:00:00",
    "dateUpdated": "2024-08-06T02:35:02.198Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-2323 (GCVE-0-2017-2323)

Vulnerability from cvelistv5

Published

2017-04-24 15:00

Modified

2024-08-05 13:48

Severity ?

CWE

persistent denial of service

Summary

A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious attacker crafting packets destined to the device to cause a persistent denial of service to the path computation server service.

References

URL

Tags

	https://kb.juniper.net/JSA10783	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/97600	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	Juniper Networks	NorthStar Controller Application	Version: prior to version 2.1.0 Service Pack 1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:48:05.268Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA10783"
          },
          {
            "name": "97600",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97600"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "NorthStar Controller Application",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "status": "affected",
              "version": "prior to version 2.1.0 Service Pack 1"
            }
          ]
        }
      ],
      "datePublic": "2017-04-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious attacker crafting packets destined to the device to cause a persistent denial of service to the path computation server service."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "persistent denial of service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-04-25T09:57:01",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.juniper.net/JSA10783"
        },
        {
          "name": "97600",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97600"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "sirt@juniper.net",
          "ID": "CVE-2017-2323",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "NorthStar Controller Application",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "prior to version 2.1.0 Service Pack 1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Juniper Networks"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious attacker crafting packets destined to the device to cause a persistent denial of service to the path computation server service."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "persistent denial of service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.juniper.net/JSA10783",
              "refsource": "CONFIRM",
              "url": "https://kb.juniper.net/JSA10783"
            },
            {
              "name": "97600",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97600"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2017-2323",
    "datePublished": "2017-04-24T15:00:00",
    "dateReserved": "2016-12-01T00:00:00",
    "dateUpdated": "2024-08-05T13:48:05.268Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-2333 (GCVE-0-2017-2333)

Vulnerability from cvelistv5

Published

2017-04-24 15:00

Modified

2024-08-05 13:48

Severity ?

CWE

persistent denial of service

Summary

A persistent denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious, network-based, authenticated attacker to consume enough system resources to cause a persistent denial of service by visiting certain specific URLs on the server.

References

URL

Tags

	https://kb.juniper.net/JSA10783	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/97608	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	Juniper Networks	NorthStar Controller Application	Version: prior to version 2.1.0 Service Pack 1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:48:05.267Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA10783"
          },
          {
            "name": "97608",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97608"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "NorthStar Controller Application",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "status": "affected",
              "version": "prior to version 2.1.0 Service Pack 1"
            }
          ]
        }
      ],
      "datePublic": "2017-04-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A persistent denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious, network-based, authenticated attacker to consume enough system resources to cause a persistent denial of service by visiting certain specific URLs on the server."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "persistent denial of service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-04-25T09:57:01",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.juniper.net/JSA10783"
        },
        {
          "name": "97608",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97608"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "sirt@juniper.net",
          "ID": "CVE-2017-2333",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "NorthStar Controller Application",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "prior to version 2.1.0 Service Pack 1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Juniper Networks"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A persistent denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious, network-based, authenticated attacker to consume enough system resources to cause a persistent denial of service by visiting certain specific URLs on the server."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "persistent denial of service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.juniper.net/JSA10783",
              "refsource": "CONFIRM",
              "url": "https://kb.juniper.net/JSA10783"
            },
            {
              "name": "97608",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97608"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2017-2333",
    "datePublished": "2017-04-24T15:00:00",
    "dateReserved": "2016-12-01T00:00:00",
    "dateUpdated": "2024-08-05T13:48:05.267Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-3209 (GCVE-0-2015-3209)

Vulnerability from cvelistv5

Published

2015-06-15 15:00

Modified

2024-08-06 05:39

Severity ?

CWE

n/a

Summary

Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set.

References

URL

Tags

	http://www.ubuntu.com/usn/USN-2630-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00027.html	vendor-advisory, x_refsource_SUSE
	http://rhn.redhat.com/errata/RHSA-2015-1087.html	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00015.html	vendor-advisory, x_refsource_SUSE
	https://kb.juniper.net/JSA10783	x_refsource_CONFIRM
	http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160669.html	vendor-advisory, x_refsource_FEDORA
	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698	x_refsource_CONFIRM
	http://www.debian.org/security/2015/dsa-3286	vendor-advisory, x_refsource_DEBIAN
	http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160677.html	vendor-advisory, x_refsource_FEDORA
	http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00029.html	vendor-advisory, x_refsource_SUSE
	http://rhn.redhat.com/errata/RHSA-2015-1088.html	vendor-advisory, x_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2015-1089.html	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00027.html	vendor-advisory, x_refsource_SUSE
	https://security.gentoo.org/glsa/201510-02	vendor-advisory, x_refsource_GENTOO
	http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00014.html	vendor-advisory, x_refsource_SUSE
	http://www.debian.org/security/2015/dsa-3284	vendor-advisory, x_refsource_DEBIAN
	http://www.securityfocus.com/bid/75123	vdb-entry, x_refsource_BID
	http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00030.html	vendor-advisory, x_refsource_SUSE
	http://www.securitytracker.com/id/1032545	vdb-entry, x_refsource_SECTRACK
	http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00007.html	vendor-advisory, x_refsource_SUSE
	http://xenbits.xen.org/xsa/advisory-135.html	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00020.html	vendor-advisory, x_refsource_SUSE
	https://security.gentoo.org/glsa/201604-03	vendor-advisory, x_refsource_GENTOO
	http://rhn.redhat.com/errata/RHSA-2015-1189.html	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00004.html	vendor-advisory, x_refsource_SUSE
	http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160685.html	vendor-advisory, x_refsource_FEDORA
	http://www.debian.org/security/2015/dsa-3285	vendor-advisory, x_refsource_DEBIAN
	https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:39:31.977Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-2630-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2630-1"
          },
          {
            "name": "SUSE-SU-2015:1152",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00027.html"
          },
          {
            "name": "RHSA-2015:1087",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1087.html"
          },
          {
            "name": "SUSE-SU-2015:1519",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00015.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA10783"
          },
          {
            "name": "FEDORA-2015-10001",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160669.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10698"
          },
          {
            "name": "DSA-3286",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3286"
          },
          {
            "name": "FEDORA-2015-9978",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160677.html"
          },
          {
            "name": "SUSE-SU-2015:1156",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00029.html"
          },
          {
            "name": "RHSA-2015:1088",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1088.html"
          },
          {
            "name": "RHSA-2015:1089",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1089.html"
          },
          {
            "name": "SUSE-SU-2015:1643",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00027.html"
          },
          {
            "name": "GLSA-201510-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201510-02"
          },
          {
            "name": "SUSE-SU-2015:1206",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00014.html"
          },
          {
            "name": "DSA-3284",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3284"
          },
          {
            "name": "75123",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/75123"
          },
          {
            "name": "SUSE-SU-2015:1157",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00030.html"
          },
          {
            "name": "1032545",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032545"
          },
          {
            "name": "SUSE-SU-2015:1045",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00007.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://xenbits.xen.org/xsa/advisory-135.html"
          },
          {
            "name": "SUSE-SU-2015:1426",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00020.html"
          },
          {
            "name": "GLSA-201604-03",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201604-03"
          },
          {
            "name": "RHSA-2015:1189",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1189.html"
          },
          {
            "name": "SUSE-SU-2015:1042",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00004.html"
          },
          {
            "name": "FEDORA-2015-9965",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160685.html"
          },
          {
            "name": "DSA-3285",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3285"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-06-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-01-26T13:58:46",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "USN-2630-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2630-1"
        },
        {
          "name": "SUSE-SU-2015:1152",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00027.html"
        },
        {
          "name": "RHSA-2015:1087",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1087.html"
        },
        {
          "name": "SUSE-SU-2015:1519",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00015.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.juniper.net/JSA10783"
        },
        {
          "name": "FEDORA-2015-10001",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160669.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10698"
        },
        {
          "name": "DSA-3286",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3286"
        },
        {
          "name": "FEDORA-2015-9978",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160677.html"
        },
        {
          "name": "SUSE-SU-2015:1156",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00029.html"
        },
        {
          "name": "RHSA-2015:1088",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1088.html"
        },
        {
          "name": "RHSA-2015:1089",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1089.html"
        },
        {
          "name": "SUSE-SU-2015:1643",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00027.html"
        },
        {
          "name": "GLSA-201510-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201510-02"
        },
        {
          "name": "SUSE-SU-2015:1206",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00014.html"
        },
        {
          "name": "DSA-3284",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3284"
        },
        {
          "name": "75123",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/75123"
        },
        {
          "name": "SUSE-SU-2015:1157",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00030.html"
        },
        {
          "name": "1032545",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032545"
        },
        {
          "name": "SUSE-SU-2015:1045",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00007.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://xenbits.xen.org/xsa/advisory-135.html"
        },
        {
          "name": "SUSE-SU-2015:1426",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00020.html"
        },
        {
          "name": "GLSA-201604-03",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201604-03"
        },
        {
          "name": "RHSA-2015:1189",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1189.html"
        },
        {
          "name": "SUSE-SU-2015:1042",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00004.html"
        },
        {
          "name": "FEDORA-2015-9965",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160685.html"
        },
        {
          "name": "DSA-3285",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3285"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2015-3209",
    "datePublished": "2015-06-15T15:00:00",
    "dateReserved": "2015-04-10T00:00:00",
    "dateUpdated": "2024-08-06T05:39:31.977Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-9131 (GCVE-0-2016-9131)

Vulnerability from cvelistv5

Published

2017-01-12 06:06

Modified

2024-08-06 02:42

Severity ?

CWE

n/a

Summary

named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed response to an RTYPE ANY query.

References

URL

Tags

	http://www.securitytracker.com/id/1037582	vdb-entry, x_refsource_SECTRACK
	https://security.gentoo.org/glsa/201708-01	vendor-advisory, x_refsource_GENTOO
	https://kb.isc.org/article/AA-01439/74/CVE-2016-9131	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/95386	vdb-entry, x_refsource_BID
	https://security.netapp.com/advisory/ntap-20180926-0005/	x_refsource_CONFIRM
	http://www.debian.org/security/2017/dsa-3758	vendor-advisory, x_refsource_DEBIAN
	https://access.redhat.com/errata/RHSA-2017:1583	vendor-advisory, x_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2017-0062.html	vendor-advisory, x_refsource_REDHAT
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05381687	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:42:10.552Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1037582",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037582"
          },
          {
            "name": "GLSA-201708-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201708-01"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.isc.org/article/AA-01439/74/CVE-2016-9131"
          },
          {
            "name": "95386",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95386"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180926-0005/"
          },
          {
            "name": "DSA-3758",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3758"
          },
          {
            "name": "RHSA-2017:1583",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1583"
          },
          {
            "name": "RHSA-2017:0062",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0062.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05381687"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-01-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed response to an RTYPE ANY query."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-09-27T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1037582",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037582"
        },
        {
          "name": "GLSA-201708-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201708-01"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.isc.org/article/AA-01439/74/CVE-2016-9131"
        },
        {
          "name": "95386",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95386"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180926-0005/"
        },
        {
          "name": "DSA-3758",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3758"
        },
        {
          "name": "RHSA-2017:1583",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1583"
        },
        {
          "name": "RHSA-2017:0062",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0062.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05381687"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-9131",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed response to an RTYPE ANY query."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1037582",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037582"
            },
            {
              "name": "GLSA-201708-01",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201708-01"
            },
            {
              "name": "https://kb.isc.org/article/AA-01439/74/CVE-2016-9131",
              "refsource": "CONFIRM",
              "url": "https://kb.isc.org/article/AA-01439/74/CVE-2016-9131"
            },
            {
              "name": "95386",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/95386"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180926-0005/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180926-0005/"
            },
            {
              "name": "DSA-3758",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3758"
            },
            {
              "name": "RHSA-2017:1583",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1583"
            },
            {
              "name": "RHSA-2017:0062",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0062.html"
            },
            {
              "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05381687",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05381687"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-9131",
    "datePublished": "2017-01-12T06:06:00",
    "dateReserved": "2016-10-31T00:00:00",
    "dateUpdated": "2024-08-06T02:42:10.552Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-2322 (GCVE-0-2017-2322)

Vulnerability from cvelistv5

Published

2017-04-24 18:00

Modified

2024-08-05 13:48

Severity ?

CWE

denial of service

Summary

A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1, may allow an authenticated user to cause widespread denials of service to system services by consuming TCP and UDP ports which are normally reserved for other system services.

References

URL

Tags

	https://kb.juniper.net/JSA10783	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/97613	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	Juniper Networks	NorthStar Controller Application	Version: prior to version 2.1.0 Service Pack 1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:48:05.247Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA10783"
          },
          {
            "name": "97613",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97613"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "NorthStar Controller Application",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "status": "affected",
              "version": "prior to version 2.1.0 Service Pack 1"
            }
          ]
        }
      ],
      "datePublic": "2017-04-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1, may allow an authenticated user to cause widespread denials of service to system services by consuming TCP and UDP ports which are normally reserved for other system services."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "denial of service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-04-25T09:57:01",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.juniper.net/JSA10783"
        },
        {
          "name": "97613",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97613"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "sirt@juniper.net",
          "ID": "CVE-2017-2322",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "NorthStar Controller Application",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "prior to version 2.1.0 Service Pack 1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Juniper Networks"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1, may allow an authenticated user to cause widespread denials of service to system services by consuming TCP and UDP ports which are normally reserved for other system services."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "denial of service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.juniper.net/JSA10783",
              "refsource": "CONFIRM",
              "url": "https://kb.juniper.net/JSA10783"
            },
            {
              "name": "97613",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97613"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2017-2322",
    "datePublished": "2017-04-24T18:00:00",
    "dateReserved": "2016-12-01T00:00:00",
    "dateUpdated": "2024-08-05T13:48:05.247Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-2329 (GCVE-0-2017-2329)

Vulnerability from cvelistv5

Published

2017-04-24 15:00

Modified

2024-08-05 13:48

Severity ?

CWE

insufficient authentication

Summary

An insufficient authentication vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unprivileged, authenticated, user to execute certain specific unprivileged system files capable of causing widespread denials of system services.

References

URL

Tags

	https://kb.juniper.net/JSA10783	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/97614	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	Juniper Networks	NorthStar Controller Application	Version: prior to version 2.1.0 Service Pack 1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:48:05.308Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA10783"
          },
          {
            "name": "97614",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97614"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "NorthStar Controller Application",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "status": "affected",
              "version": "prior to version 2.1.0 Service Pack 1"
            }
          ]
        }
      ],
      "datePublic": "2017-04-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An insufficient authentication vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unprivileged, authenticated, user to execute certain specific unprivileged system files capable of causing widespread denials of system services."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "insufficient authentication",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-04-25T09:57:01",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.juniper.net/JSA10783"
        },
        {
          "name": "97614",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97614"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "sirt@juniper.net",
          "ID": "CVE-2017-2329",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "NorthStar Controller Application",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "prior to version 2.1.0 Service Pack 1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Juniper Networks"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An insufficient authentication vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unprivileged, authenticated, user to execute certain specific unprivileged system files capable of causing widespread denials of system services."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "insufficient authentication"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.juniper.net/JSA10783",
              "refsource": "CONFIRM",
              "url": "https://kb.juniper.net/JSA10783"
            },
            {
              "name": "97614",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97614"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2017-2329",
    "datePublished": "2017-04-24T15:00:00",
    "dateReserved": "2016-12-01T00:00:00",
    "dateUpdated": "2024-08-05T13:48:05.308Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-5477 (GCVE-0-2015-5477)

Vulnerability from cvelistv5

Published

2015-07-29 14:00

Modified

2024-08-06 06:50

Severity ?

CWE

n/a

Summary

named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries.

References

URL

Tags

	http://packetstormsecurity.com/files/132926/BIND-TKEY-Query-Denial-Of-Service.html	x_refsource_MISC
	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00050.html	vendor-advisory, x_refsource_SUSE
	https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04789415	x_refsource_CONFIRM
	https://kb.juniper.net/JSA10783	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2015-1513.html	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00044.html	vendor-advisory, x_refsource_SUSE
	https://security.netapp.com/advisory/ntap-20160114-0001/	x_refsource_CONFIRM
	https://kb.isc.org/article/AA-01438	x_refsource_CONFIRM
	http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163015.html	vendor-advisory, x_refsource_FEDORA
	http://marc.info/?l=bugtraq&m=144017354030745&w=2	vendor-advisory, x_refsource_HP
	http://marc.info/?l=bugtraq&m=144294073801304&w=2	vendor-advisory, x_refsource_HP
	http://rhn.redhat.com/errata/RHSA-2016-0079.html	vendor-advisory, x_refsource_REDHAT
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05095918	x_refsource_CONFIRM
	http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html	x_refsource_CONFIRM
	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10718	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2015-1514.html	vendor-advisory, x_refsource_REDHAT
	http://www.ubuntu.com/usn/USN-2693-1	vendor-advisory, x_refsource_UBUNTU
	https://support.apple.com/kb/HT205032	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1033100	vdb-entry, x_refsource_SECTRACK
	https://kb.isc.org/article/AA-01307	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/76092	vdb-entry, x_refsource_BID
	http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00045.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00001.html	vendor-advisory, x_refsource_SUSE
	http://marc.info/?l=bugtraq&m=144294073801304&w=2	vendor-advisory, x_refsource_HP
	https://www.exploit-db.com/exploits/37721/	exploit, x_refsource_EXPLOIT-DB
	http://rhn.redhat.com/errata/RHSA-2015-1515.html	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00048.html	vendor-advisory, x_refsource_SUSE
	https://security.gentoo.org/glsa/201510-01	vendor-advisory, x_refsource_GENTOO
	http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00043.html	vendor-advisory, x_refsource_SUSE
	http://marc.info/?l=bugtraq&m=144181171013996&w=2	vendor-advisory, x_refsource_HP
	http://marc.info/?l=bugtraq&m=144017354030745&w=2	vendor-advisory, x_refsource_HP
	https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952480	x_refsource_CONFIRM
	http://www.debian.org/security/2015/dsa-3319	vendor-advisory, x_refsource_DEBIAN
	http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163007.html	vendor-advisory, x_refsource_FEDORA
	http://marc.info/?l=bugtraq&m=144000632319155&w=2	vendor-advisory, x_refsource_HP
	http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163006.html	vendor-advisory, x_refsource_FEDORA
	https://www.exploit-db.com/exploits/37723/	exploit, x_refsource_EXPLOIT-DB
	https://kb.isc.org/article/AA-01305	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2016-0078.html	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00033.html	vendor-advisory, x_refsource_SUSE
	https://kb.isc.org/article/AA-01306	x_refsource_CONFIRM
	https://kc.mcafee.com/corporate/index?page=content&id=SB10126	x_refsource_CONFIRM
	https://kb.isc.org/article/AA-01272	x_refsource_CONFIRM
	http://marc.info/?l=bugtraq&m=144000632319155&w=2	vendor-advisory, x_refsource_HP

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:50:02.071Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/132926/BIND-TKEY-Query-Denial-Of-Service.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
          },
          {
            "name": "openSUSE-SU-2015:1326",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00050.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04789415"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA10783"
          },
          {
            "name": "RHSA-2015:1513",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1513.html"
          },
          {
            "name": "SUSE-SU-2015:1305",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00044.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20160114-0001/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.isc.org/article/AA-01438"
          },
          {
            "name": "FEDORA-2015-12316",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163015.html"
          },
          {
            "name": "HPSBUX03410",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144017354030745\u0026w=2"
          },
          {
            "name": "SSRT102248",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144294073801304\u0026w=2"
          },
          {
            "name": "RHSA-2016:0079",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0079.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05095918"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10718"
          },
          {
            "name": "RHSA-2015:1514",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1514.html"
          },
          {
            "name": "USN-2693-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2693-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT205032"
          },
          {
            "name": "1033100",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1033100"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.isc.org/article/AA-01307"
          },
          {
            "name": "76092",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/76092"
          },
          {
            "name": "SUSE-SU-2015:1316",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00045.html"
          },
          {
            "name": "openSUSE-SU-2015:1335",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00001.html"
          },
          {
            "name": "HPSBUX03511",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144294073801304\u0026w=2"
          },
          {
            "name": "37721",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/37721/"
          },
          {
            "name": "RHSA-2015:1515",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1515.html"
          },
          {
            "name": "SUSE-SU-2015:1322",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00048.html"
          },
          {
            "name": "GLSA-201510-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201510-01"
          },
          {
            "name": "SUSE-SU-2015:1304",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00043.html"
          },
          {
            "name": "HPSBOV03506",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144181171013996\u0026w=2"
          },
          {
            "name": "SSRT102175",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144017354030745\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952480"
          },
          {
            "name": "DSA-3319",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3319"
          },
          {
            "name": "FEDORA-2015-12357",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163007.html"
          },
          {
            "name": "HPSBUX03400",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144000632319155\u0026w=2"
          },
          {
            "name": "FEDORA-2015-12335",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163006.html"
          },
          {
            "name": "37723",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/37723/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.isc.org/article/AA-01305"
          },
          {
            "name": "RHSA-2016:0078",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0078.html"
          },
          {
            "name": "SUSE-SU-2016:0227",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00033.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.isc.org/article/AA-01306"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10126"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.isc.org/article/AA-01272"
          },
          {
            "name": "SSRT102211",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144000632319155\u0026w=2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-07-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-09T10:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/132926/BIND-TKEY-Query-Denial-Of-Service.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
        },
        {
          "name": "openSUSE-SU-2015:1326",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00050.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04789415"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.juniper.net/JSA10783"
        },
        {
          "name": "RHSA-2015:1513",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1513.html"
        },
        {
          "name": "SUSE-SU-2015:1305",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00044.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20160114-0001/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.isc.org/article/AA-01438"
        },
        {
          "name": "FEDORA-2015-12316",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163015.html"
        },
        {
          "name": "HPSBUX03410",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144017354030745\u0026w=2"
        },
        {
          "name": "SSRT102248",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144294073801304\u0026w=2"
        },
        {
          "name": "RHSA-2016:0079",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0079.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05095918"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10718"
        },
        {
          "name": "RHSA-2015:1514",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1514.html"
        },
        {
          "name": "USN-2693-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2693-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/kb/HT205032"
        },
        {
          "name": "1033100",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1033100"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.isc.org/article/AA-01307"
        },
        {
          "name": "76092",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/76092"
        },
        {
          "name": "SUSE-SU-2015:1316",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00045.html"
        },
        {
          "name": "openSUSE-SU-2015:1335",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00001.html"
        },
        {
          "name": "HPSBUX03511",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144294073801304\u0026w=2"
        },
        {
          "name": "37721",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/37721/"
        },
        {
          "name": "RHSA-2015:1515",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1515.html"
        },
        {
          "name": "SUSE-SU-2015:1322",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00048.html"
        },
        {
          "name": "GLSA-201510-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201510-01"
        },
        {
          "name": "SUSE-SU-2015:1304",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00043.html"
        },
        {
          "name": "HPSBOV03506",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144181171013996\u0026w=2"
        },
        {
          "name": "SSRT102175",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144017354030745\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952480"
        },
        {
          "name": "DSA-3319",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3319"
        },
        {
          "name": "FEDORA-2015-12357",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163007.html"
        },
        {
          "name": "HPSBUX03400",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144000632319155\u0026w=2"
        },
        {
          "name": "FEDORA-2015-12335",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163006.html"
        },
        {
          "name": "37723",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/37723/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.isc.org/article/AA-01305"
        },
        {
          "name": "RHSA-2016:0078",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0078.html"
        },
        {
          "name": "SUSE-SU-2016:0227",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00033.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.isc.org/article/AA-01306"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10126"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.isc.org/article/AA-01272"
        },
        {
          "name": "SSRT102211",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144000632319155\u0026w=2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-5477",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://packetstormsecurity.com/files/132926/BIND-TKEY-Query-Denial-Of-Service.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/132926/BIND-TKEY-Query-Denial-Of-Service.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
            },
            {
              "name": "openSUSE-SU-2015:1326",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00050.html"
            },
            {
              "name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04789415",
              "refsource": "CONFIRM",
              "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04789415"
            },
            {
              "name": "https://kb.juniper.net/JSA10783",
              "refsource": "CONFIRM",
              "url": "https://kb.juniper.net/JSA10783"
            },
            {
              "name": "RHSA-2015:1513",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-1513.html"
            },
            {
              "name": "SUSE-SU-2015:1305",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00044.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20160114-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20160114-0001/"
            },
            {
              "name": "https://kb.isc.org/article/AA-01438",
              "refsource": "CONFIRM",
              "url": "https://kb.isc.org/article/AA-01438"
            },
            {
              "name": "FEDORA-2015-12316",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163015.html"
            },
            {
              "name": "HPSBUX03410",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=144017354030745\u0026w=2"
            },
            {
              "name": "SSRT102248",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=144294073801304\u0026w=2"
            },
            {
              "name": "RHSA-2016:0079",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0079.html"
            },
            {
              "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05095918",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05095918"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
            },
            {
              "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10718",
              "refsource": "CONFIRM",
              "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10718"
            },
            {
              "name": "RHSA-2015:1514",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-1514.html"
            },
            {
              "name": "USN-2693-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2693-1"
            },
            {
              "name": "https://support.apple.com/kb/HT205032",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/kb/HT205032"
            },
            {
              "name": "1033100",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1033100"
            },
            {
              "name": "https://kb.isc.org/article/AA-01307",
              "refsource": "CONFIRM",
              "url": "https://kb.isc.org/article/AA-01307"
            },
            {
              "name": "76092",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/76092"
            },
            {
              "name": "SUSE-SU-2015:1316",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00045.html"
            },
            {
              "name": "openSUSE-SU-2015:1335",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00001.html"
            },
            {
              "name": "HPSBUX03511",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=144294073801304\u0026w=2"
            },
            {
              "name": "37721",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/37721/"
            },
            {
              "name": "RHSA-2015:1515",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-1515.html"
            },
            {
              "name": "SUSE-SU-2015:1322",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00048.html"
            },
            {
              "name": "GLSA-201510-01",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201510-01"
            },
            {
              "name": "SUSE-SU-2015:1304",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00043.html"
            },
            {
              "name": "HPSBOV03506",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=144181171013996\u0026w=2"
            },
            {
              "name": "SSRT102175",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=144017354030745\u0026w=2"
            },
            {
              "name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952480",
              "refsource": "CONFIRM",
              "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952480"
            },
            {
              "name": "DSA-3319",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2015/dsa-3319"
            },
            {
              "name": "FEDORA-2015-12357",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163007.html"
            },
            {
              "name": "HPSBUX03400",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=144000632319155\u0026w=2"
            },
            {
              "name": "FEDORA-2015-12335",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163006.html"
            },
            {
              "name": "37723",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/37723/"
            },
            {
              "name": "https://kb.isc.org/article/AA-01305",
              "refsource": "CONFIRM",
              "url": "https://kb.isc.org/article/AA-01305"
            },
            {
              "name": "RHSA-2016:0078",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0078.html"
            },
            {
              "name": "SUSE-SU-2016:0227",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00033.html"
            },
            {
              "name": "https://kb.isc.org/article/AA-01306",
              "refsource": "CONFIRM",
              "url": "https://kb.isc.org/article/AA-01306"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10126",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10126"
            },
            {
              "name": "https://kb.isc.org/article/AA-01272",
              "refsource": "CONFIRM",
              "url": "https://kb.isc.org/article/AA-01272"
            },
            {
              "name": "SSRT102211",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=144000632319155\u0026w=2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-5477",
    "datePublished": "2015-07-29T14:00:00",
    "dateReserved": "2015-07-10T00:00:00",
    "dateUpdated": "2024-08-06T06:50:02.071Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-2313 (GCVE-0-2017-2313)

Vulnerability from cvelistv5

Published

2017-04-24 15:00

Modified

2024-08-05 13:48

Severity ?

CWE

denial of service vulnerability

Summary

Juniper Networks devices running affected Junos OS versions may be impacted by the receipt of a crafted BGP UPDATE which can lead to an rpd (routing process daemon) crash and restart. Repeated crashes of the rpd daemon can result in an extended denial of service condition. The affected Junos OS versions are: 15.1 prior to 15.1F2-S15, 15.1F5-S7, 15.1F6-S5, 15.1F7, 15.1R4-S7, 15.1R5-S2, 15.1R6; 15.1X49 prior to 15.1X49-D78, 15.1X49-D80; 15.1X53 prior to 15.1X53-D230, 15.1X53-D63, 15.1X53-D70; 16.1 prior to 16.1R3-S3, 16.1R4; 16.2 prior to 16.2R1-S3, 16.2R2; Releases prior to Junos OS 15.1 are unaffected by this vulnerability. 17.1R1, 17.2R1, and all subsequent releases have a resolution for this vulnerability.

References

URL

Tags

	https://kb.juniper.net/JSA10778	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1038257	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/bid/97606	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	Juniper Networks	Junos OS with BGP enabled	Version: 15.1 prior to 15.1F2-S15, 15.1F5-S7, 15.1F6-S5, 15.1F7, 15.1R4-S7, 15.1R5-S2, 15.1R6 Version: 15.1X49 prior to 15.1X49-D78, 15.1X49-D80 Version: 15.1X53 prior to 15.1X53-D230, 15.1X53-D63, 15.1X53-D70 Version: 16.1 prior to 16.1R3-S3, 16.1R4 Version: 16.2 prior to 16.2R1-S3, 16.2R2 Version: Releases prior to Junos OS 15.1 are unaffected by this vulnerability. Version: 17.1R1, 17.2R1, and all subsequent releases have a resolution for this vulnerability

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:48:05.294Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA10778"
          },
          {
            "name": "1038257",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038257"
          },
          {
            "name": "97606",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97606"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Junos OS with BGP enabled",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "status": "affected",
              "version": "15.1 prior to 15.1F2-S15, 15.1F5-S7, 15.1F6-S5, 15.1F7, 15.1R4-S7, 15.1R5-S2, 15.1R6"
            },
            {
              "status": "affected",
              "version": "15.1X49 prior to 15.1X49-D78, 15.1X49-D80"
            },
            {
              "status": "affected",
              "version": "15.1X53 prior to 15.1X53-D230, 15.1X53-D63, 15.1X53-D70"
            },
            {
              "status": "affected",
              "version": "16.1 prior to 16.1R3-S3, 16.1R4"
            },
            {
              "status": "affected",
              "version": "16.2 prior to 16.2R1-S3, 16.2R2"
            },
            {
              "status": "affected",
              "version": "Releases prior to Junos OS 15.1 are unaffected by this vulnerability."
            },
            {
              "status": "affected",
              "version": "17.1R1, 17.2R1, and all subsequent releases have a resolution for this vulnerability"
            }
          ]
        }
      ],
      "datePublic": "2017-04-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Juniper Networks devices running affected Junos OS versions may be impacted by the receipt of a crafted BGP UPDATE which can lead to an rpd (routing process daemon) crash and restart. Repeated crashes of the rpd daemon can result in an extended denial of service condition. The affected Junos OS versions are: 15.1 prior to 15.1F2-S15, 15.1F5-S7, 15.1F6-S5, 15.1F7, 15.1R4-S7, 15.1R5-S2, 15.1R6; 15.1X49 prior to 15.1X49-D78, 15.1X49-D80; 15.1X53 prior to 15.1X53-D230, 15.1X53-D63, 15.1X53-D70; 16.1 prior to 16.1R3-S3, 16.1R4; 16.2 prior to 16.2R1-S3, 16.2R2; Releases prior to Junos OS 15.1 are unaffected by this vulnerability. 17.1R1, 17.2R1, and all subsequent releases have a resolution for this vulnerability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "denial of service vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T09:57:01",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.juniper.net/JSA10778"
        },
        {
          "name": "1038257",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038257"
        },
        {
          "name": "97606",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97606"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "sirt@juniper.net",
          "ID": "CVE-2017-2313",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Junos OS with BGP enabled",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "15.1 prior to 15.1F2-S15, 15.1F5-S7, 15.1F6-S5, 15.1F7, 15.1R4-S7, 15.1R5-S2, 15.1R6"
                          },
                          {
                            "version_value": "15.1X49 prior to 15.1X49-D78, 15.1X49-D80"
                          },
                          {
                            "version_value": "15.1X53 prior to 15.1X53-D230, 15.1X53-D63, 15.1X53-D70"
                          },
                          {
                            "version_value": "16.1 prior to 16.1R3-S3, 16.1R4"
                          },
                          {
                            "version_value": "16.2 prior to 16.2R1-S3, 16.2R2"
                          },
                          {
                            "version_value": "Releases prior to Junos OS 15.1 are unaffected by this vulnerability."
                          },
                          {
                            "version_value": "17.1R1, 17.2R1, and all subsequent releases have a resolution for this vulnerability"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Juniper Networks"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Juniper Networks devices running affected Junos OS versions may be impacted by the receipt of a crafted BGP UPDATE which can lead to an rpd (routing process daemon) crash and restart. Repeated crashes of the rpd daemon can result in an extended denial of service condition. The affected Junos OS versions are: 15.1 prior to 15.1F2-S15, 15.1F5-S7, 15.1F6-S5, 15.1F7, 15.1R4-S7, 15.1R5-S2, 15.1R6; 15.1X49 prior to 15.1X49-D78, 15.1X49-D80; 15.1X53 prior to 15.1X53-D230, 15.1X53-D63, 15.1X53-D70; 16.1 prior to 16.1R3-S3, 16.1R4; 16.2 prior to 16.2R1-S3, 16.2R2; Releases prior to Junos OS 15.1 are unaffected by this vulnerability. 17.1R1, 17.2R1, and all subsequent releases have a resolution for this vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "denial of service vulnerability"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.juniper.net/JSA10778",
              "refsource": "CONFIRM",
              "url": "https://kb.juniper.net/JSA10778"
            },
            {
              "name": "1038257",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038257"
            },
            {
              "name": "97606",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97606"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2017-2313",
    "datePublished": "2017-04-24T15:00:00",
    "dateReserved": "2016-12-01T00:00:00",
    "dateUpdated": "2024-08-05T13:48:05.294Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-2324 (GCVE-0-2017-2324)

Vulnerability from cvelistv5

Published

2017-04-24 15:00

Modified

2024-08-05 13:48

Severity ?

CWE

denial of service via remote command injection

Summary

A command injection vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a network-based malicious attacker to cause a denial of service condition.

References

URL

Tags

	https://kb.juniper.net/JSA10783	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/97604	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	Juniper Networks	NorthStar Controller Application	Version: prior to version 2.1.0 Service Pack 1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:48:05.327Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA10783"
          },
          {
            "name": "97604",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97604"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "NorthStar Controller Application",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "status": "affected",
              "version": "prior to version 2.1.0 Service Pack 1"
            }
          ]
        }
      ],
      "datePublic": "2017-04-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A command injection vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a network-based malicious attacker to cause a denial of service condition."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "denial of service via remote command injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-04-25T09:57:01",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.juniper.net/JSA10783"
        },
        {
          "name": "97604",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97604"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "sirt@juniper.net",
          "ID": "CVE-2017-2324",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "NorthStar Controller Application",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "prior to version 2.1.0 Service Pack 1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Juniper Networks"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A command injection vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a network-based malicious attacker to cause a denial of service condition."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "denial of service via remote command injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.juniper.net/JSA10783",
              "refsource": "CONFIRM",
              "url": "https://kb.juniper.net/JSA10783"
            },
            {
              "name": "97604",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97604"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2017-2324",
    "datePublished": "2017-04-24T15:00:00",
    "dateReserved": "2016-12-01T00:00:00",
    "dateUpdated": "2024-08-05T13:48:05.327Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-7429 (GCVE-0-2016-7429)

Vulnerability from cvelistv5

Published

2017-01-13 16:00

Modified

2024-08-06 01:57

Severity ?

CWE

n/a

Summary

NTP before 4.2.8p9 changes the peer structure to the interface it receives the response from a source, which allows remote attackers to cause a denial of service (prevent communication with a source) by sending a response for a source to an interface the source does not use.

References

URL

Tags

	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_us	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2017-0252.html	vendor-advisory, x_refsource_REDHAT
	http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities	x_refsource_CONFIRM
	http://nwtime.org/ntp428p9_release/	x_refsource_CONFIRM
	https://www.kb.cert.org/vuls/id/633847	third-party-advisory, x_refsource_CERT-VN
	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1037354	vdb-entry, x_refsource_SECTRACK
	https://bto.bluecoat.com/security-advisory/sa139	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/94453	vdb-entry, x_refsource_BID
	http://support.ntp.org/bin/view/Main/NtpBug3072	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:57:47.553Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us"
          },
          {
            "name": "RHSA-2017:0252",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0252.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://nwtime.org/ntp428p9_release/"
          },
          {
            "name": "VU#633847",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/633847"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "name": "1037354",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037354"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa139"
          },
          {
            "name": "94453",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94453"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.ntp.org/bin/view/Main/NtpBug3072"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-11-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "NTP before 4.2.8p9 changes the peer structure to the interface it receives the response from a source, which allows remote attackers to cause a denial of service (prevent communication with a source) by sending a response for a source to an interface the source does not use."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us"
        },
        {
          "name": "RHSA-2017:0252",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0252.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://nwtime.org/ntp428p9_release/"
        },
        {
          "name": "VU#633847",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/633847"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "name": "1037354",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037354"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bto.bluecoat.com/security-advisory/sa139"
        },
        {
          "name": "94453",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94453"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.ntp.org/bin/view/Main/NtpBug3072"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-7429",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "NTP before 4.2.8p9 changes the peer structure to the interface it receives the response from a source, which allows remote attackers to cause a denial of service (prevent communication with a source) by sending a response for a source to an interface the source does not use."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us"
            },
            {
              "name": "RHSA-2017:0252",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0252.html"
            },
            {
              "name": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities",
              "refsource": "CONFIRM",
              "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
            },
            {
              "name": "http://nwtime.org/ntp428p9_release/",
              "refsource": "CONFIRM",
              "url": "http://nwtime.org/ntp428p9_release/"
            },
            {
              "name": "VU#633847",
              "refsource": "CERT-VN",
              "url": "https://www.kb.cert.org/vuls/id/633847"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
            },
            {
              "name": "1037354",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037354"
            },
            {
              "name": "https://bto.bluecoat.com/security-advisory/sa139",
              "refsource": "CONFIRM",
              "url": "https://bto.bluecoat.com/security-advisory/sa139"
            },
            {
              "name": "94453",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94453"
            },
            {
              "name": "http://support.ntp.org/bin/view/Main/NtpBug3072",
              "refsource": "CONFIRM",
              "url": "http://support.ntp.org/bin/view/Main/NtpBug3072"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-7429",
    "datePublished": "2017-01-13T16:00:00",
    "dateReserved": "2016-09-09T00:00:00",
    "dateUpdated": "2024-08-06T01:57:47.553Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-7431 (GCVE-0-2016-7431)

Vulnerability from cvelistv5

Published

2017-01-13 16:00

Modified

2024-08-06 01:57

Severity ?

CWE

n/a

Summary

NTP before 4.2.8p9 allows remote attackers to bypass the origin timestamp protection mechanism via an origin timestamp of zero. NOTE: this vulnerability exists because of a CVE-2015-8138 regression.

References

URL

Tags

	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_us	x_refsource_CONFIRM
	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03883en_us	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/94454	vdb-entry, x_refsource_BID
	http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities	x_refsource_CONFIRM
	http://nwtime.org/ntp428p9_release/	x_refsource_CONFIRM
	https://www.kb.cert.org/vuls/id/633847	third-party-advisory, x_refsource_CERT-VN
	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03899en_us	x_refsource_CONFIRM
	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1037354	vdb-entry, x_refsource_SECTRACK
	https://bto.bluecoat.com/security-advisory/sa139	x_refsource_CONFIRM
	https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc	vendor-advisory, x_refsource_FREEBSD
	http://support.ntp.org/bin/view/Main/NtpBug3102	x_refsource_CONFIRM
	http://www.securityfocus.com/archive/1/540254/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://www.securityfocus.com/archive/1/archive/1/540254/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://lists.opensuse.org/opensuse-updates/2016-12/msg00153.html	vendor-advisory, x_refsource_SUSE
	https://support.hpe.com/hpsc/doc/public/display?docLocale=en&docId=emr_na-hpesbhf03899en_us	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-3349-1	vendor-advisory, x_refsource_UBUNTU
	https://support.hpe.com/hpsc/doc/public/display?docLocale=en&docId=emr_na-hpesbhf03883en_us	x_refsource_CONFIRM
	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-ntpd-en	x_refsource_CONFIRM
	https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-223/	x_refsource_CONFIRM
	http://www.securityfocus.com/archive/1/539955/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://packetstormsecurity.com/files/140240/FreeBSD-Security-Advisory-FreeBSD-SA-16.39.ntp.html	x_refsource_MISC
	http://www.securityfocus.com/archive/1/archive/1/539955/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf	x_refsource_CONFIRM
	https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:57:47.665Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03883en_us"
          },
          {
            "name": "94454",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94454"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://nwtime.org/ntp428p9_release/"
          },
          {
            "name": "VU#633847",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/633847"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03899en_us"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "name": "1037354",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037354"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa139"
          },
          {
            "name": "FreeBSD-SA-16:39",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.ntp.org/bin/view/Main/NtpBug3102"
          },
          {
            "name": "20170310 [security bulletin] HPESBUX03706 rev.1 - HP-UX NTP service running ntpd, Multiple Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/540254/100/0/threaded"
          },
          {
            "name": "20170310 [security bulletin] HPESBUX03706 rev.1 - HP-UX NTP service running ntpd, Multiple Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/archive/1/540254/100/0/threaded"
          },
          {
            "name": "openSUSE-SU-2016:3280",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00153.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en\u0026docId=emr_na-hpesbhf03899en_us"
          },
          {
            "name": "USN-3349-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3349-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en\u0026docId=emr_na-hpesbhf03883en_us"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-ntpd-en"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-223/"
          },
          {
            "name": "20161222 FreeBSD Security Advisory FreeBSD-SA-16:39.ntp",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/539955/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/140240/FreeBSD-Security-Advisory-FreeBSD-SA-16.39.ntp.html"
          },
          {
            "name": "20161222 FreeBSD Security Advisory FreeBSD-SA-16:39.ntp",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/archive/1/539955/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-11-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "NTP before 4.2.8p9 allows remote attackers to bypass the origin timestamp protection mechanism via an origin timestamp of zero.  NOTE: this vulnerability exists because of a CVE-2015-8138 regression."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-12T16:41:31",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03883en_us"
        },
        {
          "name": "94454",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94454"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://nwtime.org/ntp428p9_release/"
        },
        {
          "name": "VU#633847",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/633847"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03899en_us"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "name": "1037354",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037354"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bto.bluecoat.com/security-advisory/sa139"
        },
        {
          "name": "FreeBSD-SA-16:39",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.ntp.org/bin/view/Main/NtpBug3102"
        },
        {
          "name": "20170310 [security bulletin] HPESBUX03706 rev.1 - HP-UX NTP service running ntpd, Multiple Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/540254/100/0/threaded"
        },
        {
          "name": "20170310 [security bulletin] HPESBUX03706 rev.1 - HP-UX NTP service running ntpd, Multiple Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/archive/1/540254/100/0/threaded"
        },
        {
          "name": "openSUSE-SU-2016:3280",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00153.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en\u0026docId=emr_na-hpesbhf03899en_us"
        },
        {
          "name": "USN-3349-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3349-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en\u0026docId=emr_na-hpesbhf03883en_us"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-ntpd-en"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-223/"
        },
        {
          "name": "20161222 FreeBSD Security Advisory FreeBSD-SA-16:39.ntp",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/539955/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/140240/FreeBSD-Security-Advisory-FreeBSD-SA-16.39.ntp.html"
        },
        {
          "name": "20161222 FreeBSD Security Advisory FreeBSD-SA-16:39.ntp",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/archive/1/539955/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-7431",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "NTP before 4.2.8p9 allows remote attackers to bypass the origin timestamp protection mechanism via an origin timestamp of zero.  NOTE: this vulnerability exists because of a CVE-2015-8138 regression."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03883en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03883en_us"
            },
            {
              "name": "94454",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94454"
            },
            {
              "name": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities",
              "refsource": "CONFIRM",
              "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
            },
            {
              "name": "http://nwtime.org/ntp428p9_release/",
              "refsource": "CONFIRM",
              "url": "http://nwtime.org/ntp428p9_release/"
            },
            {
              "name": "VU#633847",
              "refsource": "CERT-VN",
              "url": "https://www.kb.cert.org/vuls/id/633847"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03899en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03899en_us"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
            },
            {
              "name": "1037354",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037354"
            },
            {
              "name": "https://bto.bluecoat.com/security-advisory/sa139",
              "refsource": "CONFIRM",
              "url": "https://bto.bluecoat.com/security-advisory/sa139"
            },
            {
              "name": "FreeBSD-SA-16:39",
              "refsource": "FREEBSD",
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc"
            },
            {
              "name": "http://support.ntp.org/bin/view/Main/NtpBug3102",
              "refsource": "CONFIRM",
              "url": "http://support.ntp.org/bin/view/Main/NtpBug3102"
            },
            {
              "name": "20170310 [security bulletin] HPESBUX03706 rev.1 - HP-UX NTP service running ntpd, Multiple Vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/540254/100/0/threaded"
            },
            {
              "name": "20170310 [security bulletin] HPESBUX03706 rev.1 - HP-UX NTP service running ntpd, Multiple Vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/archive/1/540254/100/0/threaded"
            },
            {
              "name": "openSUSE-SU-2016:3280",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00153.html"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en\u0026docId=emr_na-hpesbhf03899en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en\u0026docId=emr_na-hpesbhf03899en_us"
            },
            {
              "name": "USN-3349-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3349-1"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en\u0026docId=emr_na-hpesbhf03883en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en\u0026docId=emr_na-hpesbhf03883en_us"
            },
            {
              "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-ntpd-en",
              "refsource": "CONFIRM",
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-ntpd-en"
            },
            {
              "name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-223/",
              "refsource": "CONFIRM",
              "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-223/"
            },
            {
              "name": "20161222 FreeBSD Security Advisory FreeBSD-SA-16:39.ntp",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/539955/100/0/threaded"
            },
            {
              "name": "http://packetstormsecurity.com/files/140240/FreeBSD-Security-Advisory-FreeBSD-SA-16.39.ntp.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/140240/FreeBSD-Security-Advisory-FreeBSD-SA-16.39.ntp.html"
            },
            {
              "name": "20161222 FreeBSD Security Advisory FreeBSD-SA-16:39.ntp",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/archive/1/539955/100/0/threaded"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
            },
            {
              "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11",
              "refsource": "MISC",
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-7431",
    "datePublished": "2017-01-13T16:00:00",
    "dateReserved": "2016-09-09T00:00:00",
    "dateUpdated": "2024-08-06T01:57:47.665Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-9310 (GCVE-0-2016-9310)

Vulnerability from cvelistv5

Published

2017-01-13 16:00

Modified

2024-08-06 02:50

Severity ?

CWE

n/a

Summary

The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet.

References

URL

Tags

	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_us	x_refsource_CONFIRM
	http://support.ntp.org/bin/view/Main/NtpBug3118	x_refsource_CONFIRM
	https://usn.ubuntu.com/3707-2/	vendor-advisory, x_refsource_UBUNTU
	http://www.securityfocus.com/bid/94452	vdb-entry, x_refsource_BID
	http://rhn.redhat.com/errata/RHSA-2017-0252.html	vendor-advisory, x_refsource_REDHAT
	http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities	x_refsource_CONFIRM
	http://nwtime.org/ntp428p9_release/	x_refsource_CONFIRM
	https://www.kb.cert.org/vuls/id/633847	third-party-advisory, x_refsource_CERT-VN
	http://www.securitytracker.com/id/1037354	vdb-entry, x_refsource_SECTRACK
	https://bto.bluecoat.com/security-advisory/sa139	x_refsource_CONFIRM
	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03799en_us	x_refsource_CONFIRM
	https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc	vendor-advisory, x_refsource_FREEBSD

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:50:37.626Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.ntp.org/bin/view/Main/NtpBug3118"
          },
          {
            "name": "USN-3707-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3707-2/"
          },
          {
            "name": "94452",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94452"
          },
          {
            "name": "RHSA-2017:0252",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0252.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://nwtime.org/ntp428p9_release/"
          },
          {
            "name": "VU#633847",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/633847"
          },
          {
            "name": "1037354",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037354"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa139"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03799en_us"
          },
          {
            "name": "FreeBSD-SA-16:39",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-11-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-01-24T10:57:02",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.ntp.org/bin/view/Main/NtpBug3118"
        },
        {
          "name": "USN-3707-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3707-2/"
        },
        {
          "name": "94452",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94452"
        },
        {
          "name": "RHSA-2017:0252",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0252.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://nwtime.org/ntp428p9_release/"
        },
        {
          "name": "VU#633847",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/633847"
        },
        {
          "name": "1037354",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037354"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bto.bluecoat.com/security-advisory/sa139"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03799en_us"
        },
        {
          "name": "FreeBSD-SA-16:39",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-9310",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us"
            },
            {
              "name": "http://support.ntp.org/bin/view/Main/NtpBug3118",
              "refsource": "CONFIRM",
              "url": "http://support.ntp.org/bin/view/Main/NtpBug3118"
            },
            {
              "name": "USN-3707-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3707-2/"
            },
            {
              "name": "94452",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94452"
            },
            {
              "name": "RHSA-2017:0252",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0252.html"
            },
            {
              "name": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities",
              "refsource": "CONFIRM",
              "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
            },
            {
              "name": "http://nwtime.org/ntp428p9_release/",
              "refsource": "CONFIRM",
              "url": "http://nwtime.org/ntp428p9_release/"
            },
            {
              "name": "VU#633847",
              "refsource": "CERT-VN",
              "url": "https://www.kb.cert.org/vuls/id/633847"
            },
            {
              "name": "1037354",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037354"
            },
            {
              "name": "https://bto.bluecoat.com/security-advisory/sa139",
              "refsource": "CONFIRM",
              "url": "https://bto.bluecoat.com/security-advisory/sa139"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03799en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03799en_us"
            },
            {
              "name": "FreeBSD-SA-16:39",
              "refsource": "FREEBSD",
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-9310",
    "datePublished": "2017-01-13T16:00:00",
    "dateReserved": "2016-11-14T00:00:00",
    "dateUpdated": "2024-08-06T02:50:37.626Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-1886 (GCVE-0-2016-1886)

Vulnerability from cvelistv5

Published

2016-05-25 15:00

Modified

2024-08-05 23:10

Severity ?

CWE

n/a

Summary

Integer signedness error in the genkbd_commonioctl function in sys/dev/kbd/kbd.c in FreeBSD 9.3 before p42, 10.1 before p34, 10.2 before p17, and 10.3 before p3 allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory overwrite and kernel crash), or gain privileges via a negative value in the flen structure member in the arg argument in a SETFKEY ioctl call, which triggers a "two way heap and stack overflow."

References

URL

Tags

	http://www.securitytracker.com/id/1035905	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/bid/90734	vdb-entry, x_refsource_BID
	https://www.freebsd.org/security/advisories/FreeBSD-SA-16:18.atkbd.asc	vendor-advisory, x_refsource_FREEBSD
	https://security.FreeBSD.org/patches/SA-16:18/atkbd.patch	x_refsource_CONFIRM
	http://cturt.github.io/SETFKEY.html	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:10:40.320Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1035905",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035905"
          },
          {
            "name": "90734",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/90734"
          },
          {
            "name": "FreeBSD-SA-16:18",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:18.atkbd.asc"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/patches/SA-16:18/atkbd.patch"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://cturt.github.io/SETFKEY.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-05-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer signedness error in the genkbd_commonioctl function in sys/dev/kbd/kbd.c in FreeBSD 9.3 before p42, 10.1 before p34, 10.2 before p17, and 10.3 before p3 allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory overwrite and kernel crash), or gain privileges via a negative value in the flen structure member in the arg argument in a SETFKEY ioctl call, which triggers a \"two way heap and stack overflow.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-04-19T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1035905",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1035905"
        },
        {
          "name": "90734",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/90734"
        },
        {
          "name": "FreeBSD-SA-16:18",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:18.atkbd.asc"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.FreeBSD.org/patches/SA-16:18/atkbd.patch"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://cturt.github.io/SETFKEY.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-1886",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer signedness error in the genkbd_commonioctl function in sys/dev/kbd/kbd.c in FreeBSD 9.3 before p42, 10.1 before p34, 10.2 before p17, and 10.3 before p3 allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory overwrite and kernel crash), or gain privileges via a negative value in the flen structure member in the arg argument in a SETFKEY ioctl call, which triggers a \"two way heap and stack overflow.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1035905",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1035905"
            },
            {
              "name": "90734",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/90734"
            },
            {
              "name": "FreeBSD-SA-16:18",
              "refsource": "FREEBSD",
              "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:18.atkbd.asc"
            },
            {
              "name": "https://security.FreeBSD.org/patches/SA-16:18/atkbd.patch",
              "refsource": "CONFIRM",
              "url": "https://security.FreeBSD.org/patches/SA-16:18/atkbd.patch"
            },
            {
              "name": "http://cturt.github.io/SETFKEY.html",
              "refsource": "MISC",
              "url": "http://cturt.github.io/SETFKEY.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-1886",
    "datePublished": "2016-05-25T15:00:00",
    "dateReserved": "2016-01-13T00:00:00",
    "dateUpdated": "2024-08-05T23:10:40.320Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-7973 (GCVE-0-2015-7973)

Vulnerability from cvelistv5

Published

2017-01-30 21:00

Modified

2024-08-06 08:06

Severity ?

CWE

n/a

Summary

NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network.

References

URL

Tags

	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd	vendor-advisory, x_refsource_CISCO
	http://www.ubuntu.com/usn/USN-3096-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html	vendor-advisory, x_refsource_SUSE
	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03766en_us	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html	vendor-advisory, x_refsource_SUSE
	http://support.ntp.org/bin/view/Main/NtpBug2935	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1034782	vdb-entry, x_refsource_SECTRACK
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html	vendor-advisory, x_refsource_SUSE
	https://www.kb.cert.org/vuls/id/718152	third-party-advisory, x_refsource_CERT-VN
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html	vendor-advisory, x_refsource_SUSE
	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03750en_us	x_refsource_CONFIRM
	https://security.netapp.com/advisory/ntap-20171031-0001/	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html	vendor-advisory, x_refsource_SUSE
	http://www.securityfocus.com/bid/81963	vdb-entry, x_refsource_BID
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html	vendor-advisory, x_refsource_SUSE
	https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc	vendor-advisory, x_refsource_FREEBSD
	https://bto.bluecoat.com/security-advisory/sa113	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html	vendor-advisory, x_refsource_SUSE
	https://security.gentoo.org/glsa/201607-15	vendor-advisory, x_refsource_GENTOO
	https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf	x_refsource_CONFIRM
	https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T08:06:31.462Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20160120 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products - January 2016",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
          },
          {
            "name": "USN-3096-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3096-1"
          },
          {
            "name": "SUSE-SU-2016:1177",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03766en_us"
          },
          {
            "name": "SUSE-SU-2016:1912",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.ntp.org/bin/view/Main/NtpBug2935"
          },
          {
            "name": "1034782",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034782"
          },
          {
            "name": "openSUSE-SU-2016:1292",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
          },
          {
            "name": "VU#718152",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/718152"
          },
          {
            "name": "SUSE-SU-2016:1247",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03750en_us"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
          },
          {
            "name": "SUSE-SU-2016:1311",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
          },
          {
            "name": "81963",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/81963"
          },
          {
            "name": "SUSE-SU-2016:2094",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
          },
          {
            "name": "SUSE-SU-2016:1175",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
          },
          {
            "name": "FreeBSD-SA-16:09",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa113"
          },
          {
            "name": "openSUSE-SU-2016:1423",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
          },
          {
            "name": "GLSA-201607-15",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201607-15"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-01-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-15T20:40:17",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20160120 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products - January 2016",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
        },
        {
          "name": "USN-3096-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3096-1"
        },
        {
          "name": "SUSE-SU-2016:1177",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03766en_us"
        },
        {
          "name": "SUSE-SU-2016:1912",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.ntp.org/bin/view/Main/NtpBug2935"
        },
        {
          "name": "1034782",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1034782"
        },
        {
          "name": "openSUSE-SU-2016:1292",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
        },
        {
          "name": "VU#718152",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/718152"
        },
        {
          "name": "SUSE-SU-2016:1247",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03750en_us"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
        },
        {
          "name": "SUSE-SU-2016:1311",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
        },
        {
          "name": "81963",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/81963"
        },
        {
          "name": "SUSE-SU-2016:2094",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
        },
        {
          "name": "SUSE-SU-2016:1175",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
        },
        {
          "name": "FreeBSD-SA-16:09",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bto.bluecoat.com/security-advisory/sa113"
        },
        {
          "name": "openSUSE-SU-2016:1423",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
        },
        {
          "name": "GLSA-201607-15",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201607-15"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-7973",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20160120 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products - January 2016",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
            },
            {
              "name": "USN-3096-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3096-1"
            },
            {
              "name": "SUSE-SU-2016:1177",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
            },
            {
              "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03766en_us",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03766en_us"
            },
            {
              "name": "SUSE-SU-2016:1912",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
            },
            {
              "name": "http://support.ntp.org/bin/view/Main/NtpBug2935",
              "refsource": "CONFIRM",
              "url": "http://support.ntp.org/bin/view/Main/NtpBug2935"
            },
            {
              "name": "1034782",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1034782"
            },
            {
              "name": "openSUSE-SU-2016:1292",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
            },
            {
              "name": "VU#718152",
              "refsource": "CERT-VN",
              "url": "https://www.kb.cert.org/vuls/id/718152"
            },
            {
              "name": "SUSE-SU-2016:1247",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
            },
            {
              "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03750en_us",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03750en_us"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20171031-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
            },
            {
              "name": "SUSE-SU-2016:1311",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
            },
            {
              "name": "81963",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/81963"
            },
            {
              "name": "SUSE-SU-2016:2094",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
            },
            {
              "name": "SUSE-SU-2016:1175",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
            },
            {
              "name": "FreeBSD-SA-16:09",
              "refsource": "FREEBSD",
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
            },
            {
              "name": "https://bto.bluecoat.com/security-advisory/sa113",
              "refsource": "CONFIRM",
              "url": "https://bto.bluecoat.com/security-advisory/sa113"
            },
            {
              "name": "openSUSE-SU-2016:1423",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
            },
            {
              "name": "GLSA-201607-15",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201607-15"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
            },
            {
              "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11",
              "refsource": "CONFIRM",
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-7973",
    "datePublished": "2017-01-30T21:00:00",
    "dateReserved": "2015-10-23T00:00:00",
    "dateUpdated": "2024-08-06T08:06:31.462Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-1349 (GCVE-0-2015-1349)

Vulnerability from cvelistv5

Published

2015-02-19 02:00

Modified

2024-08-06 04:40

Severity ?

CWE

n/a

Summary

named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit, or daemon crash) by triggering an incorrect trust-anchor management scenario in which no key is ready for use.

References

URL

Tags

	http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00050.html	vendor-advisory, x_refsource_SUSE
	https://kb.juniper.net/JSA10783	x_refsource_CONFIRM
	http://advisories.mageia.org/MGASA-2015-0082.html	x_refsource_CONFIRM
	http://www.mandriva.com/security/advisories?name=MDVSA-2015:165	vendor-advisory, x_refsource_MANDRIVA
	https://kb.isc.org/article/AA-01235	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00013.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-updates/2015-07/msg00038.html	vendor-advisory, x_refsource_SUSE
	http://www.mandriva.com/security/advisories?name=MDVSA-2015:054	vendor-advisory, x_refsource_MANDRIVA
	https://kc.mcafee.com/corporate/index?page=content&id=SB10116	x_refsource_CONFIRM
	http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150904.html	vendor-advisory, x_refsource_FEDORA
	https://security.gentoo.org/glsa/201510-01	vendor-advisory, x_refsource_GENTOO
	http://marc.info/?l=bugtraq&m=143740940810833&w=2	vendor-advisory, x_refsource_HP
	http://marc.info/?l=bugtraq&m=143740940810833&w=2	vendor-advisory, x_refsource_HP
	http://www.ubuntu.com/usn/USN-2503-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150905.html	vendor-advisory, x_refsource_FEDORA
	http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html	vendor-advisory, x_refsource_APPLE
	https://support.apple.com/HT205219	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2015-0672.html	vendor-advisory, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=1193820	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:40:18.567Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "openSUSE-SU-2015:1326",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00050.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA10783"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://advisories.mageia.org/MGASA-2015-0082.html"
          },
          {
            "name": "MDVSA-2015:165",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:165"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.isc.org/article/AA-01235"
          },
          {
            "name": "SUSE-SU-2015:1205",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00013.html"
          },
          {
            "name": "openSUSE-SU-2015:1250",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00038.html"
          },
          {
            "name": "MDVSA-2015:054",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:054"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10116"
          },
          {
            "name": "FEDORA-2015-2543",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150904.html"
          },
          {
            "name": "GLSA-201510-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201510-01"
          },
          {
            "name": "HPSBUX03379",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143740940810833\u0026w=2"
          },
          {
            "name": "SSRT101976",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143740940810833\u0026w=2"
          },
          {
            "name": "USN-2503-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2503-1"
          },
          {
            "name": "FEDORA-2015-2548",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150905.html"
          },
          {
            "name": "APPLE-SA-2015-09-16-4",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT205219"
          },
          {
            "name": "RHSA-2015:0672",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0672.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1193820"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-02-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit, or daemon crash) by triggering an incorrect trust-anchor management scenario in which no key is ready for use."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-05-23T01:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "openSUSE-SU-2015:1326",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00050.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.juniper.net/JSA10783"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://advisories.mageia.org/MGASA-2015-0082.html"
        },
        {
          "name": "MDVSA-2015:165",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:165"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.isc.org/article/AA-01235"
        },
        {
          "name": "SUSE-SU-2015:1205",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00013.html"
        },
        {
          "name": "openSUSE-SU-2015:1250",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00038.html"
        },
        {
          "name": "MDVSA-2015:054",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:054"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10116"
        },
        {
          "name": "FEDORA-2015-2543",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150904.html"
        },
        {
          "name": "GLSA-201510-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201510-01"
        },
        {
          "name": "HPSBUX03379",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143740940810833\u0026w=2"
        },
        {
          "name": "SSRT101976",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143740940810833\u0026w=2"
        },
        {
          "name": "USN-2503-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2503-1"
        },
        {
          "name": "FEDORA-2015-2548",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150905.html"
        },
        {
          "name": "APPLE-SA-2015-09-16-4",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT205219"
        },
        {
          "name": "RHSA-2015:0672",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0672.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1193820"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-1349",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit, or daemon crash) by triggering an incorrect trust-anchor management scenario in which no key is ready for use."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "openSUSE-SU-2015:1326",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00050.html"
            },
            {
              "name": "https://kb.juniper.net/JSA10783",
              "refsource": "CONFIRM",
              "url": "https://kb.juniper.net/JSA10783"
            },
            {
              "name": "http://advisories.mageia.org/MGASA-2015-0082.html",
              "refsource": "CONFIRM",
              "url": "http://advisories.mageia.org/MGASA-2015-0082.html"
            },
            {
              "name": "MDVSA-2015:165",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:165"
            },
            {
              "name": "https://kb.isc.org/article/AA-01235",
              "refsource": "CONFIRM",
              "url": "https://kb.isc.org/article/AA-01235"
            },
            {
              "name": "SUSE-SU-2015:1205",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00013.html"
            },
            {
              "name": "openSUSE-SU-2015:1250",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00038.html"
            },
            {
              "name": "MDVSA-2015:054",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:054"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10116",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10116"
            },
            {
              "name": "FEDORA-2015-2543",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150904.html"
            },
            {
              "name": "GLSA-201510-01",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201510-01"
            },
            {
              "name": "HPSBUX03379",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=143740940810833\u0026w=2"
            },
            {
              "name": "SSRT101976",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=143740940810833\u0026w=2"
            },
            {
              "name": "USN-2503-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2503-1"
            },
            {
              "name": "FEDORA-2015-2548",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150905.html"
            },
            {
              "name": "APPLE-SA-2015-09-16-4",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html"
            },
            {
              "name": "https://support.apple.com/HT205219",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT205219"
            },
            {
              "name": "RHSA-2015:0672",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-0672.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1193820",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1193820"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-1349",
    "datePublished": "2015-02-19T02:00:00",
    "dateReserved": "2015-01-23T00:00:00",
    "dateUpdated": "2024-08-06T04:40:18.567Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-2327 (GCVE-0-2017-2327)

Vulnerability from cvelistv5

Published

2017-04-24 15:00

Modified

2024-08-05 13:48

Severity ?

CWE

denial of service

Summary

A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to consume large amounts of system resources leading to a cascading denial of services.

References

URL

Tags

	https://kb.juniper.net/JSA10783	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/97609	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	Juniper Networks	NorthStar Controller Application	Version: prior to version 2.1.0 Service Pack 1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:48:05.271Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA10783"
          },
          {
            "name": "97609",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97609"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "NorthStar Controller Application",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "status": "affected",
              "version": "prior to version 2.1.0 Service Pack 1"
            }
          ]
        }
      ],
      "datePublic": "2017-04-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to consume large amounts of system resources leading to a cascading denial of services."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "denial of service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-04-25T09:57:01",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.juniper.net/JSA10783"
        },
        {
          "name": "97609",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97609"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "sirt@juniper.net",
          "ID": "CVE-2017-2327",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "NorthStar Controller Application",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "prior to version 2.1.0 Service Pack 1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Juniper Networks"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to consume large amounts of system resources leading to a cascading denial of services."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "denial of service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.juniper.net/JSA10783",
              "refsource": "CONFIRM",
              "url": "https://kb.juniper.net/JSA10783"
            },
            {
              "name": "97609",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97609"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2017-2327",
    "datePublished": "2017-04-24T15:00:00",
    "dateReserved": "2016-12-01T00:00:00",
    "dateUpdated": "2024-08-05T13:48:05.271Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-2340 (GCVE-0-2017-2340)

Vulnerability from cvelistv5

Published

2017-04-24 15:00

Modified

2024-08-05 13:48

Severity ?

CWE

denial of service vulnerability

Summary

On Juniper Networks Junos OS 15.1 releases from 15.1R3 to 15.1R4, 16.1 prior to 16.1R3, on M/MX platforms where Enhanced Subscriber Management for DHCPv6 subscribers is configured, a vulnerability in processing IPv6 ND packets originating from subscribers and destined to M/MX series routers can result in a PFE (Packet Forwarding Engine) hang or crash.

References

URL

Tags

	https://kb.juniper.net/JSA10786	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1038254	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/bid/97607	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	Juniper Networks	Junos OS on M/MX platforms where Enhanced Subscriber Management for DHCPv6 subscribers is configured	Version: 15.1 releases from 15.1R3 to 15.1R4 Version: 16.1 prior to 16.1R3 Version: 16.2R1 and all subsequent releases have a resolution for this vulnerability Version: All releases prior to 15.1R3 are not affected.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:48:05.396Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA10786"
          },
          {
            "name": "1038254",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038254"
          },
          {
            "name": "97607",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97607"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Junos OS on M/MX platforms where Enhanced Subscriber Management for DHCPv6 subscribers is configured",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "status": "affected",
              "version": "15.1 releases from 15.1R3 to 15.1R4"
            },
            {
              "status": "affected",
              "version": "16.1 prior to 16.1R3"
            },
            {
              "status": "affected",
              "version": "16.2R1 and all subsequent releases have a resolution for this vulnerability"
            },
            {
              "status": "affected",
              "version": "All releases prior to 15.1R3 are not affected."
            }
          ]
        }
      ],
      "datePublic": "2017-04-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "On Juniper Networks Junos OS 15.1 releases from 15.1R3 to 15.1R4, 16.1 prior to 16.1R3, on M/MX platforms where Enhanced Subscriber Management for DHCPv6 subscribers is configured, a vulnerability in processing IPv6 ND packets originating from subscribers and destined to M/MX series routers can result in a PFE (Packet Forwarding Engine) hang or crash."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "denial of service vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T09:57:01",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.juniper.net/JSA10786"
        },
        {
          "name": "1038254",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038254"
        },
        {
          "name": "97607",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97607"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "sirt@juniper.net",
          "ID": "CVE-2017-2340",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Junos OS on M/MX platforms where Enhanced Subscriber Management for DHCPv6 subscribers is configured",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "15.1 releases from 15.1R3 to 15.1R4"
                          },
                          {
                            "version_value": "16.1 prior to 16.1R3"
                          },
                          {
                            "version_value": "16.2R1 and all subsequent releases have a resolution for this vulnerability"
                          },
                          {
                            "version_value": "All releases prior to 15.1R3 are not affected."
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Juniper Networks"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "On Juniper Networks Junos OS 15.1 releases from 15.1R3 to 15.1R4, 16.1 prior to 16.1R3, on M/MX platforms where Enhanced Subscriber Management for DHCPv6 subscribers is configured, a vulnerability in processing IPv6 ND packets originating from subscribers and destined to M/MX series routers can result in a PFE (Packet Forwarding Engine) hang or crash."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "denial of service vulnerability"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.juniper.net/JSA10786",
              "refsource": "CONFIRM",
              "url": "https://kb.juniper.net/JSA10786"
            },
            {
              "name": "1038254",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038254"
            },
            {
              "name": "97607",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97607"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2017-2340",
    "datePublished": "2017-04-24T15:00:00",
    "dateReserved": "2016-12-01T00:00:00",
    "dateUpdated": "2024-08-05T13:48:05.396Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-2808 (GCVE-0-2015-2808)

Vulnerability from cvelistv5

Published

2015-04-01 00:00

Modified

2024-08-06 05:24

Severity ?

CWE

n/a

Summary

The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue.

References

URL

Tags

	http://marc.info/?l=bugtraq&m=143818140118771&w=2	vendor-advisory
	http://rhn.redhat.com/errata/RHSA-2015-1243.html	vendor-advisory
	http://rhn.redhat.com/errata/RHSA-2015-1007.html	vendor-advisory
	http://marc.info/?l=bugtraq&m=143817899717054&w=2	vendor-advisory
	http://marc.info/?l=bugtraq&m=144493176821532&w=2	vendor-advisory
	http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
	http://rhn.redhat.com/errata/RHSA-2015-1006.html	vendor-advisory
	https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773256
	https://kb.juniper.net/JSA10783
	http://www.securitytracker.com/id/1033737	vdb-entry
	http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html	vendor-advisory
	http://marc.info/?l=bugtraq&m=144060576831314&w=2	vendor-advisory
	http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
	http://www.securitytracker.com/id/1036222	vdb-entry
	http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034
	http://marc.info/?l=bugtraq&m=143817899717054&w=2	vendor-advisory
	http://www-304.ibm.com/support/docview.wss?uid=swg21960769
	https://security.gentoo.org/glsa/201512-10	vendor-advisory
	http://rhn.redhat.com/errata/RHSA-2015-1229.html	vendor-advisory
	https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04708650
	http://www.securitytracker.com/id/1032600	vdb-entry
	http://www.securitytracker.com/id/1032910	vdb-entry
	http://www.ubuntu.com/usn/USN-2706-1	vendor-advisory
	http://rhn.redhat.com/errata/RHSA-2015-1526.html	vendor-advisory
	http://marc.info/?l=bugtraq&m=143817021313142&w=2	vendor-advisory
	http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
	http://www.securitytracker.com/id/1032599	vdb-entry
	http://marc.info/?l=bugtraq&m=144104533800819&w=2	vendor-advisory
	http://www-304.ibm.com/support/docview.wss?uid=swg21903565
	https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190
	https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04711380
	https://kc.mcafee.com/corporate/index?page=content&id=SB10163
	http://marc.info/?l=bugtraq&m=144043644216842&w=2	vendor-advisory
	http://www.securitytracker.com/id/1032734	vdb-entry
	http://www-01.ibm.com/support/docview.wss?uid=swg1IV71892	vendor-advisory
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193347
	http://www.securitytracker.com/id/1033769	vdb-entry
	http://www.securitytracker.com/id/1032707	vdb-entry
	http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html	vendor-advisory
	http://marc.info/?l=bugtraq&m=143817021313142&w=2	vendor-advisory
	http://rhn.redhat.com/errata/RHSA-2015-1091.html	vendor-advisory
	http://marc.info/?l=bugtraq&m=144069189622016&w=2	vendor-advisory
	http://www-01.ibm.com/support/docview.wss?uid=swg1IV71888	vendor-advisory
	http://rhn.redhat.com/errata/RHSA-2015-1228.html	vendor-advisory
	http://marc.info/?l=bugtraq&m=144060606031437&w=2	vendor-advisory
	http://www.securitytracker.com/id/1032708	vdb-entry
	http://www.huawei.com/en/psirt/security-advisories/hw-454055
	http://www.debian.org/security/2015/dsa-3316	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html	vendor-advisory
	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
	http://www.securitytracker.com/id/1033415	vdb-entry
	https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246
	http://marc.info/?l=bugtraq&m=143818140118771&w=2	vendor-advisory
	https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098709
	http://marc.info/?l=bugtraq&m=144104565600964&w=2	vendor-advisory
	http://marc.info/?l=bugtraq&m=144493176821532&w=2	vendor-advisory
	http://www-01.ibm.com/support/docview.wss?uid=swg21883640
	http://marc.info/?l=bugtraq&m=144102017024820&w=2	vendor-advisory
	http://www.securitytracker.com/id/1033432	vdb-entry
	http://marc.info/?l=bugtraq&m=143629696317098&w=2	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html	vendor-advisory
	http://www.securitytracker.com/id/1032858	vdb-entry
	https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04687922	vendor-advisory
	http://www.securitytracker.com/id/1032788	vdb-entry
	http://www.ubuntu.com/usn/USN-2696-1	vendor-advisory
	https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf
	http://www.debian.org/security/2015/dsa-3339	vendor-advisory
	http://rhn.redhat.com/errata/RHSA-2015-1020.html	vendor-advisory
	http://rhn.redhat.com/errata/RHSA-2015-1242.html	vendor-advisory
	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727
	https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241
	http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html	vendor-advisory
	http://www.securitytracker.com/id/1033431	vdb-entry
	http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454055.htm
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988
	http://www.securitytracker.com/id/1032868	vdb-entry
	http://marc.info/?l=bugtraq&m=144059703728085&w=2	vendor-advisory
	http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
	http://www.securityfocus.com/bid/91787	vdb-entry
	http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html	vendor-advisory
	http://rhn.redhat.com/errata/RHSA-2015-1241.html	vendor-advisory
	https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140
	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
	http://rhn.redhat.com/errata/RHSA-2015-1230.html	vendor-advisory
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888
	http://marc.info/?l=bugtraq&m=143456209711959&w=2	vendor-advisory
	http://www.securitytracker.com/id/1033386	vdb-entry
	http://marc.info/?l=bugtraq&m=143741441012338&w=2	vendor-advisory
	http://www.securitytracker.com/id/1033072	vdb-entry
	http://marc.info/?l=bugtraq&m=143741441012338&w=2	vendor-advisory
	https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789
	http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html	vendor-advisory
	https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119
	http://rhn.redhat.com/errata/RHSA-2015-1021.html	vendor-advisory
	http://www-304.ibm.com/support/docview.wss?uid=swg21960015
	http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html	vendor-advisory
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935
	http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html	vendor-advisory
	http://marc.info/?l=bugtraq&m=144059660127919&w=2	vendor-advisory
	http://www.securityfocus.com/bid/73684	vdb-entry
	http://www.securitytracker.com/id/1032990	vdb-entry
	http://www.securitytracker.com/id/1033071	vdb-entry
	http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html	vendor-advisory
	https://www.secpod.com/blog/cve-2015-2808-bar-mitzvah-attack-in-rc4-2/

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:24:38.828Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SSRT102127",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143818140118771\u0026w=2"
          },
          {
            "name": "RHSA-2015:1243",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1243.html"
          },
          {
            "name": "RHSA-2015:1007",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1007.html"
          },
          {
            "name": "HPSBGN03367",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143817899717054\u0026w=2"
          },
          {
            "name": "HPSBUX03512",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
          },
          {
            "name": "RHSA-2015:1006",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1006.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773256"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA10783"
          },
          {
            "name": "1033737",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1033737"
          },
          {
            "name": "SUSE-SU-2015:2192",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html"
          },
          {
            "name": "HPSBGN03399",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144060576831314\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "name": "1036222",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036222"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034"
          },
          {
            "name": "SSRT102129",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143817899717054\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960769"
          },
          {
            "name": "GLSA-201512-10",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201512-10"
          },
          {
            "name": "RHSA-2015:1229",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1229.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04708650"
          },
          {
            "name": "1032600",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032600"
          },
          {
            "name": "1032910",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032910"
          },
          {
            "name": "USN-2706-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2706-1"
          },
          {
            "name": "RHSA-2015:1526",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1526.html"
          },
          {
            "name": "SSRT102133",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143817021313142\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
          },
          {
            "name": "1032599",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032599"
          },
          {
            "name": "HPSBMU03401",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144104533800819\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21903565"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04711380"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10163"
          },
          {
            "name": "HPSBMU03345",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144043644216842\u0026w=2"
          },
          {
            "name": "1032734",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032734"
          },
          {
            "name": "IV71892",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71892"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193347"
          },
          {
            "name": "1033769",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1033769"
          },
          {
            "name": "1032707",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032707"
          },
          {
            "name": "openSUSE-SU-2015:1289",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html"
          },
          {
            "name": "HPSBGN03372",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143817021313142\u0026w=2"
          },
          {
            "name": "RHSA-2015:1091",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1091.html"
          },
          {
            "name": "HPSBGN03402",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144069189622016\u0026w=2"
          },
          {
            "name": "IV71888",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71888"
          },
          {
            "name": "RHSA-2015:1228",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1228.html"
          },
          {
            "name": "HPSBGN03405",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144060606031437\u0026w=2"
          },
          {
            "name": "1032708",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032708"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/psirt/security-advisories/hw-454055"
          },
          {
            "name": "DSA-3316",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3316"
          },
          {
            "name": "SUSE-SU-2015:2166",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "name": "1033415",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1033415"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246"
          },
          {
            "name": "HPSBGN03366",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143818140118771\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098709"
          },
          {
            "name": "HPSBGN03403",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144104565600964\u0026w=2"
          },
          {
            "name": "SSRT102254",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883640"
          },
          {
            "name": "HPSBGN03407",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144102017024820\u0026w=2"
          },
          {
            "name": "1033432",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1033432"
          },
          {
            "name": "HPSBGN03354",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143629696317098\u0026w=2"
          },
          {
            "name": "SUSE-SU-2015:1138",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html"
          },
          {
            "name": "1032858",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032858"
          },
          {
            "name": "SSRT102073",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04687922"
          },
          {
            "name": "1032788",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032788"
          },
          {
            "name": "USN-2696-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2696-1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf"
          },
          {
            "name": "DSA-3339",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3339"
          },
          {
            "name": "RHSA-2015:1020",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1020.html"
          },
          {
            "name": "RHSA-2015:1242",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1242.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241"
          },
          {
            "name": "SUSE-SU-2015:1086",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html"
          },
          {
            "name": "1033431",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1033431"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454055.htm"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988"
          },
          {
            "name": "1032868",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032868"
          },
          {
            "name": "HPSBGN03415",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144059703728085\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
          },
          {
            "name": "91787",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91787"
          },
          {
            "name": "SUSE-SU-2015:1319",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html"
          },
          {
            "name": "SUSE-SU-2015:1320",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html"
          },
          {
            "name": "openSUSE-SU-2015:1288",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html"
          },
          {
            "name": "RHSA-2015:1241",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1241.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
          },
          {
            "name": "RHSA-2015:1230",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1230.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888"
          },
          {
            "name": "HPSBGN03338",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143456209711959\u0026w=2"
          },
          {
            "name": "1033386",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1033386"
          },
          {
            "name": "HPSBMU03377",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143741441012338\u0026w=2"
          },
          {
            "name": "1033072",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1033072"
          },
          {
            "name": "SSRT102150",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143741441012338\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789"
          },
          {
            "name": "SUSE-SU-2015:1085",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119"
          },
          {
            "name": "RHSA-2015:1021",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1021.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960015"
          },
          {
            "name": "SUSE-SU-2015:1073",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935"
          },
          {
            "name": "SUSE-SU-2015:1161",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html"
          },
          {
            "name": "HPSBGN03414",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144059660127919\u0026w=2"
          },
          {
            "name": "73684",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/73684"
          },
          {
            "name": "1032990",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032990"
          },
          {
            "name": "1033071",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1033071"
          },
          {
            "name": "SUSE-SU-2016:0113",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.secpod.com/blog/cve-2015-2808-bar-mitzvah-attack-in-rc4-2/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-03-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the \"Bar Mitzvah\" issue."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-07T16:46:59.848306",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "SSRT102127",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143818140118771\u0026w=2"
        },
        {
          "name": "RHSA-2015:1243",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1243.html"
        },
        {
          "name": "RHSA-2015:1007",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1007.html"
        },
        {
          "name": "HPSBGN03367",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143817899717054\u0026w=2"
        },
        {
          "name": "HPSBUX03512",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
        },
        {
          "name": "RHSA-2015:1006",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1006.html"
        },
        {
          "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773256"
        },
        {
          "url": "https://kb.juniper.net/JSA10783"
        },
        {
          "name": "1033737",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1033737"
        },
        {
          "name": "SUSE-SU-2015:2192",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html"
        },
        {
          "name": "HPSBGN03399",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144060576831314\u0026w=2"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "name": "1036222",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1036222"
        },
        {
          "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034"
        },
        {
          "name": "SSRT102129",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143817899717054\u0026w=2"
        },
        {
          "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960769"
        },
        {
          "name": "GLSA-201512-10",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201512-10"
        },
        {
          "name": "RHSA-2015:1229",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1229.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04708650"
        },
        {
          "name": "1032600",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1032600"
        },
        {
          "name": "1032910",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1032910"
        },
        {
          "name": "USN-2706-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2706-1"
        },
        {
          "name": "RHSA-2015:1526",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1526.html"
        },
        {
          "name": "SSRT102133",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143817021313142\u0026w=2"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
        },
        {
          "name": "1032599",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1032599"
        },
        {
          "name": "HPSBMU03401",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144104533800819\u0026w=2"
        },
        {
          "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21903565"
        },
        {
          "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190"
        },
        {
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04711380"
        },
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10163"
        },
        {
          "name": "HPSBMU03345",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144043644216842\u0026w=2"
        },
        {
          "name": "1032734",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1032734"
        },
        {
          "name": "IV71892",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71892"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193347"
        },
        {
          "name": "1033769",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1033769"
        },
        {
          "name": "1032707",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1032707"
        },
        {
          "name": "openSUSE-SU-2015:1289",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html"
        },
        {
          "name": "HPSBGN03372",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143817021313142\u0026w=2"
        },
        {
          "name": "RHSA-2015:1091",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1091.html"
        },
        {
          "name": "HPSBGN03402",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144069189622016\u0026w=2"
        },
        {
          "name": "IV71888",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71888"
        },
        {
          "name": "RHSA-2015:1228",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1228.html"
        },
        {
          "name": "HPSBGN03405",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144060606031437\u0026w=2"
        },
        {
          "name": "1032708",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1032708"
        },
        {
          "url": "http://www.huawei.com/en/psirt/security-advisories/hw-454055"
        },
        {
          "name": "DSA-3316",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3316"
        },
        {
          "name": "SUSE-SU-2015:2166",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "name": "1033415",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1033415"
        },
        {
          "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246"
        },
        {
          "name": "HPSBGN03366",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143818140118771\u0026w=2"
        },
        {
          "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098709"
        },
        {
          "name": "HPSBGN03403",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144104565600964\u0026w=2"
        },
        {
          "name": "SSRT102254",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2"
        },
        {
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883640"
        },
        {
          "name": "HPSBGN03407",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144102017024820\u0026w=2"
        },
        {
          "name": "1033432",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1033432"
        },
        {
          "name": "HPSBGN03354",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143629696317098\u0026w=2"
        },
        {
          "name": "SUSE-SU-2015:1138",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html"
        },
        {
          "name": "1032858",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1032858"
        },
        {
          "name": "SSRT102073",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04687922"
        },
        {
          "name": "1032788",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1032788"
        },
        {
          "name": "USN-2696-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2696-1"
        },
        {
          "url": "https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf"
        },
        {
          "name": "DSA-3339",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3339"
        },
        {
          "name": "RHSA-2015:1020",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1020.html"
        },
        {
          "name": "RHSA-2015:1242",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1242.html"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727"
        },
        {
          "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241"
        },
        {
          "name": "SUSE-SU-2015:1086",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html"
        },
        {
          "name": "1033431",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1033431"
        },
        {
          "url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454055.htm"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988"
        },
        {
          "name": "1032868",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1032868"
        },
        {
          "name": "HPSBGN03415",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144059703728085\u0026w=2"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
        },
        {
          "name": "91787",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/91787"
        },
        {
          "name": "SUSE-SU-2015:1319",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html"
        },
        {
          "name": "SUSE-SU-2015:1320",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html"
        },
        {
          "name": "openSUSE-SU-2015:1288",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html"
        },
        {
          "name": "RHSA-2015:1241",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1241.html"
        },
        {
          "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
        },
        {
          "name": "RHSA-2015:1230",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1230.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888"
        },
        {
          "name": "HPSBGN03338",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143456209711959\u0026w=2"
        },
        {
          "name": "1033386",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1033386"
        },
        {
          "name": "HPSBMU03377",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143741441012338\u0026w=2"
        },
        {
          "name": "1033072",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1033072"
        },
        {
          "name": "SSRT102150",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143741441012338\u0026w=2"
        },
        {
          "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789"
        },
        {
          "name": "SUSE-SU-2015:1085",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html"
        },
        {
          "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119"
        },
        {
          "name": "RHSA-2015:1021",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1021.html"
        },
        {
          "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960015"
        },
        {
          "name": "SUSE-SU-2015:1073",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935"
        },
        {
          "name": "SUSE-SU-2015:1161",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html"
        },
        {
          "name": "HPSBGN03414",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144059660127919\u0026w=2"
        },
        {
          "name": "73684",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/73684"
        },
        {
          "name": "1032990",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1032990"
        },
        {
          "name": "1033071",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1033071"
        },
        {
          "name": "SUSE-SU-2016:0113",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html"
        },
        {
          "url": "https://www.secpod.com/blog/cve-2015-2808-bar-mitzvah-attack-in-rc4-2/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-2808",
    "datePublished": "2015-04-01T00:00:00",
    "dateReserved": "2015-03-31T00:00:00",
    "dateUpdated": "2024-08-06T05:24:38.828Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-3456 (GCVE-0-2015-3456)

Vulnerability from cvelistv5

Published

2015-05-13 18:00

Modified

2024-08-06 05:47

Severity ?

CWE

n/a

Summary

The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM.

References

URL

Tags

	https://www.exploit-db.com/exploits/37053/	exploit, x_refsource_EXPLOIT-DB
	http://www.securitytracker.com/id/1032306	vdb-entry, x_refsource_SECTRACK
	http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00009.html	vendor-advisory, x_refsource_SUSE
	https://kb.juniper.net/JSA10783	x_refsource_CONFIRM
	http://www.debian.org/security/2015/dsa-3259	vendor-advisory, x_refsource_DEBIAN
	http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00042.html	vendor-advisory, x_refsource_SUSE
	https://security.gentoo.org/glsa/201612-27	vendor-advisory, x_refsource_GENTOO
	http://rhn.redhat.com/errata/RHSA-2015-0999.html	vendor-advisory, x_refsource_REDHAT
	https://kc.mcafee.com/corporate/index?page=content&id=SB10118	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00018.html	vendor-advisory, x_refsource_SUSE
	http://rhn.redhat.com/errata/RHSA-2015-1001.html	vendor-advisory, x_refsource_REDHAT
	http://marc.info/?l=bugtraq&m=143229451215900&w=2	vendor-advisory, x_refsource_HP
	http://support.citrix.com/article/CTX201078	x_refsource_CONFIRM
	http://xenbits.xen.org/xsa/advisory-133.html	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2015-1003.html	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00013.html	vendor-advisory, x_refsource_SUSE
	http://www.securitytracker.com/id/1032917	vdb-entry, x_refsource_SECTRACK
	http://marc.info/?l=bugtraq&m=143387998230996&w=2	vendor-advisory, x_refsource_HP
	http://rhn.redhat.com/errata/RHSA-2015-0998.html	vendor-advisory, x_refsource_REDHAT
	https://www.suse.com/security/cve/CVE-2015-3456.html	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00014.html	vendor-advisory, x_refsource_SUSE
	http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158072.html	vendor-advisory, x_refsource_FEDORA
	https://bto.bluecoat.com/security-advisory/sa95	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2015-1004.html	vendor-advisory, x_refsource_REDHAT
	http://venom.crowdstrike.com/	x_refsource_MISC
	http://rhn.redhat.com/errata/RHSA-2015-1011.html	vendor-advisory, x_refsource_REDHAT
	https://support.lenovo.com/us/en/product_security/venom	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00019.html	vendor-advisory, x_refsource_SUSE
	http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=e907746266721f305d67bc0718795fedee2e824c	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/201604-03	vendor-advisory, x_refsource_GENTOO
	http://rhn.redhat.com/errata/RHSA-2015-1002.html	vendor-advisory, x_refsource_REDHAT
	http://www.ubuntu.com/usn/USN-2608-1	vendor-advisory, x_refsource_UBUNTU
	https://securityblog.redhat.com/2015/05/13/venom-dont-get-bitten/	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00001.html	vendor-advisory, x_refsource_SUSE
	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10693	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1032311	vdb-entry, x_refsource_SECTRACK
	http://marc.info/?l=bugtraq&m=143229451215900&w=2	vendor-advisory, x_refsource_HP
	http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-438937.htm	x_refsource_CONFIRM
	http://www.debian.org/security/2015/dsa-3262	vendor-advisory, x_refsource_DEBIAN
	https://security.gentoo.org/glsa/201602-01	vendor-advisory, x_refsource_GENTOO
	http://lists.opensuse.org/opensuse-updates/2015-08/msg00021.html	vendor-advisory, x_refsource_SUSE
	http://www.securityfocus.com/bid/74640	vdb-entry, x_refsource_BID
	http://www.debian.org/security/2015/dsa-3274	vendor-advisory, x_refsource_DEBIAN
	http://www.fortiguard.com/advisory/2015-05-19-cve-2015-3456-venom-vulnerability	x_refsource_CONFIRM
	https://access.redhat.com/articles/1444903	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2015-1000.html	vendor-advisory, x_refsource_REDHAT
	https://www.arista.com/en/support/advisories-notices/security-advisories/1128-security-advisory-10	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:47:57.892Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "37053",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/37053/"
          },
          {
            "name": "1032306",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032306"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
          },
          {
            "name": "SUSE-SU-2015:0889",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00009.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA10783"
          },
          {
            "name": "DSA-3259",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3259"
          },
          {
            "name": "SUSE-SU-2015:0929",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.html"
          },
          {
            "name": "SUSE-SU-2015:0896",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00042.html"
          },
          {
            "name": "GLSA-201612-27",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201612-27"
          },
          {
            "name": "RHSA-2015:0999",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0999.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10118"
          },
          {
            "name": "SUSE-SU-2015:0923",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00018.html"
          },
          {
            "name": "RHSA-2015:1001",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1001.html"
          },
          {
            "name": "HPSBMU03336",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143229451215900\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.citrix.com/article/CTX201078"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://xenbits.xen.org/xsa/advisory-133.html"
          },
          {
            "name": "RHSA-2015:1003",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1003.html"
          },
          {
            "name": "openSUSE-SU-2015:0893",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00013.html"
          },
          {
            "name": "1032917",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032917"
          },
          {
            "name": "HPSBMU03349",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143387998230996\u0026w=2"
          },
          {
            "name": "RHSA-2015:0998",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0998.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.suse.com/security/cve/CVE-2015-3456.html"
          },
          {
            "name": "openSUSE-SU-2015:0894",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00014.html"
          },
          {
            "name": "FEDORA-2015-8249",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158072.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa95"
          },
          {
            "name": "RHSA-2015:1004",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1004.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://venom.crowdstrike.com/"
          },
          {
            "name": "RHSA-2015:1011",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1011.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.lenovo.com/us/en/product_security/venom"
          },
          {
            "name": "SUSE-SU-2015:0927",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00019.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=e907746266721f305d67bc0718795fedee2e824c"
          },
          {
            "name": "GLSA-201604-03",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201604-03"
          },
          {
            "name": "RHSA-2015:1002",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1002.html"
          },
          {
            "name": "USN-2608-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2608-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://securityblog.redhat.com/2015/05/13/venom-dont-get-bitten/"
          },
          {
            "name": "openSUSE-SU-2015:0983",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00001.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10693"
          },
          {
            "name": "1032311",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032311"
          },
          {
            "name": "SSRT102076",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143229451215900\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-438937.htm"
          },
          {
            "name": "DSA-3262",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3262"
          },
          {
            "name": "GLSA-201602-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201602-01"
          },
          {
            "name": "openSUSE-SU-2015:1400",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-08/msg00021.html"
          },
          {
            "name": "74640",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/74640"
          },
          {
            "name": "DSA-3274",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3274"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.fortiguard.com/advisory/2015-05-19-cve-2015-3456-venom-vulnerability"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/articles/1444903"
          },
          {
            "name": "RHSA-2015:1000",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1000.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1128-security-advisory-10"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-05-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-11-05T16:32:45",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "37053",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/37053/"
        },
        {
          "name": "1032306",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032306"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
        },
        {
          "name": "SUSE-SU-2015:0889",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00009.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.juniper.net/JSA10783"
        },
        {
          "name": "DSA-3259",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3259"
        },
        {
          "name": "SUSE-SU-2015:0929",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.html"
        },
        {
          "name": "SUSE-SU-2015:0896",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00042.html"
        },
        {
          "name": "GLSA-201612-27",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201612-27"
        },
        {
          "name": "RHSA-2015:0999",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0999.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10118"
        },
        {
          "name": "SUSE-SU-2015:0923",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00018.html"
        },
        {
          "name": "RHSA-2015:1001",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1001.html"
        },
        {
          "name": "HPSBMU03336",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143229451215900\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.citrix.com/article/CTX201078"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://xenbits.xen.org/xsa/advisory-133.html"
        },
        {
          "name": "RHSA-2015:1003",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1003.html"
        },
        {
          "name": "openSUSE-SU-2015:0893",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00013.html"
        },
        {
          "name": "1032917",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032917"
        },
        {
          "name": "HPSBMU03349",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143387998230996\u0026w=2"
        },
        {
          "name": "RHSA-2015:0998",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0998.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.suse.com/security/cve/CVE-2015-3456.html"
        },
        {
          "name": "openSUSE-SU-2015:0894",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00014.html"
        },
        {
          "name": "FEDORA-2015-8249",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158072.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bto.bluecoat.com/security-advisory/sa95"
        },
        {
          "name": "RHSA-2015:1004",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1004.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://venom.crowdstrike.com/"
        },
        {
          "name": "RHSA-2015:1011",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1011.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.lenovo.com/us/en/product_security/venom"
        },
        {
          "name": "SUSE-SU-2015:0927",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00019.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=e907746266721f305d67bc0718795fedee2e824c"
        },
        {
          "name": "GLSA-201604-03",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201604-03"
        },
        {
          "name": "RHSA-2015:1002",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1002.html"
        },
        {
          "name": "USN-2608-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2608-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://securityblog.redhat.com/2015/05/13/venom-dont-get-bitten/"
        },
        {
          "name": "openSUSE-SU-2015:0983",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00001.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10693"
        },
        {
          "name": "1032311",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032311"
        },
        {
          "name": "SSRT102076",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143229451215900\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-438937.htm"
        },
        {
          "name": "DSA-3262",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3262"
        },
        {
          "name": "GLSA-201602-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201602-01"
        },
        {
          "name": "openSUSE-SU-2015:1400",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-08/msg00021.html"
        },
        {
          "name": "74640",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/74640"
        },
        {
          "name": "DSA-3274",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3274"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.fortiguard.com/advisory/2015-05-19-cve-2015-3456-venom-vulnerability"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://access.redhat.com/articles/1444903"
        },
        {
          "name": "RHSA-2015:1000",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1000.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1128-security-advisory-10"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-3456",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "37053",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/37053/"
            },
            {
              "name": "1032306",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1032306"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
            },
            {
              "name": "SUSE-SU-2015:0889",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00009.html"
            },
            {
              "name": "https://kb.juniper.net/JSA10783",
              "refsource": "CONFIRM",
              "url": "https://kb.juniper.net/JSA10783"
            },
            {
              "name": "DSA-3259",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2015/dsa-3259"
            },
            {
              "name": "SUSE-SU-2015:0929",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.html"
            },
            {
              "name": "SUSE-SU-2015:0896",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00042.html"
            },
            {
              "name": "GLSA-201612-27",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201612-27"
            },
            {
              "name": "RHSA-2015:0999",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-0999.html"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10118",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10118"
            },
            {
              "name": "SUSE-SU-2015:0923",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00018.html"
            },
            {
              "name": "RHSA-2015:1001",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-1001.html"
            },
            {
              "name": "HPSBMU03336",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=143229451215900\u0026w=2"
            },
            {
              "name": "http://support.citrix.com/article/CTX201078",
              "refsource": "CONFIRM",
              "url": "http://support.citrix.com/article/CTX201078"
            },
            {
              "name": "http://xenbits.xen.org/xsa/advisory-133.html",
              "refsource": "CONFIRM",
              "url": "http://xenbits.xen.org/xsa/advisory-133.html"
            },
            {
              "name": "RHSA-2015:1003",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-1003.html"
            },
            {
              "name": "openSUSE-SU-2015:0893",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00013.html"
            },
            {
              "name": "1032917",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1032917"
            },
            {
              "name": "HPSBMU03349",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=143387998230996\u0026w=2"
            },
            {
              "name": "RHSA-2015:0998",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-0998.html"
            },
            {
              "name": "https://www.suse.com/security/cve/CVE-2015-3456.html",
              "refsource": "CONFIRM",
              "url": "https://www.suse.com/security/cve/CVE-2015-3456.html"
            },
            {
              "name": "openSUSE-SU-2015:0894",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00014.html"
            },
            {
              "name": "FEDORA-2015-8249",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158072.html"
            },
            {
              "name": "https://bto.bluecoat.com/security-advisory/sa95",
              "refsource": "CONFIRM",
              "url": "https://bto.bluecoat.com/security-advisory/sa95"
            },
            {
              "name": "RHSA-2015:1004",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-1004.html"
            },
            {
              "name": "http://venom.crowdstrike.com/",
              "refsource": "MISC",
              "url": "http://venom.crowdstrike.com/"
            },
            {
              "name": "RHSA-2015:1011",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-1011.html"
            },
            {
              "name": "https://support.lenovo.com/us/en/product_security/venom",
              "refsource": "CONFIRM",
              "url": "https://support.lenovo.com/us/en/product_security/venom"
            },
            {
              "name": "SUSE-SU-2015:0927",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00019.html"
            },
            {
              "name": "http://git.qemu.org/?p=qemu.git;a=commitdiff;h=e907746266721f305d67bc0718795fedee2e824c",
              "refsource": "CONFIRM",
              "url": "http://git.qemu.org/?p=qemu.git;a=commitdiff;h=e907746266721f305d67bc0718795fedee2e824c"
            },
            {
              "name": "GLSA-201604-03",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201604-03"
            },
            {
              "name": "RHSA-2015:1002",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-1002.html"
            },
            {
              "name": "USN-2608-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2608-1"
            },
            {
              "name": "https://securityblog.redhat.com/2015/05/13/venom-dont-get-bitten/",
              "refsource": "CONFIRM",
              "url": "https://securityblog.redhat.com/2015/05/13/venom-dont-get-bitten/"
            },
            {
              "name": "openSUSE-SU-2015:0983",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00001.html"
            },
            {
              "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10693",
              "refsource": "CONFIRM",
              "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10693"
            },
            {
              "name": "1032311",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1032311"
            },
            {
              "name": "SSRT102076",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=143229451215900\u0026w=2"
            },
            {
              "name": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-438937.htm",
              "refsource": "CONFIRM",
              "url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-438937.htm"
            },
            {
              "name": "DSA-3262",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2015/dsa-3262"
            },
            {
              "name": "GLSA-201602-01",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201602-01"
            },
            {
              "name": "openSUSE-SU-2015:1400",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2015-08/msg00021.html"
            },
            {
              "name": "74640",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/74640"
            },
            {
              "name": "DSA-3274",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2015/dsa-3274"
            },
            {
              "name": "http://www.fortiguard.com/advisory/2015-05-19-cve-2015-3456-venom-vulnerability",
              "refsource": "CONFIRM",
              "url": "http://www.fortiguard.com/advisory/2015-05-19-cve-2015-3456-venom-vulnerability"
            },
            {
              "name": "https://access.redhat.com/articles/1444903",
              "refsource": "CONFIRM",
              "url": "https://access.redhat.com/articles/1444903"
            },
            {
              "name": "RHSA-2015:1000",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-1000.html"
            },
            {
              "name": "https://www.arista.com/en/support/advisories-notices/security-advisories/1128-security-advisory-10",
              "refsource": "MISC",
              "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1128-security-advisory-10"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-3456",
    "datePublished": "2015-05-13T18:00:00",
    "dateReserved": "2015-04-29T00:00:00",
    "dateUpdated": "2024-08-06T05:47:57.892Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-8158 (GCVE-0-2015-8158)

Vulnerability from cvelistv5

Published

2017-01-30 21:00

Modified

2024-08-06 08:13

Severity ?

CWE

n/a

Summary

The getresponse function in ntpq in NTP versions before 4.2.8p9 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (infinite loop) via crafted packets with incorrect values.

References

URL

Tags

	http://www.debian.org/security/2016/dsa-3629	vendor-advisory, x_refsource_DEBIAN
	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03766en_us	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1034782	vdb-entry, x_refsource_SECTRACK
	https://www.kb.cert.org/vuls/id/718152	third-party-advisory, x_refsource_CERT-VN
	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03750en_us	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2016-2583.html	vendor-advisory, x_refsource_REDHAT
	http://www.securityfocus.com/bid/81814	vdb-entry, x_refsource_BID
	https://security.netapp.com/advisory/ntap-20171031-0001/	x_refsource_CONFIRM
	http://support.ntp.org/bin/view/Main/NtpBug2948	x_refsource_CONFIRM
	https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc	vendor-advisory, x_refsource_FREEBSD
	https://security.gentoo.org/glsa/201607-15	vendor-advisory, x_refsource_GENTOO

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T08:13:32.449Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-3629",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3629"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03766en_us"
          },
          {
            "name": "1034782",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034782"
          },
          {
            "name": "VU#718152",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/718152"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03750en_us"
          },
          {
            "name": "RHSA-2016:2583",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
          },
          {
            "name": "81814",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/81814"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.ntp.org/bin/view/Main/NtpBug2948"
          },
          {
            "name": "FreeBSD-SA-16:09",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
          },
          {
            "name": "GLSA-201607-15",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201607-15"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-10-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The getresponse function in ntpq in NTP versions before 4.2.8p9 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (infinite loop) via crafted packets with incorrect values."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "DSA-3629",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3629"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03766en_us"
        },
        {
          "name": "1034782",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1034782"
        },
        {
          "name": "VU#718152",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/718152"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03750en_us"
        },
        {
          "name": "RHSA-2016:2583",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
        },
        {
          "name": "81814",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/81814"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.ntp.org/bin/view/Main/NtpBug2948"
        },
        {
          "name": "FreeBSD-SA-16:09",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
        },
        {
          "name": "GLSA-201607-15",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201607-15"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-8158",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The getresponse function in ntpq in NTP versions before 4.2.8p9 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (infinite loop) via crafted packets with incorrect values."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-3629",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3629"
            },
            {
              "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03766en_us",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03766en_us"
            },
            {
              "name": "1034782",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1034782"
            },
            {
              "name": "VU#718152",
              "refsource": "CERT-VN",
              "url": "https://www.kb.cert.org/vuls/id/718152"
            },
            {
              "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03750en_us",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03750en_us"
            },
            {
              "name": "RHSA-2016:2583",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
            },
            {
              "name": "81814",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/81814"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20171031-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
            },
            {
              "name": "http://support.ntp.org/bin/view/Main/NtpBug2948",
              "refsource": "CONFIRM",
              "url": "http://support.ntp.org/bin/view/Main/NtpBug2948"
            },
            {
              "name": "FreeBSD-SA-16:09",
              "refsource": "FREEBSD",
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
            },
            {
              "name": "GLSA-201607-15",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201607-15"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-8158",
    "datePublished": "2017-01-30T21:00:00",
    "dateReserved": "2015-11-13T00:00:00",
    "dateUpdated": "2024-08-06T08:13:32.449Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-2332 (GCVE-0-2017-2332)

Vulnerability from cvelistv5

Published

2017-04-24 15:00

Modified

2024-08-05 13:48

Severity ?

CWE

insufficient authentication

Summary

An insufficient authentication vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious, network based, unauthenticated attacker to perform privileged actions to gain complete control over the environment.

References

URL

Tags

	https://kb.juniper.net/JSA10783	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/97624	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	Juniper Networks	NorthStar Controller Application	Version: prior to version 2.1.0 Service Pack 1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:48:05.234Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA10783"
          },
          {
            "name": "97624",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97624"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "NorthStar Controller Application",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "status": "affected",
              "version": "prior to version 2.1.0 Service Pack 1"
            }
          ]
        }
      ],
      "datePublic": "2017-04-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An insufficient authentication vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious, network based, unauthenticated attacker to perform privileged actions to gain complete control over the environment."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "insufficient authentication",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-04-25T09:57:01",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.juniper.net/JSA10783"
        },
        {
          "name": "97624",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97624"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "sirt@juniper.net",
          "ID": "CVE-2017-2332",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "NorthStar Controller Application",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "prior to version 2.1.0 Service Pack 1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Juniper Networks"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An insufficient authentication vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious, network based, unauthenticated attacker to perform privileged actions to gain complete control over the environment."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "insufficient authentication"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.juniper.net/JSA10783",
              "refsource": "CONFIRM",
              "url": "https://kb.juniper.net/JSA10783"
            },
            {
              "name": "97624",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97624"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2017-2332",
    "datePublished": "2017-04-24T15:00:00",
    "dateReserved": "2016-12-01T00:00:00",
    "dateUpdated": "2024-08-05T13:48:05.234Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-2776 (GCVE-0-2016-2776)

Vulnerability from cvelistv5

Published

2016-09-28 10:00

Modified

2024-08-05 23:32

Severity ?

CWE

n/a

Summary

buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.

References

URL

Tags

	http://www.securityfocus.com/bid/93188	vdb-entry, x_refsource_BID
	https://kb.isc.org/article/AA-01438	x_refsource_CONFIRM
	https://kb.isc.org/article/AA-01419/0	x_refsource_CONFIRM
	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2016-1944.html	vendor-advisory, x_refsource_REDHAT
	https://www.exploit-db.com/exploits/40453/	exploit, x_refsource_EXPLOIT-DB
	https://security.gentoo.org/glsa/201610-07	vendor-advisory, x_refsource_GENTOO
	https://kb.isc.org/article/AA-01435	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2016-2099.html	vendor-advisory, x_refsource_REDHAT
	https://security.netapp.com/advisory/ntap-20160930-0001/	x_refsource_CONFIRM
	http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1036903	vdb-entry, x_refsource_SECTRACK
	http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html	x_refsource_CONFIRM
	https://security.FreeBSD.org/advisories/FreeBSD-SA-16:28.bind.asc	vendor-advisory, x_refsource_FREEBSD
	http://rhn.redhat.com/errata/RHSA-2016-1945.html	vendor-advisory, x_refsource_REDHAT
	https://kb.isc.org/article/AA-01436	x_refsource_CONFIRM
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05321107	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:32:20.918Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "93188",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93188"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.isc.org/article/AA-01438"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.isc.org/article/AA-01419/0"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
          },
          {
            "name": "RHSA-2016:1944",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1944.html"
          },
          {
            "name": "40453",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/40453/"
          },
          {
            "name": "GLSA-201610-07",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201610-07"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.isc.org/article/AA-01435"
          },
          {
            "name": "RHSA-2016:2099",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2099.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20160930-0001/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html"
          },
          {
            "name": "1036903",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036903"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
          },
          {
            "name": "FreeBSD-SA-16:28",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:28.bind.asc"
          },
          {
            "name": "RHSA-2016:1945",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1945.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.isc.org/article/AA-01436"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05321107"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-09-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "93188",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/93188"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.isc.org/article/AA-01438"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.isc.org/article/AA-01419/0"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
        },
        {
          "name": "RHSA-2016:1944",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1944.html"
        },
        {
          "name": "40453",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/40453/"
        },
        {
          "name": "GLSA-201610-07",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201610-07"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.isc.org/article/AA-01435"
        },
        {
          "name": "RHSA-2016:2099",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2099.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20160930-0001/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html"
        },
        {
          "name": "1036903",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1036903"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
        },
        {
          "name": "FreeBSD-SA-16:28",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:28.bind.asc"
        },
        {
          "name": "RHSA-2016:1945",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1945.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.isc.org/article/AA-01436"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05321107"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-2776",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "93188",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/93188"
            },
            {
              "name": "https://kb.isc.org/article/AA-01438",
              "refsource": "CONFIRM",
              "url": "https://kb.isc.org/article/AA-01438"
            },
            {
              "name": "https://kb.isc.org/article/AA-01419/0",
              "refsource": "CONFIRM",
              "url": "https://kb.isc.org/article/AA-01419/0"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
            },
            {
              "name": "RHSA-2016:1944",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1944.html"
            },
            {
              "name": "40453",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/40453/"
            },
            {
              "name": "GLSA-201610-07",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201610-07"
            },
            {
              "name": "https://kb.isc.org/article/AA-01435",
              "refsource": "CONFIRM",
              "url": "https://kb.isc.org/article/AA-01435"
            },
            {
              "name": "RHSA-2016:2099",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2099.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20160930-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20160930-0001/"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html"
            },
            {
              "name": "1036903",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1036903"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
            },
            {
              "name": "FreeBSD-SA-16:28",
              "refsource": "FREEBSD",
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:28.bind.asc"
            },
            {
              "name": "RHSA-2016:1945",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1945.html"
            },
            {
              "name": "https://kb.isc.org/article/AA-01436",
              "refsource": "CONFIRM",
              "url": "https://kb.isc.org/article/AA-01436"
            },
            {
              "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05321107",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05321107"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-2776",
    "datePublished": "2016-09-28T10:00:00",
    "dateReserved": "2016-02-26T00:00:00",
    "dateUpdated": "2024-08-05T23:32:20.918Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-2319 (GCVE-0-2017-2319)

Vulnerability from cvelistv5

Published

2017-04-24 15:00

Modified

2024-08-05 13:48

Severity ?

CWE

vulnerability that may compromise the system's confidentiality or integrity or denial of service

Summary

A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious attacker to compromise the systems confidentiality or integrity without authentication, leading to managed systems being compromised or services being denied to authentic end users and systems as a result.

References

URL

Tags

	https://kb.juniper.net/JSA10783	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/97659	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	Juniper Networks	NorthStar Controller Application	Version: prior to version 2.1.0 Service Pack 1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:48:05.244Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA10783"
          },
          {
            "name": "97659",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97659"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "NorthStar Controller Application",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "status": "affected",
              "version": "prior to version 2.1.0 Service Pack 1"
            }
          ]
        }
      ],
      "datePublic": "2017-04-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious attacker to compromise the systems confidentiality or integrity without authentication, leading to managed systems being compromised or services being denied to authentic end users and systems as a result."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "vulnerability that may compromise the system\u0027s confidentiality or integrity or denial of service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-04-25T09:57:01",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.juniper.net/JSA10783"
        },
        {
          "name": "97659",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97659"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "sirt@juniper.net",
          "ID": "CVE-2017-2319",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "NorthStar Controller Application",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "prior to version 2.1.0 Service Pack 1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Juniper Networks"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious attacker to compromise the systems confidentiality or integrity without authentication, leading to managed systems being compromised or services being denied to authentic end users and systems as a result."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "vulnerability that may compromise the system\u0027s confidentiality or integrity or denial of service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.juniper.net/JSA10783",
              "refsource": "CONFIRM",
              "url": "https://kb.juniper.net/JSA10783"
            },
            {
              "name": "97659",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97659"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2017-2319",
    "datePublished": "2017-04-24T15:00:00",
    "dateReserved": "2016-12-01T00:00:00",
    "dateUpdated": "2024-08-05T13:48:05.244Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-4620 (GCVE-0-2015-4620)

Vulnerability from cvelistv5

Published

2015-07-08 14:00

Modified

2024-08-06 06:18

Severity ?

CWE

n/a

Summary

name.c in named in ISC BIND 9.7.x through 9.9.x before 9.9.7-P1 and 9.10.x before 9.10.2-P2, when configured as a recursive resolver with DNSSEC validation, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) by constructing crafted zone data and then making a query for a name in that zone.

References

URL

Tags

	http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162286.html	vendor-advisory, x_refsource_FEDORA
	http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00050.html	vendor-advisory, x_refsource_SUSE
	https://kb.juniper.net/JSA10783	x_refsource_CONFIRM
	https://kb.isc.org/article/AA-01438	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1032799	vdb-entry, x_refsource_SECTRACK
	http://www.ubuntu.com/usn/USN-2669-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00013.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-updates/2015-07/msg00038.html	vendor-advisory, x_refsource_SUSE
	http://rhn.redhat.com/errata/RHSA-2015-1471.html	vendor-advisory, x_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2015-1443.html	vendor-advisory, x_refsource_REDHAT
	http://www.debian.org/security/2015/dsa-3304	vendor-advisory, x_refsource_DEBIAN
	https://kb.isc.org/article/AA-01307	x_refsource_CONFIRM
	https://kc.mcafee.com/corporate/index?page=content&id=SB10124	x_refsource_CONFIRM
	https://kb.isc.org/article/AA-01267	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/75588	vdb-entry, x_refsource_BID
	https://security.gentoo.org/glsa/201510-01	vendor-advisory, x_refsource_GENTOO
	http://marc.info/?l=bugtraq&m=143740940810833&w=2	vendor-advisory, x_refsource_HP
	http://marc.info/?l=bugtraq&m=143740940810833&w=2	vendor-advisory, x_refsource_HP
	http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162040.html	vendor-advisory, x_refsource_FEDORA
	https://kb.isc.org/article/AA-01305	x_refsource_CONFIRM
	https://kb.isc.org/article/AA-01306	x_refsource_CONFIRM
	https://security.netapp.com/advisory/ntap-20190903-0003/	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:18:12.213Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "FEDORA-2015-11484",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162286.html"
          },
          {
            "name": "openSUSE-SU-2015:1326",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00050.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA10783"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.isc.org/article/AA-01438"
          },
          {
            "name": "1032799",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032799"
          },
          {
            "name": "USN-2669-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2669-1"
          },
          {
            "name": "SUSE-SU-2015:1205",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00013.html"
          },
          {
            "name": "openSUSE-SU-2015:1250",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00038.html"
          },
          {
            "name": "RHSA-2015:1471",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1471.html"
          },
          {
            "name": "RHSA-2015:1443",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1443.html"
          },
          {
            "name": "DSA-3304",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3304"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.isc.org/article/AA-01307"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10124"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.isc.org/article/AA-01267"
          },
          {
            "name": "75588",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/75588"
          },
          {
            "name": "GLSA-201510-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201510-01"
          },
          {
            "name": "HPSBUX03379",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143740940810833\u0026w=2"
          },
          {
            "name": "SSRT101976",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143740940810833\u0026w=2"
          },
          {
            "name": "FEDORA-2015-11483",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162040.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.isc.org/article/AA-01305"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.isc.org/article/AA-01306"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190903-0003/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-07-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "name.c in named in ISC BIND 9.7.x through 9.9.x before 9.9.7-P1 and 9.10.x before 9.10.2-P2, when configured as a recursive resolver with DNSSEC validation, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) by constructing crafted zone data and then making a query for a name in that zone."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-09-03T17:06:09",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "FEDORA-2015-11484",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162286.html"
        },
        {
          "name": "openSUSE-SU-2015:1326",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00050.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.juniper.net/JSA10783"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.isc.org/article/AA-01438"
        },
        {
          "name": "1032799",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032799"
        },
        {
          "name": "USN-2669-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2669-1"
        },
        {
          "name": "SUSE-SU-2015:1205",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00013.html"
        },
        {
          "name": "openSUSE-SU-2015:1250",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00038.html"
        },
        {
          "name": "RHSA-2015:1471",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1471.html"
        },
        {
          "name": "RHSA-2015:1443",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1443.html"
        },
        {
          "name": "DSA-3304",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3304"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.isc.org/article/AA-01307"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10124"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.isc.org/article/AA-01267"
        },
        {
          "name": "75588",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/75588"
        },
        {
          "name": "GLSA-201510-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201510-01"
        },
        {
          "name": "HPSBUX03379",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143740940810833\u0026w=2"
        },
        {
          "name": "SSRT101976",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143740940810833\u0026w=2"
        },
        {
          "name": "FEDORA-2015-11483",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162040.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.isc.org/article/AA-01305"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.isc.org/article/AA-01306"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190903-0003/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-4620",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "name.c in named in ISC BIND 9.7.x through 9.9.x before 9.9.7-P1 and 9.10.x before 9.10.2-P2, when configured as a recursive resolver with DNSSEC validation, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) by constructing crafted zone data and then making a query for a name in that zone."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "FEDORA-2015-11484",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162286.html"
            },
            {
              "name": "openSUSE-SU-2015:1326",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00050.html"
            },
            {
              "name": "https://kb.juniper.net/JSA10783",
              "refsource": "CONFIRM",
              "url": "https://kb.juniper.net/JSA10783"
            },
            {
              "name": "https://kb.isc.org/article/AA-01438",
              "refsource": "CONFIRM",
              "url": "https://kb.isc.org/article/AA-01438"
            },
            {
              "name": "1032799",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1032799"
            },
            {
              "name": "USN-2669-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2669-1"
            },
            {
              "name": "SUSE-SU-2015:1205",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00013.html"
            },
            {
              "name": "openSUSE-SU-2015:1250",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00038.html"
            },
            {
              "name": "RHSA-2015:1471",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-1471.html"
            },
            {
              "name": "RHSA-2015:1443",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-1443.html"
            },
            {
              "name": "DSA-3304",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2015/dsa-3304"
            },
            {
              "name": "https://kb.isc.org/article/AA-01307",
              "refsource": "CONFIRM",
              "url": "https://kb.isc.org/article/AA-01307"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10124",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10124"
            },
            {
              "name": "https://kb.isc.org/article/AA-01267",
              "refsource": "CONFIRM",
              "url": "https://kb.isc.org/article/AA-01267"
            },
            {
              "name": "75588",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/75588"
            },
            {
              "name": "GLSA-201510-01",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201510-01"
            },
            {
              "name": "HPSBUX03379",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=143740940810833\u0026w=2"
            },
            {
              "name": "SSRT101976",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=143740940810833\u0026w=2"
            },
            {
              "name": "FEDORA-2015-11483",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162040.html"
            },
            {
              "name": "https://kb.isc.org/article/AA-01305",
              "refsource": "CONFIRM",
              "url": "https://kb.isc.org/article/AA-01305"
            },
            {
              "name": "https://kb.isc.org/article/AA-01306",
              "refsource": "CONFIRM",
              "url": "https://kb.isc.org/article/AA-01306"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190903-0003/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190903-0003/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-4620",
    "datePublished": "2015-07-08T14:00:00",
    "dateReserved": "2015-06-16T00:00:00",
    "dateUpdated": "2024-08-06T06:18:12.213Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-4450 (GCVE-0-2013-4450)

Vulnerability from cvelistv5

Published

2013-10-21 17:00

Modified

2024-08-06 16:45

Severity ?

CWE

n/a

Summary

The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before 0.8.26 allows remote attackers to cause a denial of service (memory and CPU consumption) by sending a large number of pipelined requests without reading the response.

References

URL

Tags

	https://kb.juniper.net/JSA10783	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2013-1842.html	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-updates/2013-12/msg00051.html	vendor-advisory, x_refsource_SUSE
	http://www.openwall.com/lists/oss-security/2013/10/20/1	mailing-list, x_refsource_MLIST
	http://www.securityfocus.com/bid/63229	vdb-entry, x_refsource_BID
	http://blog.nodejs.org/2013/10/18/node-v0-10-21-stable/	x_refsource_CONFIRM
	http://blog.nodejs.org/2013/10/18/node-v0-8-26-maintenance/	x_refsource_CONFIRM
	https://github.com/rapid7/metasploit-framework/pull/2548	x_refsource_MISC
	https://groups.google.com/forum/#%21topic/nodejs/NEbweYB0ei0	x_refsource_MISC
	https://github.com/joyent/node/issues/6214	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:45:14.825Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA10783"
          },
          {
            "name": "RHSA-2013:1842",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-1842.html"
          },
          {
            "name": "openSUSE-SU-2013:1863",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00051.html"
          },
          {
            "name": "[oss-security] 20131019 Re: CVE Request: Node.js HTTP Pipelining DoS",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2013/10/20/1"
          },
          {
            "name": "63229",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/63229"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://blog.nodejs.org/2013/10/18/node-v0-10-21-stable/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://blog.nodejs.org/2013/10/18/node-v0-8-26-maintenance/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/rapid7/metasploit-framework/pull/2548"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://groups.google.com/forum/#%21topic/nodejs/NEbweYB0ei0"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/joyent/node/issues/6214"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-10-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before 0.8.26 allows remote attackers to cause a denial of service (memory and CPU consumption) by sending a large number of pipelined requests without reading the response."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-05-23T01:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.juniper.net/JSA10783"
        },
        {
          "name": "RHSA-2013:1842",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-1842.html"
        },
        {
          "name": "openSUSE-SU-2013:1863",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00051.html"
        },
        {
          "name": "[oss-security] 20131019 Re: CVE Request: Node.js HTTP Pipelining DoS",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2013/10/20/1"
        },
        {
          "name": "63229",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/63229"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://blog.nodejs.org/2013/10/18/node-v0-10-21-stable/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://blog.nodejs.org/2013/10/18/node-v0-8-26-maintenance/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/rapid7/metasploit-framework/pull/2548"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://groups.google.com/forum/#%21topic/nodejs/NEbweYB0ei0"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/joyent/node/issues/6214"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2013-4450",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before 0.8.26 allows remote attackers to cause a denial of service (memory and CPU consumption) by sending a large number of pipelined requests without reading the response."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.juniper.net/JSA10783",
              "refsource": "CONFIRM",
              "url": "https://kb.juniper.net/JSA10783"
            },
            {
              "name": "RHSA-2013:1842",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2013-1842.html"
            },
            {
              "name": "openSUSE-SU-2013:1863",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00051.html"
            },
            {
              "name": "[oss-security] 20131019 Re: CVE Request: Node.js HTTP Pipelining DoS",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2013/10/20/1"
            },
            {
              "name": "63229",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/63229"
            },
            {
              "name": "http://blog.nodejs.org/2013/10/18/node-v0-10-21-stable/",
              "refsource": "CONFIRM",
              "url": "http://blog.nodejs.org/2013/10/18/node-v0-10-21-stable/"
            },
            {
              "name": "http://blog.nodejs.org/2013/10/18/node-v0-8-26-maintenance/",
              "refsource": "CONFIRM",
              "url": "http://blog.nodejs.org/2013/10/18/node-v0-8-26-maintenance/"
            },
            {
              "name": "https://github.com/rapid7/metasploit-framework/pull/2548",
              "refsource": "MISC",
              "url": "https://github.com/rapid7/metasploit-framework/pull/2548"
            },
            {
              "name": "https://groups.google.com/forum/#!topic/nodejs/NEbweYB0ei0",
              "refsource": "MISC",
              "url": "https://groups.google.com/forum/#!topic/nodejs/NEbweYB0ei0"
            },
            {
              "name": "https://github.com/joyent/node/issues/6214",
              "refsource": "CONFIRM",
              "url": "https://github.com/joyent/node/issues/6214"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-4450",
    "datePublished": "2013-10-21T17:00:00",
    "dateReserved": "2013-06-12T00:00:00",
    "dateUpdated": "2024-08-06T16:45:14.825Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-2331 (GCVE-0-2017-2331)

Vulnerability from cvelistv5

Published

2017-04-24 15:00

Modified

2024-08-05 13:48

Severity ?

CWE

firewall bypass

Summary

A firewall bypass vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a network-based malicious attacker to bypass firewall policies, leading to authentication bypass methods, information disclosure, modification of system files, and denials of service.

References

URL

Tags

	https://kb.juniper.net/JSA10783	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/97619	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	Juniper Networks	NorthStar Controller Application	Version: prior to version 2.1.0 Service Pack 1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:48:05.306Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA10783"
          },
          {
            "name": "97619",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97619"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "NorthStar Controller Application",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "status": "affected",
              "version": "prior to version 2.1.0 Service Pack 1"
            }
          ]
        }
      ],
      "datePublic": "2017-04-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A firewall bypass vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a network-based malicious attacker to bypass firewall policies, leading to authentication bypass methods, information disclosure, modification of system files, and denials of service."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "firewall bypass",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-04-25T09:57:01",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.juniper.net/JSA10783"
        },
        {
          "name": "97619",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97619"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "sirt@juniper.net",
          "ID": "CVE-2017-2331",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "NorthStar Controller Application",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "prior to version 2.1.0 Service Pack 1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Juniper Networks"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A firewall bypass vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a network-based malicious attacker to bypass firewall policies, leading to authentication bypass methods, information disclosure, modification of system files, and denials of service."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "firewall bypass"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.juniper.net/JSA10783",
              "refsource": "CONFIRM",
              "url": "https://kb.juniper.net/JSA10783"
            },
            {
              "name": "97619",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97619"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2017-2331",
    "datePublished": "2017-04-24T15:00:00",
    "dateReserved": "2016-12-01T00:00:00",
    "dateUpdated": "2024-08-05T13:48:05.306Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-2330 (GCVE-0-2017-2330)

Vulnerability from cvelistv5

Published

2017-04-24 15:00

Modified

2024-08-05 13:48

Severity ?

CWE

denial of service

Summary

A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, local user, to create a fork bomb scenario, also known as a rabbit virus, or wabbit, which will create processes that replicate themselves, until all resources are consumed on the system, leading to a denial of service to the entire system until it is restarted. Continued attacks by an unauthenticated, local user, can lead to persistent denials of services.

References

URL

Tags

	https://kb.juniper.net/JSA10783	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/97618	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	Juniper Networks	NorthStar Controller Application	Version: prior to version 2.1.0 Service Pack 1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:48:05.232Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA10783"
          },
          {
            "name": "97618",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97618"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "NorthStar Controller Application",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "status": "affected",
              "version": "prior to version 2.1.0 Service Pack 1"
            }
          ]
        }
      ],
      "datePublic": "2017-04-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, local user, to create a fork bomb scenario, also known as a rabbit virus, or wabbit, which will create processes that replicate themselves, until all resources are consumed on the system, leading to a denial of service to the entire system until it is restarted. Continued attacks by an unauthenticated, local user, can lead to persistent denials of services."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "denial of service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-04-25T09:57:01",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.juniper.net/JSA10783"
        },
        {
          "name": "97618",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97618"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "sirt@juniper.net",
          "ID": "CVE-2017-2330",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "NorthStar Controller Application",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "prior to version 2.1.0 Service Pack 1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Juniper Networks"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, local user, to create a fork bomb scenario, also known as a rabbit virus, or wabbit, which will create processes that replicate themselves, until all resources are consumed on the system, leading to a denial of service to the entire system until it is restarted. Continued attacks by an unauthenticated, local user, can lead to persistent denials of services."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "denial of service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.juniper.net/JSA10783",
              "refsource": "CONFIRM",
              "url": "https://kb.juniper.net/JSA10783"
            },
            {
              "name": "97618",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97618"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2017-2330",
    "datePublished": "2017-04-24T15:00:00",
    "dateReserved": "2016-12-01T00:00:00",
    "dateUpdated": "2024-08-05T13:48:05.232Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTFR-2017-AVI-111

Vulnerability from certfr_avis

Solution

Tags

Sightings

Nomenclature

Action not permitted

CERTFR-2017-AVI-111

Vulnerability from certfr_avis

Solution

CVE-2017-2316 (GCVE-0-2017-2316)

Vulnerability from cvelistv5

CVE-2017-2326 (GCVE-0-2017-2326)

Vulnerability from cvelistv5

CVE-2015-8104 (GCVE-0-2015-8104)

Vulnerability from cvelistv5

CVE-2017-2325 (GCVE-0-2017-2325)

Vulnerability from cvelistv5

CVE-2015-7979 (GCVE-0-2015-7979)

Vulnerability from cvelistv5

CVE-2017-2321 (GCVE-0-2017-2321)

Vulnerability from cvelistv5

CVE-2016-7427 (GCVE-0-2016-7427)

Vulnerability from cvelistv5

CVE-2016-9444 (GCVE-0-2016-9444)

Vulnerability from cvelistv5

CVE-2017-2315 (GCVE-0-2017-2315)

Vulnerability from cvelistv5

CVE-2017-2318 (GCVE-0-2017-2318)

Vulnerability from cvelistv5

CVE-2015-8138 (GCVE-0-2015-8138)

Vulnerability from cvelistv5

CVE-2016-9147 (GCVE-0-2016-9147)

Vulnerability from cvelistv5

CVE-2016-9311 (GCVE-0-2016-9311)

Vulnerability from cvelistv5

CVE-2016-1014 (GCVE-0-2016-1014)

Vulnerability from cvelistv5

CVE-2017-2312 (GCVE-0-2017-2312)

Vulnerability from cvelistv5

CVE-2017-2317 (GCVE-0-2017-2317)

Vulnerability from cvelistv5

CVE-2017-2328 (GCVE-0-2017-2328)

Vulnerability from cvelistv5

CVE-2017-2334 (GCVE-0-2017-2334)

Vulnerability from cvelistv5

CVE-2017-2320 (GCVE-0-2017-2320)

Vulnerability from cvelistv5

CVE-2015-5307 (GCVE-0-2015-5307)

Vulnerability from cvelistv5

CVE-2016-8864 (GCVE-0-2016-8864)

Vulnerability from cvelistv5

CVE-2017-2323 (GCVE-0-2017-2323)

Vulnerability from cvelistv5

CVE-2017-2333 (GCVE-0-2017-2333)

Vulnerability from cvelistv5

CVE-2015-3209 (GCVE-0-2015-3209)

Vulnerability from cvelistv5

CVE-2016-9131 (GCVE-0-2016-9131)

Vulnerability from cvelistv5

CVE-2017-2322 (GCVE-0-2017-2322)

Vulnerability from cvelistv5

CVE-2017-2329 (GCVE-0-2017-2329)

Vulnerability from cvelistv5

CVE-2015-5477 (GCVE-0-2015-5477)

Vulnerability from cvelistv5

CVE-2017-2313 (GCVE-0-2017-2313)

Vulnerability from cvelistv5

CVE-2017-2324 (GCVE-0-2017-2324)

Vulnerability from cvelistv5

CVE-2016-7429 (GCVE-0-2016-7429)

Vulnerability from cvelistv5

CVE-2016-7431 (GCVE-0-2016-7431)

Vulnerability from cvelistv5

CVE-2016-9310 (GCVE-0-2016-9310)

Vulnerability from cvelistv5

CVE-2016-1886 (GCVE-0-2016-1886)

Vulnerability from cvelistv5

CVE-2015-7973 (GCVE-0-2015-7973)

Vulnerability from cvelistv5

CVE-2015-1349 (GCVE-0-2015-1349)

Vulnerability from cvelistv5

CVE-2017-2327 (GCVE-0-2017-2327)

Vulnerability from cvelistv5

CVE-2017-2340 (GCVE-0-2017-2340)

Vulnerability from cvelistv5