Action not permitted
Modal body text goes here.
Modal Title
Modal Body
ubuntu-cve-2015-4000
Vulnerability from osv_ubuntu
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
{
"affected": [
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "firefox",
"binary_version": "39.0+build5-0ubuntu0.14.04.1"
},
{
"binary_name": "firefox-globalmenu",
"binary_version": "39.0+build5-0ubuntu0.14.04.1"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "39.0+build5-0ubuntu0.14.04.1"
},
{
"binary_name": "firefox-testsuite",
"binary_version": "39.0+build5-0ubuntu0.14.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:14.04:LTS",
"name": "firefox",
"purl": "pkg:deb/ubuntu/firefox@39.0+build5-0ubuntu0.14.04.1?arch=source\u0026distro=trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "39.0+build5-0ubuntu0.14.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"24.0+build1-0ubuntu1",
"25.0+build3-0ubuntu0.13.10.1",
"28.0~b2+build1-0ubuntu2",
"28.0+build1-0ubuntu1",
"28.0+build2-0ubuntu1",
"28.0+build2-0ubuntu2",
"29.0+build1-0ubuntu0.14.04.2",
"30.0+build1-0ubuntu0.14.04.3",
"31.0+build1-0ubuntu0.14.04.1",
"32.0+build1-0ubuntu0.14.04.1",
"32.0.3+build1-0ubuntu0.14.04.1",
"33.0+build2-0ubuntu0.14.04.1",
"34.0+build2-0ubuntu0.14.04.1",
"35.0+build3-0ubuntu0.14.04.2",
"35.0.1+build1-0ubuntu0.14.04.1",
"36.0+build2-0ubuntu0.14.04.4",
"36.0.1+build2-0ubuntu0.14.04.1",
"36.0.4+build1-0ubuntu0.14.04.1",
"37.0+build2-0ubuntu0.14.04.1",
"37.0.1+build1-0ubuntu0.14.04.1",
"37.0.2+build1-0ubuntu0.14.04.1",
"38.0+build3-0ubuntu0.14.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libnss3",
"binary_version": "2:3.19.2-0ubuntu0.14.04.1"
},
{
"binary_name": "libnss3-1d",
"binary_version": "2:3.19.2-0ubuntu0.14.04.1"
},
{
"binary_name": "libnss3-nssdb",
"binary_version": "2:3.19.2-0ubuntu0.14.04.1"
},
{
"binary_name": "libnss3-tools",
"binary_version": "2:3.19.2-0ubuntu0.14.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:14.04:LTS",
"name": "nss",
"purl": "pkg:deb/ubuntu/nss@2:3.19.2-0ubuntu0.14.04.1?arch=source\u0026distro=trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2:3.19.2-0ubuntu0.14.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2:3.15.1-1ubuntu1",
"2:3.15.2-1",
"2:3.15.3-1",
"2:3.15.3.1-1",
"2:3.15.3.1-1.1",
"2:3.15.3.1-1.1ubuntu1",
"2:3.15.4-1ubuntu3",
"2:3.15.4-1ubuntu4",
"2:3.15.4-1ubuntu5",
"2:3.15.4-1ubuntu6",
"2:3.15.4-1ubuntu7",
"2:3.15.4-1ubuntu7.1",
"2:3.17-0ubuntu0.14.04.1",
"2:3.17.1-0ubuntu0.14.04.1",
"2:3.17.1-0ubuntu0.14.04.2",
"2:3.17.4-0ubuntu0.14.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "icedtea-6-jre-cacao",
"binary_version": "6b36-1.13.8-0ubuntu1~14.04"
},
{
"binary_name": "icedtea-6-jre-jamvm",
"binary_version": "6b36-1.13.8-0ubuntu1~14.04"
},
{
"binary_name": "openjdk-6-demo",
"binary_version": "6b36-1.13.8-0ubuntu1~14.04"
},
{
"binary_name": "openjdk-6-jdk",
"binary_version": "6b36-1.13.8-0ubuntu1~14.04"
},
{
"binary_name": "openjdk-6-jre",
"binary_version": "6b36-1.13.8-0ubuntu1~14.04"
},
{
"binary_name": "openjdk-6-jre-headless",
"binary_version": "6b36-1.13.8-0ubuntu1~14.04"
},
{
"binary_name": "openjdk-6-jre-lib",
"binary_version": "6b36-1.13.8-0ubuntu1~14.04"
},
{
"binary_name": "openjdk-6-jre-zero",
"binary_version": "6b36-1.13.8-0ubuntu1~14.04"
},
{
"binary_name": "openjdk-6-source",
"binary_version": "6b36-1.13.8-0ubuntu1~14.04"
}
]
},
"package": {
"ecosystem": "Ubuntu:14.04:LTS",
"name": "openjdk-6",
"purl": "pkg:deb/ubuntu/openjdk-6@6b36-1.13.8-0ubuntu1~14.04?arch=source\u0026distro=trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6b36-1.13.8-0ubuntu1~14.04"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"6b27-1.12.6-1ubuntu2",
"6b27-1.12.7-2ubuntu1",
"6b29-1.13.0-1ubuntu2",
"6b30-1.13.1-1ubuntu1",
"6b30-1.13.1-1ubuntu2",
"6b30-1.13.2-1ubuntu1",
"6b31-1.13.3-1ubuntu1",
"6b32-1.13.4-4ubuntu0.14.04.1",
"6b33-1.13.5-1ubuntu0.14.04",
"6b34-1.13.6-1ubuntu0.14.04.1",
"6b35-1.13.7-1ubuntu0.14.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "icedtea-7-jre-jamvm",
"binary_version": "7u79-2.5.6-0ubuntu1.14.04.1"
},
{
"binary_name": "openjdk-7-demo",
"binary_version": "7u79-2.5.6-0ubuntu1.14.04.1"
},
{
"binary_name": "openjdk-7-jdk",
"binary_version": "7u79-2.5.6-0ubuntu1.14.04.1"
},
{
"binary_name": "openjdk-7-jre",
"binary_version": "7u79-2.5.6-0ubuntu1.14.04.1"
},
{
"binary_name": "openjdk-7-jre-headless",
"binary_version": "7u79-2.5.6-0ubuntu1.14.04.1"
},
{
"binary_name": "openjdk-7-jre-lib",
"binary_version": "7u79-2.5.6-0ubuntu1.14.04.1"
},
{
"binary_name": "openjdk-7-jre-zero",
"binary_version": "7u79-2.5.6-0ubuntu1.14.04.1"
},
{
"binary_name": "openjdk-7-source",
"binary_version": "7u79-2.5.6-0ubuntu1.14.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:14.04:LTS",
"name": "openjdk-7",
"purl": "pkg:deb/ubuntu/openjdk-7@7u79-2.5.6-0ubuntu1.14.04.1?arch=source\u0026distro=trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7u79-2.5.6-0ubuntu1.14.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"7u25-2.3.12-4ubuntu3",
"7u25-2.3.12-4ubuntu5",
"7u45-2.4.3-3ubuntu1",
"7u45-2.4.3-3ubuntu2",
"7u45-2.4.3-4ubuntu1",
"7u45-2.4.3-4ubuntu2",
"7u51-2.4.4-1ubuntu1",
"7u51-2.4.5-1ubuntu1",
"7u51-2.4.6~pre1-1ubuntu2",
"7u51-2.4.6-1ubuntu3",
"7u51-2.4.6-1ubuntu4",
"7u55-2.4.7-1ubuntu1",
"7u65-2.5.1-4ubuntu1~0.14.04.1",
"7u65-2.5.1-4ubuntu1~0.14.04.2",
"7u65-2.5.2-3~14.04",
"7u71-2.5.3-0ubuntu0.14.04.1",
"7u75-2.5.4-1~trusty1",
"7u79-2.5.5-0ubuntu0.14.04.2"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libssl1.0.0",
"binary_version": "1.0.1f-1ubuntu2.12"
},
{
"binary_name": "openssl",
"binary_version": "1.0.1f-1ubuntu2.12"
}
]
},
"package": {
"ecosystem": "Ubuntu:14.04:LTS",
"name": "openssl",
"purl": "pkg:deb/ubuntu/openssl@1.0.1f-1ubuntu2.12?arch=source\u0026distro=trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.1f-1ubuntu2.12"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.0.1e-3ubuntu1",
"1.0.1e-4ubuntu1",
"1.0.1e-4ubuntu2",
"1.0.1e-4ubuntu3",
"1.0.1e-4ubuntu4",
"1.0.1f-1ubuntu1",
"1.0.1f-1ubuntu2",
"1.0.1f-1ubuntu2.1",
"1.0.1f-1ubuntu2.2",
"1.0.1f-1ubuntu2.3",
"1.0.1f-1ubuntu2.4",
"1.0.1f-1ubuntu2.5",
"1.0.1f-1ubuntu2.7",
"1.0.1f-1ubuntu2.8",
"1.0.1f-1ubuntu2.11"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "thunderbird-globalmenu",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "thunderbird-testsuite",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:14.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:31.8.0+build1-0ubuntu0.14.04.1?arch=source\u0026distro=trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:31.8.0+build1-0ubuntu0.14.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:24.0+build1-0ubuntu1",
"1:24.0+build1-0ubuntu2",
"1:24.1.1+build1-0ubuntu0.13.10.1",
"1:24.1.1+build1-0ubuntu1",
"1:24.2.0+build1-0ubuntu1",
"1:24.4.0+build1-0ubuntu1",
"1:24.5.0+build1-0ubuntu0.14.04.1",
"1:24.6.0+build1-0ubuntu0.14.04.1",
"1:31.0+build1-0ubuntu0.14.04.1",
"1:31.1.1+build1-0ubuntu0.14.04.1",
"1:31.1.2+build1-0ubuntu0.14.04.1",
"1:31.2.0+build2-0ubuntu0.14.04.1",
"1:31.3.0+build1-0ubuntu0.14.04.1",
"1:31.4.0+build1-0ubuntu0.14.04.1",
"1:31.5.0+build1-0ubuntu0.14.04.1",
"1:31.6.0+build1-0ubuntu0.14.04.1",
"1:31.7.0+build1-0ubuntu0.14.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libnss3",
"binary_version": "2:3.19.2-1ubuntu1"
},
{
"binary_name": "libnss3-1d",
"binary_version": "2:3.19.2-1ubuntu1"
},
{
"binary_name": "libnss3-nssdb",
"binary_version": "2:3.19.2-1ubuntu1"
},
{
"binary_name": "libnss3-tools",
"binary_version": "2:3.19.2-1ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "nss",
"purl": "pkg:deb/ubuntu/nss@2:3.19.2-1ubuntu1?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2:3.19.2-1ubuntu1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": []
}
],
"aliases": [],
"details": "The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the \"Logjam\" issue.",
"id": "UBUNTU-CVE-2015-4000",
"modified": "2026-05-29T17:44:43Z",
"published": "2015-05-20T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-4000"
},
{
"type": "REPORT",
"url": "https://weakdh.org/imperfect-forward-secrecy.pdf"
},
{
"type": "REPORT",
"url": "https://weakdh.org/"
},
{
"type": "REPORT",
"url": "https://nohats.ca/wordpress/blog/2015/05/20/weakdh-and-ike-ipsec/"
},
{
"type": "REPORT",
"url": "https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/"
},
{
"type": "REPORT",
"url": "http://lists.gnutls.org/pipermail/gnutls-devel/2015-May/007597.html"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/articles/1456263"
},
{
"type": "REPORT",
"url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/LogJam"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-2624-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-2625-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-2639-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-2656-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-2656-2"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-2673-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-2696-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-2706-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4000"
}
],
"related": [
"USN-2624-1",
"USN-2625-1",
"USN-2639-1",
"USN-2656-1",
"USN-2656-2",
"USN-2673-1",
"USN-2696-1",
"USN-2706-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2015-4000"
]
}
CVE-2015-4000 (GCVE-0-2015-4000)
Vulnerability from cvelistv5 – Published: 2015-05-21 00:00 – Updated: 2026-05-27 16:22- n/a
- CWE-295 - Improper Certificate Validation
| URL | Tags |
|---|---|
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://marc.info/?l=bugtraq&m=143880121627664&w=2 | vendor-advisory |
| http://rhn.redhat.com/errata/RHSA-2015-1243.html | vendor-advisory |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://www.securitytracker.com/id/1033208 | vdb-entry |
| http://www.securitytracker.com/id/1032637 | vdb-entry |
| http://marc.info/?l=bugtraq&m=144050121701297&w=2 | vendor-advisory |
| http://www.debian.org/security/2016/dsa-3688 | vendor-advisory |
| http://www.debian.org/security/2015/dsa-3287 | vendor-advisory |
| http://marc.info/?l=bugtraq&m=144493176821532&w=2 | vendor-advisory |
| http://www.securitytracker.com/id/1032865 | vdb-entry |
| http://marc.info/?l=bugtraq&m=143557934009303&w=2 | vendor-advisory |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://www.securitytracker.com/id/1034728 | vdb-entry |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://www.securitytracker.com/id/1032656 | vdb-entry |
| http://rhn.redhat.com/errata/RHSA-2016-2056.html | vendor-advisory |
| http://openwall.com/lists/oss-security/2015/05/20/8 | mailing-list |
| http://lists.opensuse.org/opensuse-updates/2015-1… | vendor-advisory |
| http://marc.info/?l=bugtraq&m=143628304012255&w=2 | vendor-advisory |
| http://marc.info/?l=bugtraq&m=144060576831314&w=2 | vendor-advisory |
| http://www.securitytracker.com/id/1032475 | vdb-entry |
| http://www.securitytracker.com/id/1032960 | vdb-entry |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://www.securitytracker.com/id/1032653 | vdb-entry |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://www.securitytracker.com/id/1033385 | vdb-entry |
| https://security.gentoo.org/glsa/201512-10 | vendor-advisory |
| http://rhn.redhat.com/errata/RHSA-2015-1229.html | vendor-advisory |
| http://lists.opensuse.org/opensuse-updates/2016-0… | vendor-advisory |
| http://www.securitytracker.com/id/1032864 | vdb-entry |
| http://www.securitytracker.com/id/1032910 | vdb-entry |
| http://www.securitytracker.com/id/1032645 | vdb-entry |
| http://www.ubuntu.com/usn/USN-2706-1 | vendor-advisory |
| https://security.gentoo.org/glsa/201701-46 | vendor-advisory |
| http://rhn.redhat.com/errata/RHSA-2015-1526.html | vendor-advisory |
| http://www.securitytracker.com/id/1033760 | vdb-entry |
| http://rhn.redhat.com/errata/RHSA-2015-1485.html | vendor-advisory |
| http://rhn.redhat.com/errata/RHSA-2015-1197.html | vendor-advisory |
| http://marc.info/?l=bugtraq&m=144104533800819&w=2 | vendor-advisory |
| http://www.securitytracker.com/id/1032699 | vdb-entry |
| http://www.securitytracker.com/id/1032476 | vdb-entry |
| http://www.securitytracker.com/id/1032649 | vdb-entry |
| http://marc.info/?l=bugtraq&m=144043644216842&w=2 | vendor-advisory |
| http://marc.info/?l=bugtraq&m=143637549705650&w=2 | vendor-advisory |
| http://rhn.redhat.com/errata/RHSA-2015-1544.html | vendor-advisory |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisory |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| https://h20564.www2.hp.com/hpsc/doc/public/displa… | vendor-advisory |
| http://www.securitytracker.com/id/1032688 | vdb-entry |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://www.securitytracker.com/id/1032652 | vdb-entry |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisory |
| http://rhn.redhat.com/errata/RHSA-2015-1185.html | vendor-advisory |
| http://marc.info/?l=bugtraq&m=143558092609708&w=2 | vendor-advisory |
| http://lists.apple.com/archives/security-announce… | vendor-advisory |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisory |
| http://marc.info/?l=bugtraq&m=144069189622016&w=2 | vendor-advisory |
| http://www.securitytracker.com/id/1032648 | vdb-entry |
| http://www.securitytracker.com/id/1032759 | vdb-entry |
| http://rhn.redhat.com/errata/RHSA-2015-1228.html | vendor-advisory |
| http://marc.info/?l=bugtraq&m=144060606031437&w=2 | vendor-advisory |
| http://www.debian.org/security/2015/dsa-3316 | vendor-advisory |
| http://www.securitytracker.com/id/1033209 | vdb-entry |
| http://www.securitytracker.com/id/1032871 | vdb-entry |
| http://www.debian.org/security/2015/dsa-3324 | vendor-advisory |
| http://www.securitytracker.com/id/1032655 | vdb-entry |
| http://www.securitytracker.com/id/1033210 | vdb-entry |
| http://marc.info/?l=bugtraq&m=144061542602287&w=2 | vendor-advisory |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://marc.info/?l=bugtraq&m=145409266329539&w=2 | vendor-advisory |
| http://www.ubuntu.com/usn/USN-2673-1 | vendor-advisory |
| http://www.securitytracker.com/id/1034884 | vdb-entry |
| http://marc.info/?l=bugtraq&m=143506486712441&w=2 | vendor-advisory |
| https://security.gentoo.org/glsa/201603-11 | vendor-advisory |
| http://www.securitytracker.com/id/1033064 | vdb-entry |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://www.securitytracker.com/id/1032778 | vdb-entry |
| http://www.securitytracker.com/id/1032474 | vdb-entry |
| http://marc.info/?l=bugtraq&m=144102017024820&w=2 | vendor-advisory |
| http://lists.opensuse.org/opensuse-updates/2015-0… | vendor-advisory |
| http://www.securitytracker.com/id/1032784 | vdb-entry |
| http://www.securitytracker.com/id/1032777 | vdb-entry |
| http://www.securitytracker.com/id/1033416 | vdb-entry |
| http://www.securitytracker.com/id/1033991 | vdb-entry |
| http://www.securitytracker.com/id/1032647 | vdb-entry |
| http://www.securitytracker.com/id/1032654 | vdb-entry |
| http://www.securitytracker.com/id/1033341 | vdb-entry |
| http://rhn.redhat.com/errata/RHSA-2015-1486.html | vendor-advisory |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://www.securitytracker.com/id/1033433 | vdb-entry |
| http://www.ubuntu.com/usn/USN-2696-1 | vendor-advisory |
| http://lists.apple.com/archives/security-announce… | vendor-advisory |
| http://www.securitytracker.com/id/1032702 | vdb-entry |
| http://www.debian.org/security/2015/dsa-3339 | vendor-advisory |
| http://www.securitytracker.com/id/1032727 | vdb-entry |
| http://rhn.redhat.com/errata/RHSA-2015-1242.html | vendor-advisory |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| https://security.gentoo.org/glsa/201506-02 | vendor-advisory |
| http://www.securityfocus.com/bid/91787 | vdb-entry |
| http://rhn.redhat.com/errata/RHSA-2016-1624.html | vendor-advisory |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://rhn.redhat.com/errata/RHSA-2015-1488.html | vendor-advisory |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://www.securitytracker.com/id/1033430 | vdb-entry |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://rhn.redhat.com/errata/RHSA-2015-1241.html | vendor-advisory |
| http://lists.opensuse.org/opensuse-updates/2016-0… | vendor-advisory |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://rhn.redhat.com/errata/RHSA-2015-1230.html | vendor-advisory |
| http://www.securityfocus.com/bid/74733 | vdb-entry |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://www.securitytracker.com/id/1032651 | vdb-entry |
| http://www.securitytracker.com/id/1033065 | vdb-entry |
| http://www.ubuntu.com/usn/USN-2656-1 | vendor-advisory |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://www.securitytracker.com/id/1033222 | vdb-entry |
| http://www.securitytracker.com/id/1036218 | vdb-entry |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://marc.info/?l=bugtraq&m=143655800220052&w=2 | vendor-advisory |
| http://www.securitytracker.com/id/1040630 | vdb-entry |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://www.securitytracker.com/id/1034087 | vdb-entry |
| http://www.securitytracker.com/id/1033513 | vdb-entry |
| http://www.securitytracker.com/id/1032884 | vdb-entry |
| http://rhn.redhat.com/errata/RHSA-2015-1604.html | vendor-advisory |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://www.securitytracker.com/id/1032932 | vdb-entry |
| http://www.securitytracker.com/id/1033891 | vdb-entry |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://www.securitytracker.com/id/1032783 | vdb-entry |
| http://www.securitytracker.com/id/1032856 | vdb-entry |
| http://ftp.netbsd.org/pub/NetBSD/security/advisor… | vendor-advisory |
| http://www.debian.org/security/2015/dsa-3300 | vendor-advisory |
| http://www.ubuntu.com/usn/USN-2656-2 | vendor-advisory |
| http://www.securitytracker.com/id/1033067 | vdb-entry |
| http://www.securitytracker.com/id/1033019 | vdb-entry |
| http://rhn.redhat.com/errata/RHSA-2015-1072.html | vendor-advisory |
| http://www.securitytracker.com/id/1032650 | vdb-entry |
| http://www.oracle.com/technetwork/security-adviso… | |
| https://www.oracle.com/security-alerts/cpujan2021.html | |
| http://kb.juniper.net/InfoCenter/index?page=conte… | |
| http://www-01.ibm.com/support/docview.wss?uid=swg… | |
| https://www-947.ibm.com/support/entry/portal/docd… | |
| https://h20564.www2.hpe.com/portal/site/hpsc/publ… | |
| http://www.oracle.com/technetwork/topics/security… | |
| https://kc.mcafee.com/corporate/index?page=conten… | |
| http://support.apple.com/kb/HT204941 | |
| http://www-304.ibm.com/support/docview.wss?uid=sw… | |
| http://www-01.ibm.com/support/docview.wss?uid=swg… | |
| https://www-304.ibm.com/support/docview.wss?uid=s… | |
| https://weakdh.org/imperfect-forward-secrecy.pdf | |
| http://www-304.ibm.com/support/docview.wss?uid=sw… | |
| https://blog.cloudflare.com/logjam-the-latest-tls… | |
| http://www-01.ibm.com/support/docview.wss?uid=swg… | |
| https://www.openssl.org/blog/blog/2015/05/20/logj… | |
| http://www-01.ibm.com/support/docview.wss?uid=swg… | |
| https://openssl.org/news/secadv/20150611.txt | |
| https://h20566.www2.hpe.com/portal/site/hpsc/publ… | |
| http://www.oracle.com/technetwork/topics/security… | |
| http://h20564.www2.hpe.com/hpsc/doc/public/displa… | |
| https://support.hpe.com/hpsc/doc/public/display?d… | |
| https://h20564.www2.hpe.com/portal/site/hpsc/publ… | |
| http://www-304.ibm.com/support/docview.wss?uid=sw… | |
| http://www-304.ibm.com/support/docview.wss?uid=sw… | |
| http://www.oracle.com/technetwork/topics/security… | |
| http://www-01.ibm.com/support/docview.wss?uid=swg… | |
| http://www.oracle.com/technetwork/topics/security… | |
| http://www-01.ibm.com/support/docview.wss?uid=swg… | |
| http://www-01.ibm.com/support/docview.wss?uid=swg… | |
| http://www-304.ibm.com/support/docview.wss?uid=sw… | |
| http://www-304.ibm.com/support/docview.wss?uid=sw… | |
| https://developer.mozilla.org/en-US/docs/Mozilla/… | |
| http://www-01.ibm.com/support/docview.wss?uid=swg… | |
| https://security.netapp.com/advisory/ntap-2015061… | |
| http://www-01.ibm.com/support/docview.wss?uid=swg… | |
| http://www-304.ibm.com/support/docview.wss?uid=sw… | |
| https://h20564.www2.hpe.com/portal/site/hpsc/publ… | |
| https://www.suse.com/security/cve/CVE-2015-4000.html | |
| https://help.ecostruxureit.com/display/public/UAD… | |
| https://h20566.www2.hpe.com/portal/site/hpsc/publ… | |
| https://h20566.www2.hpe.com/portal/site/hpsc/publ… | |
| http://support.citrix.com/article/CTX201114 | |
| http://fortiguard.com/advisory/2015-07-09-cve-201… | |
| http://www-304.ibm.com/support/docview.wss?uid=sw… | |
| http://support.apple.com/kb/HT204942 | |
| http://h20564.www2.hpe.com/hpsc/doc/public/displa… | |
| https://h20566.www2.hpe.com/portal/site/hpsc/publ… | |
| http://aix.software.ibm.com/aix/efixes/security/s… | |
| http://kb.juniper.net/InfoCenter/index?page=conte… | |
| https://h20564.www2.hpe.com/portal/site/hpsc/publ… | |
| http://www-01.ibm.com/support/docview.wss?uid=swg… | |
| http://www.oracle.com/technetwork/security-adviso… | |
| http://www-01.ibm.com/support/docview.wss?uid=swg… | |
| http://www-01.ibm.com/support/docview.wss?uid=swg… | |
| https://h20564.www2.hpe.com/portal/site/hpsc/publ… | |
| http://www.oracle.com/technetwork/topics/security… | |
| https://h20564.www2.hpe.com/portal/site/hpsc/publ… | |
| https://h20566.www2.hpe.com/portal/site/hpsc/publ… | |
| https://puppet.com/security/cve/CVE-2015-4000 | |
| http://www.mozilla.org/security/announce/2015/mfs… | |
| http://www.solarwinds.com/documentation/storage/s… | |
| https://h20564.www2.hpe.com/portal/site/hpsc/publ… | |
| https://support.citrix.com/article/CTX216642 | |
| https://weakdh.org/ | |
| https://h20564.www2.hpe.com/portal/site/hpsc/publ… | |
| http://www-01.ibm.com/support/docview.wss?uid=swg… | |
| https://bto.bluecoat.com/security-advisory/sa98 | |
| https://bugzilla.mozilla.org/show_bug.cgi?id=1138554 | |
| http://www-01.ibm.com/support/docview.wss?uid=swg… | |
| https://www.openssl.org/news/secadv_20150611.txt | |
| http://www.fortiguard.com/advisory/2015-05-20-log… | |
| https://cert-portal.siemens.com/productcert/pdf/s… |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:04:02.725Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SU-2015:1184",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html"
},
{
"name": "SUSE-SU-2015:1177",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00001.html"
},
{
"name": "SSRT102180",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2"
},
{
"name": "RHSA-2015:1243",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1243.html"
},
{
"name": "openSUSE-SU-2015:1229",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html"
},
{
"name": "1033208",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033208"
},
{
"name": "1032637",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032637"
},
{
"name": "HPSBGN03404",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144050121701297\u0026w=2"
},
{
"name": "DSA-3688",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3688"
},
{
"name": "DSA-3287",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3287"
},
{
"name": "HPSBUX03512",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2"
},
{
"name": "1032865",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032865"
},
{
"name": "HPSBGN03351",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143557934009303\u0026w=2"
},
{
"name": "SUSE-SU-2015:1268",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html"
},
{
"name": "SUSE-SU-2015:1150",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html"
},
{
"name": "1034728",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034728"
},
{
"name": "SUSE-SU-2015:1183",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.html"
},
{
"name": "1032656",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032656"
},
{
"name": "RHSA-2016:2056",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2056.html"
},
{
"name": "[oss-security] 20150520 CVE-2015-4000 - TLS does not properly convey server\u0027s ciphersuite choice",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2015/05/20/8"
},
{
"name": "openSUSE-SU-2015:1684",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.html"
},
{
"name": "HPSBGN03361",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143628304012255\u0026w=2"
},
{
"name": "HPSBGN03399",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144060576831314\u0026w=2"
},
{
"name": "1032475",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032475"
},
{
"name": "1032960",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032960"
},
{
"name": "openSUSE-SU-2016:0255",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00037.html"
},
{
"name": "1032653",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032653"
},
{
"name": "SUSE-SU-2016:0224",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00031.html"
},
{
"name": "1033385",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033385"
},
{
"name": "GLSA-201512-10",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201512-10"
},
{
"name": "RHSA-2015:1229",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1229.html"
},
{
"name": "openSUSE-SU-2016:0483",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00097.html"
},
{
"name": "1032864",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032864"
},
{
"name": "1032910",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032910"
},
{
"name": "1032645",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032645"
},
{
"name": "USN-2706-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2706-1"
},
{
"name": "GLSA-201701-46",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-46"
},
{
"name": "RHSA-2015:1526",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1526.html"
},
{
"name": "1033760",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033760"
},
{
"name": "RHSA-2015:1485",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1485.html"
},
{
"name": "RHSA-2015:1197",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1197.html"
},
{
"name": "HPSBMU03401",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144104533800819\u0026w=2"
},
{
"name": "1032699",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032699"
},
{
"name": "1032476",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032476"
},
{
"name": "1032649",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032649"
},
{
"name": "HPSBMU03345",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144043644216842\u0026w=2"
},
{
"name": "HPSBUX03363",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143637549705650\u0026w=2"
},
{
"name": "RHSA-2015:1544",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1544.html"
},
{
"name": "FEDORA-2015-9130",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159314.html"
},
{
"name": "SUSE-SU-2015:1182",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html"
},
{
"name": "SSRT102112",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04718196"
},
{
"name": "1032688",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032688"
},
{
"name": "SUSE-SU-2015:1143",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html"
},
{
"name": "1032652",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032652"
},
{
"name": "FEDORA-2015-9048",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159351.html"
},
{
"name": "RHSA-2015:1185",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1185.html"
},
{
"name": "HPSBGN03362",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143558092609708\u0026w=2"
},
{
"name": "APPLE-SA-2015-06-30-2",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
},
{
"name": "openSUSE-SU-2015:1289",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html"
},
{
"name": "FEDORA-2015-9161",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160117.html"
},
{
"name": "HPSBGN03402",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144069189622016\u0026w=2"
},
{
"name": "1032648",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032648"
},
{
"name": "1032759",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032759"
},
{
"name": "RHSA-2015:1228",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1228.html"
},
{
"name": "HPSBGN03405",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144060606031437\u0026w=2"
},
{
"name": "DSA-3316",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3316"
},
{
"name": "1033209",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033209"
},
{
"name": "1032871",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032871"
},
{
"name": "DSA-3324",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3324"
},
{
"name": "1032655",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032655"
},
{
"name": "1033210",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033210"
},
{
"name": "HPSBGN03411",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144061542602287\u0026w=2"
},
{
"name": "openSUSE-SU-2015:1277",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
},
{
"name": "HPSBGN03533",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=145409266329539\u0026w=2"
},
{
"name": "USN-2673-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2673-1"
},
{
"name": "1034884",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034884"
},
{
"name": "HPSBMU03356",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143506486712441\u0026w=2"
},
{
"name": "GLSA-201603-11",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201603-11"
},
{
"name": "1033064",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033064"
},
{
"name": "SUSE-SU-2015:1181",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html"
},
{
"name": "1032778",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032778"
},
{
"name": "1032474",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032474"
},
{
"name": "SSRT102254",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2"
},
{
"name": "HPSBGN03407",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144102017024820\u0026w=2"
},
{
"name": "openSUSE-SU-2015:1209",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00016.html"
},
{
"name": "1032784",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032784"
},
{
"name": "1032777",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032777"
},
{
"name": "1033416",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033416"
},
{
"name": "1033991",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033991"
},
{
"name": "1032647",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032647"
},
{
"name": "1032654",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032654"
},
{
"name": "1033341",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033341"
},
{
"name": "RHSA-2015:1486",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1486.html"
},
{
"name": "SUSE-SU-2015:1663",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00001.html"
},
{
"name": "1033433",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033433"
},
{
"name": "USN-2696-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2696-1"
},
{
"name": "APPLE-SA-2015-06-30-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html"
},
{
"name": "1032702",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032702"
},
{
"name": "DSA-3339",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3339"
},
{
"name": "1032727",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032727"
},
{
"name": "RHSA-2015:1242",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1242.html"
},
{
"name": "SUSE-SU-2015:1269",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html"
},
{
"name": "GLSA-201506-02",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201506-02"
},
{
"name": "91787",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"name": "RHSA-2016:1624",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1624.html"
},
{
"name": "openSUSE-SU-2015:1266",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"
},
{
"name": "RHSA-2015:1488",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1488.html"
},
{
"name": "SUSE-SU-2015:1319",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html"
},
{
"name": "SUSE-SU-2015:1320",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html"
},
{
"name": "1033430",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033430"
},
{
"name": "openSUSE-SU-2015:1288",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html"
},
{
"name": "RHSA-2015:1241",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1241.html"
},
{
"name": "openSUSE-SU-2016:0478",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00094.html"
},
{
"name": "SUSE-SU-2015:1581",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html"
},
{
"name": "HPSBUX03388",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2"
},
{
"name": "RHSA-2015:1230",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1230.html"
},
{
"name": "74733",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74733"
},
{
"name": "openSUSE-SU-2016:0261",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00039.html"
},
{
"name": "1032651",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032651"
},
{
"name": "1033065",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033065"
},
{
"name": "USN-2656-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2656-1"
},
{
"name": "SUSE-SU-2015:1185",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html"
},
{
"name": "1033222",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033222"
},
{
"name": "1036218",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036218"
},
{
"name": "SUSE-SU-2015:1449",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html"
},
{
"name": "HPSBGN03373",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143655800220052\u0026w=2"
},
{
"name": "1040630",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040630"
},
{
"name": "openSUSE-SU-2015:1139",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html"
},
{
"name": "1034087",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034087"
},
{
"name": "1033513",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033513"
},
{
"name": "1032884",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032884"
},
{
"name": "RHSA-2015:1604",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1604.html"
},
{
"name": "SUSE-SU-2016:0262",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00040.html"
},
{
"name": "1032932",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032932"
},
{
"name": "1033891",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033891"
},
{
"name": "openSUSE-SU-2016:0226",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00032.html"
},
{
"name": "1032783",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032783"
},
{
"name": "1032856",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032856"
},
{
"name": "NetBSD-SA2015-008",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc"
},
{
"name": "DSA-3300",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3300"
},
{
"name": "USN-2656-2",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2656-2"
},
{
"name": "1033067",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033067"
},
{
"name": "1033019",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033019"
},
{
"name": "RHSA-2015:1072",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1072.html"
},
{
"name": "1032650",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032650"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10681"
},
{
"tags": [
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962739"
},
{
"tags": [
"x_transferred"
],
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098403"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04923929"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10122"
},
{
"tags": [
"x_transferred"
],
"url": "http://support.apple.com/kb/HT204941"
},
{
"tags": [
"x_transferred"
],
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21962816"
},
{
"tags": [
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959812"
},
{
"tags": [
"x_transferred"
],
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21959745"
},
{
"tags": [
"x_transferred"
],
"url": "https://weakdh.org/imperfect-forward-secrecy.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21959132"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.cloudflare.com/logjam-the-latest-tls-vulnerability-explained/"
},
{
"tags": [
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959539"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/"
},
{
"tags": [
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959325"
},
{
"tags": [
"x_transferred"
],
"url": "https://openssl.org/news/secadv/20150611.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04740527"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04949778"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03831en_us"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190"
},
{
"tags": [
"x_transferred"
],
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21967893"
},
{
"tags": [
"x_transferred"
],
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21958984"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959517"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959195"
},
{
"tags": [
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961717"
},
{
"tags": [
"x_transferred"
],
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960041"
},
{
"tags": [
"x_transferred"
],
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960194"
},
{
"tags": [
"x_transferred"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_notes"
},
{
"tags": [
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959453"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20150619-0001/"
},
{
"tags": [
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959111"
},
{
"tags": [
"x_transferred"
],
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960418"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.suse.com/security/cve/CVE-2015-4000.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04953655"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128722"
},
{
"tags": [
"x_transferred"
],
"url": "http://support.citrix.com/article/CTX201114"
},
{
"tags": [
"x_transferred"
],
"url": "http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery"
},
{
"tags": [
"x_transferred"
],
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960380"
},
{
"tags": [
"x_transferred"
],
"url": "http://support.apple.com/kb/HT204942"
},
{
"tags": [
"x_transferred"
],
"url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04876402"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193083"
},
{
"tags": [
"x_transferred"
],
"url": "http://aix.software.ibm.com/aix/efixes/security/sendmail_advisory2.asc"
},
{
"tags": [
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241"
},
{
"tags": [
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959530"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960191"
},
{
"tags": [
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959636"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04918839"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763"
},
{
"tags": [
"x_transferred"
],
"url": "https://puppet.com/security/cve/CVE-2015-4000"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-70.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.solarwinds.com/documentation/storage/storagemanager/docs/ReleaseNotes/releaseNotes.htm"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX216642"
},
{
"tags": [
"x_transferred"
],
"url": "https://weakdh.org/"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119"
},
{
"tags": [
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959481"
},
{
"tags": [
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa98"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1138554"
},
{
"tags": [
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962455"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openssl.org/news/secadv_20150611.txt"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.fortiguard.com/advisory/2015-05-20-logjam-attack"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2015-4000",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-27T16:22:15.524106Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T16:22:20.395Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-05-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the \"Logjam\" issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SUSE-SU-2015:1184",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html"
},
{
"name": "SUSE-SU-2015:1177",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00001.html"
},
{
"name": "SSRT102180",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2"
},
{
"name": "RHSA-2015:1243",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1243.html"
},
{
"name": "openSUSE-SU-2015:1229",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html"
},
{
"name": "1033208",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1033208"
},
{
"name": "1032637",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032637"
},
{
"name": "HPSBGN03404",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144050121701297\u0026w=2"
},
{
"name": "DSA-3688",
"tags": [
"vendor-advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3688"
},
{
"name": "DSA-3287",
"tags": [
"vendor-advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3287"
},
{
"name": "HPSBUX03512",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2"
},
{
"name": "1032865",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032865"
},
{
"name": "HPSBGN03351",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143557934009303\u0026w=2"
},
{
"name": "SUSE-SU-2015:1268",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html"
},
{
"name": "SUSE-SU-2015:1150",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html"
},
{
"name": "1034728",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1034728"
},
{
"name": "SUSE-SU-2015:1183",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.html"
},
{
"name": "1032656",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032656"
},
{
"name": "RHSA-2016:2056",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2056.html"
},
{
"name": "[oss-security] 20150520 CVE-2015-4000 - TLS does not properly convey server\u0027s ciphersuite choice",
"tags": [
"mailing-list"
],
"url": "http://openwall.com/lists/oss-security/2015/05/20/8"
},
{
"name": "openSUSE-SU-2015:1684",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.html"
},
{
"name": "HPSBGN03361",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143628304012255\u0026w=2"
},
{
"name": "HPSBGN03399",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144060576831314\u0026w=2"
},
{
"name": "1032475",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032475"
},
{
"name": "1032960",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032960"
},
{
"name": "openSUSE-SU-2016:0255",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00037.html"
},
{
"name": "1032653",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032653"
},
{
"name": "SUSE-SU-2016:0224",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00031.html"
},
{
"name": "1033385",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1033385"
},
{
"name": "GLSA-201512-10",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/201512-10"
},
{
"name": "RHSA-2015:1229",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1229.html"
},
{
"name": "openSUSE-SU-2016:0483",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00097.html"
},
{
"name": "1032864",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032864"
},
{
"name": "1032910",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032910"
},
{
"name": "1032645",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032645"
},
{
"name": "USN-2706-1",
"tags": [
"vendor-advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2706-1"
},
{
"name": "GLSA-201701-46",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/201701-46"
},
{
"name": "RHSA-2015:1526",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1526.html"
},
{
"name": "1033760",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1033760"
},
{
"name": "RHSA-2015:1485",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1485.html"
},
{
"name": "RHSA-2015:1197",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1197.html"
},
{
"name": "HPSBMU03401",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144104533800819\u0026w=2"
},
{
"name": "1032699",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032699"
},
{
"name": "1032476",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032476"
},
{
"name": "1032649",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032649"
},
{
"name": "HPSBMU03345",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144043644216842\u0026w=2"
},
{
"name": "HPSBUX03363",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143637549705650\u0026w=2"
},
{
"name": "RHSA-2015:1544",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1544.html"
},
{
"name": "FEDORA-2015-9130",
"tags": [
"vendor-advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159314.html"
},
{
"name": "SUSE-SU-2015:1182",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html"
},
{
"name": "SSRT102112",
"tags": [
"vendor-advisory"
],
"url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04718196"
},
{
"name": "1032688",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032688"
},
{
"name": "SUSE-SU-2015:1143",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html"
},
{
"name": "1032652",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032652"
},
{
"name": "FEDORA-2015-9048",
"tags": [
"vendor-advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159351.html"
},
{
"name": "RHSA-2015:1185",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1185.html"
},
{
"name": "HPSBGN03362",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143558092609708\u0026w=2"
},
{
"name": "APPLE-SA-2015-06-30-2",
"tags": [
"vendor-advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
},
{
"name": "openSUSE-SU-2015:1289",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html"
},
{
"name": "FEDORA-2015-9161",
"tags": [
"vendor-advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160117.html"
},
{
"name": "HPSBGN03402",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144069189622016\u0026w=2"
},
{
"name": "1032648",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032648"
},
{
"name": "1032759",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032759"
},
{
"name": "RHSA-2015:1228",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1228.html"
},
{
"name": "HPSBGN03405",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144060606031437\u0026w=2"
},
{
"name": "DSA-3316",
"tags": [
"vendor-advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3316"
},
{
"name": "1033209",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1033209"
},
{
"name": "1032871",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032871"
},
{
"name": "DSA-3324",
"tags": [
"vendor-advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3324"
},
{
"name": "1032655",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032655"
},
{
"name": "1033210",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1033210"
},
{
"name": "HPSBGN03411",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144061542602287\u0026w=2"
},
{
"name": "openSUSE-SU-2015:1277",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
},
{
"name": "HPSBGN03533",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=145409266329539\u0026w=2"
},
{
"name": "USN-2673-1",
"tags": [
"vendor-advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2673-1"
},
{
"name": "1034884",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1034884"
},
{
"name": "HPSBMU03356",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143506486712441\u0026w=2"
},
{
"name": "GLSA-201603-11",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/201603-11"
},
{
"name": "1033064",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1033064"
},
{
"name": "SUSE-SU-2015:1181",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html"
},
{
"name": "1032778",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032778"
},
{
"name": "1032474",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032474"
},
{
"name": "SSRT102254",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2"
},
{
"name": "HPSBGN03407",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144102017024820\u0026w=2"
},
{
"name": "openSUSE-SU-2015:1209",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00016.html"
},
{
"name": "1032784",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032784"
},
{
"name": "1032777",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032777"
},
{
"name": "1033416",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1033416"
},
{
"name": "1033991",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1033991"
},
{
"name": "1032647",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032647"
},
{
"name": "1032654",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032654"
},
{
"name": "1033341",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1033341"
},
{
"name": "RHSA-2015:1486",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1486.html"
},
{
"name": "SUSE-SU-2015:1663",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00001.html"
},
{
"name": "1033433",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1033433"
},
{
"name": "USN-2696-1",
"tags": [
"vendor-advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2696-1"
},
{
"name": "APPLE-SA-2015-06-30-1",
"tags": [
"vendor-advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html"
},
{
"name": "1032702",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032702"
},
{
"name": "DSA-3339",
"tags": [
"vendor-advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3339"
},
{
"name": "1032727",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032727"
},
{
"name": "RHSA-2015:1242",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1242.html"
},
{
"name": "SUSE-SU-2015:1269",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html"
},
{
"name": "GLSA-201506-02",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/201506-02"
},
{
"name": "91787",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"name": "RHSA-2016:1624",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1624.html"
},
{
"name": "openSUSE-SU-2015:1266",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"
},
{
"name": "RHSA-2015:1488",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1488.html"
},
{
"name": "SUSE-SU-2015:1319",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html"
},
{
"name": "SUSE-SU-2015:1320",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html"
},
{
"name": "1033430",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1033430"
},
{
"name": "openSUSE-SU-2015:1288",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html"
},
{
"name": "RHSA-2015:1241",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1241.html"
},
{
"name": "openSUSE-SU-2016:0478",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00094.html"
},
{
"name": "SUSE-SU-2015:1581",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html"
},
{
"name": "HPSBUX03388",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2"
},
{
"name": "RHSA-2015:1230",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1230.html"
},
{
"name": "74733",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/74733"
},
{
"name": "openSUSE-SU-2016:0261",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00039.html"
},
{
"name": "1032651",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032651"
},
{
"name": "1033065",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1033065"
},
{
"name": "USN-2656-1",
"tags": [
"vendor-advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2656-1"
},
{
"name": "SUSE-SU-2015:1185",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html"
},
{
"name": "1033222",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1033222"
},
{
"name": "1036218",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1036218"
},
{
"name": "SUSE-SU-2015:1449",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html"
},
{
"name": "HPSBGN03373",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143655800220052\u0026w=2"
},
{
"name": "1040630",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1040630"
},
{
"name": "openSUSE-SU-2015:1139",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html"
},
{
"name": "1034087",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1034087"
},
{
"name": "1033513",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1033513"
},
{
"name": "1032884",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032884"
},
{
"name": "RHSA-2015:1604",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1604.html"
},
{
"name": "SUSE-SU-2016:0262",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00040.html"
},
{
"name": "1032932",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032932"
},
{
"name": "1033891",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1033891"
},
{
"name": "openSUSE-SU-2016:0226",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00032.html"
},
{
"name": "1032783",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032783"
},
{
"name": "1032856",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032856"
},
{
"name": "NetBSD-SA2015-008",
"tags": [
"vendor-advisory"
],
"url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc"
},
{
"name": "DSA-3300",
"tags": [
"vendor-advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3300"
},
{
"name": "USN-2656-2",
"tags": [
"vendor-advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2656-2"
},
{
"name": "1033067",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1033067"
},
{
"name": "1033019",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1033019"
},
{
"name": "RHSA-2015:1072",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1072.html"
},
{
"name": "1032650",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032650"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10681"
},
{
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962739"
},
{
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098403"
},
{
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04923929"
},
{
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10122"
},
{
"url": "http://support.apple.com/kb/HT204941"
},
{
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21962816"
},
{
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959812"
},
{
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21959745"
},
{
"url": "https://weakdh.org/imperfect-forward-secrecy.pdf"
},
{
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21959132"
},
{
"url": "https://blog.cloudflare.com/logjam-the-latest-tls-vulnerability-explained/"
},
{
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959539"
},
{
"url": "https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/"
},
{
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959325"
},
{
"url": "https://openssl.org/news/secadv/20150611.txt"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04740527"
},
{
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
},
{
"url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04949778"
},
{
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03831en_us"
},
{
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190"
},
{
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21967893"
},
{
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21958984"
},
{
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959517"
},
{
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959195"
},
{
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961717"
},
{
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960041"
},
{
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960194"
},
{
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_notes"
},
{
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959453"
},
{
"url": "https://security.netapp.com/advisory/ntap-20150619-0001/"
},
{
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959111"
},
{
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960418"
},
{
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246"
},
{
"url": "https://www.suse.com/security/cve/CVE-2015-4000.html"
},
{
"url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04953655"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128722"
},
{
"url": "http://support.citrix.com/article/CTX201114"
},
{
"url": "http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery"
},
{
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960380"
},
{
"url": "http://support.apple.com/kb/HT204942"
},
{
"url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04876402"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193083"
},
{
"url": "http://aix.software.ibm.com/aix/efixes/security/sendmail_advisory2.asc"
},
{
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727"
},
{
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241"
},
{
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959530"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960191"
},
{
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959636"
},
{
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04918839"
},
{
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763"
},
{
"url": "https://puppet.com/security/cve/CVE-2015-4000"
},
{
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-70.html"
},
{
"url": "http://www.solarwinds.com/documentation/storage/storagemanager/docs/ReleaseNotes/releaseNotes.htm"
},
{
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789"
},
{
"url": "https://support.citrix.com/article/CTX216642"
},
{
"url": "https://weakdh.org/"
},
{
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119"
},
{
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959481"
},
{
"url": "https://bto.bluecoat.com/security-advisory/sa98"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1138554"
},
{
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962455"
},
{
"url": "https://www.openssl.org/news/secadv_20150611.txt"
},
{
"url": "http://www.fortiguard.com/advisory/2015-05-20-logjam-attack"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-4000",
"datePublished": "2015-05-21T00:00:00.000Z",
"dateReserved": "2015-05-15T00:00:00.000Z",
"dateUpdated": "2026-05-27T16:22:20.395Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
usn-2624-1
Vulnerability from osv_ubuntu
As a security improvement, this update removes the export cipher suites from the default cipher list to prevent their use in possible downgrade attacks.
| URL | Type | |
|---|---|---|
{
"affected": [
{
"database_specific": {
"cves_map": {
"cves": [],
"ecosystem": "Ubuntu:14.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libssl1.0.0",
"binary_version": "1.0.1f-1ubuntu2.12"
},
{
"binary_name": "openssl",
"binary_version": "1.0.1f-1ubuntu2.12"
}
]
},
"package": {
"ecosystem": "Ubuntu:14.04:LTS",
"name": "openssl",
"purl": "pkg:deb/ubuntu/openssl@1.0.1f-1ubuntu2.12?arch=source\u0026distro=trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.1f-1ubuntu2.12"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.0.1e-3ubuntu1",
"1.0.1e-4ubuntu1",
"1.0.1e-4ubuntu2",
"1.0.1e-4ubuntu3",
"1.0.1e-4ubuntu4",
"1.0.1f-1ubuntu1",
"1.0.1f-1ubuntu2",
"1.0.1f-1ubuntu2.1",
"1.0.1f-1ubuntu2.2",
"1.0.1f-1ubuntu2.3",
"1.0.1f-1ubuntu2.4",
"1.0.1f-1ubuntu2.5",
"1.0.1f-1ubuntu2.7",
"1.0.1f-1ubuntu2.8",
"1.0.1f-1ubuntu2.11"
]
}
],
"aliases": [],
"details": "As a security improvement, this update removes the export cipher suites\nfrom the default cipher list to prevent their use in possible downgrade\nattacks.\n",
"id": "USN-2624-1",
"modified": "2026-04-22T07:36:32Z",
"published": "2015-06-01T17:07:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-2624-1"
},
{
"type": "REPORT",
"url": "https://launchpad.net/bugs/1460735"
}
],
"related": [],
"schema_version": "1.7.0",
"summary": "openssl update",
"upstream": []
}
usn-2639-1
Vulnerability from osv_ubuntu
Praveen Kariyanahalli, Ivan Fratric and Felix Groebert discovered that OpenSSL incorrectly handled memory when buffering DTLS data. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-8176)
Joseph Barr-Pixton discovered that OpenSSL incorrectly handled malformed ECParameters structures. A remote attacker could use this issue to cause OpenSSL to hang, resulting in a denial of service. (CVE-2015-1788)
Robert Swiecki and Hanno Böck discovered that OpenSSL incorrectly handled certain ASN1_TIME strings. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2015-1789)
Michal Zalewski discovered that OpenSSL incorrectly handled missing content when parsing ASN.1-encoded PKCS#7 blobs. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2015-1790)
Emilia Käsper discovered that OpenSSL incorrectly handled NewSessionTicket when being used by a multi-threaded client. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2015-1791)
Johannes Bauer discovered that OpenSSL incorrectly handled verifying signedData messages using the CMS code. A remote attacker could use this issue to cause OpenSSL to hang, resulting in a denial of service. (CVE-2015-1792)
As a security improvement, this update also modifies OpenSSL behaviour to reject DH key sizes below 768 bits, preventing a possible downgrade attack.
| URL | Type | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"affected": [
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2014-8176",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-1788",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-1789",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-1790",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-1791",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-1792",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:14.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libssl1.0.0",
"binary_version": "1.0.1f-1ubuntu2.15"
},
{
"binary_name": "openssl",
"binary_version": "1.0.1f-1ubuntu2.15"
}
]
},
"package": {
"ecosystem": "Ubuntu:14.04:LTS",
"name": "openssl",
"purl": "pkg:deb/ubuntu/openssl@1.0.1f-1ubuntu2.15?arch=source\u0026distro=trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.1f-1ubuntu2.15"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.0.1e-3ubuntu1",
"1.0.1e-4ubuntu1",
"1.0.1e-4ubuntu2",
"1.0.1e-4ubuntu3",
"1.0.1e-4ubuntu4",
"1.0.1f-1ubuntu1",
"1.0.1f-1ubuntu2",
"1.0.1f-1ubuntu2.1",
"1.0.1f-1ubuntu2.2",
"1.0.1f-1ubuntu2.3",
"1.0.1f-1ubuntu2.4",
"1.0.1f-1ubuntu2.5",
"1.0.1f-1ubuntu2.7",
"1.0.1f-1ubuntu2.8",
"1.0.1f-1ubuntu2.11",
"1.0.1f-1ubuntu2.12"
]
}
],
"aliases": [],
"details": "Praveen Kariyanahalli, Ivan Fratric and Felix Groebert discovered that\nOpenSSL incorrectly handled memory when buffering DTLS data. A remote\nattacker could use this issue to cause OpenSSL to crash, resulting in a\ndenial of service, or possibly execute arbitrary code. (CVE-2014-8176)\n\nJoseph Barr-Pixton discovered that OpenSSL incorrectly handled malformed\nECParameters structures. A remote attacker could use this issue to cause\nOpenSSL to hang, resulting in a denial of service. (CVE-2015-1788)\n\nRobert Swiecki and Hanno B\u00f6ck discovered that OpenSSL incorrectly handled\ncertain ASN1_TIME strings. A remote attacker could use this issue to cause\nOpenSSL to crash, resulting in a denial of service. (CVE-2015-1789)\n\nMichal Zalewski discovered that OpenSSL incorrectly handled missing content\nwhen parsing ASN.1-encoded PKCS#7 blobs. A remote attacker could use this\nissue to cause OpenSSL to crash, resulting in a denial of service.\n(CVE-2015-1790)\n\nEmilia K\u00e4sper discovered that OpenSSL incorrectly handled NewSessionTicket\nwhen being used by a multi-threaded client. A remote attacker could use\nthis issue to cause OpenSSL to crash, resulting in a denial of service.\n(CVE-2015-1791)\n\nJohannes Bauer discovered that OpenSSL incorrectly handled verifying\nsignedData messages using the CMS code. A remote attacker could use this\nissue to cause OpenSSL to hang, resulting in a denial of service.\n(CVE-2015-1792)\n\nAs a security improvement, this update also modifies OpenSSL behaviour to\nreject DH key sizes below 768 bits, preventing a possible downgrade\nattack.\n",
"id": "USN-2639-1",
"modified": "2026-04-22T07:36:32Z",
"published": "2015-06-11T18:07:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-2639-1"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2014-8176"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-1788"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-1789"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-1790"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-1791"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-1792"
}
],
"related": [],
"schema_version": "1.7.0",
"summary": "openssl vulnerabilities",
"upstream": [
"UBUNTU-CVE-2014-8176",
"UBUNTU-CVE-2015-1788",
"UBUNTU-CVE-2015-1789",
"UBUNTU-CVE-2015-1790",
"UBUNTU-CVE-2015-1791",
"UBUNTU-CVE-2015-1792"
]
}
usn-2656-1
Vulnerability from osv_ubuntu
Karthikeyan Bhargavan discovered that NSS incorrectly handled state transitions for the TLS state machine. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could be exploited to skip the ServerKeyExchange message and remove the forward-secrecy property. (CVE-2015-2721)
Looben Yan discovered 2 use-after-free issues when using XMLHttpRequest in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-2722, CVE-2015-2733)
Bob Clary, Christian Holler, Bobby Holley, Andrew McCreight, Terrence Cole, Steve Fink, Mats Palmgren, Wes Kocher, Andreas Pehrson, Tooru Fujisawa, Andrew Sutherland, and Gary Kwong discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-2724, CVE-2015-2725, CVE-2015-2726)
Armin Razmdjou discovered that opening hyperlinks with specific mouse and key combinations could allow a Chrome privileged URL to be opened without context restrictions being preserved. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass security restrictions. (CVE-2015-2727)
Paul Bandha discovered a type confusion bug in the Indexed DB Manager. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the priviliges of the user invoking Firefox. (CVE-2015-2728)
Holger Fuhrmannek discovered an out-of-bounds read in Web Audio. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2015-2729)
Watson Ladd discovered that NSS incorrectly handled Elliptical Curve Cryptography (ECC) multiplication. A remote attacker could possibly use this issue to spoof ECDSA signatures. (CVE-2015-2730)
A use-after-free was discovered when a Content Policy modifies the DOM to remove a DOM object. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the priviliges of the user invoking Firefox. (CVE-2015-2731)
Ronald Crane discovered multiple security vulnerabilities. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-2734, CVE-2015-2735, CVE-2015-2736, CVE-2015-2737, CVE-2015-2738, CVE-2015-2739, CVE-2015-2740)
David Keeler discovered that key pinning checks can be skipped when an overridable certificate error occurs. This allows a user to manually override an error for a fake certificate, but cannot be exploited on its own. (CVE-2015-2741)
Jonas Jenwald discovered that some internal workers were incorrectly executed with a high privilege. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this in combination with another security vulnerability, to execute arbitrary code in a privileged scope. (CVE-2015-2743)
Matthew Green discovered a DHE key processing issue in NSS where a MITM could force a server to downgrade TLS connections to 512-bit export-grade cryptography. An attacker could potentially exploit this to impersonate the server. (CVE-2015-4000)
| URL | Type | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2015-2721",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-2722",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-2724",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-2725",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-2726",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-2727",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-2728",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-2729",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-2730",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-2731",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-2733",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-2734",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-2735",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-2736",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-2737",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-2738",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-2739",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-2740",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-2741",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-2743",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-4000",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:14.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "firefox",
"binary_version": "39.0+build5-0ubuntu0.14.04.1"
},
{
"binary_name": "firefox-globalmenu",
"binary_version": "39.0+build5-0ubuntu0.14.04.1"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "39.0+build5-0ubuntu0.14.04.1"
},
{
"binary_name": "firefox-testsuite",
"binary_version": "39.0+build5-0ubuntu0.14.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:14.04:LTS",
"name": "firefox",
"purl": "pkg:deb/ubuntu/firefox@39.0+build5-0ubuntu0.14.04.1?arch=source\u0026distro=trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "39.0+build5-0ubuntu0.14.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"24.0+build1-0ubuntu1",
"25.0+build3-0ubuntu0.13.10.1",
"28.0~b2+build1-0ubuntu2",
"28.0+build1-0ubuntu1",
"28.0+build2-0ubuntu1",
"28.0+build2-0ubuntu2",
"29.0+build1-0ubuntu0.14.04.2",
"30.0+build1-0ubuntu0.14.04.3",
"31.0+build1-0ubuntu0.14.04.1",
"32.0+build1-0ubuntu0.14.04.1",
"32.0.3+build1-0ubuntu0.14.04.1",
"33.0+build2-0ubuntu0.14.04.1",
"34.0+build2-0ubuntu0.14.04.1",
"35.0+build3-0ubuntu0.14.04.2",
"35.0.1+build1-0ubuntu0.14.04.1",
"36.0+build2-0ubuntu0.14.04.4",
"36.0.1+build2-0ubuntu0.14.04.1",
"36.0.4+build1-0ubuntu0.14.04.1",
"37.0+build2-0ubuntu0.14.04.1",
"37.0.1+build1-0ubuntu0.14.04.1",
"37.0.2+build1-0ubuntu0.14.04.1",
"38.0+build3-0ubuntu0.14.04.1"
]
}
],
"aliases": [],
"details": "Karthikeyan Bhargavan discovered that NSS incorrectly handled state\ntransitions for the TLS state machine. If a remote attacker were able to\nperform a machine-in-the-middle attack, this flaw could be exploited to skip\nthe ServerKeyExchange message and remove the forward-secrecy property.\n(CVE-2015-2721)\n\nLooben Yan discovered 2 use-after-free issues when using XMLHttpRequest in\nsome circumstances. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit these to cause a\ndenial of service via application crash, or execute arbitrary code with\nthe privileges of the user invoking Firefox. (CVE-2015-2722,\nCVE-2015-2733)\n\nBob Clary, Christian Holler, Bobby Holley, Andrew McCreight, Terrence\nCole, Steve Fink, Mats Palmgren, Wes Kocher, Andreas Pehrson, Tooru\nFujisawa, Andrew Sutherland, and Gary Kwong discovered multiple memory\nsafety issues in Firefox. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit these to cause a\ndenial of service via application crash, or execute arbitrary code with\nthe privileges of the user invoking Firefox. (CVE-2015-2724,\nCVE-2015-2725, CVE-2015-2726)\n\nArmin Razmdjou discovered that opening hyperlinks with specific mouse\nand key combinations could allow a Chrome privileged URL to be opened\nwithout context restrictions being preserved. If a user were tricked in to\nopening a specially crafted website, an attacker could potentially exploit\nthis to bypass security restrictions. (CVE-2015-2727)\n\nPaul Bandha discovered a type confusion bug in the Indexed DB Manager. If\na user were tricked in to opening a specially crafted website, an attacker\ncould potentially exploit this to cause a denial of service via\napplication crash or execute arbitrary code with the priviliges of the\nuser invoking Firefox. (CVE-2015-2728)\n\nHolger Fuhrmannek discovered an out-of-bounds read in Web Audio. If a\nuser were tricked in to opening a specially crafted website, an attacker\ncould potentially exploit this to obtain sensitive information.\n(CVE-2015-2729)\n\nWatson Ladd discovered that NSS incorrectly handled Elliptical Curve\nCryptography (ECC) multiplication. A remote attacker could possibly use\nthis issue to spoof ECDSA signatures. (CVE-2015-2730)\n\nA use-after-free was discovered when a Content Policy modifies the DOM to\nremove a DOM object. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit this to cause a\ndenial of service via application crash or execute arbitrary code with the\npriviliges of the user invoking Firefox. (CVE-2015-2731)\n\nRonald Crane discovered multiple security vulnerabilities. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit these to cause a denial of service via application\ncrash, or execute arbitrary code with the privileges of the user invoking\nFirefox. (CVE-2015-2734, CVE-2015-2735, CVE-2015-2736, CVE-2015-2737,\nCVE-2015-2738, CVE-2015-2739, CVE-2015-2740)\n\nDavid Keeler discovered that key pinning checks can be skipped when an\noverridable certificate error occurs. This allows a user to manually\noverride an error for a fake certificate, but cannot be exploited on its\nown. (CVE-2015-2741)\n\nJonas Jenwald discovered that some internal workers were incorrectly\nexecuted with a high privilege. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially exploit this in\ncombination with another security vulnerability, to execute arbitrary code\nin a privileged scope. (CVE-2015-2743)\n\nMatthew Green discovered a DHE key processing issue in NSS where a MITM\ncould force a server to downgrade TLS connections to 512-bit export-grade\ncryptography. An attacker could potentially exploit this to impersonate\nthe server. (CVE-2015-4000)\n",
"id": "USN-2656-1",
"modified": "2026-05-29T17:43:57Z",
"published": "2015-07-09T20:16:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-2656-1"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-2721"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-2722"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-2724"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-2725"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-2726"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-2727"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-2728"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-2729"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-2730"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-2731"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-2733"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-2734"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-2735"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-2736"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-2737"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-2738"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-2739"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-2740"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-2741"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-2743"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-4000"
}
],
"related": [],
"schema_version": "1.7.0",
"summary": "firefox vulnerabilities",
"upstream": [
"UBUNTU-CVE-2015-2721",
"UBUNTU-CVE-2015-2722",
"UBUNTU-CVE-2015-2724",
"UBUNTU-CVE-2015-2725",
"UBUNTU-CVE-2015-2726",
"UBUNTU-CVE-2015-2727",
"UBUNTU-CVE-2015-2728",
"UBUNTU-CVE-2015-2729",
"UBUNTU-CVE-2015-2730",
"UBUNTU-CVE-2015-2731",
"UBUNTU-CVE-2015-2733",
"UBUNTU-CVE-2015-2734",
"UBUNTU-CVE-2015-2735",
"UBUNTU-CVE-2015-2736",
"UBUNTU-CVE-2015-2737",
"UBUNTU-CVE-2015-2738",
"UBUNTU-CVE-2015-2739",
"UBUNTU-CVE-2015-2740",
"UBUNTU-CVE-2015-2741",
"UBUNTU-CVE-2015-2743",
"UBUNTU-CVE-2015-4000"
]
}
usn-2673-1
Vulnerability from osv_ubuntu
Karthikeyan Bhargavan discovered that NSS incorrectly handled state transitions for the TLS state machine. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could be exploited to skip the ServerKeyExchange message and remove the forward-secrecy property. (CVE-2015-2721)
Bob Clary, Christian Holler, Bobby Holley, and Andrew McCreight discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2015-2724)
Ronald Crane discovered multiple security vulnerabilities. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2015-2734, CVE-2015-2735, CVE-2015-2736, CVE-2015-2737, CVE-2015-2738, CVE-2015-2739, CVE-2015-2740)
Matthew Green discovered a DHE key processing issue in NSS where a MITM could force a server to downgrade TLS connections to 512-bit export-grade cryptography. An attacker could potentially exploit this to impersonate the server. (CVE-2015-4000)
| URL | Type | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"affected": [
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2015-2721",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-2724",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-2734",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-2735",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-2736",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-2737",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-2738",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-2739",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-2740",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-4000",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:14.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "thunderbird-globalmenu",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "thunderbird-testsuite",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:31.8.0+build1-0ubuntu0.14.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:14.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:31.8.0+build1-0ubuntu0.14.04.1?arch=source\u0026distro=trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:31.8.0+build1-0ubuntu0.14.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:24.0+build1-0ubuntu1",
"1:24.0+build1-0ubuntu2",
"1:24.1.1+build1-0ubuntu0.13.10.1",
"1:24.1.1+build1-0ubuntu1",
"1:24.2.0+build1-0ubuntu1",
"1:24.4.0+build1-0ubuntu1",
"1:24.5.0+build1-0ubuntu0.14.04.1",
"1:24.6.0+build1-0ubuntu0.14.04.1",
"1:31.0+build1-0ubuntu0.14.04.1",
"1:31.1.1+build1-0ubuntu0.14.04.1",
"1:31.1.2+build1-0ubuntu0.14.04.1",
"1:31.2.0+build2-0ubuntu0.14.04.1",
"1:31.3.0+build1-0ubuntu0.14.04.1",
"1:31.4.0+build1-0ubuntu0.14.04.1",
"1:31.5.0+build1-0ubuntu0.14.04.1",
"1:31.6.0+build1-0ubuntu0.14.04.1",
"1:31.7.0+build1-0ubuntu0.14.04.1"
]
}
],
"aliases": [],
"details": "Karthikeyan Bhargavan discovered that NSS incorrectly handled state\ntransitions for the TLS state machine. If a remote attacker were able to\nperform a machine-in-the-middle attack, this flaw could be exploited to skip\nthe ServerKeyExchange message and remove the forward-secrecy property.\n(CVE-2015-2721)\n\nBob Clary, Christian Holler, Bobby Holley, and Andrew McCreight discovered\nmultiple memory safety issues in Thunderbird. If a user were tricked in to\nopening a specially crafted website in a browsing context, an attacker\ncould potentially exploit these to cause a denial of service via\napplication crash, or execute arbitrary code with the privileges of the\nuser invoking Thunderbird. (CVE-2015-2724)\n\nRonald Crane discovered multiple security vulnerabilities. If a user were\ntricked in to opening a specially crafted website in a browsing context,\nan attacker could potentially exploit these to cause a denial of service\nvia application crash, or execute arbitrary code with the privileges of\nthe user invoking Thunderbird. (CVE-2015-2734, CVE-2015-2735,\nCVE-2015-2736, CVE-2015-2737, CVE-2015-2738, CVE-2015-2739, CVE-2015-2740)\n\nMatthew Green discovered a DHE key processing issue in NSS where a MITM\ncould force a server to downgrade TLS connections to 512-bit export-grade\ncryptography. An attacker could potentially exploit this to impersonate\nthe server. (CVE-2015-4000)\n",
"id": "USN-2673-1",
"modified": "2026-05-29T17:43:57Z",
"published": "2015-07-20T22:04:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-2673-1"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-2721"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-2724"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-2734"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-2735"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-2736"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-2737"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-2738"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-2739"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-2740"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-4000"
}
],
"related": [],
"schema_version": "1.7.0",
"summary": "thunderbird vulnerabilities",
"upstream": [
"UBUNTU-CVE-2015-2721",
"UBUNTU-CVE-2015-2724",
"UBUNTU-CVE-2015-2734",
"UBUNTU-CVE-2015-2735",
"UBUNTU-CVE-2015-2736",
"UBUNTU-CVE-2015-2737",
"UBUNTU-CVE-2015-2738",
"UBUNTU-CVE-2015-2739",
"UBUNTU-CVE-2015-2740",
"UBUNTU-CVE-2015-4000"
]
}
usn-2696-1
Vulnerability from osv_ubuntu
Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity, and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2015-2590, CVE-2015-2628, CVE-2015-4731, CVE-2015-4732, CVE-2015-4733, CVE-2015-4760, CVE-2015-4748)
Several vulnerabilities were discovered in the cryptographic components of the OpenJDK JRE. An attacker could exploit these to expose sensitive data over the network. (CVE-2015-2601, CVE-2015-2808, CVE-2015-4000, CVE-2015-2625, CVE-2015-2613)
As a security improvement, this update modifies OpenJDK behavior to disable RC4 TLS/SSL cipher suites by default.
As a security improvement, this update modifies OpenJDK behavior to reject DH key sizes below 768 bits by default, preventing a possible downgrade attack.
Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit these to expose sensitive data over the network. (CVE-2015-2621, CVE-2015-2632)
A vulnerability was discovered with how the JNDI component of the OpenJDK JRE handles DNS resolutions. A remote attacker could exploit this to cause a denial of service. (CVE-2015-4749)
| URL | Type | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2015-2590",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-2601",
"severity": [
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-2613",
"severity": [
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-2621",
"severity": [
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-2625",
"severity": [
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-2628",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-2632",
"severity": [
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-2808",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-4000",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-4731",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-4732",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-4733",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-4748",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-4749",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-4760",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:14.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "icedtea-7-jre-jamvm",
"binary_version": "7u79-2.5.6-0ubuntu1.14.04.1"
},
{
"binary_name": "openjdk-7-demo",
"binary_version": "7u79-2.5.6-0ubuntu1.14.04.1"
},
{
"binary_name": "openjdk-7-jdk",
"binary_version": "7u79-2.5.6-0ubuntu1.14.04.1"
},
{
"binary_name": "openjdk-7-jre",
"binary_version": "7u79-2.5.6-0ubuntu1.14.04.1"
},
{
"binary_name": "openjdk-7-jre-headless",
"binary_version": "7u79-2.5.6-0ubuntu1.14.04.1"
},
{
"binary_name": "openjdk-7-jre-lib",
"binary_version": "7u79-2.5.6-0ubuntu1.14.04.1"
},
{
"binary_name": "openjdk-7-jre-zero",
"binary_version": "7u79-2.5.6-0ubuntu1.14.04.1"
},
{
"binary_name": "openjdk-7-source",
"binary_version": "7u79-2.5.6-0ubuntu1.14.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:14.04:LTS",
"name": "openjdk-7",
"purl": "pkg:deb/ubuntu/openjdk-7@7u79-2.5.6-0ubuntu1.14.04.1?arch=source\u0026distro=trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7u79-2.5.6-0ubuntu1.14.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"7u25-2.3.12-4ubuntu3",
"7u25-2.3.12-4ubuntu5",
"7u45-2.4.3-3ubuntu1",
"7u45-2.4.3-3ubuntu2",
"7u45-2.4.3-4ubuntu1",
"7u45-2.4.3-4ubuntu2",
"7u51-2.4.4-1ubuntu1",
"7u51-2.4.5-1ubuntu1",
"7u51-2.4.6~pre1-1ubuntu2",
"7u51-2.4.6-1ubuntu3",
"7u51-2.4.6-1ubuntu4",
"7u55-2.4.7-1ubuntu1",
"7u65-2.5.1-4ubuntu1~0.14.04.1",
"7u65-2.5.1-4ubuntu1~0.14.04.2",
"7u65-2.5.2-3~14.04",
"7u71-2.5.3-0ubuntu0.14.04.1",
"7u75-2.5.4-1~trusty1",
"7u79-2.5.5-0ubuntu0.14.04.2"
]
}
],
"aliases": [],
"details": "Several vulnerabilities were discovered in the OpenJDK JRE related to\ninformation disclosure, data integrity, and availability. An attacker\ncould exploit these to cause a denial of service or expose sensitive\ndata over the network. (CVE-2015-2590, CVE-2015-2628, CVE-2015-4731,\nCVE-2015-4732, CVE-2015-4733, CVE-2015-4760, CVE-2015-4748)\n\nSeveral vulnerabilities were discovered in the cryptographic components\nof the OpenJDK JRE. An attacker could exploit these to expose sensitive\ndata over the network. (CVE-2015-2601, CVE-2015-2808, CVE-2015-4000,\nCVE-2015-2625, CVE-2015-2613)\n\nAs a security improvement, this update modifies OpenJDK behavior to\ndisable RC4 TLS/SSL cipher suites by default.\n\nAs a security improvement, this update modifies OpenJDK behavior to\nreject DH key sizes below 768 bits by default, preventing a possible\ndowngrade attack.\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related\nto information disclosure. An attacker could exploit these to expose\nsensitive data over the network. (CVE-2015-2621, CVE-2015-2632)\n\nA vulnerability was discovered with how the JNDI component of the\nOpenJDK JRE handles DNS resolutions. A remote attacker could exploit\nthis to cause a denial of service. (CVE-2015-4749)\n",
"id": "USN-2696-1",
"modified": "2026-05-29T17:43:57Z",
"published": "2015-07-30T11:36:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-2696-1"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-2590"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-2601"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-2613"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-2621"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-2625"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-2628"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-2632"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-2808"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-4000"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-4731"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-4732"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-4733"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-4748"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-4749"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-4760"
}
],
"related": [],
"schema_version": "1.7.0",
"summary": "openjdk-7 vulnerabilities",
"upstream": [
"UBUNTU-CVE-2015-2590",
"UBUNTU-CVE-2015-2601",
"UBUNTU-CVE-2015-2613",
"UBUNTU-CVE-2015-2621",
"UBUNTU-CVE-2015-2625",
"UBUNTU-CVE-2015-2628",
"UBUNTU-CVE-2015-2632",
"UBUNTU-CVE-2015-2808",
"UBUNTU-CVE-2015-4000",
"UBUNTU-CVE-2015-4731",
"UBUNTU-CVE-2015-4732",
"UBUNTU-CVE-2015-4733",
"UBUNTU-CVE-2015-4748",
"UBUNTU-CVE-2015-4749",
"UBUNTU-CVE-2015-4760"
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.