fkie_cve-2015-3456
Vulnerability from fkie_nvd
Published
2015-05-13 18:59
Modified
2025-04-12 10:46
Severity ?
Summary
The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM.
References
cve@mitre.orghttp://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=e907746266721f305d67bc0718795fedee2e824c
cve@mitre.orghttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10693
cve@mitre.orghttp://lists.fedoraproject.org/pipermail/package-announce/2015-May/158072.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2015-05/msg00009.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2015-05/msg00013.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2015-05/msg00014.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2015-05/msg00018.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2015-05/msg00019.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2015-05/msg00042.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2015-06/msg00001.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-updates/2015-08/msg00021.html
cve@mitre.orghttp://marc.info/?l=bugtraq&m=143229451215900&w=2
cve@mitre.orghttp://marc.info/?l=bugtraq&m=143229451215900&w=2
cve@mitre.orghttp://marc.info/?l=bugtraq&m=143387998230996&w=2
cve@mitre.orghttp://rhn.redhat.com/errata/RHSA-2015-0998.html
cve@mitre.orghttp://rhn.redhat.com/errata/RHSA-2015-0999.html
cve@mitre.orghttp://rhn.redhat.com/errata/RHSA-2015-1000.html
cve@mitre.orghttp://rhn.redhat.com/errata/RHSA-2015-1001.html
cve@mitre.orghttp://rhn.redhat.com/errata/RHSA-2015-1002.html
cve@mitre.orghttp://rhn.redhat.com/errata/RHSA-2015-1003.html
cve@mitre.orghttp://rhn.redhat.com/errata/RHSA-2015-1004.html
cve@mitre.orghttp://rhn.redhat.com/errata/RHSA-2015-1011.html
cve@mitre.orghttp://support.citrix.com/article/CTX201078
cve@mitre.orghttp://venom.crowdstrike.com/
cve@mitre.orghttp://www.debian.org/security/2015/dsa-3259
cve@mitre.orghttp://www.debian.org/security/2015/dsa-3262
cve@mitre.orghttp://www.debian.org/security/2015/dsa-3274
cve@mitre.orghttp://www.fortiguard.com/advisory/2015-05-19-cve-2015-3456-venom-vulnerability
cve@mitre.orghttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
cve@mitre.orghttp://www.securityfocus.com/bid/74640
cve@mitre.orghttp://www.securitytracker.com/id/1032306
cve@mitre.orghttp://www.securitytracker.com/id/1032311
cve@mitre.orghttp://www.securitytracker.com/id/1032917
cve@mitre.orghttp://www.ubuntu.com/usn/USN-2608-1
cve@mitre.orghttp://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-438937.htm
cve@mitre.orghttp://xenbits.xen.org/xsa/advisory-133.html
cve@mitre.orghttps://access.redhat.com/articles/1444903
cve@mitre.orghttps://bto.bluecoat.com/security-advisory/sa95
cve@mitre.orghttps://kb.juniper.net/JSA10783
cve@mitre.orghttps://kc.mcafee.com/corporate/index?page=content&id=SB10118
cve@mitre.orghttps://security.gentoo.org/glsa/201602-01
cve@mitre.orghttps://security.gentoo.org/glsa/201604-03
cve@mitre.orghttps://security.gentoo.org/glsa/201612-27
cve@mitre.orghttps://securityblog.redhat.com/2015/05/13/venom-dont-get-bitten/
cve@mitre.orghttps://support.lenovo.com/us/en/product_security/venom
cve@mitre.orghttps://www.arista.com/en/support/advisories-notices/security-advisories/1128-security-advisory-10
cve@mitre.orghttps://www.exploit-db.com/exploits/37053/
cve@mitre.orghttps://www.suse.com/security/cve/CVE-2015-3456.html
af854a3a-2127-422b-91ae-364da2661108http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=e907746266721f305d67bc0718795fedee2e824c
af854a3a-2127-422b-91ae-364da2661108http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10693
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158072.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00009.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00013.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00014.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00018.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00019.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00042.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00001.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2015-08/msg00021.html
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=143229451215900&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=143229451215900&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=143387998230996&w=2
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2015-0998.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2015-0999.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2015-1000.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2015-1001.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2015-1002.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2015-1003.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2015-1004.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2015-1011.html
af854a3a-2127-422b-91ae-364da2661108http://support.citrix.com/article/CTX201078
af854a3a-2127-422b-91ae-364da2661108http://venom.crowdstrike.com/
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2015/dsa-3259
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2015/dsa-3262
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2015/dsa-3274
af854a3a-2127-422b-91ae-364da2661108http://www.fortiguard.com/advisory/2015-05-19-cve-2015-3456-venom-vulnerability
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/74640
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1032306
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1032311
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1032917
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2608-1
af854a3a-2127-422b-91ae-364da2661108http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-438937.htm
af854a3a-2127-422b-91ae-364da2661108http://xenbits.xen.org/xsa/advisory-133.html
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/articles/1444903
af854a3a-2127-422b-91ae-364da2661108https://bto.bluecoat.com/security-advisory/sa95
af854a3a-2127-422b-91ae-364da2661108https://kb.juniper.net/JSA10783
af854a3a-2127-422b-91ae-364da2661108https://kc.mcafee.com/corporate/index?page=content&id=SB10118
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201602-01
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201604-03
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201612-27
af854a3a-2127-422b-91ae-364da2661108https://securityblog.redhat.com/2015/05/13/venom-dont-get-bitten/
af854a3a-2127-422b-91ae-364da2661108https://support.lenovo.com/us/en/product_security/venom
af854a3a-2127-422b-91ae-364da2661108https://www.arista.com/en/support/advisories-notices/security-advisories/1128-security-advisory-10
af854a3a-2127-422b-91ae-364da2661108https://www.exploit-db.com/exploits/37053/
af854a3a-2127-422b-91ae-364da2661108https://www.suse.com/security/cve/CVE-2015-3456.html



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABF17A18-4BE8-41B7-B50C-F4A137B3B2F1",
              "versionEndIncluding": "2.3.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:enterprise_virtualization:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "105130E9-D48E-4FB8-A715-E6438EC7E744",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1802FDB8-C919-4D5E-A8AD-4C5B72525090",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B152EDF3-3140-4343-802F-F4F1C329F5C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "31EC146C-A6F6-4C0D-AF87-685286262DAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DAA72A4-AC7D-4544-89D4-5B07961D5A95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA9B3CC0-DF1C-4A86-B2A3-A9D428A5A6E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:xen:xen:4.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "90CCECD0-C0F9-45A8-8699-64428637EBCA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM."
    },
    {
      "lang": "es",
      "value": "Floppy Disk Controller (FDC) en QEMU, utilizado en Xen 4.5.x y anteriores y KVM, permite a usuarios locales invitados causar una denegaci\u00f3n de servicio (escritura fuera de rango y ca\u00edda del invitado) o posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, u otros comandos sin especificar, tambi\u00e9n conocido como VENOM."
    }
  ],
  "evaluatorComment": "Though the VENOM vulnerability is also agnostic of the guest operating system, an attacker (or an attacker\u2019s malware) would need to have administrative or root privileges in the guest operating system in order to exploit VENOM",
  "id": "CVE-2015-3456",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.7,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 5.1,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-05-13T18:59:00.157",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=e907746266721f305d67bc0718795fedee2e824c"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10693"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158072.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00009.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00013.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00014.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00018.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00019.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00042.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-updates/2015-08/msg00021.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=143229451215900\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=143229451215900\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=143387998230996\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0998.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0999.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1000.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1001.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1002.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1003.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1004.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1011.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.citrix.com/article/CTX201078"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://venom.crowdstrike.com/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2015/dsa-3259"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2015/dsa-3262"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2015/dsa-3274"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.fortiguard.com/advisory/2015-05-19-cve-2015-3456-venom-vulnerability"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/74640"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id/1032306"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id/1032311"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id/1032917"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/USN-2608-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-438937.htm"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://xenbits.xen.org/xsa/advisory-133.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://access.redhat.com/articles/1444903"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bto.bluecoat.com/security-advisory/sa95"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://kb.juniper.net/JSA10783"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10118"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.gentoo.org/glsa/201602-01"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.gentoo.org/glsa/201604-03"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.gentoo.org/glsa/201612-27"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://securityblog.redhat.com/2015/05/13/venom-dont-get-bitten/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://support.lenovo.com/us/en/product_security/venom"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1128-security-advisory-10"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.exploit-db.com/exploits/37053/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.suse.com/security/cve/CVE-2015-3456.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=e907746266721f305d67bc0718795fedee2e824c"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10693"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158072.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00009.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00013.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00014.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00018.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00019.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00042.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2015-08/msg00021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=143229451215900\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=143229451215900\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=143387998230996\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0998.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0999.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1011.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.citrix.com/article/CTX201078"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://venom.crowdstrike.com/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2015/dsa-3259"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2015/dsa-3262"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2015/dsa-3274"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.fortiguard.com/advisory/2015-05-19-cve-2015-3456-venom-vulnerability"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/74640"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1032306"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1032311"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1032917"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2608-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-438937.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://xenbits.xen.org/xsa/advisory-133.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/articles/1444903"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bto.bluecoat.com/security-advisory/sa95"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://kb.juniper.net/JSA10783"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10118"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/201602-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/201604-03"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/201612-27"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://securityblog.redhat.com/2015/05/13/venom-dont-get-bitten/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://support.lenovo.com/us/en/product_security/venom"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1128-security-advisory-10"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/37053/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.suse.com/security/cve/CVE-2015-3456.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.


Loading…

Loading…